ALSA-2024:9605: kernel security update (Moderate)
ALSA-2024:9555: NetworkManager-libreswan security update (Important)
ALSA-2024:9333: openssl security update (Low)
ALSA-2024:9605: kernel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2024-11-20
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: net: nexthop: Initialize all fields in dumped nexthops (CVE-2024-42283)
* kernel: iommufd: Require drivers to supply the cache_invalidate_user ops (CVE-2024-46824)
* kernel: mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-9605.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2024:9555: NetworkManager-libreswan security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2024-11-20
Summary:
This package contains software for integrating the libreswan VPN software with NetworkManager and the GNOME desktop
Security Fix(es):
* NetworkManager-libreswan: Local privilege escalation via leftupdown (CVE-2024-9050)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-9555.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2024:9333: openssl security update (Low)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Low
Release date: 2024-11-20
Summary:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: Unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511)
* openssl: Excessive time spent checking DSA keys and parameters (CVE-2024-4603)
* openssl: Use After Free with SSL_free_buffers (CVE-2024-4741)
* openssl: SSL_select_next_proto buffer overread (CVE-2024-5535)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-9333.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
