AlmaLinux 2325 Published by

The following security updates have been released for AlmaLinux:

ALSA-2024:1484 Critical: firefox security update
ALSA-2024:1485 Critical: firefox security update
ALSA-2024:1501 Important: grafana security update
ALSA-2024:1502 Important: grafana-pcp security update
ALSA-2024:1510 Important: nodejs:18 security update
ALSA-2024:1530 Moderate: expat security update
ALSA-2024:1576 Moderate: ruby:3.1 security, bug fix, and enhancement update
ALSA-2024:1601 Moderate: curl security and bug fix update
ALSA-2024:1608 Moderate: opencryptoki security update
ALSA-2024:1610 Moderate: less security update
ALSA-2024:1615 Moderate: expat security update
ALSA-2024:1644 Important: grafana-pcp security and bug fix update
ALSA-2024:1646 Important: grafana security and bug fix update



ALSA-2024:1484 Critical: firefox security update

ID:
ALSA-2024:1484

Title:
ALSA-2024:1484 Critical: firefox security update

Type:
security

Severity:
critical

Release date:
2024-04-03

Description
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.
This update upgrades Firefox to version 115.9.1 ESR.
Security Fix(es):
* nss: timing attack against RSA decryption (CVE-2023-5388)
* Mozilla: Crash in NSS TLS method (CVE-2024-0743)
* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)
* Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)
* Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)
* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)
* Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)
* Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)
* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)
* Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-5388
CVE-2024-0743
CVE-2024-2607
CVE-2024-2608
CVE-2024-2610
CVE-2024-2611
CVE-2024-2612
CVE-2024-2614
CVE-2024-2616
CVE-2024-29944
RHSA-2024:1484
ALSA-2024:1484

Updated packages listed below:
Architecture
Package
Checksum
aarch64
firefox-115.9.1-1.el8_9.alma.1.aarch64.rpm
210e3e8bdb3d84ee8ece54ba187ca84db4eeba4fccccad35a3df89b073763f0d
ppc64le
firefox-115.9.1-1.el8_9.alma.1.ppc64le.rpm
959456a9dbea2710757dfb4e114735ab3a634ab9cef7958a7a30de5fdbf857f0
s390x
firefox-115.9.1-1.el8_9.alma.1.s390x.rpm
50a6b610429acf53929cddecaf17809da926f534522d6ffb6e17e7cb1ee56c50
x86_64
firefox-115.9.1-1.el8_9.alma.1.x86_64.rpm
b89246bed2dd58a4e40b5727a60a8a48800da2a92ed5ea756dd364cd091e860e

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1484 Critical: firefox security update


ALSA-2024:1485 Critical: firefox security update

ID:
ALSA-2024:1485

Title:
ALSA-2024:1485 Critical: firefox security update

Type:
security

Severity:
critical

Release date:
2024-04-03

Description
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.
This update upgrades Firefox to version 115.9.1 ESR.
Security Fix(es):
* nss: timing attack against RSA decryption (CVE-2023-5388)
* Mozilla: Crash in NSS TLS method (CVE-2024-0743)
* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)
* Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)
* Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)
* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)
* Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)
* Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)
* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)
* Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-5388
CVE-2024-0743
CVE-2024-2607
CVE-2024-2608
CVE-2024-2610
CVE-2024-2611
CVE-2024-2612
CVE-2024-2614
CVE-2024-2616
CVE-2024-29944
RHSA-2024:1485
ALSA-2024:1485

Updated packages listed below:
Architecture
Package
Checksum
aarch64
firefox-115.9.1-1.el9_3.alma.1.aarch64.rpm
1d8022b8bae86fd1c6526a2542db8c59615c207347ed1eed7206453fd0318228
aarch64
firefox-x11-115.9.1-1.el9_3.alma.1.aarch64.rpm
be993156a53ec90951645958e6e38872f935fcb06dc13a8dc03dee07ba7c41d1
ppc64le
firefox-x11-115.9.1-1.el9_3.alma.1.ppc64le.rpm
3c6f6e2cde806be14b0d735b034421fd8fae7f3cc99cf88910c15ef8cf1a4e27
ppc64le
firefox-115.9.1-1.el9_3.alma.1.ppc64le.rpm
486332015aae571ca6512ba9f16993d258e22c5b394ad06f03386f10261e025d
s390x
firefox-115.9.1-1.el9_3.alma.1.s390x.rpm
65ed78086306493a5253219e7bd069468db50061047abc877ee398e8392b80f2
s390x
firefox-x11-115.9.1-1.el9_3.alma.1.s390x.rpm
9149cbc13010775dcda7ed0b87da63b456546ac1d930a2a50c7e1cb2e6f1a08f
x86_64
firefox-x11-115.9.1-1.el9_3.alma.1.x86_64.rpm
15d65c1e0b36d015cb9759f4850011cd164478dcabf92ef9bc8561f403c8f80f
x86_64
firefox-115.9.1-1.el9_3.alma.1.x86_64.rpm
dbd848b001a1984085f6e557e7e938c8cd85c8ad09b72c757f90d771356fe597

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1485 Critical: firefox security update


ALSA-2024:1501 Important: grafana security update

ID:
ALSA-2024:1501

Title:
ALSA-2024:1501 Important: grafana security update

Type:
security

Severity:
important

Release date:
2024-04-02

Description
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
* grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)

References:
CVE-2024-1394
RHSA-2024:1501
ALSA-2024:1501

Updated packages listed below:
Architecture
Package
Checksum
aarch64
grafana-9.2.10-8.el9_3.alma.1.aarch64.rpm
29d4374f53ac83e499d0d6e9d3017d9d424de6d45e047bd0ba6ad3fde1fcb8ad
ppc64le
grafana-9.2.10-8.el9_3.alma.1.ppc64le.rpm
63767f1f328acfd8f8108b63e12addc9b9e4a6acd403cc76b82882c208aaabb1
s390x
grafana-9.2.10-8.el9_3.alma.1.s390x.rpm
f9fcefa977779d191cb4fa90abc859eddc007f5015345cd603b230c917b74e36
x86_64
grafana-9.2.10-8.el9_3.alma.1.x86_64.rpm
0a72b15f91807c7042e93861164eaa83643bb9f3c570c9b8c6c32a9319f4254e

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1501 Important: grafana security update


ALSA-2024:1502 Important: grafana-pcp security update

ID:
ALSA-2024:1502

Title:
ALSA-2024:1502 Important: grafana-pcp security update

Type:
security

Severity:
important

Release date:
2024-04-02

Description
grafana-pcp is an open source Grafana plugin for PCP.
Security Fix(es):
* grafana-pcp: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)

References:
CVE-2024-1394
RHSA-2024:1502
ALSA-2024:1502

Updated packages listed below:
Architecture
Package
Checksum
aarch64
grafana-pcp-5.1.1-2.el9_3.alma.1.aarch64.rpm
143dc0e38709f5e5c3e307b81f1b90e32623f6551f88961585e1209bda7e0a83
ppc64le
grafana-pcp-5.1.1-2.el9_3.alma.1.ppc64le.rpm
57c30245847804ba54d16da89c42c917ab6817a6b6bbdfb868b5f6158259bed4
s390x
grafana-pcp-5.1.1-2.el9_3.alma.1.s390x.rpm
e470d5c6b0cbe90f2c28b7827a973c01a072521692be720f9ed579b9daa623d5
x86_64
grafana-pcp-5.1.1-2.el9_3.alma.1.x86_64.rpm
0ceaec524273c5438b6dcf4eaa081b5408c79c867a14190072d2840011997ee9

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1502 Important: grafana-pcp security update


ALSA-2024:1510 Important: nodejs:18 security update

ID:
ALSA-2024:1510

Title:
ALSA-2024:1510 Important: nodejs:18 security update

Type:
security

Severity:
important

Release date:
2024-04-02

Description
Node.js is a software development platform for building fast and scalable
network applications in the JavaScript programming language.
Security Fix(es):
* nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)
* nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)
* nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-46809
CVE-2024-21892
CVE-2024-22019
RHSA-2024:1510
ALSA-2024:1510

Updated packages listed below:
Architecture
Package
Checksum
aarch64
nodejs-18.19.1-1.module_el8.9.0+3753+4de0891b.aarch64.rpm
3e8736bc2fe0a59005919cb29c2e8b33b0f209f74816c69cfd6f1466588c4004
aarch64
nodejs-devel-18.19.1-1.module_el8.9.0+3753+4de0891b.aarch64.rpm
49b66935215607fb12ff1b7d56839c2f0621b8b1eb31aa43e01cc069cd8e2046
aarch64
npm-10.2.4-1.18.19.1.1.module_el8.9.0+3753+4de0891b.aarch64.rpm
6724e5e5ee7a9138aa84e2ae6f1640bc52a2eca6ac0ee4bf43aabd904766f882
aarch64
nodejs-full-i18n-18.19.1-1.module_el8.9.0+3753+4de0891b.aarch64.rpm
f7a9539de2c57d26a5a25fa8feb1b552112c9b8d2657c5d3c3b13e5272e869e4
noarch
nodejs-nodemon-3.0.1-1.module_el8.8.0+3613+1ed8c91d.noarch.rpm
1de153a1170baeaa24f02ebd86d32d508ac48ea9ed54e2a70c5250a81952a65b
noarch
nodejs-packaging-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm
9430d44c78a3cfbe1ae3d39b8531f651606661943959bc0c3de87b2f91ea6f67
noarch
nodejs-packaging-bundler-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm
dca36d100028686323583aeddaa86efff902ff7fe29cb97d4356c309e3e899d9
noarch
nodejs-docs-18.19.1-1.module_el8.9.0+3753+4de0891b.noarch.rpm
ebea7b81320dda8e124a35df8f8a7490d9af812e97bcc2657271e0c4a6432452
ppc64le
npm-10.2.4-1.18.19.1.1.module_el8.9.0+3753+4de0891b.ppc64le.rpm
114969289a2c7bf245b99a3d5fbdcd743547f4fed608b04aad9bf1d35d199b09
ppc64le
nodejs-full-i18n-18.19.1-1.module_el8.9.0+3753+4de0891b.ppc64le.rpm
1d9048565fa0386bfbb3258cdd19e626068a24d83b793a2c290b419195591794
ppc64le
nodejs-18.19.1-1.module_el8.9.0+3753+4de0891b.ppc64le.rpm
929687a015a561d59ab11bc2423f0b5a1f5d94cc621b01e0c8f1a3c8528b3561
ppc64le
nodejs-devel-18.19.1-1.module_el8.9.0+3753+4de0891b.ppc64le.rpm
97b5bc9838d44de59936e92de8d8614f272e8006e6080d8af778df7f20e529b4
s390x
nodejs-full-i18n-18.19.1-1.module_el8.9.0+3753+4de0891b.s390x.rpm
76ab4c516ffc87f7b1ad69ee51fe8f3108d9e63c1a7b8f9327a9bb51a2e06480
s390x
nodejs-18.19.1-1.module_el8.9.0+3753+4de0891b.s390x.rpm
9bd562bd1fae65f2d262de69f857bbfe83b41e9c9d0eab3df791f4c226e8b04f
s390x
npm-10.2.4-1.18.19.1.1.module_el8.9.0+3753+4de0891b.s390x.rpm
a6343500fc8d38a9858e57d18c8d06bb5e6258979b05e9537f23da63d9052e4b
s390x
nodejs-devel-18.19.1-1.module_el8.9.0+3753+4de0891b.s390x.rpm
c361d9cc5ad83236a363be0e668dd4485b1c8633ae01ba849508574813c6ccef
x86_64
npm-10.2.4-1.18.19.1.1.module_el8.9.0+3753+4de0891b.x86_64.rpm
131e16beea850da687d5f4b6ed6428c4f265113734adadaee5062700e1cee2bc
x86_64
nodejs-devel-18.19.1-1.module_el8.9.0+3753+4de0891b.x86_64.rpm
1c6561030cf7e790ddaf366ff5bf08bdf903d8a90592bfd41790b424760412ab
x86_64
nodejs-full-i18n-18.19.1-1.module_el8.9.0+3753+4de0891b.x86_64.rpm
49f98df0a65ee112a561c060d510d7a64d198aae342cf95b008b52f653e83f88
x86_64
nodejs-18.19.1-1.module_el8.9.0+3753+4de0891b.x86_64.rpm
d14ef92b0887985158f65065d3430b250bf021722ceab1326e0098c9a087d68f

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1510 Important: nodejs:18 security update


ALSA-2024:1530 Moderate: expat security update

ID:
ALSA-2024:1530

Title:
ALSA-2024:1530 Moderate: expat security update

Type:
security

Severity:
moderate

Release date:
2024-04-02

Description
Expat is a C library for parsing XML documents.
Security Fix(es):
* expat: parsing large tokens can trigger a denial of service (CVE-2023-52425)
* expat: XML Entity Expansion (CVE-2024-28757)

References:
CVE-2023-52425
CVE-2024-28757
RHSA-2024:1530
ALSA-2024:1530

Updated packages listed below:
Architecture
Package
Checksum
aarch64
expat-2.5.0-1.el9_3.1.aarch64.rpm
061c8859cd622cb064632d888b4890724ba9d0654228f5181616ce92a2bb4f0e
aarch64
expat-devel-2.5.0-1.el9_3.1.aarch64.rpm
43823f3e021def50a67567723ebbf4e1881fea504b466745fd5b8963907d388d
i686
expat-devel-2.5.0-1.el9_3.1.i686.rpm
27553505fdf62c76e02655fbd684f0f7d9b190f3931caf2a29f548c4d91eb885
i686
expat-2.5.0-1.el9_3.1.i686.rpm
8d5d37a481367f45543af1bb5d3f1f8cd4af65373ecc2faa7d9b3f98c2bf4e3d
ppc64le
expat-2.5.0-1.el9_3.1.ppc64le.rpm
09eccc84e44473e2834a30944853341936259210f90a8beb40cdaa406bd3bdac
ppc64le
expat-devel-2.5.0-1.el9_3.1.ppc64le.rpm
c91622d89944363984464fc628f8a6d93f746ce07964884c5028dd6baea632de
s390x
expat-2.5.0-1.el9_3.1.s390x.rpm
6f57cba468d718f4c654dfebf6bef0b393624564a9c75d258aeefcbba7b7795f
s390x
expat-devel-2.5.0-1.el9_3.1.s390x.rpm
ff6f57c1ee531ec65fff588b254ba93e7369ef8a1e8a4af0dc03f7055e8ef573
x86_64
expat-2.5.0-1.el9_3.1.x86_64.rpm
64a116cc64e8afdebe60bb6e8a009644b604dab742bd89f1cfdbdda763732c2b
x86_64
expat-devel-2.5.0-1.el9_3.1.x86_64.rpm
e8bac24e1c91c41ca60055d299d60f02b85cee0f4dc6bb673781fb19c320c234

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1530 Moderate: expat security update


ALSA-2024:1576 Moderate: ruby:3.1 security, bug fix, and enhancement update

ID:
ALSA-2024:1576

Title:
ALSA-2024:1576 Moderate: ruby:3.1 security, bug fix, and enhancement update

Type:
security

Severity:
moderate

Release date:
2024-04-02

Description
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: ruby (3.1). (AlmaLinux-29052)
Security Fix(es):
* ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)
* ruby: ReDoS vulnerability in URI (CVE-2023-28755)
* ruby: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 (CVE-2023-36617)
* ruby: ReDoS vulnerability in Time (CVE-2023-28756)
Bug Fix(es):
* ruby/rubygem-irb: IRB has hard dependency on rubygem-rdoc (AlmaLinux-29048)
* ruby: Ruby cannot read private key in FIPS mode on AlmaLinux 9 (AlmaLinux-12437)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2021-33621
CVE-2023-28755
CVE-2023-28756
CVE-2023-36617
RHSA-2024:1576
ALSA-2024:1576

Updated packages listed below:
Architecture
Package
Checksum
aarch64
rubygem-json-2.6.1-143.module_el9.3.0+60+5ebc989a.aarch64.rpm
097a19c61c75a40a42a91a99e186745b2b73273f809e4a057797bb4543e43401
aarch64
rubygem-bigdecimal-3.1.1-143.module_el9.3.0+60+5ebc989a.aarch64.rpm
106c942dc950016628ab1fa78ac6d266116336c29bbcc5f9ce3c50aca6c9e43a
aarch64
rubygem-mysql2-0.5.4-1.module_el9.1.0+8+503f6fbd.aarch64.rpm
4c5252460fea72ded437082819e93b994f278167601c79044ace259273f5c4d0
aarch64
ruby-bundled-gems-3.1.4-143.module_el9.3.0+60+5ebc989a.aarch64.rpm
4ed3523bc073e95e5e34d82db281ce3e0acd61d5bf465a811beaf98fe561aa07
aarch64
rubygem-psych-4.0.4-143.module_el9.3.0+60+5ebc989a.aarch64.rpm
5525210de5aa61cafbd14bb600d256b43205d1f61c03eff66673740dc3608e2b
aarch64
rubygem-rbs-2.7.0-143.module_el9.3.0+60+5ebc989a.aarch64.rpm
57df3e3dc18c27db43ec21b57ac9ebf4ad6f70b6cbb20c517b38a16df9115115
aarch64
rubygem-io-console-0.5.11-143.module_el9.3.0+60+5ebc989a.aarch64.rpm
6ca7a1f3f6c40a639b6fdc0555ce4cf96b19fff18da93503704aa9a44e7e4007
aarch64
ruby-libs-3.1.4-143.module_el9.3.0+60+5ebc989a.aarch64.rpm
88adc9540ff39a1a0835b91ea4a37a52aa80f804ca621473e1860de82f8f7468
aarch64
ruby-3.1.4-143.module_el9.3.0+60+5ebc989a.aarch64.rpm
a2f6e164f76d3f45abd999986d34ac8e4eb1daf20342cec8389b7fabd4f6351b
aarch64
rubygem-pg-1.3.5-1.module_el9.1.0+8+503f6fbd.aarch64.rpm
cfaf5e7863a363dca261c396cb4d88268d91e3a71ecb7e28ed36a2fa92cdb037
aarch64
ruby-devel-3.1.4-143.module_el9.3.0+60+5ebc989a.aarch64.rpm
cfd5959ea19315d7ed7dddca9ebd377fd61dad287684ad9942a86fc2b3991a6e
i686
ruby-libs-3.1.4-143.module_el9.3.0+60+5ebc989a.i686.rpm
11a224fa06c24b99c053efbf054acf9f575499ebd211f0c5848a85794cc061aa
i686
rubygem-json-2.6.1-143.module_el9.3.0+60+5ebc989a.i686.rpm
53a91f238f09f5857b68ba527c90a353382309f61289c0bf6f5c20f8b6d7cfe9
i686
rubygem-psych-4.0.4-143.module_el9.3.0+60+5ebc989a.i686.rpm
753f068a1a1ab544ad990e4a749aa651eee62986eb03e912bf090e7efc02ef8e
i686
ruby-devel-3.1.4-143.module_el9.3.0+60+5ebc989a.i686.rpm
8694f80920d499a321c7f92f8ca42830765e7ae6a76bdf98d12172014097093f
i686
ruby-bundled-gems-3.1.4-143.module_el9.3.0+60+5ebc989a.i686.rpm
9d86bd09a5f3d93ec82703401396afae5162a917c5cdb8c759a45850af9d048d
i686
rubygem-rbs-2.7.0-143.module_el9.3.0+60+5ebc989a.i686.rpm
9f5d26656f65c94cebea5a89c1ea51394f848473c91cddda5d27fa3cd5f8a896
i686
ruby-3.1.4-143.module_el9.3.0+60+5ebc989a.i686.rpm
c3b422c0c257097dfaf2f4328f471df8d0c09a3fabf14c72d884118586364b4d
i686
rubygem-bigdecimal-3.1.1-143.module_el9.3.0+60+5ebc989a.i686.rpm
ea6ff5872cc45c505d2c890f23f3c19336b17f9be8f1ecf8fe6e86e4057e1a9c
i686
rubygem-io-console-0.5.11-143.module_el9.3.0+60+5ebc989a.i686.rpm
ee565894988b215a9722197e8d85bf6837110cd0174bc4a69d22c559c8e51551
noarch
rubygem-irb-1.4.1-143.module_el9.3.0+60+5ebc989a.noarch.rpm
0905ea50c6cc6d5a681460c632ba0a74e5f6d2ba1db15071c6898ecbecc2a245
noarch
ruby-default-gems-3.1.4-143.module_el9.3.0+60+5ebc989a.noarch.rpm
0c918bfd80963513ed8ebf939151fdce1a95440655605c2d67f99cd84d216be4
noarch
rubygem-bundler-2.3.26-143.module_el9.3.0+60+5ebc989a.noarch.rpm
0cfb15f8920c73930c5fec462727ff8bd0d4d1fc94390b2ad491b78cc0c212cf
noarch
rubygems-devel-3.3.26-143.module_el9.3.0+60+5ebc989a.noarch.rpm
0e7ff1f07e4a144615a899bd26379a895339f798bd29586c0fe8c704eec129c9
noarch
rubygem-typeprof-0.21.3-143.module_el9.3.0+60+5ebc989a.noarch.rpm
12b6d49f2eb37de64c5359d95338466e4c556af74df4adef525b75843d89190e
noarch
rubygem-rexml-3.2.5-143.module_el9.3.0+60+5ebc989a.noarch.rpm
354d1ca60ce97d60e2fb600c86afd727f668446370edb2394ee2935d4e106798
noarch
rubygem-rdoc-6.4.0-143.module_el9.3.0+60+5ebc989a.noarch.rpm
36f9528fb53df33c14bfec0c0b6cd001923bf8d59b7664a7e0110b900e83d99b
noarch
rubygem-mysql2-doc-0.5.4-1.module_el9.1.0+8+503f6fbd.noarch.rpm
47f8869c8adfe2b7eee506473440af3abe2bb171cf60cda4d0dec05db0bc3fb8
noarch
rubygem-test-unit-3.5.3-143.module_el9.3.0+60+5ebc989a.noarch.rpm
48b4cecfa787eb441b96cb238ac59a92721e0e96871882a0c99535a41dce07ad
noarch
ruby-doc-3.1.4-143.module_el9.3.0+60+5ebc989a.noarch.rpm
4eb51d23c8c72f8e460bd2914c19f7cd5dc68f46bbcbaa950473677350a79597
noarch
rubygems-3.3.26-143.module_el9.3.0+60+5ebc989a.noarch.rpm
60fd72d151b2e2783689c5d4470411ffa6c39cbf7a4e4bd079e17fb95dc357e4
noarch
rubygem-power_assert-2.0.1-143.module_el9.3.0+60+5ebc989a.noarch.rpm
63219994c30877b59061770b580914f572efec91b2b19317f2060f0f9bd91827
noarch
rubygem-minitest-5.15.0-143.module_el9.3.0+60+5ebc989a.noarch.rpm
af3a3fc67bab63fc8271d1228f3d722e5d3eec8eb7b03b43a664aff57944e18a
noarch
rubygem-rake-13.0.6-143.module_el9.3.0+60+5ebc989a.noarch.rpm
b6ae9ba983978a8dcb31c5a552e2ebe3d3871ada40297c0a50a3709151689b62
noarch
rubygem-pg-doc-1.3.5-1.module_el9.1.0+8+503f6fbd.noarch.rpm
c24489067c5c62f3bb8edd8f47b01171f766eaeb0e96991878c51e5ae4b1b3e4
noarch
rubygem-rss-0.2.9-143.module_el9.3.0+60+5ebc989a.noarch.rpm
e81933427fea30393c52bb8cff7b70f07e284fcee5be0e2e14cca0c33afb82e9
ppc64le
ruby-3.1.4-143.module_el9.3.0+60+5ebc989a.ppc64le.rpm
11819a69dfafaf1c2756c43a1ddb188acabad4d8d8a305140e293edf5695dfe6
ppc64le
rubygem-pg-1.3.5-1.module_el9.1.0+8+503f6fbd.ppc64le.rpm
25f3baf573cfcc8d5c67210026207ce30c1c8540d8d22869371943456fe63c71
ppc64le
ruby-devel-3.1.4-143.module_el9.3.0+60+5ebc989a.ppc64le.rpm
37bf119edf042c6089b5e0676606da05dd30f9495c2fa5e9113c201a01805a7c
ppc64le
rubygem-json-2.6.1-143.module_el9.3.0+60+5ebc989a.ppc64le.rpm
49a08bbc4e18c2d85354594a809555f5bade2f9a3025147548a4a8ad13a42fd9
ppc64le
ruby-bundled-gems-3.1.4-143.module_el9.3.0+60+5ebc989a.ppc64le.rpm
6ab69f09ee7fb65527c1400984a330c40bd5b2ab72f05f89e54ca14c3d7ce601
ppc64le
rubygem-psych-4.0.4-143.module_el9.3.0+60+5ebc989a.ppc64le.rpm
a8c545cf225037f3d463ec50178a84dc7653c6d4e9c859dab631d13bdf811142
ppc64le
rubygem-io-console-0.5.11-143.module_el9.3.0+60+5ebc989a.ppc64le.rpm
c0735694d527897bd9e21c29b3a4ded012c493f4b0b709bcc3986e28eeac257f
ppc64le
rubygem-bigdecimal-3.1.1-143.module_el9.3.0+60+5ebc989a.ppc64le.rpm
cb6067181430b6b2a0858d4d17adcd30cd2e9330a3ecd3b011ead25ff47fbc0e
ppc64le
rubygem-rbs-2.7.0-143.module_el9.3.0+60+5ebc989a.ppc64le.rpm
e9343ccf9342eb2d567dd17b78dc1a93e9ef475ef394bad57fc76d405fd6f6a3
ppc64le
rubygem-mysql2-0.5.4-1.module_el9.1.0+8+503f6fbd.ppc64le.rpm
f140b9b82287b70b3ad62004723b762d170c43947bf0d3c8f86f789404744497
ppc64le
ruby-libs-3.1.4-143.module_el9.3.0+60+5ebc989a.ppc64le.rpm
f4fb94c2dd58bd011bbccf1fc71df606ce52574ad38aefa55d7e67c91359e874
s390x
rubygem-io-console-0.5.11-143.module_el9.3.0+60+5ebc989a.s390x.rpm
23912bd393f9a5bc90aeecbfe116c0db72039d79e153668824a4b8a9a0f74861
s390x
rubygem-psych-4.0.4-143.module_el9.3.0+60+5ebc989a.s390x.rpm
28171f973bcf4068f197181a32787ef152f841f9687b756db330fb2a2d0454c5
s390x
rubygem-mysql2-0.5.4-1.module_el9.1.0+8+503f6fbd.s390x.rpm
49b1f8d15c4626c94dbdf369d69aa871b2e1b4909ae4718089f41d7de50396ee
s390x
ruby-devel-3.1.4-143.module_el9.3.0+60+5ebc989a.s390x.rpm
4eefdf9735833f0d6664cf37298289b0e72cce39d7a2b9354b7d9de275f25b90
s390x
ruby-3.1.4-143.module_el9.3.0+60+5ebc989a.s390x.rpm
527be15d0d170b8cb36d98a81034ffead2e66069d07436371534a46d1b685197
s390x
rubygem-pg-1.3.5-1.module_el9.1.0+8+503f6fbd.s390x.rpm
81af584c5f98cbff30e7733f802c0711cdfb921b4fc268dc21e6e002f4c9a292
s390x
ruby-bundled-gems-3.1.4-143.module_el9.3.0+60+5ebc989a.s390x.rpm
82e860a765767761c2b83e22b938126589b14afd8a988c585abfd4d15a64187f
s390x
ruby-libs-3.1.4-143.module_el9.3.0+60+5ebc989a.s390x.rpm
88967599c39a2cf14d646d5f391da643e78ec732b8042b4f1f94f39094aac117
s390x
rubygem-json-2.6.1-143.module_el9.3.0+60+5ebc989a.s390x.rpm
946460aa34b688db4a8e888ff927d80122dcc1f2967e88bf1456753a7a8b04cf
s390x
rubygem-rbs-2.7.0-143.module_el9.3.0+60+5ebc989a.s390x.rpm
94e8127efe8fbb57ba94ce682c71a594b6f8dfde0bb61965d243dbd7f9c261bc
s390x
rubygem-bigdecimal-3.1.1-143.module_el9.3.0+60+5ebc989a.s390x.rpm
b3a914936dd74c4a447dacc8e1af759dc97075f7b1cf164ebf5db6a41dfc015f
x86_64
rubygem-psych-4.0.4-143.module_el9.3.0+60+5ebc989a.x86_64.rpm
05e7e1e31e5c925f28d9a69e727332ea3193f0d586a67464a6be21cc6e6356c6
x86_64
ruby-devel-3.1.4-143.module_el9.3.0+60+5ebc989a.x86_64.rpm
11976d1dd7e261fcb30b638592e3e7b80fc604e5ae8b22ed307dff5d7570cda2
x86_64
rubygem-bigdecimal-3.1.1-143.module_el9.3.0+60+5ebc989a.x86_64.rpm
2a546cfa11ee0b1af7ffff7ce09b8e12ee8f5b57cbf4943e56f2ff06d125debe
x86_64
ruby-bundled-gems-3.1.4-143.module_el9.3.0+60+5ebc989a.x86_64.rpm
6143e954be60749f9756f62fb865a5be3dc5e9cf9f2a2b239e2b90f8832fe84a
x86_64
rubygem-json-2.6.1-143.module_el9.3.0+60+5ebc989a.x86_64.rpm
7736920171f665084a203c8a2580386a23d0ba6866c2bf979af154775cfaac8f
x86_64
ruby-libs-3.1.4-143.module_el9.3.0+60+5ebc989a.x86_64.rpm
7a3d1b2bc8087aa07072024fe9a2e7298f6c8f912a765d022badc38db6dc5a86
x86_64
rubygem-io-console-0.5.11-143.module_el9.3.0+60+5ebc989a.x86_64.rpm
8f73968349858adabc29cdbbbb389b4edeaf47405fcf96d74b5d5e7e3bafa19a
x86_64
rubygem-mysql2-0.5.4-1.module_el9.1.0+8+503f6fbd.x86_64.rpm
dab19da2b0c280cf81790d96e39c50f37e61ff0e70a7b591600f76f8cc8d96df
x86_64
ruby-3.1.4-143.module_el9.3.0+60+5ebc989a.x86_64.rpm
ec12b8fc13490bc81027dfb175e9fdd413daf368199c59f8830124230f7b1cfa
x86_64
rubygem-pg-1.3.5-1.module_el9.1.0+8+503f6fbd.x86_64.rpm
f19ded1c673d7431f2562b768ca31c5d92eba38bb0ec8fe3aaf608b1e63e36d0
x86_64
rubygem-rbs-2.7.0-143.module_el9.3.0+60+5ebc989a.x86_64.rpm
fea8188c0ce150b31196b85817daceb2c391e97d8f31225485ba73be1239b972

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1576 Moderate: ruby:3.1 security, bug fix, and enhancement update


ALSA-2024:1601 Moderate: curl security and bug fix update

ID:
ALSA-2024:1601

Title:
ALSA-2024:1601 Moderate: curl security and bug fix update

Type:
security

Severity:
moderate

Release date:
2024-04-02

Description
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
* curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)
* curl: more POST-after-PUT confusion (CVE-2023-28322)
* curl: cookie injection with none file (CVE-2023-38546)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* libssh (curl sftp) not trying password auth (BZ#2240033)
* libssh: cap SFTP packet size sent (AlmaLinux-5485)

References:
CVE-2023-28322
CVE-2023-38546
CVE-2023-46218
RHSA-2024:1601
ALSA-2024:1601

Updated packages listed below:
Architecture
Package
Checksum
aarch64
libcurl-devel-7.61.1-33.el8_9.5.aarch64.rpm
07e3e9431dea40a93e259170fb1eb3648661d00b587771d12e4414b61edc0b7f
aarch64
curl-7.61.1-33.el8_9.5.aarch64.rpm
4910e3f9e055529ff321690fdc323fceeb02facc7ecf7cd5e286cba58c89a968
aarch64
libcurl-minimal-7.61.1-33.el8_9.5.aarch64.rpm
4d168a523af9f8966a466c93e5407176e0447d3543b1ebcdbac24e598a788aee
aarch64
libcurl-7.61.1-33.el8_9.5.aarch64.rpm
670877c9156cc70220e149ca0a9f2af714c00ef488e0a56b137854953ef48635
i686
libcurl-7.61.1-33.el8_9.5.i686.rpm
401bbde1cf996408798f8588daf3133bf798b57c903550eb13e21753493d28c0
i686
libcurl-devel-7.61.1-33.el8_9.5.i686.rpm
9275ce5a17a0fed0e569d5ad4fdc904a1c322570c6db5ce853291d418f261edf
i686
libcurl-minimal-7.61.1-33.el8_9.5.i686.rpm
b5c40afc05463f68a2f100f2e2c1060a7b48605729ff7b52f1fa4cd23dff42eb
ppc64le
libcurl-7.61.1-33.el8_9.5.ppc64le.rpm
372b0f06ad2ed6530c8a49e37e70a66d42c18747fc8bcaf4eadda9f96694fb68
ppc64le
libcurl-minimal-7.61.1-33.el8_9.5.ppc64le.rpm
68213e7fd4de764010f423f788be811620525d8bb52937b923e57d076ffa6a6c
ppc64le
curl-7.61.1-33.el8_9.5.ppc64le.rpm
ba6be0bb036b75c947c432695c3efe40ca517c8e2d2dab3866175fe2fbc81525
ppc64le
libcurl-devel-7.61.1-33.el8_9.5.ppc64le.rpm
e312b4480b2684f1b01be1dd7a47b1cb2d795758c0ab315896d372297d928d20
s390x
curl-7.61.1-33.el8_9.5.s390x.rpm
3ccee1acccee7c90999cab07a6ba093791cb05de5305381f779ec27191601f9d
s390x
libcurl-7.61.1-33.el8_9.5.s390x.rpm
882281526c2cd42866d1f7fdf13191918a59504fc8cdb6ba2ec230d7f49e2cb5
s390x
libcurl-minimal-7.61.1-33.el8_9.5.s390x.rpm
903412fc95ee2acc9deb4a61e5e7ae9fcf46e210d172baad7696ba6ba8209e6a
s390x
libcurl-devel-7.61.1-33.el8_9.5.s390x.rpm
9c3f4a8be5d170a105c0cd5f747b318707d02cde7d8a5daca44eb9331cc11021
x86_64
libcurl-minimal-7.61.1-33.el8_9.5.x86_64.rpm
85bca9fe04ad755d9a867849d2dfe380207818e0aabaf755dd109845979cf069
x86_64
curl-7.61.1-33.el8_9.5.x86_64.rpm
8dab56117167eb9e310b9e4f84b0bfb2d588a5a1c4b8c3ef72ba82fa342c3c56
x86_64
libcurl-devel-7.61.1-33.el8_9.5.x86_64.rpm
97b7c16845c4e2e10cbc879a9190b5fa7e6631575d152b64af661237ce763774
x86_64
libcurl-7.61.1-33.el8_9.5.x86_64.rpm
f22b14c9f87fa3c8a30e67ceb919269b5f13127e951c59b6f5287489b8eb71ec

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1601 Moderate: curl security and bug fix update


ALSA-2024:1608 Moderate: opencryptoki security update

ID:
ALSA-2024:1608

Title:
ALSA-2024:1608 Moderate: opencryptoki security update

Type:
security

Severity:
moderate

Release date:
2024-04-03

Description
The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities.
Security Fix(es):
* opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) (CVE-2024-0914)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2024-0914
RHSA-2024:1608
ALSA-2024:1608

Updated packages listed below:
Architecture
Package
Checksum
aarch64
opencryptoki-swtok-3.21.0-10.el8_9.alma.1.aarch64.rpm
30f3dad21d41b50ce883ea2b578d86ed57baeb5562cb72f1b0d76c8532b4a31e
aarch64
opencryptoki-devel-3.21.0-10.el8_9.alma.1.aarch64.rpm
377ff0f220a0699949cb58363749d86ac2a709ca0f39dfec18ab13e3f8b3d87c
aarch64
opencryptoki-3.21.0-10.el8_9.alma.1.aarch64.rpm
624054fa9fee210f9c61a3972f0a7a48314b4fc6431c9b69cc76cdd35f750eef
aarch64
opencryptoki-icsftok-3.21.0-10.el8_9.alma.1.aarch64.rpm
939df047cdfd3e92965252fbeaf7b429c8b978cc4aaea141cf51367710bed576
aarch64
opencryptoki-tpmtok-3.21.0-10.el8_9.alma.1.aarch64.rpm
a63faf2752a298054a3c39c9e869c18f3afcbeb283df776e581df7b55b7fa146
aarch64
opencryptoki-libs-3.21.0-10.el8_9.alma.1.aarch64.rpm
e49570a0c0e6dbe9b67b3dbae424f718845f9ccc93ce300a82131a70396498a3
i686
opencryptoki-devel-3.21.0-10.el8_9.alma.1.i686.rpm
b26a5016ac8d1297041e9a309bf602322326248de2bf0dc01ba4c29f1c53d738
i686
opencryptoki-libs-3.21.0-10.el8_9.alma.1.i686.rpm
f9619fd0aa8164f6f38f418a417fd3f04d04816eba25c42fc291c45a59c9b86c
ppc64le
opencryptoki-3.21.0-10.el8_9.alma.1.ppc64le.rpm
16b1f0fc514948fa7b54e33c773883ad016f005fc72f6627279490cf69da463c
ppc64le
opencryptoki-libs-3.21.0-10.el8_9.alma.1.ppc64le.rpm
529c5f392da0baee940f304680b0d1bcf3d9649d16c627658c6c8d087251a70b
ppc64le
opencryptoki-tpmtok-3.21.0-10.el8_9.alma.1.ppc64le.rpm
892c00697f2cd4c55cfb5b506a581173057893447a43b24584bbce0c59829b7a
ppc64le
opencryptoki-icsftok-3.21.0-10.el8_9.alma.1.ppc64le.rpm
a9f86f014393d0257e1e79d962cb6f61bf2789aef8f0f7fb8864905cb36ca95c
ppc64le
opencryptoki-swtok-3.21.0-10.el8_9.alma.1.ppc64le.rpm
aaecb3793bda9e05549d3b778d76878f729e113a3697a35a4edf93d6226ea25f
ppc64le
opencryptoki-devel-3.21.0-10.el8_9.alma.1.ppc64le.rpm
e2871dc310a96c53ab236336039ddac7377c5a8586346ccbd15c732f3610cc33
s390x
opencryptoki-libs-3.21.0-10.el8_9.alma.1.s390x.rpm
2e7453fcc8eb82845b95af8428ec6e527fa4d2cb5c4091128d7f6fc315f1a26a
s390x
opencryptoki-devel-3.21.0-10.el8_9.alma.1.s390x.rpm
30a993a7820a5ba32c7d3601cee4419eaf669174b9f15f4414e481de16fb4224
s390x
opencryptoki-tpmtok-3.21.0-10.el8_9.alma.1.s390x.rpm
42b84b0fdae7c9c3e4c96f5df80e649181954e069f9fedde5cca5da03c2e73ac
s390x
opencryptoki-icatok-3.21.0-10.el8_9.alma.1.s390x.rpm
4e94f65c6ea395bc2fb72bbc11b9705e6c952e8615f6a923930bf5d2d2cbcaac
s390x
opencryptoki-icsftok-3.21.0-10.el8_9.alma.1.s390x.rpm
ad49ba627f977b97e47cc60238ea41506f33f104ac29d01a99c15484d33a6346
s390x
opencryptoki-3.21.0-10.el8_9.alma.1.s390x.rpm
bacbb4efed90451eae5079b87db9bc37cb4f7c9ed3df719eb2b42d888ffa5ff6
s390x
opencryptoki-ccatok-3.21.0-10.el8_9.alma.1.s390x.rpm
cd82c822e36285584e9997189f513e2571f95eb318f0cd268de41d588d978303
s390x
opencryptoki-swtok-3.21.0-10.el8_9.alma.1.s390x.rpm
ec393084a6ba72b8d0dd27fecddf0276d4832544e1b361a4a60ad9d972d06493
s390x
opencryptoki-ep11tok-3.21.0-10.el8_9.alma.1.s390x.rpm
ff4582a828c8eea5635e8002e38fca3c0dc69de83c1b9b82a00d62d0f800281f
x86_64
opencryptoki-devel-3.21.0-10.el8_9.alma.1.x86_64.rpm
110dfea21a4dfb150c4e0c14f90c4bb913e28780f423eca0b89e2e1aee33a083
x86_64
opencryptoki-icsftok-3.21.0-10.el8_9.alma.1.x86_64.rpm
1230320e0ba2b645e99c6b3a35414d15ff9e87c194f3877213e1c610acd1c77d
x86_64
opencryptoki-libs-3.21.0-10.el8_9.alma.1.x86_64.rpm
3f897569f4f42daa07b95462f3b1c90c8f3d9a8bfee1c15421642efb4c210095
x86_64
opencryptoki-swtok-3.21.0-10.el8_9.alma.1.x86_64.rpm
58107c3e8d3829878a341dd1f57c235ae462540fda9ad92806485e608fd38ba8
x86_64
opencryptoki-tpmtok-3.21.0-10.el8_9.alma.1.x86_64.rpm
8b2b79d4d1119335d760a65e18102f8ba57a813a85c24e437b850d674a4e72a5
x86_64
opencryptoki-3.21.0-10.el8_9.alma.1.x86_64.rpm
dd8cbbc2f669f63afa4772dcc75ef25e925ec7a5acdb021af88045b4b3af2b20

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1608 Moderate: opencryptoki security update


ALSA-2024:1610 Moderate: less security update

ID:
ALSA-2024:1610

Title:
ALSA-2024:1610 Moderate: less security update

Type:
security

Severity:
moderate

Release date:
2024-04-02

Description
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: missing quoting of shell metacharacters in LESSCLOSE handling (CVE-2022-48624)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2022-48624
RHSA-2024:1610
ALSA-2024:1610

Updated packages listed below:
Architecture
Package
Checksum
aarch64
less-530-2.el8_9.aarch64.rpm
b54a76a3a1f9f0a70cee14b0c8d7cc71523cad189b715b1c35cb103c25b75cbd
ppc64le
less-530-2.el8_9.ppc64le.rpm
399abd1a9f5e5b699cfae22d84d715a69112fa1eaf8922f9751168c4b6b4cbe1
s390x
less-530-2.el8_9.s390x.rpm
9c298165d74c44f25f15fabb97c43255c2fbc184771d4d055434da0bbac87bad
x86_64
less-530-2.el8_9.x86_64.rpm
715288b5a380f060d964e9e8528f089d356d3045b7ecc4831a68564ccdbac00f

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1610 Moderate: less security update


ALSA-2024:1615 Moderate: expat security update

ID:
ALSA-2024:1615

Title:
ALSA-2024:1615 Moderate: expat security update

Type:
security

Severity:
moderate

Release date:
2024-04-03

Description
Expat is a C library for parsing XML documents.
Security Fix(es):
* expat: parsing large tokens can trigger a denial of service (CVE-2023-52425)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-52425
RHSA-2024:1615
ALSA-2024:1615

Updated packages listed below:
Architecture
Package
Checksum
aarch64
expat-devel-2.2.5-11.el8_9.1.aarch64.rpm
dced7956c12311a7b4a69c9018f8f4ba99a534ddd5bd8f354161d55f95a9232a
aarch64
expat-2.2.5-11.el8_9.1.aarch64.rpm
e2dc602eac9e9d2d96137c65d21f9b3364b4302c4dbe864d29af18ce7db7940c
i686
expat-2.2.5-11.el8_9.1.i686.rpm
bbad7a37f5d7a4c39b1ca0427ffbd4afcec33a2a1db294ef398689c6fb0ece9f
i686
expat-devel-2.2.5-11.el8_9.1.i686.rpm
e6a6f09d2f2bf585a0f4f2ced9adb227e417478c244c522620099741f8ab8814
ppc64le
expat-devel-2.2.5-11.el8_9.1.ppc64le.rpm
5cd67e712c0e312c2b23ee861516c7d5abfafaa02a426c7ff4c95195c77a8bad
ppc64le
expat-2.2.5-11.el8_9.1.ppc64le.rpm
9ec91381db2b270cc9c8ed924baaa7ecbc59651401085e36072dd883d72ecd37
s390x
expat-devel-2.2.5-11.el8_9.1.s390x.rpm
34eea3cc0c9b736bd26c4a07e07fc3e3ec068d83be6d4215827a5f0ee22baacb
s390x
expat-2.2.5-11.el8_9.1.s390x.rpm
b9b595fdd3e75b80b501857bfa483aea2f06c1f86b1a16feaedd23b8b77db567
x86_64
expat-devel-2.2.5-11.el8_9.1.x86_64.rpm
1789e641e14ee0b42ba8ae2d95b932b91e0a0c8619401e84364468d5f4cc74af
x86_64
expat-2.2.5-11.el8_9.1.x86_64.rpm
bc0afaef27d63fb09ef0070ce5cc55c0ffcad2721e73b504a1e328b92dbb865b

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1615 Moderate: expat security update


ALSA-2024:1644 Important: grafana-pcp security and bug fix update

ID:
ALSA-2024:1644

Title:
ALSA-2024:1644 Important: grafana-pcp security and bug fix update

Type:
security

Severity:
important

Release date:
2024-04-03

Description
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.
Security Fix(es):
* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)
Bug Fix(es):
* TRIAGE CVE-2024-1394 grafana-pcp: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (JIRA:AlmaLinux-30544)

References:
CVE-2024-1394
RHSA-2024:1644
ALSA-2024:1644

Updated packages listed below:
Architecture
Package
Checksum
aarch64
grafana-pcp-5.1.1-2.el8_9.alma.1.aarch64.rpm
c68b9fec7de617e7edf4743eb7385274273037d70d223db04b4a08a36b971f42
ppc64le
grafana-pcp-5.1.1-2.el8_9.alma.1.ppc64le.rpm
19617ab44d3d7636072ab32b55aa74b8bb5306b955461a880cb21d47a15b809f
s390x
grafana-pcp-5.1.1-2.el8_9.alma.1.s390x.rpm
3ab2aa979f6d7715a6b898c04bf2a866ccbb278a43ad1fe78f83dd094f0c5502
x86_64
grafana-pcp-5.1.1-2.el8_9.alma.1.x86_64.rpm
90fc38fb3b676d1f180f5decfdaeeb0462bff28f697f75fe5759efb80db6a7e8

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1644 Important: grafana-pcp security and bug fix update


ALSA-2024:1646 Important: grafana security and bug fix update

ID:
ALSA-2024:1646

Title:
ALSA-2024:1646 Important: grafana security and bug fix update

Type:
security

Severity:
important

Release date:
2024-04-03

Description
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)
Bug Fix(es):
* TRIAGE CVE-2024-1394 grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (JIRA:AlmaLinux-30543)

References:
CVE-2024-1394
RHSA-2024:1646
ALSA-2024:1646

Updated packages listed below:
Architecture
Package
Checksum
aarch64
grafana-9.2.10-8.el8_9.alma.1.aarch64.rpm
e2ac837f76eafe510f41b019f04a40e654a1e33d9410873bc7f0807b620ab3b3
ppc64le
grafana-9.2.10-8.el8_9.alma.1.ppc64le.rpm
e2ac6b32936856ef591bd4b8b82db6f355c98219e8984d51fe27c5a69752fdcb
s390x
grafana-9.2.10-8.el8_9.alma.1.s390x.rpm
cd2869ce897749124f06b34e634e7a6d559e791e6d77045b83bb792de97a0e16
x86_64
grafana-9.2.10-8.el8_9.alma.1.x86_64.rpm
9e515593d8dd65d2d6ecb77320f2a69c331773a0ffa7aec8c548b9788cb95aa4

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1646 Important: grafana security and bug fix update