AlmaLinux 2324 Published by

The following security updates have been released for AlmaLinux:

ALSA-2024:2883 Important: firefox security update
ALSA-2024:2888 Important: thunderbird security update
ALSA-2024:2910 Important: nodejs security update




ALSA-2024:2883 Important: firefox security update

ID:
ALSA-2024:2883

Title:
ALSA-2024:2883 Important: firefox security update

Type:
security

Severity:
important

Release date:
2024-05-21

Description
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.11.0 ESR.
Security Fix(es):
* firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)
* firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767)
* firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768)
* firefox: Cross-origin responses could be distinguished between script and non-script content-types (CVE-2024-4769)
* firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770)
* firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 (CVE-2024-4777)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2024-4367
CVE-2024-4767
CVE-2024-4768
CVE-2024-4769
CVE-2024-4770
CVE-2024-4777
RHSA-2024:2883
ALSA-2024:2883

Updated packages listed below:
Architecture
Package
Checksum
aarch64
firefox-x11-115.11.0-1.el9_4.alma.1.aarch64.rpm
2af1aceb3658d034d0fe8b2f215a3311a67b382680ffd17ee4d2e67fb08e39f7
aarch64
firefox-115.11.0-1.el9_4.alma.1.aarch64.rpm
b9a83546e2981c525cea225b5ab9c0a1b52525b88b3d388b2cd00f5f19cab3b3
ppc64le
firefox-115.11.0-1.el9_4.alma.1.ppc64le.rpm
7c6d6123d3386e89bb7a8aa733c14e9166da6e8a3d174a671207ea24f9497305
ppc64le
firefox-x11-115.11.0-1.el9_4.alma.1.ppc64le.rpm
d20a33817137147cb5614ec93e1714463c7cde1ed5c7f92b2228ee37aa9c8f4a
s390x
firefox-115.11.0-1.el9_4.alma.1.s390x.rpm
19da8633fc0877a24a07d9b33e0f20f38846195ec68d84a634f8af23a4d63c8a
s390x
firefox-x11-115.11.0-1.el9_4.alma.1.s390x.rpm
d595111073f40d70d4f95e7c9e4b00e611eedb8a874f2fae539a0cf3c13541e6
x86_64
firefox-x11-115.11.0-1.el9_4.alma.1.x86_64.rpm
58c9e8af8ae322c6f1ff003f9f5283b0ee1396a6d56380766374ce61f60d4b92
x86_64
firefox-115.11.0-1.el9_4.alma.1.x86_64.rpm
5d469a71daf853aecdc061f01fd90031211e20cecb238f43d9289bb59f0c079a

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:2883 Important: firefox security update


ALSA-2024:2888 Important: thunderbird security update

ID:
ALSA-2024:2888

Title:
ALSA-2024:2888 Important: thunderbird security update

Type:
security

Severity:
important

Release date:
2024-05-21

Description
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.11.0.
Security Fix(es):
* firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)
* firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767)
* firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768)
* firefox: Cross-origin responses could be distinguished between script and
non-script content-types (CVE-2024-4769)
* firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770)
* firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and
Thunderbird 115.11 (CVE-2024-4777)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2024-4367
CVE-2024-4767
CVE-2024-4768
CVE-2024-4769
CVE-2024-4770
CVE-2024-4777
RHSA-2024:2888
ALSA-2024:2888

Updated packages listed below:
Architecture
Package
Checksum
aarch64
thunderbird-115.11.0-1.el9_4.alma.1.aarch64.rpm
3045304284994154f7735028e6822ad41d7a3b0df07ced48f8616c7d296ee045
ppc64le
thunderbird-115.11.0-1.el9_4.alma.1.ppc64le.rpm
ac8da7468118bda7a4b56987e666aeeb1585031ddc83bc5f426bf5f046999911
s390x
thunderbird-115.11.0-1.el9_4.alma.1.s390x.rpm
c9502b1644983b23ece27f85a81724480070c2cca71db00c209a12d7f62edba5
x86_64
thunderbird-115.11.0-1.el9_4.alma.1.x86_64.rpm
0bf83f699f1692358c870fbebb9167933d77fbfbea243a5bfabb3db829e5a13a

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:2888 Important: thunderbird security update


ALSA-2024:2910 Important: nodejs security update

ID:
ALSA-2024:2910

Title:
ALSA-2024:2910 Important: nodejs security update

Type:
security

Severity:
important

Release date:
2024-05-20

Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* nodejs: CONTINUATION frames DoS (CVE-2024-27983)
* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)
* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)
* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)
* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2024-22025
CVE-2024-25629
CVE-2024-27982
CVE-2024-27983
CVE-2024-28182
RHSA-2024:2910
ALSA-2024:2910

Updated packages listed below:
Architecture
Package
Checksum
aarch64
npm-8.19.4-1.16.20.2.8.el9_4.aarch64.rpm
2f5518e200e3ab81326b715367a2fe5599724a33ad45eec9b91d1b76f12cd1e3
aarch64
nodejs-full-i18n-16.20.2-8.el9_4.aarch64.rpm
53855d916d8f1fd995b00ce8b6b1e8f02cb5c8b29e81c92a2c86a72d9ab029a7
aarch64
nodejs-libs-16.20.2-8.el9_4.aarch64.rpm
7445e3a0a3086a0870f7e2c6347bc8fbb91bcebc55f2b4f48d7288dc0eaa6355
aarch64
nodejs-16.20.2-8.el9_4.aarch64.rpm
ede4f9efae617ef4a97cb1a71a307a23125156b7cb1ac45921ab26277013f3a0
i686
nodejs-libs-16.20.2-8.el9_4.i686.rpm
c1d81463c422ae9b5039af176412f56a0325b4736450f2d1eab293d78ce71a14
noarch
nodejs-docs-16.20.2-8.el9_4.noarch.rpm
b1b792b69a5411822d1b67865bfa0e978b9dbeeb54e65ac1739ca4d446ca1803
ppc64le
nodejs-full-i18n-16.20.2-8.el9_4.ppc64le.rpm
4fa6f2c48eef2faf6ad38528dcd2a0be3e0ddee21fc12f61b7463cb8d3715a95
ppc64le
nodejs-16.20.2-8.el9_4.ppc64le.rpm
c13fe86975ee8d67480eabd07e12ebda14d61f588554e976b8f46868081ff165
ppc64le
nodejs-libs-16.20.2-8.el9_4.ppc64le.rpm
c70427b198378df906b24528a8d81f7caa277f0171e4bcd0fb4dc8e9442293b3
ppc64le
npm-8.19.4-1.16.20.2.8.el9_4.ppc64le.rpm
fb9a2bf86cea1516786e77d7ea038427f86233abd3c82ccf70838e43105b0faf
s390x
nodejs-16.20.2-8.el9_4.s390x.rpm
5e1f703bdbde91d1d516acd232018376a5c988b2dd67baf3b2fd866f1ae4cfcb
s390x
npm-8.19.4-1.16.20.2.8.el9_4.s390x.rpm
7f92eadc97d1e3451107866be0d70d4473daca58a491f61237046867a3bc839b
s390x
nodejs-libs-16.20.2-8.el9_4.s390x.rpm
9ec9b5500ab500f3d845903e32367e3f21de0a4f2778f6e5793e40649e241311
s390x
nodejs-full-i18n-16.20.2-8.el9_4.s390x.rpm
c471c11fb541b5cec6f1d1522b91f3ce0ba9f7aaf83b2954338c206aad90c57e
x86_64
npm-8.19.4-1.16.20.2.8.el9_4.x86_64.rpm
053aa6c94d983659147ee500fe278e37a56c806efc56218a6a07b7a57cd89826
x86_64
nodejs-libs-16.20.2-8.el9_4.x86_64.rpm
4583c065b9174a82a4137dc0c75c139715cf6ac23f294c1f79a4bf87a54bf708
x86_64
nodejs-16.20.2-8.el9_4.x86_64.rpm
6ce14aca83f7379c6b894b66e2dd9649926facd24814d9367fce19fe46bbeb9b
x86_64
nodejs-full-i18n-16.20.2-8.el9_4.x86_64.rpm
a069ab5d77d1be776634164ecbb0dac05c300e28077c463e4d37392cb0c1053b

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:2910 Important: nodejs security update