RLEA-2019:3511 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libvarlink. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libvarlink-devel-18-3.el8.aarch64.rpm d6418a07e221ceb3e4f7265378a987d2d96f4e94f14e057f1e717b2357d5f2a8 RLSA-2019:3553 GNOME is the default desktop environment of Rocky Linux. Security Fix(es): * evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459) * gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd (CVE-2019-12795) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for pidgin, gnome-desktop3, pango, gdk-pixbuf2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GNOME is the default desktop environment of Rocky Linux. Security Fix(es): * evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459) * gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd (CVE-2019-12795) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms gdk-pixbuf2-xlib-2.36.12-5.el8.aarch64.rpm 395e79cc4261f2e029da140bd244270ff8d56a108a17633011ef08fb1f6674b1 gdk-pixbuf2-xlib-devel-2.36.12-5.el8.aarch64.rpm 80c9d88483e2fb30cc8364da62fa40d7f7983669fbfa054fb3b417b96b90f34b libpurple-devel-2.13.0-5.el8.aarch64.rpm f16ff1b62ce079b97d71e3a71b115cfed22e32ef1e071f82ff8d059e3309bf45 RLBA-2019:3558 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libhbaapi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libhbaapi-devel-2.2.9-13.el8.aarch64.rpm d7cb90e61dabb55e05422f89833f732e354c23e41b5e158f4b87bd45a357f18f RLBA-2019:3593 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ipset. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms ipset-devel-7.1-1.el8.aarch64.rpm 0b3d12a19d21fedccf90e4caf0f04932401b42668c1bc64285e28d51c92c430b RLSA-2020:0633 The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line. Security Fix(es): * ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for ppp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line. Security Fix(es): * ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms ppp-devel-2.4.7-26.el8_1.aarch64.rpm fed85df6c00926fab96ead780e08a239a1dc405259d742dfba609c1776326e78 RLSA-2020:1766 GNOME is the default desktop environment of Rocky Linux. Security Fix(es): * LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp (CVE-2018-20337) * gdm: lock screen bypass when timed login is enabled (CVE-2019-3825) * gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c (CVE-2019-12447) * gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write (CVE-2019-12448) * gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges (CVE-2019-12449) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for mozjs52, gnome-tweaks, clutter, gnome-menus, mozjs60, baobab. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GNOME is the default desktop environment of Rocky Linux. Security Fix(es): * LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp (CVE-2018-20337) * gdm: lock screen bypass when timed login is enabled (CVE-2019-3825) * gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c (CVE-2019-12447) * gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write (CVE-2019-12448) * gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges (CVE-2019-12449) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms clutter-devel-1.26.2-8.el8.aarch64.rpm 70d9c053a71abfa566ebc641369def4a8c4bda27d65cb85abde8082393b63b2d clutter-doc-1.26.2-8.el8.aarch64.rpm 01f4abb032bd63e896d15e15995811eb99f67813919521db123657facc4db734 gnome-menus-devel-3.13.3-11.el8.aarch64.rpm 9655f1f5dc5a6a3a36ee740e8cbd721e56bfc39791267fbe30bb13417f6e8376 mozjs52-devel-52.9.0-2.el8.aarch64.rpm 43d74c8ab5799c42af18b14e4bf4d8e545f52b3b0a217da0e4388f9de891143f mozjs60-devel-60.9.0-4.el8.aarch64.rpm dbc51c9f254cd2837672152dd7b92b627e77010d2265f56a5308e3b4e2737e79 RLBA-2020:1919 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ppp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms ppp-devel-2.4.7-26.el8_1.aarch64.rpm fed85df6c00926fab96ead780e08a239a1dc405259d742dfba609c1776326e78 RLSA-2020:2755 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for nghttp2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms libnghttp2-devel-1.33.0-3.el8_3.1.aarch64.rpm 07f7c4e28be394cd871f862d451d8d009243bce39db51547305decc95f876977 nghttp2-1.33.0-3.el8_3.1.aarch64.rpm 447b50538b2bba1e82adf24b317febd2c2e1934d7f3b0db4d48710b4fafa2fd4 RLSA-2020:3654 The libcroco is a standalone Cascading Style Sheet level 2 (CSS2) parsing and manipulation library. Security Fix(es): * libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c (CVE-2020-12825) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libcroco. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libcroco is a standalone Cascading Style Sheet level 2 (CSS2) parsing and manipulation library. Security Fix(es): * libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c (CVE-2020-12825) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms libcroco-devel-0.6.12-4.el8_2.1.aarch64.rpm 3490b1bce032ef7f8257a25c1d0038d19d53a6dfa446c68b78edc6ca317c15a2 RLSA-2020:4451 GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: gnome-remote-desktop (0.1.8), pipewire (0.3.6), vte291 (0.52.4), webkit2gtk3 (2.28.4), xdg-desktop-portal (1.6.0), xdg-desktop-portal-gtk (1.6.0). (BZ#1775345, BZ#1779691, BZ#1817143, BZ#1832347, BZ#1837406) Security Fix(es): * webkitgtk: Multiple security issues (CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-10018, CVE-2020-11793) * gnome-settings-daemon: Rocky Enterprise Software Foundation Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391) * LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for xdg-desktop-portal-gtk, tracker, LibRaw, vte291, gnome-remote-desktop, PackageKit, pipewire, pipewire0.2, potrace, gtk3, dleyna-renderer, libsoup, pygobject3, webrtc-audio-processing, frei0r-plugins, gnome-session, gsettings-desktop-schemas. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: gnome-remote-desktop (0.1.8), pipewire (0.3.6), vte291 (0.52.4), webkit2gtk3 (2.28.4), xdg-desktop-portal (1.6.0), xdg-desktop-portal-gtk (1.6.0). (BZ#1775345, BZ#1779691, BZ#1817143, BZ#1832347, BZ#1837406) Security Fix(es): * webkitgtk: Multiple security issues (CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-10018, CVE-2020-11793) * gnome-settings-daemon: Rocky Enterprise Software Foundation Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391) * LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms frei0r-devel-1.6.1-7.el8.aarch64.rpm 88d4506493d41c6b67a16eb3729440ca2e45fcea3425df4c36a76802eab9d596 pygobject3-devel-3.28.3-2.el8.aarch64.rpm 7c3790d68c1374f0d820f198b53b781a359e19ab3c26c28dbf4446885fc1691b tracker-devel-2.1.5-2.el8.aarch64.rpm fbf033c0c39b601858b75fcc0c9841bbe51f1ef6a392bd7d42f6ad9f0d8b66be vte291-devel-0.52.4-2.el8.aarch64.rpm 37c01b193488ba0f29867cb77e5e21d9b38a51806d3df01b088502d74b516da0 PackageKit-glib-devel-1.1.12-6.el8.0.2.aarch64.rpm 1aa41b9b134e2fc679be05d29a32ba8a24a92fb6af9a41a635019560bb35442c RLEA-2020:4555 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libpsl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libpsl-devel-0.20.2-6.el8.aarch64.rpm 122855f80f93aba722aed215a6bb8e0144b57d3b23a50f5ddcd882ac7838f911 RLEA-2020:4556 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libnetfilter_queue. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libnetfilter_queue-devel-1.0.4-3.el8.aarch64.rpm 909ba801f4c20405354ebeb119e5227930e18461acb1230a40ac0c78ed158ff8 RLBA-2020:4600 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for snappy. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms snappy-devel-1.1.8-3.el8.aarch64.rpm 45a11321fcd50252e3308239180bb7a316c948868161ce495ff257cedbb1a50b RLSA-2021:1586 GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: accountsservice (0.6.55), webkit2gtk3 (2.30.4). (BZ#1846376, BZ#1883304) Security Fix(es): * webkitgtk: type confusion may lead to arbitrary code execution (CVE-2020-9948) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-9951) * webkitgtk: out-of-bounds write may lead to code execution (CVE-2020-9983) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13543) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13584) * glib2: insecure permissions for files and directories (CVE-2019-13012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for enchant2, cairomm, gnome-photos, webkit2gtk3, chrome-gnome-shell, geoclue2, dleyna-server, woff2, libdazzle, gtk2, gvfs, gjs, gnome-settings-daemon, gtkmm24, accountsservice, gnome-control-center, gnome-shell, gnome-software, soundtouch, gnome-boxes, gnome-terminal, libsass, libsigc++20, nautilus, OpenEXR, gnome-online-accounts, gtkmm30, dleyna-core, vala, libvisual, geocode-glib, pangomm, gtk-doc, atkmm, gdm, gamin, glibmm24, mutter, libepubgen. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: accountsservice (0.6.55), webkit2gtk3 (2.30.4). (BZ#1846376, BZ#1883304) Security Fix(es): * webkitgtk: type confusion may lead to arbitrary code execution (CVE-2020-9948) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-9951) * webkitgtk: out-of-bounds write may lead to code execution (CVE-2020-9983) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13543) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13584) * glib2: insecure permissions for files and directories (CVE-2019-13012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms atkmm-devel-2.24.2-7.el8.aarch64.rpm 3ce0f75d449203a3b38c392b77ef1140e121e782fca436176c7399a49aaff063 atkmm-doc-2.24.2-7.el8.noarch.rpm 2598f60483489a4d971135fe643fd9a34d755e4a96c07689ab60bad21a582f59 cairomm-devel-1.12.0-8.el8.aarch64.rpm a4332361dd3875c34647654b7eb2b8ac8906cc859c2cc6a9a332974ca12c1020 cairomm-doc-1.12.0-8.el8.noarch.rpm 138b57e136e261b564d6a902178d07fd422fe83f05caa53a50ec32705ea4174e enchant2-devel-2.2.3-3.el8.aarch64.rpm 39d78a0cdf5f847dc5e03dac4beff2c8a98d8acd586f75b8580f13b9493117fc gamin-devel-0.1.10-32.el8.aarch64.rpm 224fe45aca747ec52ee7efe8238c554bc5cbeb93affb7a2ed8eb4ec98646992f geoclue2-devel-2.5.5-2.el8.aarch64.rpm 3e1fd9077722989c0137f505363af74881362f98dd77436374c719bc2212a6e9 gjs-devel-1.56.2-5.el8.aarch64.rpm 5d8c7eeab9fb183d900ec631e1835adb347f9ccad2b29f84f06e557eab14bad4 glibmm24-devel-2.56.0-2.el8.aarch64.rpm 2da7e692956a605243eac33baf176afa0689dab826071f8e1e5112f0bdc68981 glibmm24-doc-2.56.0-2.el8.noarch.rpm e4c1b83ec081cc5d49aa33270b12bc407eea45ebad3ccdce525e46a88e79503a gtkmm24-devel-2.24.5-6.el8.aarch64.rpm dea4c33c15f8a7f905476971d3ac890002bab261d75a4151a4e0397366121700 gtkmm24-docs-2.24.5-6.el8.noarch.rpm b139c29053b16cd003baef27d687666b3ab39b9c8903011d1b3c7f82f5c275e6 gtkmm30-devel-3.22.2-3.el8.aarch64.rpm e96ea81b12b138b729ea1089b71a1ad2151587f5a9608fa9519692159bdd6766 gtkmm30-doc-3.22.2-3.el8.noarch.rpm 71f74a9b26e199050e0eaf869affba48af9648adea4818093b740b72964dca47 libdazzle-3.28.5-2.el8.aarch64.rpm 0b865d21693613cf5a28ee77a64ba7afe9d76a94e10846670595d72938a51450 libdazzle-devel-3.28.5-2.el8.aarch64.rpm 09b78dd3ac2868b1a16da3479ef702245b074be10804e9cbc3b23a72a75f4d4e libepubgen-devel-0.1.0-3.el8.aarch64.rpm 830206e940b4b2c8acb26587ed284b0a9a76bfcdb88c81c95571e619fc7aa929 libsass-3.4.5-6.el8.aarch64.rpm 0035af205c179c8e27c809be5f2ccf9749f3ad08cdcc112f12a1530cc778e11f libsass-devel-3.4.5-6.el8.aarch64.rpm 304b3e4ca60b9fcf0febc760ed75f4e64231cd795887c0c86af55560a4ca053e libsigc++20-devel-2.10.0-6.el8.aarch64.rpm 2ac82883d78ee3ea6404371b154122ef2edffdfac901a140c9da4255b22101f2 libsigc++20-doc-2.10.0-6.el8.noarch.rpm 4bd0fad981c77439d2f94977a0c5314b008dfa87658055909df65a2cae90ae80 libvisual-devel-0.4.0-25.el8.aarch64.rpm 95827c74199bddbec86fd8a7c275476f9222dd4460179be9c0a9b24c6077e9c2 OpenEXR-devel-2.2.0-12.el8.aarch64.rpm e3d2fe1166489a18b48d61f072f212153adec8a8334b91e8beb4e66647c20384 pangomm-devel-2.40.1-6.el8.aarch64.rpm f352eb7eac3d2c3589fcb7335b582b2c255c59f49de5ae588dff1f272a0ebbab pangomm-doc-2.40.1-6.el8.noarch.rpm 68d1b3c4e9b3cf47ccffa9b02a5ffc49639d3769b9ebb167cd1008c3709debf5 soundtouch-devel-2.0.0-3.el8.aarch64.rpm d3d1d408f971f3198b57b0c08f51081890b83bc27f419126878f2417ebfe5684 vala-0.40.19-2.el8.aarch64.rpm b60736b413a6aebda280c2cd50e0c2f8a6cf01f3df5ecc24103527c990101cd0 vala-devel-0.40.19-2.el8.aarch64.rpm dd42f9f869bf7f30a3d1958756e6c6554851c50beff34d678639463df9d1b360 woff2-devel-1.0.2-5.el8.aarch64.rpm 469ac0794b4cb1ab1c3480c407584cbfd028c41a56027d9c29bebf68b3483ef5 RLBA-2021:1587 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for librabbitmq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms librabbitmq-devel-0.9.0-3.el8.aarch64.rpm 062252941bcfd69c109fe8a297c37596bc08359151ad7614276c5024629db899 RLBA-2021:1612 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for avahi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms avahi-compat-howl-0.7-20.el8.aarch64.rpm 5b4c3edd4f0167d2ee584c68ec876b444735afed90d9b4493be8b2198c950a2f avahi-compat-howl-devel-0.7-20.el8.aarch64.rpm 4f9e209c14bf141d9917ed2ff93ce7138dc193545399b867223a0a8fbe6df516 avahi-compat-libdns_sd-0.7-20.el8.aarch64.rpm 994f6f8bb7a45af3092b5fbebbfaf91aa82d3f79886cce0ff017f15b41cbc2b2 avahi-compat-libdns_sd-devel-0.7-20.el8.aarch64.rpm a19d9a3cf7cf7906a5a623b7420aeabeffb5d82a0bb04a16e73a29612fa5f68c avahi-devel-0.7-20.el8.aarch64.rpm 9c7d64d9f0566a3eda278833d9f5f4245d67c166637e2d1048f51ef033101862 avahi-glib-devel-0.7-20.el8.aarch64.rpm 24c2639cf117cebdf6e8ea0039af196f4ebeb250ddf99e553749fbaf591a2aaa avahi-gobject-devel-0.7-20.el8.aarch64.rpm f202dc252d7e22218a5e202ec45c68aa885112d1b84af4d6e50dbb4ff0febb5f avahi-ui-0.7-20.el8.aarch64.rpm 60a039445f2f0eba99582fa08541336678339dced48b16a719b74c6a90b44112 avahi-ui-devel-0.7-20.el8.aarch64.rpm b67f58cc3357148e1238eaa0719e43ab25192acc810982b92d7a249f267352f6 RLSA-2021:1627 TrouSerS is an implementation of the Trusted Computing Group's Software Stack (TSS) specification. TrouSerS enables the user to write applications that make use of the Trusted Platform Module (TPM) hardware. The following packages have been upgraded to a later upstream version: trousers (0.3.15). (BZ#1725782) Security Fix(es): * trousers: tss user still has read and write access to the /etc/tcsd.conf file if tcsd is started as root (CVE-2020-24331) * trousers: tss user can be used to create or corrupt existing files, this could lead to DoS (CVE-2020-24332) * trousers: fails to drop the root gid privilege when no longer needed (CVE-2020-24330) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for trousers. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

TrouSerS is an implementation of the Trusted Computing Group's Software Stack (TSS) specification. TrouSerS enables the user to write applications that make use of the Trusted Platform Module (TPM) hardware. The following packages have been upgraded to a later upstream version: trousers (0.3.15). (BZ#1725782) Security Fix(es): * trousers: tss user still has read and write access to the /etc/tcsd.conf file if tcsd is started as root (CVE-2020-24331) * trousers: tss user can be used to create or corrupt existing files, this could lead to DoS (CVE-2020-24332) * trousers: fails to drop the root gid privilege when no longer needed (CVE-2020-24330) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms trousers-devel-0.3.15-1.el8.aarch64.rpm 547cf97a0d331e57887d783c5392e85ef70e58e6dd98306101db7a2a18120a6a RLBA-2021:1628 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for tpm-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms tpm-tools-devel-1.3.9.2-1.el8.aarch64.rpm 2d5fc1eb59830b2f1c278ff7766fd2bccb9f4fd0fb5f4bed6e816abd800bf4fe RLBA-2021:1689 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for librepo, librhsm. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms librhsm-devel-0.0.3-4.el8.aarch64.rpm 2b657d230d11a7d2bb7b26b22eeff8dc9adff54bb577279f6b8c88cc39bb33e3 RLEA-2021:1712 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libpcap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libpcap-devel-1.9.1-5.el8.aarch64.rpm 8d57af5c12dbf04882c43eb68c423e1ac65e0fae309d2562f9e46172a02e6c45 RLEA-2021:1720 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ima-evm-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms ima-evm-utils-devel-1.3.2-12.el8.aarch64.rpm b03137efb42dd9df637a718e5be3f303bb9b1742138eeb8c29393eaf4311dbbb RLBA-2021:1731 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for userspace-rcu. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms userspace-rcu-devel-0.10.1-4.el8.aarch64.rpm 9feb7f8b3cbf197e236522f051da0430de530f16a4d568cae0f26437a4478135 RLBA-2021:3594 The libdb packages provide the Berkeley Database, an embedded database supporting both traditional and client/server applications. Bug Fix(es) and Enhancement(s): * [FJ8.4 Bug]: [REG]The rpm command hangs and the CPU usage reaches 100% (BZ#2001972) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libdb packages provide the Berkeley Database, an embedded database supporting both traditional and client/server applications. Bug Fix(es) and Enhancement(s): * [FJ8.4 Bug]: [REG]The rpm command hangs and the CPU usage reaches 100% (BZ#2001972) rocky-linux-8-aarch64-powertools-rpms libdb-cxx-5.3.28-42.el8_4.aarch64.rpm 1f287a8485fd6ba35a6f9c9c759f7411e6724cea7ea67c87e58357087f2b466f libdb-cxx-devel-5.3.28-42.el8_4.aarch64.rpm 72a4362de15c13453dda3bf8cc2c0782c583c302b390270b88cf3d0a2d4e696f libdb-devel-doc-5.3.28-42.el8_4.noarch.rpm 75d6fad816ec9f39c8f77f2d0eb7abcf6a01acb377b20d0d26e389a6a21bf15a libdb-sql-5.3.28-42.el8_4.aarch64.rpm c5cf5c1261dca953db4c11f8c4ae888d05c97691b1b7d73cfc9f98680717c13e libdb-sql-devel-5.3.28-42.el8_4.aarch64.rpm e5f06c20a11a00c96fc2725ca4e2483ed07b2c3f8e1a28aeb83c620d02eb3668 RLBA-2021:4371 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libxcrypt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libxcrypt-static-4.1.1-6.el8.aarch64.rpm e541c616e57e4b1f370758a6769e75bc337dba9d818e06d35045ea8a5bdff928 RLSA-2021:4373 PCRE is a Perl-compatible regular expression library. Security Fix(es): * pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 (CVE-2019-20838) * pcre: Integer overflow when parsing callout numeric arguments (CVE-2020-14155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for pcre. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

PCRE is a Perl-compatible regular expression library. Security Fix(es): * pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 (CVE-2019-20838) * pcre: Integer overflow when parsing callout numeric arguments (CVE-2020-14155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms pcre-static-8.42-6.el8.aarch64.rpm 7e897d5f423bd097c5b2d9a9a65e4ce5f116332d97db706783d7675bb6913b98 RLBA-2021:4377 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for quota. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms quota-devel-4.04-14.el8.aarch64.rpm de5c04e197e1fa1a441791c8d9c778c548daa3f0a618f999df322606384b95dd RLSA-2021:4381 GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300) Security Fix(es): * webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558) * LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918) * webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788) * webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789) * webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799) * webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801) * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844) * webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870) * webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871) * webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775) * webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779) * webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806) * webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663) * webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665) * webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682) * webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689) * webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734) * webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749) * webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795) * webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799) * webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623) * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241) * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for gnome-shell-extensions, webkit2gtk3, LibRaw, gnome-settings-daemon, gsettings-desktop-schemas, gnome-autoar, mutter, accountsservice, gnome-control-center, gnome-online-accounts, gnome-shell, gtk3, gdm, vino, gnome-software, gnome-session, gnome-calculator. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300) Security Fix(es): * webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558) * LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918) * webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788) * webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789) * webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799) * webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801) * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844) * webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870) * webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871) * webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775) * webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779) * webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806) * webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663) * webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665) * webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682) * webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689) * webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734) * webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749) * webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795) * webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799) * webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623) * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241) * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms gnome-software-devel-3.36.1-10.el8.aarch64.rpm b1fe1ce430a9186ef8f3da64f75aae7f0fc609c6ab31094014930355f82cef9c RLEA-2021:4405 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libmodulemd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libmodulemd-devel-2.13.0-1.el8.aarch64.rpm eccd05e816f2630ab8348bc544618a5dab6eddc2304b10423eb3cd449cffcdaf RLBA-2021:4412 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mpitests, mvapich2, ucx, qperf, opensm, rpm-mpi-hooks, rdma-core, mstflint, libvma, openmpi, fabtests, perftest, libfabric, mpich. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms opensm-devel-3.3.24-1.el8.aarch64.rpm 9828e7587346eefa799b479e3799c0767c2ffb94b78b2cdad890fea4d8b89965 RLBA-2021:4446 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for iscsi-initiator-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms iscsi-initiator-utils-devel-6.2.1.4-4.git095f59c.el8.aarch64.rpm 033481967bfd8e23125b4a47dfa4da663c1e1046efc3a19402f484cb23c8805d RLBA-2021:4475 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for freeipmi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms freeipmi-devel-1.6.8-1.el8.aarch64.rpm 1cf47dd06f60d27f912a31285b49fbbd89847dc9dc440062d0607c0fe4715a93 RLBA-2021:4477 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for parted. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms parted-devel-3.2-39.el8.aarch64.rpm 0dc8c23dff9be5f0598da039402e558a98011f15f74aeaa9f12765f0c806b664 RLBA-2021:4483 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for OpenIPMI. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms OpenIPMI-devel-2.0.31-3.el8.aarch64.rpm 740976f572fbdb3a06e21e92ff16de27f9e060abf0421f5392c5a2c09b09c1e8 RLEA-2021:4488 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for hwloc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms hwloc-devel-2.2.0-3.el8.aarch64.rpm df96f75eb5aaa70af9c688a2fe7e64688e6abc23abb48d5c9c1bbc40cac13fe2 RLBA-2021:4505 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mobile-broadband-provider-info. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms mobile-broadband-provider-info-devel-20210805-1.el8.noarch.rpm 7a39848d36b0cce3fb579b79202c4b768831698134392940e50d2ced22975191 RLBA-2021:4507 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for fontconfig. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms fontconfig-devel-doc-2.13.1-4.el8.noarch.rpm f40bd239864c2fb6e63422c5c25a7e6c13abdf87edb075da0286845426005066 RLSA-2021:4510 The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fix(es): * lua: segmentation fault in getlocal and setlocal functions in ldebug.c (CVE-2020-24370) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for lua. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fix(es): * lua: segmentation fault in getlocal and setlocal functions in ldebug.c (CVE-2020-24370) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms lua-devel-5.3.4-12.el8.aarch64.rpm d7074e80409036c94b4af3cba4738f4bc7677fd403c87d5ab4cb7a189854b548 RLSA-2021:4513 The libsepol library provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy (the policy compiler) and similar tools, as well as by programs like load_policy that need to perform specific transformations on binary policies (for example, customizing policy boolean settings). Security Fix(es): * libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36084) * libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36085) * libsepol: use-after-free in cil_reset_classpermission() (CVE-2021-36086) * libsepol: heap-based buffer overflow in ebitmap_match_any() (CVE-2021-36087) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libsepol. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libsepol library provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy (the policy compiler) and similar tools, as well as by programs like load_policy that need to perform specific transformations on binary policies (for example, customizing policy boolean settings). Security Fix(es): * libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36084) * libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36085) * libsepol: use-after-free in cil_reset_classpermission() (CVE-2021-36086) * libsepol: heap-based buffer overflow in ebitmap_match_any() (CVE-2021-36087) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libsepol-static-2.9-3.el8.aarch64.rpm 7e64f3cf5d6454ada316e380041c940c5e93622d27cc57b9043fb26c2703b25f RLEA-2022:2014 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mpitests, ucx, rdma-core, mstflint, libvma, libpsm2, fabtests, openmpi, pmix, perftest, eth-tools, mpich, libfabric. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms pmix-devel-2.2.5-1.el8.aarch64.rpm c8463f6ed8c90aaeb9a7549dcd27bcc29f2abd23ba380c2bf1a6dbf2f87e3eb1 python3-mpich-3.4.2-1.el8.aarch64.rpm 4a49304075029ff3a6eb5aa11bd91c8b211f004ec5479fda1f7662e9658328e2 python3-openmpi-4.1.1-3.el8.aarch64.rpm 4efc4706dc706800490f4e52cb0aa1b2e618a3c7a21a1f5458135141fba7f132 RLBA-2022:2027 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for json-c. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms json-c-doc-0.13.1-3.el8.noarch.rpm d27af04338be30aed0ad2d64bb84dddd51cda618cc346f82d726f0c63a94f98a RLBA-2022:2060 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for kmod. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms kmod-devel-25-19.el8.aarch64.rpm 3d6898dedcf7caf2eda69826d7836ac488a8765f06c0f6652796fe7e389e8cd0 RLBA-2022:2009 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ModemManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms ModemManager-devel-1.18.2-1.el8.aarch64.rpm 96722b9fbab2b20238d4d0cacfb95dd6deb20e46bbf6798bb5d8df1dc1fe97f5 ModemManager-glib-devel-1.18.2-1.el8.aarch64.rpm 06ba03a40d9fcc01b4525e109f1b6fd84dc36e81316c7941315e3065dd50d61d RLBA-2022:2035 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libstoragemgmt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libstoragemgmt-devel-1.9.1-3.el8.aarch64.rpm e361bde333186ce60f0cb34bb547ef25bb99616b02638fc5f1cb8e2a4d51f171 RLBA-2022:2046 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libcomps. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libcomps-devel-0.1.18-1.el8.aarch64.rpm 138c9389a234be30a5787c8c29d66bf4ecd6abea004af1bf78b11b2d3e9bd276 RLBA-2022:2089 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for pcsc-lite. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms pcsc-lite-devel-1.9.5-1.el8.aarch64.rpm e2cf99fb4f88d7bf5511ea099b8fea4030aa3ee4d96f6ccdf6e6fb1423191a4d RLBA-2022:2099 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sysfsutils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libsysfs-devel-2.1.0-25.el8.aarch64.rpm a75966ebfc47820152f09a39b645e7f215e8135c8676e9d77c07396f4fad88db RLBA-2022:2101 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libnftnl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libnftnl-devel-1.1.5-5.el8.aarch64.rpm b6790fa35eab8837569c109c2f486c9d139d2f0ccaeaf2f77da872b6aad78dc2 RLBA-2022:2117 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gpgme. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms gpgme-devel-1.13.1-11.el8.aarch64.rpm 7ae86ed2d02b649eecf6e264e10ee92255a601637fb81b67a822aee5d3492fba gpgmepp-devel-1.13.1-11.el8.aarch64.rpm 849de0ad6405675f3edffedea5d096a508c8b37ebb19fb46965d7bce9c007229 qgpgme-devel-1.13.1-11.el8.aarch64.rpm 581ec1afcad28dd03e669e8a8f5535d865ba6e842636620f8a298e010097fb02 RLBA-2022:2118 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for texinfo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms texinfo-6.5-7.el8.aarch64.rpm e33bd3ab32d75e32a56c9a0e64bbb742421ac5287f007caa20583bf1fc08915b texinfo-tex-6.5-7.el8.aarch64.rpm 1c59ee6a8d6433caa4bfdeecf9606ff6ef3b352f491ed6d10827b3e865f74c3d RLSA-2022:4991 XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for xz. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms xz-lzma-compat-5.2.4-4.el8_6.aarch64.rpm 8b7f1dbc1caa00b21b52ff5d4a1862ea6d2a97bdc46056eae74dcc5bbd07f829 RLSA-2022:5809 The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Security Fix(es): * pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c (CVE-2022-1586) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for pcre2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Security Fix(es): * pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c (CVE-2022-1586) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms pcre2-tools-10.32-3.el8_6.aarch64.rpm d6369bf74c05cc12866b0213c16dc0217fb02b3cef7f1c0c5598fce237c623d4 RLBA-2022:5815 The bash packages provide Bash (Bourne-again shell), which is the default shell for Rocky Linux. Bug Fix(es) and Enhancement(s): * Segfault in 'buffered_getchar()' function in bash (BZ#2097659) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for bash. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The bash packages provide Bash (Bourne-again shell), which is the default shell for Rocky Linux. Bug Fix(es) and Enhancement(s): * Segfault in 'buffered_getchar()' function in bash (BZ#2097659) rocky-linux-8-aarch64-powertools-rpms bash-devel-4.4.20-4.el8_6.aarch64.rpm 9577d3838b3a1b018850ddd4b50ae41258f97521b7ec55a8bb6144b1e0dcb6fa RLSA-2022:7089 KSBA (pronounced Kasbah) is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Security Fix(es): * libksba: integer overflow may lead to remote code execution (CVE-2022-3515) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for libksba. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

KSBA (pronounced Kasbah) is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Security Fix(es): * libksba: integer overflow may lead to remote code execution (CVE-2022-3515) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms libksba-devel-1.3.5-8.el8_6.aarch64.rpm ea375b017b32e8a122599ad5f51e85157f6c468225ba425e1e698b60f591376e RLBA-2022:7107 GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Bug Fix(es) and Enhancement(s): * Add --interface-info-[body|header] modes to gdbus-codegen. (BZ#2124615) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for glib2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Bug Fix(es) and Enhancement(s): * Add --interface-info-[body|header] modes to gdbus-codegen. (BZ#2124615) rocky-linux-8-aarch64-powertools-rpms glib2-doc-2.56.4-158.el8_6.1.noarch.rpm aa64cb9e557a147c0ba86aef7701e556397a660ebaa7822bdc19c57b448ee3f0 glib2-static-2.56.4-158.el8_6.1.aarch64.rpm 0f8a19b268e0fe16bd451aa6559ef625a0065c97b255f4ba78f423921b3f5948 RLBA-2022:7116 The libsemanage library provides an API for the manipulation of SELinux binary policies. It is used by the checkpolicy compiler and similar utilitlies, as well as by programs such as load_policy, which must perform specific transformations on binary policies, such as customizing policy Boolean settings. Bug Fix(es) and Enhancement(s): * libsemanage's check_ext_changes doesn't pick up boolean changes (BZ#2129139) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libsemanage. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libsemanage library provides an API for the manipulation of SELinux binary policies. It is used by the checkpolicy compiler and similar utilitlies, as well as by programs such as load_policy, which must perform specific transformations on binary policies, such as customizing policy Boolean settings. Bug Fix(es) and Enhancement(s): * libsemanage's check_ext_changes doesn't pick up boolean changes (BZ#2129139) rocky-linux-8-aarch64-powertools-rpms libsemanage-devel-2.9-9.el8.aarch64.rpm e3b68ccbc3625edefb7633a642bdc7e72c106c57caccc262292706b5a77737ae RLBA-2022:7682 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for babeltrace. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libbabeltrace-devel-1.5.4-4.el8.aarch64.rpm cf260410671ee1ecc3aa3ce1ec886016a5b3bcc51ea5bd6e855472d4be0e85ab python3-babeltrace-1.5.4-4.el8.aarch64.rpm 2b615b9a5132f0453cfb604114e7beca67a40457c165022bf46c956325be345e RLSA-2022:7683 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516) * race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558) * use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640) * memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002) * smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168) * NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617) * swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854) * uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016) * race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048) * use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055) * use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184) * NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852) * buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078) * nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586) * openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639) * use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938) * net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368) * possible to use the debugger to write zero into a location of choice (CVE-2022-21499) * Spectre-BHB (CVE-2022-23960) * Post-barrier Return Stack Buffer Predictions (CVE-2022-26373) * memory leak in drivers/hid/hid-elo.c (CVE-2022-27950) * double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390) * use after free in SUNRPC subsystem (CVE-2022-28893) * use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581) * DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946) * nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516) * race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558) * use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640) * memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002) * smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168) * NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617) * swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854) * uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016) * race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048) * use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055) * use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184) * NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852) * buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078) * nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586) * openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639) * use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938) * net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368) * possible to use the debugger to write zero into a location of choice (CVE-2022-21499) * Spectre-BHB (CVE-2022-23960) * Post-barrier Return Stack Buffer Predictions (CVE-2022-26373) * memory leak in drivers/hid/hid-elo.c (CVE-2022-27950) * double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390) * use after free in SUNRPC subsystem (CVE-2022-28893) * use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581) * DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946) * nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms kernel-tools-libs-devel-4.18.0-425.3.1.el8.aarch64.rpm 5b01115a6957b5fc706fe62d039458f47849535f808be68948e60a84a872bb7e RLBA-2022:7684 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms glibc-benchtests-2.28-211.el8.aarch64.rpm 6d58852845479bb4735702a165301ef3fedad5024a6e028d5d2902d9d72ef382 glibc-nss-devel-2.28-211.el8.aarch64.rpm 999fe735c19b950dbb43c7b1e0b3c39ea3707e27089254cdace8265c51c91fa0 glibc-static-2.28-211.el8.aarch64.rpm ad6c9af9a16f201fa46bce989f24b6315facb49a9eaec8233085cf3fcc91bfcf nss_hesiod-2.28-211.el8.aarch64.rpm 9cb58e444a438c542542a72dffb9d29739774f61e9e9b83ff44667830b046499 RLBA-2022:7688 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms gcc-plugin-devel-8.5.0-15.el8.aarch64.rpm 6d685cbc9a46104895773465cabbca140142fbf4a0d3ee969f9399e736a26a9f libstdc++-static-8.5.0-15.el8.aarch64.rpm a115c9dee155c0581c5a79141d187fc41ae9f8d18aa9de4540e21e04c8adfc8f RLSA-2022:7692 XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Security Fix(es): * expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143) * expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822) * expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823) * expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824) * expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825) * expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826) * expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for xmlrpc-c. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Security Fix(es): * expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143) * expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822) * expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823) * expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824) * expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825) * expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826) * expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms xmlrpc-c-c++-1.51.0-8.el8.aarch64.rpm 1c3ff959e2aa3555371b626616ca80b634dd4a583e8f84448ffc254adc955f0a xmlrpc-c-client++-1.51.0-8.el8.aarch64.rpm 998c7865d6a57015886f966dc09437640c11d9faf096676ac90b6c2cd5000ef1 xmlrpc-c-devel-1.51.0-8.el8.aarch64.rpm 2b91f0d1bafe0b998dc97321d6447f45df9fc8ddaf50ad674dd9644831d3fcf5 RLBA-2022:7698 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for samba. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libsmbclient-devel-4.16.4-2.el8.aarch64.rpm f1e2198e2093b2091fba8dacae92c15538a8842338ff3a63549cc942a7b9c921 libwbclient-devel-4.16.4-2.el8.aarch64.rpm 81903b7db0b76afd3a59dae306692a5bb0ec78cf126f3939703333977d772af3 samba-devel-4.16.4-2.el8.aarch64.rpm 1ce18783bd06580846a4b95cdf02d6d920ab9c2de2b87a22f3a02bbe9e9aab42 RLBA-2022:7707 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nftables. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms nftables-devel-0.9.3-26.el8.aarch64.rpm a56a2130f8aa38495cdf734e7d03f92fbe132fe8a480ba2bdedc4972996e6e2b RLBA-2022:7711 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libdnf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libdnf-devel-0.63.0-11.1.el8.aarch64.rpm bd59516bab7295b99375c1e12853f94aa99540559e018bdc911cb6f5c153d71c RLBA-2022:7713 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libsolv. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libsolv-devel-0.7.20-3.el8.aarch64.rpm 8ca1790650859d8fa60562eb9bea3ac5c27632265c1a314fbdf20daa76a36a6d libsolv-tools-0.7.20-3.el8.aarch64.rpm 231591cf858218021f38b73f149c78a9dd72ce0dfa452b3785cfb82b697e1046 RLBA-2022:7714 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for device-mapper-multipath. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms device-mapper-multipath-devel-0.8.4-28.el8.aarch64.rpm 2344d05507232dbb9c00ada8b3891b6cb55f464d327350cd3774d1184f946a80 RLBA-2022:7717 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for elfutils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms elfutils-devel-static-0.187-4.el8.aarch64.rpm 4bae4bb7ebdb02d4be7bb665a9897c1777e1299320bf722ee0af5dbf3dd60778 elfutils-libelf-devel-static-0.187-4.el8.aarch64.rpm 615958bb396115fd3956251a2a1843e92eae082e846edb8a95e2b7ad5c318bfd RLSA-2022:7720 The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. Security Fix(es): * e2fsprogs: out-of-bounds read/write via crafted filesystem (CVE-2022-1304) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for e2fsprogs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. Security Fix(es): * e2fsprogs: out-of-bounds read/write via crafted filesystem (CVE-2022-1304) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libss-devel-1.45.6-5.el8.aarch64.rpm 21f73ef3c5e6a717908c3b225e2764b008893e5237c9df19a884d20725fcc69f RLBA-2022:7724 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for zlib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms zlib-static-1.2.11-20.el8.aarch64.rpm df0ff729403eb06f1544476865d5e314ee199ac2292c81560f1ed907b761be6f RLBA-2022:7731 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ding-libs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libbasicobjects-devel-0.1.1-40.el8.aarch64.rpm d1a16c194a5d50910c095ee107a3443a1239c93e7d320cf54294c2063e959163 libcollection-devel-0.7.0-40.el8.aarch64.rpm 07ff9c398956d0a3adbbcf40e255c0a014620795fa602030aedc872594f1e43f libini_config-devel-1.3.1-40.el8.aarch64.rpm 82a8a5dbb3749c8c08c6d5d38c476bd53732d82463a96be1098e3c1829388ebf libpath_utils-devel-0.2.1-40.el8.aarch64.rpm 759a59951593006ee40bcae07b7fc5814e1150accf4a9774905d08074d2fb81e libref_array-devel-0.1.5-40.el8.aarch64.rpm a1fec07db5c9ee6cfa5f73335efd3f471fefa6381c6e13070983553d268b4d5d RLSA-2022:7730 The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. The following packages have been upgraded to a later upstream version: libldb (2.5.2). (BZ#2077484) Security Fix(es): * samba: AD users can induce a use-after-free in the server process with an LDAP add or modify request (CVE-2022-32746) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libldb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. The following packages have been upgraded to a later upstream version: libldb (2.5.2). (BZ#2077484) Security Fix(es): * samba: AD users can induce a use-after-free in the server process with an LDAP add or modify request (CVE-2022-32746) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms python3-ldb-devel-2.5.2-2.el8.aarch64.rpm 20ed79affadecd7b04d7337e2269d590fc0f25ab9b6001dd875dc563a876f768 python-ldb-devel-common-2.5.2-2.el8.aarch64.rpm 5f4098d0c57e6c38ccbd0b277882adf10c10dd59d2007f405ccd3fa3e52e8241 RLBA-2022:7735 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for bluez. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms bluez-libs-devel-5.63-1.el8.aarch64.rpm 9864aa8c8cbe75c84f75fdb81504e94f93540af06f73d55c76942ea6cee211f8 RLBA-2022:7737 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms opencryptoki-devel-3.18.0-3.el8.aarch64.rpm 0d9213a2c66345bab707ad84d529821541d825e2a1dcee08cea92ac2a0e26f16 RLBA-2022:7752 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for iproute. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms iproute-devel-5.18.0-1.el8.aarch64.rpm 80ed895917d1f6d9426fa2d12564d9bd5bf7981cb9d60d50d8ecdcc533e5d6e9 RLBA-2022:7757 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sg3_utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms sg3_utils-devel-1.44-6.el8.aarch64.rpm df0409adc7e1ef13b2694178fdf741005b468a2c422d6dc207c845a3e5ceb1c9 RLBA-2022:7760 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ndctl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms daxctl-devel-71.1-4.el8.aarch64.rpm d5eed906f475779a804fbfb0dc2dccd24762197707da4d5757260dda63c42d67 ndctl-devel-71.1-4.el8.aarch64.rpm d5d856b1b7778bdb19cdc1178ff436ed4942f23d2fff9916ed9f25a06dd70d2a RLBA-2022:7767 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libbpf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libbpf-devel-0.5.0-1.el8.aarch64.rpm 778b4bdbc64e11a4cec8abddb9f04bc7c20801cc82179b2d73cf78165403dd4f libbpf-static-0.5.0-1.el8.aarch64.rpm d8d93fe728658e8357f5cbfeac7fa1ffd05925090a19dc3f347d8dba79c9a32e RLBA-2022:7768 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nfs-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libnfsidmap-devel-2.3.3-57.el8.aarch64.rpm cd2a9e6a0d1dca5a8fb1a8a74de5977e5c5d75a988c531d63d7e3c963cd674a5 RLBA-2022:7774 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sanlock. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms sanlock-devel-3.8.4-4.el8.aarch64.rpm 9d74a2ddba5a2178bf20962e11aab311d9e20cd7933f9f9962249ba5468de455 RLBA-2022:7780 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for librepo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms librepo-devel-1.14.2-3.el8.aarch64.rpm 1928eb0a8cfbccf380534dce43af9f05df3dea0192029f84e1848921038249b2 RLBA-2022:7783 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for util-linux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libmount-devel-2.32.1-38.el8.aarch64.rpm cd68ef5a5764de0399aab711f2794bfc144dc0cecb007112c4f0002eea8f29b8 RLBA-2022:7786 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libselinux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libselinux-static-2.9-6.el8.aarch64.rpm 46ea96a3a539b00a656bfd7d2226ac0c9c8351c55dc1f89acd36576ea3e92010 RLBA-2022:7788 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libarchive. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libarchive-devel-3.3.3-4.el8.aarch64.rpm 2b7028c3d90c5a480895c6487062d77ecffaeb2809c042ea092718cfa726c249 RLBA-2022:7792 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for lvm2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms device-mapper-devel-1.02.181-6.el8.aarch64.rpm beaaba258ffca016a1f45386505b04b2b8773ea7772e3394bd30c5a5c80a3f50 device-mapper-event-devel-1.02.181-6.el8.aarch64.rpm 794116a151399702cce2a2878d5d167bfd9b2c5bea2fb6b717ea067c04925bbd lvm2-devel-2.03.14-6.el8.aarch64.rpm 5dbe585c0e524a4927a626b25ef387415160f840b89e0a57737e78f40359a8a4 RLBA-2022:7794 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for shadow-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms shadow-utils-subid-devel-4.6-17.el8.aarch64.rpm a7a33f64077adb33913093f7c1d692eab90e0ea4c9b6c9d2e0767c72ee644b2a RLEA-2022:7797 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ucx, rdma-core, mstflint, libvma, fabtests, eth-tools, libfabric. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libfabric-devel-1.15.1-1.el8.aarch64.rpm 85e619d955fe927962cc13396e7f5c542e0c8759efb87d5885e8c04e48a99ecb RLBA-2022:7800 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for tpm2-abrmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms tpm2-abrmd-devel-2.3.3-3.el8.aarch64.rpm 3e1eba85059d6d4cf4dc5c20eff4619b7f604d17701fce881023a186fc215e66 RLBA-2022:7802 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for liblockfile. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms liblockfile-devel-1.14-2.el8.aarch64.rpm 28f5d398d669e4d48fa5373bbec28ae4a463cb7df4bb780ba31391b22e6e5c46 RLBA-2022:7803 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libtalloc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms python3-talloc-devel-2.3.3-2.el8.aarch64.rpm 047a908eccf73b68180f4542d28f08d9d1be0d8c560cb6057682cf15a8c7d519 RLBA-2022:7804 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libsemanage. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libsemanage-devel-2.9-9.el8.aarch64.rpm e3b68ccbc3625edefb7633a642bdc7e72c106c57caccc262292706b5a77737ae RLBA-2022:7808 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for file. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms file-devel-5.33-21.el8.aarch64.rpm 48bc33073c2ae622a2e1989ddb9c6946245a39ae85835e59cdb804d6de2130bd RLBA-2022:7809 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libpwquality. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libpwquality-devel-1.4.4-5.el8.aarch64.rpm 1baff486601cdbb9410c43d87090d216f20472fec783d00ee3f7bbd5f9f6f3ad RLBA-2022:7828 NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es) and Enhancement(s): * Host ip changed when start vm (BZ#2132285) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es) and Enhancement(s): * Host ip changed when start vm (BZ#2132285) rocky-linux-8-aarch64-powertools-rpms NetworkManager-libnm-devel-1.40.0-2.el8_7.aarch64.rpm d6afd57538d2cc032f255630faf9e154f45b87f07a029b73db172b959977bb04 RLBA-2022:7829 The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es) and Enhancement(s): * Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) (BZ#2128544) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es) and Enhancement(s): * Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) (BZ#2128544) rocky-linux-8-aarch64-powertools-rpms libsss_nss_idmap-devel-2.7.3-4.el8_7.1.aarch64.rpm 876fb14ca6ee70e7b6765a8c5ba645a22ff88456304b416f660290d56c48f376 RLSA-2022:7928 The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fix(es): * device-mapper-multipath: Regression of CVE-2022-41974 fix in Rocky Linux (CVE-2022-3787) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for device-mapper-multipath. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fix(es): * device-mapper-multipath: Regression of CVE-2022-41974 fix in Rocky Linux (CVE-2022-3787) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms device-mapper-multipath-devel-0.8.4-28.el8_7.1.aarch64.rpm dbf51d30037ea66cf5cae876c220600dd2324c3ab4efb4ff07fe7f77c1bf0610 RLBA-2022:9028 The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Bug Fix(es) and Enhancement(s): * Transaction picks old build to satisfy dependencies (BZ#2151895) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libsolv. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Bug Fix(es) and Enhancement(s): * Transaction picks old build to satisfy dependencies (BZ#2151895) rocky-linux-8-aarch64-powertools-rpms libsolv-devel-0.7.20-4.el8_7.aarch64.rpm 1549de2fad1909d79db33b77b810a8a853bf9d344db6524129a04799ebd5aa8e libsolv-tools-0.7.20-4.el8_7.aarch64.rpm d79e51fd10c11fb718a68d23f2f439ebda6bac29e7cc1b71b07956708eb25835 RLBA-2023:0086 The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities. Bug Fix(es) and Enhancement(s): * Rocky Linux8.7 - opencryptoki C_GenerateKeyPair() fails after generating > 500 RSA keys with CEX7 crypto cards (BZ#2129059) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities. Bug Fix(es) and Enhancement(s): * Rocky Linux8.7 - opencryptoki C_GenerateKeyPair() fails after generating > 500 RSA keys with CEX7 crypto cards (BZ#2129059) rocky-linux-8-aarch64-powertools-rpms opencryptoki-devel-3.18.0-5.el8_7.aarch64.rpm cb33cf1fac3fa4e85b8942a9e33bf832288d20b7f44252c45aba45332e8cfba1 RLBA-2023:0090 The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Bug Fix(es) and Enhancement(s): * Rocky Linux8.4 - zlib: inflate() does not update strm.adler if DFLTCC is used (BZ#2137336) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for zlib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Bug Fix(es) and Enhancement(s): * Rocky Linux8.4 - zlib: inflate() does not update strm.adler if DFLTCC is used (BZ#2137336) rocky-linux-8-aarch64-powertools-rpms zlib-static-1.2.11-21.el8_7.aarch64.rpm 12cc9827423e4069ebd337fa1c112c930c058124ac2e55e4cab628467a5428e7 RLBA-2023:0098 NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es) and Enhancement(s): * crio occasionally fails to start during deployment (BZ#2132281) * DNS servers are not sorted according to priority in resolv.conf (BZ#2135733) * Hostname is not configured during IPI installation of OpenShift 4.10.3 on baremetal when using NMState and static IP config for a bond network interface. (BZ#2152891) * NMCLI OVS connections intermittently get stuck in "activating" state after power cycle or crash (BZ#2153429) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es) and Enhancement(s): * crio occasionally fails to start during deployment (BZ#2132281) * DNS servers are not sorted according to priority in resolv.conf (BZ#2135733) * Hostname is not configured during IPI installation of OpenShift 4.10.3 on baremetal when using NMState and static IP config for a bond network interface. (BZ#2152891) * NMCLI OVS connections intermittently get stuck in "activating" state after power cycle or crash (BZ#2153429) rocky-linux-8-aarch64-powertools-rpms NetworkManager-libnm-devel-1.40.0-5.el8_7.aarch64.rpm c6e59e50faaa8759aae5dbe09873b268b011423858f1f405ac8a70c4beacdf33 RLSA-2023:0101 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Rocky Linux8.4 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127849) * vfio zero page mappings fail after 2M instances (BZ#2128515) * ice: Driver Update up to 5.19 (BZ#2130992) * atlantic: missing hybernate/resume fixes (BZ#2131935) * Bluefield 2 DPU would crash and reboot due to a kernel panic (BZ#2134084) * Fix issue that enables STABLE_WRITES by default and causes performance regressions (BZ#2135813) * ice: Intel E810 PTP clock glitching (BZ#2136036) * ice: configure link-down-on-close on and change interface mtu to 9000,the interface can't up (BZ#2136216) * ice: dump additional CSRs for Tx hang debugging (BZ#2136513) * ice,iavf: system panic during sriov sriov_test_cntvf_reboot testing (BZ#2137270) * After upgrading to ocp4.11.1, our dpdk application using vlan strip offload is not working (BZ#2138157) * i40e: orphaned-leaky memory when interacting with driver memory parameters (BZ#2138205) * WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309 hrtimer_start_range_ns+0x35d/0x400 (BZ#2138953) * DELL EMC 8.6-RT: System is not booting into RT Kernel with perc12. (BZ#2139216) * Lenovo 8.7: The VGA display shows no signal when install Rocky Linux8.7 (BZ#2140152) * Host Pod -> NodePort Service traffic (Host Backend - Same Node) Flow Iperf Cannot Pass Traffic (BZ#2141878) * mlx5_core: mlx5_cmd_check messages scrolling with hardware offload enabled (BZ#2141957) * net/ice: VIRTCHNL_OP_CONFIG_VSI_QUEUES command handling failure with in-tree driver (BZ#2142017) * Rocky Linux:8.6+ IBM Partner issue - Loopback driver with ABORT_TASKS causing hangs in scsi eh, this bug was cloned for Rocky Linux8.6 and need this patch in 8.6+ (BZ#2144583) * AMdCLIENT 8.8: The kernel command line parameter "nomodeset" not working properly (BZ#2145218) * Path loss during Volume Ownership Change on Rocky Linux 8.7 SAS (BZ#2147374) * net/ice: OP_SET_RSS_HENA command not supported with in-tree driver (BZ#2148130) * iavf panic: iavf 0000:ca:01.0: Failed to init adminq: -53 (BZ#2149081) * Intel 8.8 iavf: Driver Update (bugfixes) (BZ#2149742) * Azure Rocky Linux-8 PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150912) * Rocky Linux-8.7: System fails to boot with soft lockup while loading/unloading an unsigned (E) kernel module. (BZ#2152206) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Rocky Linux8.4 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127849) * vfio zero page mappings fail after 2M instances (BZ#2128515) * ice: Driver Update up to 5.19 (BZ#2130992) * atlantic: missing hybernate/resume fixes (BZ#2131935) * Bluefield 2 DPU would crash and reboot due to a kernel panic (BZ#2134084) * Fix issue that enables STABLE_WRITES by default and causes performance regressions (BZ#2135813) * ice: Intel E810 PTP clock glitching (BZ#2136036) * ice: configure link-down-on-close on and change interface mtu to 9000,the interface can't up (BZ#2136216) * ice: dump additional CSRs for Tx hang debugging (BZ#2136513) * ice,iavf: system panic during sriov sriov_test_cntvf_reboot testing (BZ#2137270) * After upgrading to ocp4.11.1, our dpdk application using vlan strip offload is not working (BZ#2138157) * i40e: orphaned-leaky memory when interacting with driver memory parameters (BZ#2138205) * WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309 hrtimer_start_range_ns+0x35d/0x400 (BZ#2138953) * DELL EMC 8.6-RT: System is not booting into RT Kernel with perc12. (BZ#2139216) * Lenovo 8.7: The VGA display shows no signal when install Rocky Linux8.7 (BZ#2140152) * Host Pod -> NodePort Service traffic (Host Backend - Same Node) Flow Iperf Cannot Pass Traffic (BZ#2141878) * mlx5_core: mlx5_cmd_check messages scrolling with hardware offload enabled (BZ#2141957) * net/ice: VIRTCHNL_OP_CONFIG_VSI_QUEUES command handling failure with in-tree driver (BZ#2142017) * Rocky Linux:8.6+ IBM Partner issue - Loopback driver with ABORT_TASKS causing hangs in scsi eh, this bug was cloned for Rocky Linux8.6 and need this patch in 8.6+ (BZ#2144583) * AMdCLIENT 8.8: The kernel command line parameter "nomodeset" not working properly (BZ#2145218) * Path loss during Volume Ownership Change on Rocky Linux 8.7 SAS (BZ#2147374) * net/ice: OP_SET_RSS_HENA command not supported with in-tree driver (BZ#2148130) * iavf panic: iavf 0000:ca:01.0: Failed to init adminq: -53 (BZ#2149081) * Intel 8.8 iavf: Driver Update (bugfixes) (BZ#2149742) * Azure Rocky Linux-8 PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150912) * Rocky Linux-8.7: System fails to boot with soft lockup while loading/unloading an unsigned (E) kernel module. (BZ#2152206) rocky-linux-8-aarch64-powertools-rpms kernel-tools-libs-devel-4.18.0-425.10.1.el8_7.aarch64.rpm 7dc47f3b792b17656cadf22417d942b1b7b9bf3536a0977d63bbe6329ef37092 RLBA-2023:0105 The util-linux packages contain a large variety of low-level system utilities necessary for a Linux system to function. Among others, these include the libuuid and uuidd daemon. Bug Fix(es) and Enhancement(s): * Add --cont-clock feature for libuuid and uuidd [Rocky Linux-8] (BZ#2143252) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for util-linux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The util-linux packages contain a large variety of low-level system utilities necessary for a Linux system to function. Among others, these include the libuuid and uuidd daemon. Bug Fix(es) and Enhancement(s): * Add --cont-clock feature for libuuid and uuidd [Rocky Linux-8] (BZ#2143252) rocky-linux-8-aarch64-powertools-rpms libmount-devel-2.32.1-39.el8_7.aarch64.rpm 32beacfdb1dd7fffeff53b90bacbce2af561f804d2ddaacfedab540f21c019cf RLBA-2023:0106 The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Bug Fix(es) and Enhancement(s): * The ">>" operator of std::normal_distribution does not work properly. (BZ#2144075) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Bug Fix(es) and Enhancement(s): * The ">>" operator of std::normal_distribution does not work properly. (BZ#2144075) rocky-linux-8-aarch64-powertools-rpms gcc-plugin-devel-8.5.0-16.el8_7.aarch64.rpm f9da081971fd8bfaaf4c5e0d01025ac0ac85ac68fb6f9e508e73e00b7f920055 libstdc++-static-8.5.0-16.el8_7.aarch64.rpm af475e1a7ce587ad14fa18c36815eb6293bacbb4c5589ee4f95de16b72aeb8e3 RLBA-2023:0124 The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es) and Enhancement(s): * Analyzer: Optimize and remove duplicate messages in verbose list (BZ#2139871) * SSSD: `sssctl analyze` command shouldn't require 'root' privileged (BZ#2142961) * UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around (BZ#2148989) * authenticating against external IdP services okta (native app) with OAuth client secret failed (BZ#2152883) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es) and Enhancement(s): * Analyzer: Optimize and remove duplicate messages in verbose list (BZ#2139871) * SSSD: `sssctl analyze` command shouldn't require 'root' privileged (BZ#2142961) * UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around (BZ#2148989) * authenticating against external IdP services okta (native app) with OAuth client secret failed (BZ#2152883) rocky-linux-8-aarch64-powertools-rpms libsss_nss_idmap-devel-2.7.3-4.el8_7.3.aarch64.rpm ec11e1052c6e74eb492cb44a6510b49e3371b32bfabcf6074736c4f7c04b039b RLSA-2019:1529 The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up (CVE-2018-8037) * tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014) * tomcat: Open redirect in default servlet (CVE-2018-11784) * tomcat: Host name verification missing in WebSocket client (CVE-2018-8034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, xmlstreambuffer, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, stax-ex, xerces-j2, jakarta-commons-httpclient, glassfish-jaxb, xml-commons-resolver, relaxngDatatype. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up (CVE-2018-8037) * tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014) * tomcat: Open redirect in default servlet (CVE-2018-11784) * tomcat: Host name verification missing in WebSocket client (CVE-2018-8034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms__javapackages-tools apache-commons-collections-3.2.2-10.module+el8.3.0+74+855e3f5d.noarch.rpm 1962d12108c85c26d6c44584c3414afa93177a62fe5fe31b9cb6fff51cd75cb9 apache-commons-lang-2.6-21.module+el8.3.0+74+855e3f5d.noarch.rpm 2cd3cc1c2c68b00eaf7073efe0e649c14d4cbeee76322fca4dbfe239a65e1d29 jakarta-commons-httpclient-3.1-28.module+el8.3.0+74+855e3f5d.noarch.rpm f71217b74ea2188f28ebd2b0d2f6677a94709d3e2ebbf4d02b333905d6c15b1e javassist-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 825f8edc1944e27c4611567fcb91aca046ba7994e92c1c9c215d2d83124920e0 javassist-javadoc-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 8da2a537026464a73387891f3983170d6049e939815a754e56afd4822208c687 slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 slf4j-jdk14-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm d9f73b25226e215f33eb7cb543ec0a7104fb91911fee655ed0c58ad11f10e7e3 velocity-1.7-24.module+el8.3.0+74+855e3f5d.noarch.rpm ade96d58f90efb5525b69336ef4b52e440d0f45532c0118e21805e9a925351a8 xalan-j2-2.7.1-38.module+el8.3.0+74+855e3f5d.noarch.rpm 10e75783a7ccfc438619489e7884709106c0989b344098087c8c203d1661edd1 xerces-j2-2.11.0-34.module+el8.3.0+74+855e3f5d.noarch.rpm fa10d9d0fc58d7b35ba8f873c84601f9362239a8016987f7965f72d099e8bf78 xml-commons-apis-1.4.01-25.module+el8.3.0+74+855e3f5d.noarch.rpm 275a59ebebead1b5939045d1d662ce6f5b273ce28d6fc7211d9e4e0a468d3630 xml-commons-resolver-1.2-26.module+el8.3.0+74+855e3f5d.noarch.rpm aaa1426f9361c3acd22134b8e459735af876af2716471524233b9ab02e98a522 RLSA-2019:2720 The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, xmlstreambuffer, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, jackson-jaxrs-providers, stax-ex, xerces-j2, jakarta-commons-httpclient, glassfish-jaxb, xml-commons-resolver, relaxngDatatype. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms__javapackages-tools apache-commons-collections-3.2.2-10.module+el8.3.0+74+855e3f5d.noarch.rpm 1962d12108c85c26d6c44584c3414afa93177a62fe5fe31b9cb6fff51cd75cb9 apache-commons-lang-2.6-21.module+el8.3.0+74+855e3f5d.noarch.rpm 2cd3cc1c2c68b00eaf7073efe0e649c14d4cbeee76322fca4dbfe239a65e1d29 jakarta-commons-httpclient-3.1-28.module+el8.3.0+74+855e3f5d.noarch.rpm f71217b74ea2188f28ebd2b0d2f6677a94709d3e2ebbf4d02b333905d6c15b1e javassist-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 825f8edc1944e27c4611567fcb91aca046ba7994e92c1c9c215d2d83124920e0 javassist-javadoc-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 8da2a537026464a73387891f3983170d6049e939815a754e56afd4822208c687 slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 slf4j-jdk14-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm d9f73b25226e215f33eb7cb543ec0a7104fb91911fee655ed0c58ad11f10e7e3 velocity-1.7-24.module+el8.3.0+74+855e3f5d.noarch.rpm ade96d58f90efb5525b69336ef4b52e440d0f45532c0118e21805e9a925351a8 xalan-j2-2.7.1-38.module+el8.3.0+74+855e3f5d.noarch.rpm 10e75783a7ccfc438619489e7884709106c0989b344098087c8c203d1661edd1 xerces-j2-2.11.0-34.module+el8.3.0+74+855e3f5d.noarch.rpm fa10d9d0fc58d7b35ba8f873c84601f9362239a8016987f7965f72d099e8bf78 xml-commons-apis-1.4.01-25.module+el8.3.0+74+855e3f5d.noarch.rpm 275a59ebebead1b5939045d1d662ce6f5b273ce28d6fc7211d9e4e0a468d3630 xml-commons-resolver-1.2-26.module+el8.3.0+74+855e3f5d.noarch.rpm aaa1426f9361c3acd22134b8e459735af876af2716471524233b9ab02e98a522 RLSA-2019:2722 The libwmf packages provide a library for reading and converting Windows Metafile Format (WMF) vector graphics. The library is used by applications such as GIMP and ImageMagick. Security Fix(es): * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for libwmf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libwmf packages provide a library for reading and converting Windows Metafile Format (WMF) vector graphics. The library is used by applications such as GIMP and ImageMagick. Security Fix(es): * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms libwmf-devel-0.2.9-8.el8_0.aarch64.rpm 717b1b76322bba8a1d02acfdb5f08ed3e55db4b62289095fd446f41e8e7421ff RLEA-2019:3367 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for google-noto-cjk-fonts. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms google-noto-sans-cjk-jp-fonts-20190416-1.el8.noarch.rpm a0e76579364810ba3d2d252d31a1596f921074ca5c231f74257bb2585c08a59b RLBA-2019:3411 This update fixes two issues in lttng-ust and subpackages. There was a bad shebang in the /usr/bin/lttng-gen-tp utility that prevented users from executing it. This issue has been fixed. lttng-ust was only available for x86_64 architectures. lttng-ust is now available for all architectures supported on Rocky Linux. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for lttng-ust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

This update fixes two issues in lttng-ust and subpackages. There was a bad shebang in the /usr/bin/lttng-gen-tp utility that prevented users from executing it. This issue has been fixed. lttng-ust was only available for x86_64 architectures. lttng-ust is now available for all architectures supported on Rocky Linux. rocky-linux-8-aarch64-powertools-rpms lttng-ust-devel-2.8.1-11.el8.aarch64.rpm 09615b2f23fca15b7599e297aa89a3c1a8573619350f8fcd2502da18805d6a34 RLBA-2019:3416 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, xmlstreambuffer, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, jackson-jaxrs-providers, stax-ex, xerces-j2, jakarta-commons-httpclient, glassfish-jaxb, xml-commons-resolver, relaxngDatatype. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__javapackages-tools apache-commons-collections-3.2.2-10.module+el8.3.0+74+855e3f5d.noarch.rpm 1962d12108c85c26d6c44584c3414afa93177a62fe5fe31b9cb6fff51cd75cb9 apache-commons-lang-2.6-21.module+el8.3.0+74+855e3f5d.noarch.rpm 2cd3cc1c2c68b00eaf7073efe0e649c14d4cbeee76322fca4dbfe239a65e1d29 jakarta-commons-httpclient-3.1-28.module+el8.3.0+74+855e3f5d.noarch.rpm f71217b74ea2188f28ebd2b0d2f6677a94709d3e2ebbf4d02b333905d6c15b1e javassist-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 825f8edc1944e27c4611567fcb91aca046ba7994e92c1c9c215d2d83124920e0 javassist-javadoc-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 8da2a537026464a73387891f3983170d6049e939815a754e56afd4822208c687 slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 slf4j-jdk14-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm d9f73b25226e215f33eb7cb543ec0a7104fb91911fee655ed0c58ad11f10e7e3 velocity-1.7-24.module+el8.3.0+74+855e3f5d.noarch.rpm ade96d58f90efb5525b69336ef4b52e440d0f45532c0118e21805e9a925351a8 xalan-j2-2.7.1-38.module+el8.3.0+74+855e3f5d.noarch.rpm 10e75783a7ccfc438619489e7884709106c0989b344098087c8c203d1661edd1 xerces-j2-2.11.0-34.module+el8.3.0+74+855e3f5d.noarch.rpm fa10d9d0fc58d7b35ba8f873c84601f9362239a8016987f7965f72d099e8bf78 xml-commons-apis-1.4.01-25.module+el8.3.0+74+855e3f5d.noarch.rpm 275a59ebebead1b5939045d1d662ce6f5b273ce28d6fc7211d9e4e0a468d3630 xml-commons-resolver-1.2-26.module+el8.3.0+74+855e3f5d.noarch.rpm aaa1426f9361c3acd22134b8e459735af876af2716471524233b9ab02e98a522 RLBA-2019:3449 GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-9-dyninst packages to Rocky Enterprise Software Foundation Eneterprise Linux 8. For instructions on usage, see Using GCC Toolset linked from the References section. Components and specifics of this version are documented in the GCC Toolset 9 chapter. For detailed changes in this release, see the Rocky Linux 8.1 Release Notes. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gcc-toolset-9-dyninst. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-9-dyninst packages to Rocky Enterprise Software Foundation Eneterprise Linux 8. For instructions on usage, see Using GCC Toolset linked from the References section. Components and specifics of this version are documented in the GCC Toolset 9 chapter. For detailed changes in this release, see the Rocky Linux 8.1 Release Notes. rocky-linux-8-aarch64-powertools-rpms gcc-toolset-9-dyninst-devel-10.1.0-1.el8.aarch64.rpm ce191ce5e105a9dc6ba0f919f4e34a6a2a4fd872c4499cd99beca03b65180a30 gcc-toolset-9-dyninst-doc-10.1.0-1.el8.aarch64.rpm aaf0e9ef84ac71789aa0b8dfb5bfb712f4a9b4ab4fef4e4cab6e8c44afacd4d2 gcc-toolset-9-dyninst-static-10.1.0-1.el8.aarch64.rpm 864b0fcce1c5d4ac3fbb71ae345e2e51fc67d1786f51998cbe1be30baecdc420 gcc-toolset-9-dyninst-testsuite-10.1.0-1.el8.aarch64.rpm 39ca6894d36b34eac5f291bf34a984c89be38b0cbdf61a0ef054f22f5752a30f RLBA-2019:3462 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libcdio. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libcdio-devel-2.0.0-3.el8.aarch64.rpm 564e95a76c78f88225bd431cb4b8dbe36a060a18f81589ecda633323195bfdbc RLBA-2019:3490 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ldns. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms ldns-devel-1.7.0-21.el8.aarch64.rpm 8dbbc08ded1fcaed06fb469a89eacd62f76b7454ef226f9526d47daaa5330dc3 RLEA-2019:3557 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for cmocka, nss_wrapper, uid_wrapper, socket_wrapper. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libcmocka-1.1.5-1.el8.aarch64.rpm 92cbca5860fc91a59e88658d92996f9394b52398bd76acd65e36cb1bd387bd77 libcmocka-devel-1.1.5-1.el8.aarch64.rpm d7dafcccc8cdeb114eefc277565bc0048883d3896514728368392175c39339b7 socket_wrapper-1.2.3-1.el8.aarch64.rpm fd06ef4a6fe6adedd2c0d1fdf71ff159745b43e256e846368768af6e283e1dec uid_wrapper-1.2.4-4.el8.aarch64.rpm c3e1b6eac7dfbfd6b60f0c47f8be3f00c777d9e519d46dc1524f7eda1d350af8 RLSA-2019:3703 The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix(es): * libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392) * libvorbis: stack buffer overflow in bark_noise_hybridmp function (CVE-2018-10393) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for libvorbis. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix(es): * libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392) * libvorbis: stack buffer overflow in bark_noise_hybridmp function (CVE-2018-10393) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libvorbis-devel-1.3.6-2.el8.aarch64.rpm 45b27f8070d22a81e24a5710eb61b29c0c7abeef076529d2ecaeda1acb566366 libvorbis-devel-docs-1.3.6-2.el8.noarch.rpm 0ec54402929c83ee0af4f575e419e9f859ae3c1f202e05ed60124210e96622b7 RLSA-2019:3708 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.17), galera (25.3.26). (BZ#1701687, BZ#1711265, BZ#1741358) Security Fix(es): * mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627) * mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628) * mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739) * mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740) * mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758) * mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for asio, Judy. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.17), galera (25.3.26). (BZ#1701687, BZ#1711265, BZ#1741358) Security Fix(es): * mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627) * mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628) * mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739) * mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740) * mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758) * mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__mariadb-devel asio-devel-1.10.8-7.module+el8.5.0+777+18007c86.aarch64.rpm cf505dedb0f59a8623402e4faef396217633715710cbe58ef949d1c3b2779a2b RLSA-2020:1577 The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. The following packages have been upgraded to a later upstream version: exiv2 (0.27.2). (BZ#1651917) Security Fix(es): * exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS (CVE-2019-20421) * exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp (CVE-2017-18005) * exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp (CVE-2018-4868) * exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp (CVE-2018-9303) * exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp (CVE-2018-9304) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305) * exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772) * exiv2: information leak via a crafted file (CVE-2018-11037) * exiv2: buffer overflow in samples/geotag.cpp (CVE-2018-14338) * exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp (CVE-2018-17229) * exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp (CVE-2018-17230) * exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282) * exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581) * exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915) * exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107) * exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108) * exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535) * exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607) * exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096) * exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097) * exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098) * exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099) * exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service (CVE-2019-9143) * exiv2: denial of service in PngImage::readMetadata (CVE-2019-13109) * exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service (CVE-2019-13111) * exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service (CVE-2019-13112) * exiv2: invalid data location in CRW image file causing denial of service (CVE-2019-13113) * exiv2: null-pointer dereference in http.c causing denial of service (CVE-2019-13114) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9306) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libgexiv2, gnome-color-manager, gegl, exiv2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. The following packages have been upgraded to a later upstream version: exiv2 (0.27.2). (BZ#1651917) Security Fix(es): * exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS (CVE-2019-20421) * exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp (CVE-2017-18005) * exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp (CVE-2018-4868) * exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp (CVE-2018-9303) * exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp (CVE-2018-9304) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305) * exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772) * exiv2: information leak via a crafted file (CVE-2018-11037) * exiv2: buffer overflow in samples/geotag.cpp (CVE-2018-14338) * exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp (CVE-2018-17229) * exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp (CVE-2018-17230) * exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282) * exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581) * exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915) * exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107) * exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108) * exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535) * exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607) * exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096) * exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097) * exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098) * exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099) * exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service (CVE-2019-9143) * exiv2: denial of service in PngImage::readMetadata (CVE-2019-13109) * exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service (CVE-2019-13111) * exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service (CVE-2019-13112) * exiv2: invalid data location in CRW image file causing denial of service (CVE-2019-13113) * exiv2: null-pointer dereference in http.c causing denial of service (CVE-2019-13114) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9306) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libgexiv2-devel-0.10.8-4.el8.aarch64.rpm 1ed9e22b26142d0dfb723c54115db96a3d20fe0344f299f735f67f6cb65cafd7 RLEA-2020:1607 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for http-parser. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms http-parser-devel-2.8.0-9.el8.aarch64.rpm 310395243967fb34ff1618f9325450b293ef702229992d790b69648754c47778 RLEA-2020:1611 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for xkeyboard-config, libevdev, libxkbcommon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libxkbcommon-x11-devel-0.9.1-1.el8.aarch64.rpm 7620a5fd0b1703d77cd5c443726218caf7c54d774f1c7053aaf90f83bbd04f50 RLSA-2020:1616 Irssi is a modular IRC client with Perl scripting. Security Fix(es): * irssi: use after free when sending SASL login to server (CVE-2019-13045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for irssi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Irssi is a modular IRC client with Perl scripting. Security Fix(es): * irssi: use after free when sending SASL login to server (CVE-2019-13045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms irssi-devel-1.1.1-3.el8.aarch64.rpm 0517be3e3827c8c69c705d0a59041666de8bc9ce5e156808acf474f7ae880b1e RLBA-2020:1622 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for python-greenlet. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms python3-greenlet-devel-0.4.13-4.el8.aarch64.rpm 655d1e8316c6de9f5e8f8c0d9dc00cf09cf905c0a16c00d077ce7891c0cbfe10 RLSA-2020:1631 The GStreamer library provides a streaming media framework based on graphs of media data filters. The libmad package is an MPEG audio decoder capable of 24-bit output. Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Security Fix(es): * libmad: Double-free in the mad_decoder_run() function (CVE-2018-7263) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for libmad, gstreamer1-plugins-ugly-free, gstreamer1-plugins-bad-free, SDL2, orc, gstreamer1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The GStreamer library provides a streaming media framework based on graphs of media data filters. The libmad package is an MPEG audio decoder capable of 24-bit output. Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Security Fix(es): * libmad: Double-free in the mad_decoder_run() function (CVE-2018-7263) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms gstreamer1-plugins-bad-free-devel-1.16.1-1.el8.aarch64.rpm 0d830525b1eb12640fa39d43fab21ab1175dd3c50c2c20acf2b788fbe19d9763 libmad-devel-0.15.1b-25.el8.aarch64.rpm db9a0f107a6ddfd5ccfcd8abcfcf15baa139948521060956e3f77afd1f5d20e1 SDL2-2.0.10-2.el8.aarch64.rpm 404e875dd408a78e46de20ef1169db6fd90c0916e5ecbdfc569d1dc550b5ad02 SDL2-devel-2.0.10-2.el8.aarch64.rpm 7d8c0e9098d177cfed198c506bec92fc4da9b170ef62196ce95d704841da612f SDL2-static-2.0.10-2.el8.aarch64.rpm e83d1792909781afde7c1848a0142c03c4ccd3fe169778c9563fc6b255957d58 RLBA-2020:1633 For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libepoxy, wayland, libxcb, mesa-libGLw, wayland-protocols, libXpm, xorg-x11-drv-libinput, pixman, xorg-x11-drv-wacom. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms xorg-x11-drv-libinput-devel-0.29.0-1.el8.aarch64.rpm 2134a6b8972c02cc14535af8814b609c3318e1e42a3a30674c456d24bc5ae951 xorg-x11-drv-wacom-devel-0.38.0-1.el8.aarch64.rpm dfdb8fd54b56c3d5bce942fc342929d6f9923235de25102cba2159f073b89a04 RLSA-2020:1644 The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig (CVE-2019-14540) * jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource (CVE-2019-16335) * jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* (CVE-2019-16942) * jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource (CVE-2019-16943) * jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* (CVE-2019-17531) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for jackson-core, glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, xmlstreambuffer, jackson-annotations, jackson-databind, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, jackson-jaxrs-providers, stax-ex, xerces-j2, jakarta-commons-httpclient, glassfish-jaxb, xml-commons-resolver, relaxngDatatype. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig (CVE-2019-14540) * jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource (CVE-2019-16335) * jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* (CVE-2019-16942) * jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource (CVE-2019-16943) * jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* (CVE-2019-17531) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__javapackages-tools apache-commons-collections-3.2.2-10.module+el8.3.0+74+855e3f5d.noarch.rpm 1962d12108c85c26d6c44584c3414afa93177a62fe5fe31b9cb6fff51cd75cb9 apache-commons-lang-2.6-21.module+el8.3.0+74+855e3f5d.noarch.rpm 2cd3cc1c2c68b00eaf7073efe0e649c14d4cbeee76322fca4dbfe239a65e1d29 jakarta-commons-httpclient-3.1-28.module+el8.3.0+74+855e3f5d.noarch.rpm f71217b74ea2188f28ebd2b0d2f6677a94709d3e2ebbf4d02b333905d6c15b1e javassist-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 825f8edc1944e27c4611567fcb91aca046ba7994e92c1c9c215d2d83124920e0 javassist-javadoc-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 8da2a537026464a73387891f3983170d6049e939815a754e56afd4822208c687 slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 slf4j-jdk14-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm d9f73b25226e215f33eb7cb543ec0a7104fb91911fee655ed0c58ad11f10e7e3 velocity-1.7-24.module+el8.3.0+74+855e3f5d.noarch.rpm ade96d58f90efb5525b69336ef4b52e440d0f45532c0118e21805e9a925351a8 xalan-j2-2.7.1-38.module+el8.3.0+74+855e3f5d.noarch.rpm 10e75783a7ccfc438619489e7884709106c0989b344098087c8c203d1661edd1 xerces-j2-2.11.0-34.module+el8.3.0+74+855e3f5d.noarch.rpm fa10d9d0fc58d7b35ba8f873c84601f9362239a8016987f7965f72d099e8bf78 xml-commons-apis-1.4.01-25.module+el8.3.0+74+855e3f5d.noarch.rpm 275a59ebebead1b5939045d1d662ce6f5b273ce28d6fc7211d9e4e0a468d3630 xml-commons-resolver-1.2-26.module+el8.3.0+74+855e3f5d.noarch.rpm aaa1426f9361c3acd22134b8e459735af876af2716471524233b9ab02e98a522 RLSA-2020:1686 The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es): * libmspack: buffer overflow in function chmd_read_headers() (CVE-2019-1010305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for libmspack. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es): * libmspack: buffer overflow in function chmd_read_headers() (CVE-2019-1010305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libmspack-devel-0.7-0.3.alpha.el8.4.aarch64.rpm 24c40ae57e3c09c3b8c49f8b71d6041d22dc39f181d5c3f73c94992c1f4a2a8b RLEA-2020:1694 This enhancement update adds the python38:3.8 module to Rocky Linux 8. (BZ#1747329) For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for python-more-itertools, pytest, python-psycopg2, python-urllib3, python-attrs, python-jinja2, python-requests, python-atomicwrites, mod_wsgi, python-asn1crypto, python-py, python-chardet, python-markupsafe, python-pluggy, Cython, python-psutil, python-wcwidth, babel, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python3x-setuptools, python-cffi, pytz, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

This enhancement update adds the python38:3.8 module to Rocky Linux 8. (BZ#1747329) For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__python38-devel python38-atomicwrites-1.3.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm 4577930f8643eab6d5dd7d0f768cde32fcd2c7a4384f0b1cf913f2cca6713313 python38-attrs-19.3.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 1045c38f448778b2e636bd48607abc9b8cb9d767fb254f02d8fc4446de2dcdb6 python38-more-itertools-7.2.0-5.module+el8.4.0+570+c2eaf144.noarch.rpm a835104b763c20cf7aa64b8508e9c0b5cf39fa6a150327a3203fdb0a8755bdef python38-packaging-19.2-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0edfb62f3f6eaa6d37cf69560eb66c4e7321fbe4d5b1a5a2cf836aa1195311be python38-pluggy-0.13.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 60dfc6122c9fd333025780bd3d6277083526e0932eb444ce6713be3f54a743d8 python38-py-1.8.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm c2a1b7e33d1d1cd09325d09c9297065b85587adeaac0d805927036daae1681f1 python38-pyparsing-2.4.5-3.module+el8.4.0+570+c2eaf144.noarch.rpm 9764b2d4672b7d858a173b448213904a8eb16937add8a417987a31c3857ae7f4 python38-pytest-4.6.6-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0369a5e14d4cbfd676ebd6157f0b988a1b9e2480e9fae9c00291b7c1d73abe86 python38-wcwidth-0.1.7-16.module+el8.4.0+570+c2eaf144.noarch.rpm b9652f15c965a3ec2e00be8240a592c91cdeb727b316863a34944a4de723859d RLBA-2020:1723 For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for uom-parent, parfait, uom-systems, uom-se, si-units, uom-lib, unit-api, log4j12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__javapackages-tools log4j12-1.2.17-22.module+el8.3.0+74+855e3f5d.noarch.rpm 9961be644ddb26496002a814c140467e745ae1f78f8d2c45821b6ed204c8d895 log4j12-javadoc-1.2.17-22.module+el8.3.0+74+855e3f5d.noarch.rpm 741bc047281e2b80e32525a1edead2b0bdf377079a04e68d11e69259af00e18e RLBA-2020:1743 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for librevenge. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms librevenge-devel-0.0.4-12.el8.aarch64.rpm a9a13d6de5e0213fe4ac2fdb800da153c1cec091b804d67a13b4f900f6abdc56 RLSA-2021:4235 JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es): * jasper: Heap-based buffer overflow in cp_create() in jpc_enc.c (CVE-2020-27828) * jasper: Heap-based buffer over-read in jp2_decode() in jp2_dec.c (CVE-2021-3272) * jasper: Out of bounds read in jp2_decode() in jp2_dec.c (CVE-2021-26926) * jasper: NULL pointer dereference in jp2_decode() in jp2_dec.c (CVE-2021-26927) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for jasper. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es): * jasper: Heap-based buffer overflow in cp_create() in jpc_enc.c (CVE-2020-27828) * jasper: Heap-based buffer over-read in jp2_decode() in jp2_dec.c (CVE-2021-3272) * jasper: Out of bounds read in jp2_decode() in jp2_dec.c (CVE-2021-26926) * jasper: NULL pointer dereference in jp2_decode() in jp2_dec.c (CVE-2021-26927) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms jasper-devel-2.0.14-5.el8.aarch64.rpm 42b6247aa324c1d0971be0f6d0f6a0104c9ea6b2f3c5955d9478bdf11da62c12 RLEA-2021:4239 For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for jackson-core, ldapjdk, glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, apache-commons-net, xmlstreambuffer, jackson-annotations, jackson-databind, pki-servlet-engine, pki-core, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, tomcatjss, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, jackson-jaxrs-providers, stax-ex, xerces-j2, jss, jakarta-commons-httpclient, glassfish-jaxb, xml-commons-resolver, relaxngDatatype. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__javapackages-tools apache-commons-collections-3.2.2-10.module+el8.3.0+74+855e3f5d.noarch.rpm 1962d12108c85c26d6c44584c3414afa93177a62fe5fe31b9cb6fff51cd75cb9 apache-commons-lang-2.6-21.module+el8.3.0+74+855e3f5d.noarch.rpm 2cd3cc1c2c68b00eaf7073efe0e649c14d4cbeee76322fca4dbfe239a65e1d29 apache-commons-net-3.6-3.module+el8.3.0+74+855e3f5d.noarch.rpm 0fd615658b7f48a1545a730d3142ba3c125727c552f69733e20d0c75633e7743 jakarta-commons-httpclient-3.1-28.module+el8.3.0+74+855e3f5d.noarch.rpm f71217b74ea2188f28ebd2b0d2f6677a94709d3e2ebbf4d02b333905d6c15b1e javassist-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 825f8edc1944e27c4611567fcb91aca046ba7994e92c1c9c215d2d83124920e0 javassist-javadoc-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 8da2a537026464a73387891f3983170d6049e939815a754e56afd4822208c687 slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 slf4j-jdk14-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm d9f73b25226e215f33eb7cb543ec0a7104fb91911fee655ed0c58ad11f10e7e3 velocity-1.7-24.module+el8.3.0+74+855e3f5d.noarch.rpm ade96d58f90efb5525b69336ef4b52e440d0f45532c0118e21805e9a925351a8 xalan-j2-2.7.1-38.module+el8.3.0+74+855e3f5d.noarch.rpm 10e75783a7ccfc438619489e7884709106c0989b344098087c8c203d1661edd1 xerces-j2-2.11.0-34.module+el8.3.0+74+855e3f5d.noarch.rpm fa10d9d0fc58d7b35ba8f873c84601f9362239a8016987f7965f72d099e8bf78 xml-commons-apis-1.4.01-25.module+el8.3.0+74+855e3f5d.noarch.rpm 275a59ebebead1b5939045d1d662ce6f5b273ce28d6fc7211d9e4e0a468d3630 xml-commons-resolver-1.2-26.module+el8.3.0+74+855e3f5d.noarch.rpm aaa1426f9361c3acd22134b8e459735af876af2716471524233b9ab02e98a522 RLSA-2021:4256 Graphviz is open-source graph-visualization software. Graph visualization is a way of representing structural information as diagrams of abstract graphs and networks. It has important applications in networking, bioinformatics, software engineering, database and web design, machine learning, and in visual interfaces for other technical domains. Security Fix(es): * graphviz: off-by-one in parse_reclbl() in lib/common/shapes.c (CVE-2020-18032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for graphviz. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Graphviz is open-source graph-visualization software. Graph visualization is a way of representing structural information as diagrams of abstract graphs and networks. It has important applications in networking, bioinformatics, software engineering, database and web design, machine learning, and in visual interfaces for other technical domains. Security Fix(es): * graphviz: off-by-one in parse_reclbl() in lib/common/shapes.c (CVE-2020-18032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms graphviz-devel-2.40.1-43.el8.aarch64.rpm e8f9a469eb575b82b50f2892e2fc637ef3d935dfbc3df6b013ef462505cf9fcc graphviz-doc-2.40.1-43.el8.aarch64.rpm 6b420964f1d54eaf941baf5d431515c9b1a7e591e5d2874212040ec9a6f235e6 graphviz-gd-2.40.1-43.el8.aarch64.rpm a3ecff72598ecb0af52654fd58167f3cf1abdf4f661f446e2d51eccab5b90a33 graphviz-python3-2.40.1-43.el8.aarch64.rpm 88b448ea959cc1d9e7f45bd2d91451941e223f4717d0766c72195267249c57aa RLSA-2020:4629 The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix(es): * libvpx: Double free in ParseContentEncodingEntry() in mkvparser.cc (CVE-2019-2126) * libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232) * libvpx: Resource exhaustion after memory leak in mkvparser.cc (CVE-2019-9371) * libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libvpx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix(es): * libvpx: Double free in ParseContentEncodingEntry() in mkvparser.cc (CVE-2019-2126) * libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232) * libvpx: Resource exhaustion after memory leak in mkvparser.cc (CVE-2019-9371) * libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libvpx-devel-1.7.0-8.el8.aarch64.rpm 970df117e089f32b13f6c5f92f7b160bb2664281a4b0bc0dfa72f0a7b16e9fdb RLBA-2020:4658 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for munge. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms munge-devel-0.5.13-2.el8.aarch64.rpm af41ee20f24b596b9ead774d629c99fd79b08931bda36d156a13918daca2ff82 RLBA-2020:4678 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for tog-pegasus. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms tog-pegasus-devel-2.14.1-46.el8.aarch64.rpm 5436c3477f75e5c2b314175911b77747f6672bd74c014981f34eb47e44c3b4e6 RLEA-2020:4700 For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for drpm. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms drpm-devel-0.4.1-3.el8.aarch64.rpm 670afe0006731a1965d56df01104a6b4fea219a714470e02b56d0b8d150de0f0 RLSA-2020:4847 The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * bootstrap: XSS in the data-target attribute (CVE-2016-10735) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * pki: Dogtag's python client does not validate certificates (CVE-2020-15720) * pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146) * pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179) * pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221) * pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for jackson-core, ldapjdk, glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, apache-commons-net, xmlstreambuffer, jackson-annotations, jackson-databind, pki-servlet-engine, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, jackson-jaxrs-providers, stax-ex, xerces-j2, jakarta-commons-httpclient, glassfish-jaxb, xml-commons-resolver, relaxngDatatype. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * bootstrap: XSS in the data-target attribute (CVE-2016-10735) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * pki: Dogtag's python client does not validate certificates (CVE-2020-15720) * pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146) * pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179) * pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221) * pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__javapackages-tools apache-commons-collections-3.2.2-10.module+el8.3.0+74+855e3f5d.noarch.rpm 1962d12108c85c26d6c44584c3414afa93177a62fe5fe31b9cb6fff51cd75cb9 apache-commons-lang-2.6-21.module+el8.3.0+74+855e3f5d.noarch.rpm 2cd3cc1c2c68b00eaf7073efe0e649c14d4cbeee76322fca4dbfe239a65e1d29 apache-commons-net-3.6-3.module+el8.3.0+74+855e3f5d.noarch.rpm 0fd615658b7f48a1545a730d3142ba3c125727c552f69733e20d0c75633e7743 jakarta-commons-httpclient-3.1-28.module+el8.3.0+74+855e3f5d.noarch.rpm f71217b74ea2188f28ebd2b0d2f6677a94709d3e2ebbf4d02b333905d6c15b1e javassist-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 825f8edc1944e27c4611567fcb91aca046ba7994e92c1c9c215d2d83124920e0 javassist-javadoc-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 8da2a537026464a73387891f3983170d6049e939815a754e56afd4822208c687 slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 slf4j-jdk14-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm d9f73b25226e215f33eb7cb543ec0a7104fb91911fee655ed0c58ad11f10e7e3 velocity-1.7-24.module+el8.3.0+74+855e3f5d.noarch.rpm ade96d58f90efb5525b69336ef4b52e440d0f45532c0118e21805e9a925351a8 xalan-j2-2.7.1-38.module+el8.3.0+74+855e3f5d.noarch.rpm 10e75783a7ccfc438619489e7884709106c0989b344098087c8c203d1661edd1 xerces-j2-2.11.0-34.module+el8.3.0+74+855e3f5d.noarch.rpm fa10d9d0fc58d7b35ba8f873c84601f9362239a8016987f7965f72d099e8bf78 xml-commons-apis-1.4.01-25.module+el8.3.0+74+855e3f5d.noarch.rpm 275a59ebebead1b5939045d1d662ce6f5b273ce28d6fc7211d9e4e0a468d3630 xml-commons-resolver-1.2-26.module+el8.3.0+74+855e3f5d.noarch.rpm aaa1426f9361c3acd22134b8e459735af876af2716471524233b9ab02e98a522 RLEA-2020:4742 For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libXft, xorg-x11-xkb-utils, xorg-x11-xtrans-devel, xorg-x11-drv-intel, libvdpau, libxkbfile, libXxf86dga, libXau, libXrandr, xorg-x11-proto-devel, xorg-x11-util-macros, libXext, libXi, libXdmcp, libXmu, libXvMC, mesa-demos, xorg-x11-drv-ati. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libvdpau-devel-1.4-2.el8.aarch64.rpm 6d15badc349ea2ebfa002851e677d222480af05439f9e025a8792a2a429ea134 libXdmcp-devel-1.1.3-1.el8.aarch64.rpm 706cfcd9ae3a844e230107446d69da31103f8a39828d7861b1ae98ab5057df7a libxkbfile-devel-1.1.0-1.el8.aarch64.rpm 241c4553b7eff5d8861ece65637674b0f4365d84eddf5c7bca5e41a7762fbde1 libXvMC-devel-1.0.12-1.el8.aarch64.rpm f8bfe60eb3c2ba2563a36a17198cd8132c4fbf8690530bb747b2a7ae1eac3801 xorg-x11-util-macros-1.19.2-1.el8.noarch.rpm cc9c2966178ea156cd7345951bc4620e234bc546bddaedbb6ffdc59aa502aa64 xorg-x11-xkb-utils-devel-7.7-28.el8.aarch64.rpm 20f22666886d9014ca0a05d1b14379a8f1c7188ac07fcca929057c133ef49a42 RLBA-2020:4773 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libgit2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libgit2-devel-0.26.8-2.el8.aarch64.rpm 268ae57f0529f7bcd507a675e0688f1f4df8ba1f30ee441d3184c223c3236754 RLSA-2020:4827 Oniguruma is a regular expressions library that supports a variety of character encodings. Security Fix(es): * oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for oniguruma. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Oniguruma is a regular expressions library that supports a variety of character encodings. Security Fix(es): * oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms oniguruma-devel-6.8.2-2.el8.aarch64.rpm 81f179af8b164e5e629f678746f876c1d4e3020c3da2b8ee0759b1df159824e7 RLBA-2020:4832 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for torque. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms torque-4.2.10-25.el8.aarch64.rpm 6d3c084a7d443f19fe243c8f29614497bfd5b5095c40726b13f0c7654de0547f torque-devel-4.2.10-25.el8.aarch64.rpm fa38f4d2ce5272566d9c72004cd0af46b3fe59db4d7eccb59d2601fab8df1534 RLBA-2020:4834 GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-10-systemtap packages to Rocky Enterprise Software Foundation Eneterprise Linux 8. For instructions on usage, see Using GCC Toolset linked from the References section. Components and specifics of this version are documented in the GCC Toolset 10 chapter. For detailed changes in this release, see the Rocky Linux 8.3 Release Notes. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gcc-toolset-9-gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-10-systemtap packages to Rocky Enterprise Software Foundation Eneterprise Linux 8. For instructions on usage, see Using GCC Toolset linked from the References section. Components and specifics of this version are documented in the GCC Toolset 10 chapter. For detailed changes in this release, see the Rocky Linux 8.3 Release Notes. rocky-linux-8-aarch64-powertools-rpms gcc-toolset-9-gcc-plugin-devel-9.2.1-2.3.el8.aarch64.rpm 5fa7d0188c7a18facadf318e3ad521a7881a4aca6ee7e9990a19bbfba41b121a RLSA-2020:5393 The libexif packages provide a library for extracting extra information from image files. Security Fix(es): * libexif: out of bounds write due to an integer overflow in exif-entry.c (CVE-2020-0452) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for libexif. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libexif packages provide a library for extracting extra information from image files. Security Fix(es): * libexif: out of bounds write due to an integer overflow in exif-entry.c (CVE-2020-0452) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms libexif-devel-0.6.22-5.el8_3.aarch64.rpm e7ba6cee81a8b9768a63dc4a5e87da987a776eed65d80c0f5499fe2ac0e39f1e RLSA-2021:1242 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.28), galera (25.3.32). Security Fix(es): * mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user (CVE-2021-27928) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for Judy, asio, mariadb, galera. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.28), galera (25.3.32). Security Fix(es): * mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user (CVE-2021-27928) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms__mariadb-devel asio-devel-1.10.8-7.module+el8.5.0+777+18007c86.aarch64.rpm cf505dedb0f59a8623402e4faef396217633715710cbe58ef949d1c3b2779a2b RLBA-2021:1765 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for brltty. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms brlapi-devel-0.6.7-32.el8.aarch64.rpm a6d62ffb9e55959c97698b4e4d7def2bef8e52a3a0033f2d797a39281a1369cf RLSA-2021:1775 The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for jackson-core, ldapjdk, glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, apache-commons-net, xmlstreambuffer, jackson-annotations, jackson-databind, pki-servlet-engine, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, tomcatjss, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, jackson-jaxrs-providers, stax-ex, xerces-j2, jss, jakarta-commons-httpclient, glassfish-jaxb, xml-commons-resolver, relaxngDatatype. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__javapackages-tools apache-commons-collections-3.2.2-10.module+el8.3.0+74+855e3f5d.noarch.rpm 1962d12108c85c26d6c44584c3414afa93177a62fe5fe31b9cb6fff51cd75cb9 apache-commons-lang-2.6-21.module+el8.3.0+74+855e3f5d.noarch.rpm 2cd3cc1c2c68b00eaf7073efe0e649c14d4cbeee76322fca4dbfe239a65e1d29 apache-commons-net-3.6-3.module+el8.3.0+74+855e3f5d.noarch.rpm 0fd615658b7f48a1545a730d3142ba3c125727c552f69733e20d0c75633e7743 jakarta-commons-httpclient-3.1-28.module+el8.3.0+74+855e3f5d.noarch.rpm f71217b74ea2188f28ebd2b0d2f6677a94709d3e2ebbf4d02b333905d6c15b1e javassist-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 825f8edc1944e27c4611567fcb91aca046ba7994e92c1c9c215d2d83124920e0 javassist-javadoc-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 8da2a537026464a73387891f3983170d6049e939815a754e56afd4822208c687 slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 slf4j-jdk14-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm d9f73b25226e215f33eb7cb543ec0a7104fb91911fee655ed0c58ad11f10e7e3 velocity-1.7-24.module+el8.3.0+74+855e3f5d.noarch.rpm ade96d58f90efb5525b69336ef4b52e440d0f45532c0118e21805e9a925351a8 xalan-j2-2.7.1-38.module+el8.3.0+74+855e3f5d.noarch.rpm 10e75783a7ccfc438619489e7884709106c0989b344098087c8c203d1661edd1 xerces-j2-2.11.0-34.module+el8.3.0+74+855e3f5d.noarch.rpm fa10d9d0fc58d7b35ba8f873c84601f9362239a8016987f7965f72d099e8bf78 xml-commons-apis-1.4.01-25.module+el8.3.0+74+855e3f5d.noarch.rpm 275a59ebebead1b5939045d1d662ce6f5b273ce28d6fc7211d9e4e0a468d3630 xml-commons-resolver-1.2-26.module+el8.3.0+74+855e3f5d.noarch.rpm aaa1426f9361c3acd22134b8e459735af876af2716471524233b9ab02e98a522 RLSA-2021:1789 GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. The following packages have been upgraded to a later upstream version: gssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928) Security Fix(es): * hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for gssdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. The following packages have been upgraded to a later upstream version: gssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928) Security Fix(es): * hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms gssdp-devel-1.0.5-1.el8.aarch64.rpm 1745159b79ada50f976c3adbbad26006067698a81bd9ee6ceb4b75a49c4751b6 gssdp-docs-1.0.5-1.el8.noarch.rpm bdafd56ed53b0ceea90602bba9e077c3c9ee44a7278f44e90814d74c8ca6ad8e RLBA-2021:1802 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gnome-bluetooth. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms gnome-bluetooth-libs-devel-3.34.3-1.el8.aarch64.rpm a7d6bfc6ce91eef7e95543f247950c9ff828683780988bf52f3213e5eaab0fc7 RLSA-2021:1811 LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix(es): * libvncserver: uninitialized memory contents are vulnerable to Information Leak (CVE-2018-21247) * libvncserver: buffer overflow in ConnectClientToUnixSock() (CVE-2019-20839) * libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference (CVE-2020-14397) * libvncserver: libvncclient/rfbproto.c does not limit TextChat size (CVE-2020-14405) * libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS (CVE-2020-25708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libvncserver. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix(es): * libvncserver: uninitialized memory contents are vulnerable to Information Leak (CVE-2018-21247) * libvncserver: buffer overflow in ConnectClientToUnixSock() (CVE-2019-20839) * libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference (CVE-2020-14397) * libvncserver: libvncclient/rfbproto.c does not limit TextChat size (CVE-2020-14405) * libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS (CVE-2020-25708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libvncserver-devel-0.9.11-17.el8.aarch64.rpm 84fefcd7b8af33b230572ed8144ef2222b605901f6aa1e80384c4f78668e7823 RLBA-2021:1848 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dconf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms dconf-devel-0.28.0-4.el8.aarch64.rpm 34c1abe1e86ecd00e0c563624a4e384b152497147d9e3fb0efa4d9be7c1d4a8d RLBA-2021:1858 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sendmail. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms sendmail-milter-devel-8.15.2-34.el8.aarch64.rpm 88b70c902ff88b631a2e9cc09e508bed32356952f8104b5d3bc7de8894493ef6 RLBA-2021:1902 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for uuid. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms uuid-devel-1.6.2-43.el8.aarch64.rpm 5ae0a87cf13d0715fc43f8d7fa9021fab858b0e3d2238b8e3df9d27e63226882 RLBA-2021:1903 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for pulseaudio, twolame. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms twolame-devel-0.3.13-12.el8.aarch64.rpm 053bbd7eb4b205a87ea99005bcf183deb6b5528c3dade77219329e87b56a37b3 RLBA-2021:1912 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ilmbase. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms ilmbase-devel-2.2.0-13.el8.aarch64.rpm d542958699aa081830c29779d3202c2d97616a9d3d852a4bf37f3f48511d4700 RLBA-2021:1914 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libsmi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libsmi-devel-0.4.8-23.el8.aarch64.rpm 6610118fc229d6f337a12fffd846b4dbab0c8a229d821b25b933b36286794b5e RLEA-2021:1919 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. This enhancement update adds the python39:3.9 module to Rocky Linux 8. (BZ#1877430) For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-toml, python-urllib3, PyYAML, python-attrs, python-iniconfig, python-requests, mod_wsgi, python3x-pip, python-py, python-chardet, python-pluggy, Cython, python-psutil, python-wcwidth, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python39, python-cffi, python3x-setuptools, pybind11, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. This enhancement update adds the python39:3.9 module to Rocky Linux 8. (BZ#1877430) For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__python39-devel python39-attrs-20.3.0-2.module+el8.4.0+574+843c4898.noarch.rpm fbb8f663205787752f8a7c5a1a7dc1497d9de97321946c2f1f959b9a83e701ba python39-Cython-0.29.21-5.module+el8.4.0+574+843c4898.aarch64.rpm 637ec2d61a3f84c6a3c79abe7c5ffd13fd5b02ba0acb854b25fecd6e8edf0282 python39-iniconfig-1.1.1-2.module+el8.4.0+574+843c4898.noarch.rpm 585177d17ab59aafa2b84d8543a424a37d750a1b7d77b13d3528fba480b8178f python39-more-itertools-8.5.0-2.module+el8.4.0+574+843c4898.noarch.rpm 783f58ba2a8c29a6be5ff43e198e37fd6a63251db3b3f2bee347fab0fb814ed0 python39-packaging-20.4-4.module+el8.4.0+574+843c4898.noarch.rpm 26959ff9006b14a57368c87762d0330e3fbfea6f3e3a635a8b19b3cf935a4e20 python39-pluggy-0.13.1-3.module+el8.4.0+574+843c4898.noarch.rpm 2f8e19389c1dae284619279fe0e20688debb67181df429c7d1ca16ba88747fda python39-py-1.10.0-1.module+el8.4.0+574+843c4898.noarch.rpm 47b83d280a2e2d2082f269fe5971adb5e2baa0d5e53e67492a3471a844b8691f python39-pyparsing-2.4.7-5.module+el8.4.0+574+843c4898.noarch.rpm c30232fe2b752fc55b6f9baab39b970d7b5b95cb01abe8cf91ccea9bc0846dd0 python39-pytest-6.0.2-2.module+el8.4.0+574+843c4898.noarch.rpm c2f636f758cd74bc1b9a16e1f42561af64af41cbfc5e7179fd204565ad051cf6 python39-wcwidth-0.2.5-3.module+el8.4.0+574+843c4898.noarch.rpm be221a900dcb8cf7ac2f7e5660522a057fd7c0b08503b9b4ed19d9564716c881 RLSA-2021:1924 The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Security Fix(es): * spice: Client initiated renegotiation denial of service (CVE-2021-20201) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for spice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Security Fix(es): * spice: Client initiated renegotiation denial of service (CVE-2021-20201) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms spice-server-devel-0.14.3-4.el8.aarch64.rpm 447055e1b7d90779f6ae72d39329caa23940f61c06716d8b5371909ecf471bda RLBA-2021:1942 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ibus-typing-booster. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms ibus-typing-booster-tests-2.1.0-5.el8.noarch.rpm 1ac4fe22dcf12bb14596745aaa355c043f2379e91c39347ff3c3833255db8179 RLBA-2021:1948 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ibus-table. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms ibus-table-devel-1.9.18-6.el8.noarch.rpm 5bc682aa187f8b6b8ce9d2bf0585b94cd324c8b97f3eb6aba7e125d09a0faafc ibus-table-tests-1.9.18-6.el8.noarch.rpm fc1d94b9f987c33e6ed095f0ccbc31b564362a7f806f479c1f2b559afa53cbad RLSA-2021:2363 GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. Security Fix(es): * gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services (CVE-2021-33516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for gupnp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. Security Fix(es): * gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services (CVE-2021-33516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms gupnp-devel-1.0.6-2.el8_4.aarch64.rpm bccfbbf9c0b00cc129fedbdea11a20f75f3327a21e96aa78a9f8efe12f8e114d RLSA-2021:2583 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * PyYAML: incomplete fix for CVE-2020-1747 (CVE-2020-14343) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-urllib3, PyYAML, python-attrs, python-jinja2, python-requests, python-atomicwrites, mod_wsgi, python3x-pip, python38, python-asn1crypto, python-chardet, python-markupsafe, python-pluggy, python-py, Cython, python-psutil, python-wcwidth, babel, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python3x-setuptools, python-cffi, pytz, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * PyYAML: incomplete fix for CVE-2020-1747 (CVE-2020-14343) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms__python38-devel python38-atomicwrites-1.3.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm 4577930f8643eab6d5dd7d0f768cde32fcd2c7a4384f0b1cf913f2cca6713313 python38-attrs-19.3.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 1045c38f448778b2e636bd48607abc9b8cb9d767fb254f02d8fc4446de2dcdb6 python38-more-itertools-7.2.0-5.module+el8.4.0+570+c2eaf144.noarch.rpm a835104b763c20cf7aa64b8508e9c0b5cf39fa6a150327a3203fdb0a8755bdef python38-packaging-19.2-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0edfb62f3f6eaa6d37cf69560eb66c4e7321fbe4d5b1a5a2cf836aa1195311be python38-pluggy-0.13.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 60dfc6122c9fd333025780bd3d6277083526e0932eb444ce6713be3f54a743d8 python38-py-1.8.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm c2a1b7e33d1d1cd09325d09c9297065b85587adeaac0d805927036daae1681f1 python38-pyparsing-2.4.5-3.module+el8.4.0+570+c2eaf144.noarch.rpm 9764b2d4672b7d858a173b448213904a8eb16937add8a417987a31c3857ae7f4 python38-pytest-4.6.6-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0369a5e14d4cbfd676ebd6157f0b988a1b9e2480e9fae9c00291b7c1d73abe86 python38-wcwidth-0.1.7-16.module+el8.4.0+570+c2eaf144.noarch.rpm b9652f15c965a3ec2e00be8240a592c91cdeb727b316863a34944a4de723859d RLSA-2021:3075 libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fix(es): * libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes (CVE-2021-22918) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for libuv. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fix(es): * libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes (CVE-2021-22918) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms libuv-devel-1.41.1-1.el8_4.aarch64.rpm 6bbf153e378f816dd56229036eab5bb49495c64ba254b5fdef7f41dd35ed8cdf RLSA-2021:4160 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Information disclosure via pydoc (CVE-2021-3426) * python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733) * python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957) * python-ipaddress: Improper input validation of octal strings (CVE-2021-29921) * python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503) * python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572) * python: urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-toml, python-urllib3, PyYAML, python-attrs, python-iniconfig, python-requests, mod_wsgi, python3x-pip, python-py, python-chardet, python-pluggy, Cython, python-psutil, python-wcwidth, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python39, python-cffi, python3x-setuptools, pybind11, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Information disclosure via pydoc (CVE-2021-3426) * python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733) * python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957) * python-ipaddress: Improper input validation of octal strings (CVE-2021-29921) * python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503) * python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572) * python: urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__python39-devel python39-attrs-20.3.0-2.module+el8.4.0+574+843c4898.noarch.rpm fbb8f663205787752f8a7c5a1a7dc1497d9de97321946c2f1f959b9a83e701ba python39-Cython-0.29.21-5.module+el8.4.0+574+843c4898.aarch64.rpm 637ec2d61a3f84c6a3c79abe7c5ffd13fd5b02ba0acb854b25fecd6e8edf0282 python39-iniconfig-1.1.1-2.module+el8.4.0+574+843c4898.noarch.rpm 585177d17ab59aafa2b84d8543a424a37d750a1b7d77b13d3528fba480b8178f python39-more-itertools-8.5.0-2.module+el8.4.0+574+843c4898.noarch.rpm 783f58ba2a8c29a6be5ff43e198e37fd6a63251db3b3f2bee347fab0fb814ed0 python39-packaging-20.4-4.module+el8.4.0+574+843c4898.noarch.rpm 26959ff9006b14a57368c87762d0330e3fbfea6f3e3a635a8b19b3cf935a4e20 python39-pluggy-0.13.1-3.module+el8.4.0+574+843c4898.noarch.rpm 2f8e19389c1dae284619279fe0e20688debb67181df429c7d1ca16ba88747fda python39-py-1.10.0-1.module+el8.4.0+574+843c4898.noarch.rpm 47b83d280a2e2d2082f269fe5971adb5e2baa0d5e53e67492a3471a844b8691f python39-pyparsing-2.4.7-5.module+el8.4.0+574+843c4898.noarch.rpm c30232fe2b752fc55b6f9baab39b970d7b5b95cb01abe8cf91ccea9bc0846dd0 python39-pytest-6.0.2-2.module+el8.4.0+574+843c4898.noarch.rpm c2f636f758cd74bc1b9a16e1f42561af64af41cbfc5e7179fd204565ad051cf6 python39-wcwidth-0.2.5-3.module+el8.4.0+574+843c4898.noarch.rpm be221a900dcb8cf7ac2f7e5660522a057fd7c0b08503b9b4ed19d9564716c881 RLBA-2021:4180 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for evolution, evolution-ews, evolution-mapi, evolution-data-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms evolution-devel-3.28.5-18.el8.aarch64.rpm 160a173056e2d96fa0352390a61ca83d3aaff33bea3bd48591db64fc6798cd03 RLBA-2021:4219 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libevdev, libinput. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libevdev-devel-1.10.0-1.el8.aarch64.rpm a7ff1a93aa3e55bdb6c611d7a339c89b0d47d60d631daf43b011750b436c35ee RLBA-2021:4224 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libwacom. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libwacom-devel-1.6-3.el8.aarch64.rpm 00599d4e15c2e5f8990a4c342276af3c5d9fe57ab0f06bbfec8dcb6ecd242f42 RLBA-2021:4285 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libvoikko. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libvoikko-devel-4.1.1-3.el8.aarch64.rpm 1c026b74e3c4a16b888eff60c715c8a8c6d68c2ea034ebe728c3f55b89b5fecf RLSA-2021:4288 The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es): * libjpeg-turbo: Stack-based buffer overflow in the "transform" component (CVE-2020-17541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libjpeg-turbo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es): * libjpeg-turbo: Stack-based buffer overflow in the "transform" component (CVE-2020-17541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms turbojpeg-devel-1.5.3-12.el8.aarch64.rpm 5610aaabea7aa735fe03c5d92682eb19fdca152b5531935f1bbd675b7f82a803 RLEA-2021:4289 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sblim-gather. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms sblim-gather-provider-2.2.9-24.el8.aarch64.rpm 50d0397b99581cfa39cda47bf7ff23d05049a2216cd607ae3b3a6ad419a56f8e RLSA-2021:4316 The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: infinite loop via the return value of zzip_file_read() as used in unzzip_cat_file() (CVE-2020-18442) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for zziplib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: infinite loop via the return value of zzip_file_read() as used in unzzip_cat_file() (CVE-2020-18442) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms zziplib-devel-0.13.68-9.el8.aarch64.rpm 72c80fe409252deb20805308f540e0383c072ef322b74bf3286d12d1419c1f08 RLEA-2021:4322 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for unicode-ucd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms unicode-ucd-unihan-11.0.0-2.el8.noarch.rpm 870061428ed38494e9a2d305b81fbd430429a6e5761f94caf6537f474b0f3bf0 RLEA-2021:4335 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for tesseract. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms tesseract-devel-4.1.1-2.el8.aarch64.rpm 8655d566fc5d0d054b85c8b6e470bedb4ad468259606990eb889e451a49a869d RLSA-2021:4339 Grilo is a framework that provides access to different sources of multimedia content, using a pluggable system. The grilo package contains the core library and elements. Security Fix(es): * grilo: missing TLS certificate verification (CVE-2021-39365) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for grilo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Grilo is a framework that provides access to different sources of multimedia content, using a pluggable system. The grilo package contains the core library and elements. Security Fix(es): * grilo: missing TLS certificate verification (CVE-2021-39365) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms grilo-devel-0.3.6-3.el8.aarch64.rpm 656e62f99699d2a9df33d1f977e001c102525529538e52ab156ea7355d37ac1d RLSA-2021:4162 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python-psutil: Double free because of refcount mishandling (CVE-2019-18874) * python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493) * python: Information disclosure via pydoc (CVE-2021-3426) * python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771) * python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336) * python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957) * python-ipaddress: Improper input validation of octal strings (CVE-2021-29921) * python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503) * python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-urllib3, PyYAML, python-attrs, python-jinja2, python-requests, python-atomicwrites, mod_wsgi, python3x-pip, python38, python-asn1crypto, python-chardet, python-markupsafe, python-pluggy, python-py, Cython, python-psutil, python-wcwidth, babel, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python3x-setuptools, python-cffi, pytz, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python-psutil: Double free because of refcount mishandling (CVE-2019-18874) * python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493) * python: Information disclosure via pydoc (CVE-2021-3426) * python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771) * python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336) * python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957) * python-ipaddress: Improper input validation of octal strings (CVE-2021-29921) * python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503) * python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__python38-devel python38-atomicwrites-1.3.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm 4577930f8643eab6d5dd7d0f768cde32fcd2c7a4384f0b1cf913f2cca6713313 python38-attrs-19.3.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 1045c38f448778b2e636bd48607abc9b8cb9d767fb254f02d8fc4446de2dcdb6 python38-more-itertools-7.2.0-5.module+el8.4.0+570+c2eaf144.noarch.rpm a835104b763c20cf7aa64b8508e9c0b5cf39fa6a150327a3203fdb0a8755bdef python38-packaging-19.2-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0edfb62f3f6eaa6d37cf69560eb66c4e7321fbe4d5b1a5a2cf836aa1195311be python38-pluggy-0.13.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 60dfc6122c9fd333025780bd3d6277083526e0932eb444ce6713be3f54a743d8 python38-py-1.8.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm c2a1b7e33d1d1cd09325d09c9297065b85587adeaac0d805927036daae1681f1 python38-pyparsing-2.4.5-3.module+el8.4.0+570+c2eaf144.noarch.rpm 9764b2d4672b7d858a173b448213904a8eb16937add8a417987a31c3857ae7f4 python38-pytest-4.6.6-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0369a5e14d4cbfd676ebd6157f0b988a1b9e2480e9fae9c00291b7c1d73abe86 python38-wcwidth-0.1.7-16.module+el8.4.0+570+c2eaf144.noarch.rpm b9652f15c965a3ec2e00be8240a592c91cdeb727b316863a34944a4de723859d RLBA-2021:4533 The Intelligent Input Bus (IBus) is an input method framework for multilingual input in Unix-like operating systems. Bug fix: * Previously, in GNOME Wayland desktop in Rocky Linux 8.5, the IBus emoji candidate pop-up was used with IBus UI and the selected candidate could not inserted into the target input focus smartly. With this update, the IBus emoji candidate pop-up is used with GNOME-Shell UI in GNOME Wayland desktop and the selected candidate is inserted into the input focus correctly. (BZ#2014064) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ibus. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Intelligent Input Bus (IBus) is an input method framework for multilingual input in Unix-like operating systems. Bug fix: * Previously, in GNOME Wayland desktop in Rocky Linux 8.5, the IBus emoji candidate pop-up was used with IBus UI and the selected candidate could not inserted into the target input focus smartly. With this update, the IBus emoji candidate pop-up is used with GNOME-Shell UI in GNOME Wayland desktop and the selected candidate is inserted into the input focus correctly. (BZ#2014064) rocky-linux-8-aarch64-powertools-rpms ibus-devel-1.5.19-14.el8_5.aarch64.rpm 3add74552412d440d8c82d2c6f0c125789e9a9c8c628920b3b2c757ccf2dadd1 ibus-devel-docs-1.5.19-14.el8_5.noarch.rpm 67b3b057ac52c0ba48ad6774949daad44c1f1f14a2dbc5fafac3108532735d46 RLSA-2021:4585 The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in gcc in order to facilitate detection of BiDi Unicode characters: This update implements a new warning option -Wbidirectional to warn about possibly dangerous bidirectional characters. There are three levels of warning supported by gcc: "-Wbidirectional=unpaired", which warns about improperly terminated BiDi contexts. (This is the default.) "-Wbidirectional=none", which turns the warning off. "-Wbidirectional=any", which warns about any use of bidirectional characters. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for gcc-toolset-10-gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in gcc in order to facilitate detection of BiDi Unicode characters: This update implements a new warning option -Wbidirectional to warn about possibly dangerous bidirectional characters. There are three levels of warning supported by gcc: "-Wbidirectional=unpaired", which warns about improperly terminated BiDi contexts. (This is the default.) "-Wbidirectional=none", which turns the warning off. "-Wbidirectional=any", which warns about any use of bidirectional characters. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms gcc-toolset-10-gcc-plugin-devel-10.3.1-1.2.el8_5.aarch64.rpm e35680e5ad397a6e574e99b818be8e02c7fd2e1a44f6591e5a466e5e1768c718 RLSA-2022:0643 The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions (CVE-2022-22817) * python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c (CVE-2022-22816) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for python-pillow. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions (CVE-2022-22817) * python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c (CVE-2022-22816) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms python3-pillow-devel-5.1.1-18.el8_5.aarch64.rpm 6491d52a52cb495373090c90ee81c02d85adee6953096948733bb1a4c71d40bb python3-pillow-doc-5.1.1-18.el8_5.noarch.rpm 64ec44d65dab3eb5c18b94a53711ac2b79553ff54ec1c3aec07c94e9186ab63f python3-pillow-tk-5.1.1-18.el8_5.aarch64.rpm ad9d67a2d8db5b08af24dc4774159129d78f1ef37b72063613ac6dbb64cff9d0 RLSA-2022:1764 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packages have been upgraded to a later upstream version: python38 (3.8), python38-devel (3.8). (BZ#1997680, BZ#1997860) Security Fix(es): * python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733) * python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) * python: urllib.parse does not sanitize URLs containing ASCII newline and tabs (CVE-2022-0391) * python: urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-urllib3, PyYAML, python-attrs, python-jinja2, python-requests, python-atomicwrites, mod_wsgi, python3x-pip, python38, python-asn1crypto, python-chardet, python-markupsafe, python-pluggy, python-py, Cython, python-psutil, python-wcwidth, babel, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python3x-setuptools, python-cffi, pytz, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packages have been upgraded to a later upstream version: python38 (3.8), python38-devel (3.8). (BZ#1997680, BZ#1997860) Security Fix(es): * python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733) * python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) * python: urllib.parse does not sanitize URLs containing ASCII newline and tabs (CVE-2022-0391) * python: urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__python38-devel python38-atomicwrites-1.3.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm 4577930f8643eab6d5dd7d0f768cde32fcd2c7a4384f0b1cf913f2cca6713313 python38-attrs-19.3.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 1045c38f448778b2e636bd48607abc9b8cb9d767fb254f02d8fc4446de2dcdb6 python38-more-itertools-7.2.0-5.module+el8.4.0+570+c2eaf144.noarch.rpm a835104b763c20cf7aa64b8508e9c0b5cf39fa6a150327a3203fdb0a8755bdef python38-packaging-19.2-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0edfb62f3f6eaa6d37cf69560eb66c4e7321fbe4d5b1a5a2cf836aa1195311be python38-pluggy-0.13.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 60dfc6122c9fd333025780bd3d6277083526e0932eb444ce6713be3f54a743d8 python38-py-1.8.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm c2a1b7e33d1d1cd09325d09c9297065b85587adeaac0d805927036daae1681f1 python38-pyparsing-2.4.5-3.module+el8.4.0+570+c2eaf144.noarch.rpm 9764b2d4672b7d858a173b448213904a8eb16937add8a417987a31c3857ae7f4 python38-pytest-4.6.6-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0369a5e14d4cbfd676ebd6157f0b988a1b9e2480e9fae9c00291b7c1d73abe86 python38-wcwidth-0.1.7-16.module+el8.4.0+570+c2eaf144.noarch.rpm b9652f15c965a3ec2e00be8240a592c91cdeb727b316863a34944a4de723859d RLBA-2022:1770 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for evince. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms evince-devel-3.28.4-16.el8.aarch64.rpm a5a0b3bbf4821181fd2825face6d563f652cbbb9544a00847a374f3cc8370857 RLBA-2022:1790 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libpinyin. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libpinyin-devel-2.2.0-2.el8.aarch64.rpm 596c414aea123caaf9c8268f418fba41810772bb12811be31e9c84a51dd4d71b RLBA-2022:1794 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libmemcached. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libmemcached-devel-1.0.18-17.el8.aarch64.rpm 7cb2819f3cf4ee64a2ebdb6c5edfe77fd6f735ff3f7b55fae0006cbe8680d338 RLBA-2022:1800 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for accountsservice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms accountsservice-devel-0.6.55-4.el8.aarch64.rpm bd7f5675377ea157ae393b9642feef8824d9dea87c7bbe104e9da92c4a035c4c RLBA-2022:1822 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ibus. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms ibus-devel-docs-1.5.19-14.el8_5.noarch.rpm 67b3b057ac52c0ba48ad6774949daad44c1f1f14a2dbc5fafac3108532735d46 ibus-devel-1.5.19-14.el8_5.aarch64.rpm 3add74552412d440d8c82d2c6f0c125789e9a9c8c628920b3b2c757ccf2dadd1 RLBA-2022:1827 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for librdkafka. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms librdkafka-devel-0.11.4-3.el8.aarch64.rpm c8b3275584e963d6099df5d85375a15f2d92f705ed36d4c2d06fa336d3019317 RLSA-2022:1842 Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. The following packages have been upgraded to a later upstream version: exiv2 (0.27.5). (BZ#2018422) Security Fix(es): * exiv2: stack exhaustion issue in the printIFDStructure function may lead to DoS (CVE-2020-18898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for exiv2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. The following packages have been upgraded to a later upstream version: exiv2 (0.27.5). (BZ#2018422) Security Fix(es): * exiv2: stack exhaustion issue in the printIFDStructure function may lead to DoS (CVE-2020-18898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms exiv2-devel-0.27.5-2.el8.aarch64.rpm a1948a702760e298396197624ddf5de8ad443e4c66ab9f251041d2614998b047 exiv2-doc-0.27.5-2.el8.noarch.rpm d2c75b50927dab8d284c052574cdd762ffe1c4debdc3c7c25d3b324f3626d998 RLBA-2022:1871 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for corosync. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms corosync-vqsim-3.1.5-2.el8.aarch64.rpm c7cdf0b3e7b881f844bbffc595bfbc1a223a3adf47ff6a62843b490a898e3eeb RLBA-2022:1895 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libecpg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libecpg-devel-13.5-3.el8.aarch64.rpm f83edc444b2d82ca2a8cf88321e870a09fdc7063b0ecabe8f585ea5becbfb163 RLSA-2022:1763 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-toml, python-urllib3, PyYAML, python-attrs, python-iniconfig, python-requests, mod_wsgi, python3x-pip, python-py, python-chardet, python-pluggy, Cython, python-psutil, python-wcwidth, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python39, python-cffi, python3x-setuptools, pybind11, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__python39-devel python39-attrs-20.3.0-2.module+el8.4.0+574+843c4898.noarch.rpm fbb8f663205787752f8a7c5a1a7dc1497d9de97321946c2f1f959b9a83e701ba python39-Cython-0.29.21-5.module+el8.4.0+574+843c4898.aarch64.rpm 637ec2d61a3f84c6a3c79abe7c5ffd13fd5b02ba0acb854b25fecd6e8edf0282 python39-iniconfig-1.1.1-2.module+el8.4.0+574+843c4898.noarch.rpm 585177d17ab59aafa2b84d8543a424a37d750a1b7d77b13d3528fba480b8178f python39-more-itertools-8.5.0-2.module+el8.4.0+574+843c4898.noarch.rpm 783f58ba2a8c29a6be5ff43e198e37fd6a63251db3b3f2bee347fab0fb814ed0 python39-packaging-20.4-4.module+el8.4.0+574+843c4898.noarch.rpm 26959ff9006b14a57368c87762d0330e3fbfea6f3e3a635a8b19b3cf935a4e20 python39-pluggy-0.13.1-3.module+el8.4.0+574+843c4898.noarch.rpm 2f8e19389c1dae284619279fe0e20688debb67181df429c7d1ca16ba88747fda python39-py-1.10.0-1.module+el8.4.0+574+843c4898.noarch.rpm 47b83d280a2e2d2082f269fe5971adb5e2baa0d5e53e67492a3471a844b8691f python39-pybind11-2.7.1-1.module+el8.6.0+795+de4edbcc.aarch64.rpm 57a56a33a3460213a62048ebf84d265c3eea23799c2dbd0fc532ccce3044c5cf python39-pybind11-devel-2.7.1-1.module+el8.6.0+795+de4edbcc.aarch64.rpm b6adb9f1239d13fe2a17f26ec0245f1650f4b103b0d5eb8e5310e6058254443e python39-pyparsing-2.4.7-5.module+el8.4.0+574+843c4898.noarch.rpm c30232fe2b752fc55b6f9baab39b970d7b5b95cb01abe8cf91ccea9bc0846dd0 python39-pytest-6.0.2-2.module+el8.4.0+574+843c4898.noarch.rpm c2f636f758cd74bc1b9a16e1f42561af64af41cbfc5e7179fd204565ad051cf6 python39-wcwidth-0.2.5-3.module+el8.4.0+574+843c4898.noarch.rpm be221a900dcb8cf7ac2f7e5660522a057fd7c0b08503b9b4ed19d9564716c881 RLBA-2022:1769 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libgit2-glib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libgit2-glib-devel-0.26.4-3.el8.aarch64.rpm 2579ed877e8b75ce137a05272b09fd9c2ced4b854d8a83842753d1fb32161568 RLBA-2022:1788 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for jq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms jq-devel-1.6-3.el8.aarch64.rpm adec350bf750693db6cadbd62fcb6d14eaa5595262ad4299bf5ddb7520deafd5 RLSA-2022:1808 GNU Aspell is a spell checker designed to eventually replace Ispell. It can either be used as a library or as an independent spell checker. Security Fix(es): * aspell: Heap-buffer-overflow in acommon::ObjStack::dup_top (CVE-2019-25051) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for aspell. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GNU Aspell is a spell checker designed to eventually replace Ispell. It can either be used as a library or as an independent spell checker. Security Fix(es): * aspell: Heap-buffer-overflow in acommon::ObjStack::dup_top (CVE-2019-25051) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms aspell-devel-0.60.6.1-22.el8.aarch64.rpm e15dd4a12cb6b65f9890ae2297a8aacd132fa8db8efad8233c1a5ad9ec8f3d82 RLSA-2022:1820 The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fix(es): * udisks2: insecure defaults in user-accessible mount helpers allow for a DoS (CVE-2021-3802) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for udisks2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fix(es): * udisks2: insecure defaults in user-accessible mount helpers allow for a DoS (CVE-2021-3802) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libudisks2-devel-2.9.0-9.el8.aarch64.rpm 5c7ecb5f2a36f0e2a2b480bcd6c65d805d6704e5bb158a6eb679fccf210587a7 RLSA-2022:1861 Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fix(es): * apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for apache-commons-io, atinject, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, glassfish-el, apache-commons-cli, guava20, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, jansi-native, apache-commons-logging, apache-commons-lang3, plexus-interpolation, sisu, httpcomponents-core, maven, cdi-api, jsoup, geronimo-annotation, google-guice, plexus-utils, slf4j, jboss-interceptors-1.2-api, maven-wagon, jansi, apache-commons-codec, hawtjni. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fix(es): * apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__javapackages-tools aopalliance-1.0-17.module+el8.3.0+74+855e3f5d.noarch.rpm fbb6c1c479c14f3cfd59b7ef1410cd4fd5d0e38a3b20d988d04626b9cc984b2c apache-commons-cli-1.4-4.module+el8.3.0+74+855e3f5d.noarch.rpm 45019b04925e7755a011ea89b09ea72f83c4084017f3937292afd4c5ceb0ac98 apache-commons-codec-1.11-3.module+el8.3.0+74+855e3f5d.noarch.rpm 3aa2b01dd5152ec46aa9671caf520795ba501397d983b795c13d44ff624e1610 apache-commons-io-2.6-3.module+el8.3.0+74+855e3f5d.noarch.rpm 89e481e422ef99164e35d7211632853fcd0d4878369545985364dc50721254ab apache-commons-lang3-3.7-3.module+el8.3.0+74+855e3f5d.noarch.rpm 2a5f240d60dbc890037880b26f6611fc23dac46b8f50ae6ccaa149ee1cc5ed1a apache-commons-logging-1.2-13.module+el8.3.0+74+855e3f5d.noarch.rpm d789f181483d77171796dffad8e30470feac289a4034ee715731bbd6e1641444 atinject-1-28.20100611svn86.module+el8.3.0+74+855e3f5d.noarch.rpm e4b82afc0bb5526846c4eeb9cb79c26bce4d30934e1ced93d1d3e7307e074f74 cdi-api-1.2-8.module+el8.3.0+74+855e3f5d.noarch.rpm 2e8c720fdbc5e3482949b1de0b3eed0c2b7d8595a3ffabce476a6e1daa850018 geronimo-annotation-1.0-23.module+el8.3.0+74+855e3f5d.noarch.rpm e7b5122e8672fbe03fcb8fb36bceb4efb9a048fc2b3cd8fd0d7abb1557395780 glassfish-el-api-3.0.1-0.7.b08.module+el8.3.0+74+855e3f5d.noarch.rpm c4fc22d030b1a3a0f1b2465385e403e86f330d136a7c0eb0770d6cd26151763e google-guice-4.1-11.module+el8.3.0+74+855e3f5d.noarch.rpm df35552be68618d49606464e558fc5ba46b7700378df8925e57521f8eb3f98c3 guava20-20.0-8.module+el8.3.0+74+855e3f5d.noarch.rpm 4b8a8bac2501f5672cfffe49ebd189b8b788b60d59c26f813dfd9c8f76fc2a2b hawtjni-runtime-1.16-2.module+el8.3.0+74+855e3f5d.noarch.rpm 4c65ddc64dbfc58c468643f55731d9dd50323a6f86ec3ab2d865671ccb7d7c7a httpcomponents-core-4.4.10-3.module+el8.3.0+74+855e3f5d.noarch.rpm 288373332ddbb4d44cbbc09a258f2ef678f9f82fcc675deb67fc1cf17e5433de jansi-1.17.1-1.module+el8.3.0+74+855e3f5d.noarch.rpm 91dc0aea768418adad49fd93dc91922be6e49f27ea74d2a6d8fcde0691999e1b jansi-native-1.7-7.module+el8.3.0+74+855e3f5d.aarch64.rpm 897f38e4749a81bb05c0c678d8ddb800d89bdab2ad06da19a644effb989c3547 jboss-interceptors-1.2-api-1.0.0-8.module+el8.3.0+74+855e3f5d.noarch.rpm 1dfd33dda1d4c8109071d38142354c33ef297ad4481ae97ec23b228b0fe3f9d7 maven-lib-3.5.4-5.module+el8.3.0+74+855e3f5d.noarch.rpm 186959635948722c4a8fc4e957e62a2f684f231cb2e8dad402ac4aee732c22ef jcl-over-slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm 3c363400689340b536e66c15f577a12a5b655144873247cae92fa1ab1d84c550 jsoup-1.11.3-3.module+el8.3.0+74+855e3f5d.noarch.rpm 3992d95096226f182c24e41a93e1d0df2eea9757c1ddf8e02869944dbd9d5a56 maven-3.5.4-5.module+el8.3.0+74+855e3f5d.noarch.rpm 11eabb9b6ad822066845a124cd8fd58161bf8cea2bd30361d52b99f20bc532aa maven-resolver-api-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm 78318ad89591627ff7b70d576dcfa7ddbd8b84cbc96bf10cfbfb3f00551f9d35 maven-resolver-connector-basic-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm 8af445addb2ecf224118b43b189343bd81d61a7f1ed4919ba5e2a7b96884f094 maven-resolver-impl-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm d9efb68794c75fb6807690fa7b154010930804532539a082cf1f8c801987b002 maven-resolver-spi-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm 84864ba6c437c4a79443cc8ad6709f1e3f4bef7805953b5593e7b7f85f112f4b maven-resolver-transport-wagon-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm c2ad084bdc61acc14f125e9dc97517c8b7bd1fe11f1fa51e0aa52bccae1104ba maven-resolver-util-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm 50d2691f67b8937dc531975ac7b181b883dd480ff8ada2724efdbe55781271f8 maven-shared-utils-3.2.1-0.1.module+el8.3.0+74+855e3f5d.noarch.rpm 11617b79504bcb21ca362f90b50fe5a79c33f7e23a497c0f1f9fd72d875f14d5 maven-wagon-file-3.1.0-1.module+el8.3.0+74+855e3f5d.noarch.rpm ae1861c6356a25f751701921f4bb4f6d4909e30f5f0a3992f29fb20d7d7d0efd maven-wagon-http-3.1.0-1.module+el8.3.0+74+855e3f5d.noarch.rpm 5c23a755115e85f8a8244f0219d701ab4489ee8b0e342ffdbf5e3101d0b6c1a9 maven-wagon-http-shared-3.1.0-1.module+el8.3.0+74+855e3f5d.noarch.rpm 317f893fc19cafca5ffba64667b11ce5f7b888b021b199b65dc4e05dccb9093c maven-wagon-provider-api-3.1.0-1.module+el8.3.0+74+855e3f5d.noarch.rpm 72c219e7b417dcf9c0d653c51b912447866b9c54043c99e3076d81d789a642a1 plexus-cipher-1.7-14.module+el8.3.0+74+855e3f5d.noarch.rpm d15598cc6e72733579d36a2960e4fc6a5cee91f3822ec698df9d37be2890aa21 plexus-classworlds-2.5.2-9.module+el8.3.0+74+855e3f5d.noarch.rpm 4317743cf5f3c9405a29be7a128a157dcc35274d739a652244e3e81113202556 plexus-containers-component-annotations-1.7.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm cc34dedf623b784eeed97d1b32972ea29deba8822da85e125ee04f94c7283452 plexus-interpolation-1.22-9.module+el8.3.0+74+855e3f5d.noarch.rpm 2e23be2ec94ec5b6c7b655d396cfbc90ac035d22d81afc0cff2b18af207d1123 plexus-sec-dispatcher-1.4-26.module+el8.3.0+74+855e3f5d.noarch.rpm 827da035529b00c9fe3e940f5ddae520273c4b85d81df3f9be42dbfae3a0262c plexus-utils-3.1.0-3.module+el8.3.0+74+855e3f5d.noarch.rpm 00b359572d4dd27ba27a11a093533dc7eb15aa18417277d89dfb69426996aab1 sisu-inject-0.3.3-6.module+el8.3.0+74+855e3f5d.noarch.rpm f9c004d055ccbec5294f396f757fba8589320c58d0be527c7703d39cfc4e6659 sisu-plexus-0.3.3-6.module+el8.3.0+74+855e3f5d.noarch.rpm e6e9f0f557f06117e828215563eabe25c3e060d8f2929e1bb4ea142c14473d7a slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 RLBA-2022:1875 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for adwaita-icon-theme. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms adwaita-icon-theme-devel-3.28.0-3.el8.noarch.rpm 38a09e434c702743b2398bc56aac1f98b2f3bcf378e88ba7ec10569f1722ef1c RLBA-2022:1889 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for texlive. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms texlive-lib-devel-20180414-25.el8.aarch64.rpm 5db631dd1786b5247720949481d0819c9cb90c12fa3937939e7d6c4bbbb47fc7 RLBA-2022:1918 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for webrtc-audio-processing. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms webrtc-audio-processing-devel-0.3-10.el8.aarch64.rpm 0b01ae10630afaf01db449e2d53dbe214f5bdf3e9e6daddc228c9fce50b1f9e0 RLBA-2022:1944 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for netpbm. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms netpbm-devel-10.82.00-7.el8.aarch64.rpm 2b481333c4884deef0e9f42b37a88170a018c6195d0cac926307e5d8fe7ede34 netpbm-doc-10.82.00-7.el8.aarch64.rpm d4ca161c0a10bdc76a1191c148d1bce3000fbc1da6302ca10b2a1629c9bd7d00 RLBA-2022:1949 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for python-pillow. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms python3-pillow-devel-5.1.1-18.el8_5.aarch64.rpm 6491d52a52cb495373090c90ee81c02d85adee6953096948733bb1a4c71d40bb python3-pillow-doc-5.1.1-18.el8_5.noarch.rpm 64ec44d65dab3eb5c18b94a53711ac2b79553ff54ec1c3aec07c94e9186ab63f python3-pillow-tk-5.1.1-18.el8_5.aarch64.rpm ad9d67a2d8db5b08af24dc4774159129d78f1ef37b72063613ac6dbb64cff9d0 RLSA-2022:1968 libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): * libsndfile: heap out-of-bounds read in src/flac.c in flac_buffer_copy (CVE-2021-4156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libsndfile. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): * libsndfile: heap out-of-bounds read in src/flac.c in flac_buffer_copy (CVE-2021-4156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libsndfile-devel-1.0.28-12.el8.aarch64.rpm f7dee0d5eb29717555856f293c5c254ed76836715169bba439fbe3bca031c650 RLSA-2022:4798 The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Security Fix(es): * maven-shared-utils: Command injection via Commandline class (CVE-2022-29599) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for apache-commons-io, atinject, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, glassfish-el, apache-commons-cli, guava20, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, jansi-native, apache-commons-logging, apache-commons-lang3, plexus-interpolation, sisu, httpcomponents-core, maven, cdi-api, jsoup, geronimo-annotation, google-guice, plexus-utils, slf4j, jboss-interceptors-1.2-api, maven-wagon, jansi, apache-commons-codec, hawtjni. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Security Fix(es): * maven-shared-utils: Command injection via Commandline class (CVE-2022-29599) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms__javapackages-tools aopalliance-1.0-17.module+el8.3.0+74+855e3f5d.noarch.rpm fbb6c1c479c14f3cfd59b7ef1410cd4fd5d0e38a3b20d988d04626b9cc984b2c apache-commons-cli-1.4-4.module+el8.3.0+74+855e3f5d.noarch.rpm 45019b04925e7755a011ea89b09ea72f83c4084017f3937292afd4c5ceb0ac98 apache-commons-codec-1.11-3.module+el8.3.0+74+855e3f5d.noarch.rpm 3aa2b01dd5152ec46aa9671caf520795ba501397d983b795c13d44ff624e1610 apache-commons-io-2.6-3.module+el8.3.0+74+855e3f5d.noarch.rpm 89e481e422ef99164e35d7211632853fcd0d4878369545985364dc50721254ab apache-commons-lang3-3.7-3.module+el8.3.0+74+855e3f5d.noarch.rpm 2a5f240d60dbc890037880b26f6611fc23dac46b8f50ae6ccaa149ee1cc5ed1a apache-commons-logging-1.2-13.module+el8.3.0+74+855e3f5d.noarch.rpm d789f181483d77171796dffad8e30470feac289a4034ee715731bbd6e1641444 atinject-1-28.20100611svn86.module+el8.3.0+74+855e3f5d.noarch.rpm e4b82afc0bb5526846c4eeb9cb79c26bce4d30934e1ced93d1d3e7307e074f74 cdi-api-1.2-8.module+el8.3.0+74+855e3f5d.noarch.rpm 2e8c720fdbc5e3482949b1de0b3eed0c2b7d8595a3ffabce476a6e1daa850018 geronimo-annotation-1.0-23.module+el8.3.0+74+855e3f5d.noarch.rpm e7b5122e8672fbe03fcb8fb36bceb4efb9a048fc2b3cd8fd0d7abb1557395780 glassfish-el-api-3.0.1-0.7.b08.module+el8.3.0+74+855e3f5d.noarch.rpm c4fc22d030b1a3a0f1b2465385e403e86f330d136a7c0eb0770d6cd26151763e google-guice-4.1-11.module+el8.3.0+74+855e3f5d.noarch.rpm df35552be68618d49606464e558fc5ba46b7700378df8925e57521f8eb3f98c3 guava20-20.0-8.module+el8.3.0+74+855e3f5d.noarch.rpm 4b8a8bac2501f5672cfffe49ebd189b8b788b60d59c26f813dfd9c8f76fc2a2b hawtjni-runtime-1.16-2.module+el8.3.0+74+855e3f5d.noarch.rpm 4c65ddc64dbfc58c468643f55731d9dd50323a6f86ec3ab2d865671ccb7d7c7a httpcomponents-client-4.5.5-4.module+el8.3.0+74+855e3f5d.noarch.rpm 8caedd5d895c3f289c37183e3fd8caea734fccb9e97de32f62c7c5828d1c400c httpcomponents-core-4.4.10-3.module+el8.3.0+74+855e3f5d.noarch.rpm 288373332ddbb4d44cbbc09a258f2ef678f9f82fcc675deb67fc1cf17e5433de jansi-1.17.1-1.module+el8.3.0+74+855e3f5d.noarch.rpm 91dc0aea768418adad49fd93dc91922be6e49f27ea74d2a6d8fcde0691999e1b jansi-native-1.7-7.module+el8.3.0+74+855e3f5d.aarch64.rpm 897f38e4749a81bb05c0c678d8ddb800d89bdab2ad06da19a644effb989c3547 jboss-interceptors-1.2-api-1.0.0-8.module+el8.3.0+74+855e3f5d.noarch.rpm 1dfd33dda1d4c8109071d38142354c33ef297ad4481ae97ec23b228b0fe3f9d7 jcl-over-slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm 3c363400689340b536e66c15f577a12a5b655144873247cae92fa1ab1d84c550 jsoup-1.11.3-3.module+el8.3.0+74+855e3f5d.noarch.rpm 3992d95096226f182c24e41a93e1d0df2eea9757c1ddf8e02869944dbd9d5a56 maven-3.5.4-5.module+el8.3.0+74+855e3f5d.noarch.rpm 11eabb9b6ad822066845a124cd8fd58161bf8cea2bd30361d52b99f20bc532aa maven-lib-3.5.4-5.module+el8.3.0+74+855e3f5d.noarch.rpm 186959635948722c4a8fc4e957e62a2f684f231cb2e8dad402ac4aee732c22ef maven-resolver-api-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm 78318ad89591627ff7b70d576dcfa7ddbd8b84cbc96bf10cfbfb3f00551f9d35 maven-resolver-connector-basic-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm 8af445addb2ecf224118b43b189343bd81d61a7f1ed4919ba5e2a7b96884f094 maven-resolver-impl-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm d9efb68794c75fb6807690fa7b154010930804532539a082cf1f8c801987b002 maven-resolver-spi-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm 84864ba6c437c4a79443cc8ad6709f1e3f4bef7805953b5593e7b7f85f112f4b maven-resolver-transport-wagon-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm c2ad084bdc61acc14f125e9dc97517c8b7bd1fe11f1fa51e0aa52bccae1104ba maven-resolver-util-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm 50d2691f67b8937dc531975ac7b181b883dd480ff8ada2724efdbe55781271f8 maven-wagon-file-3.1.0-1.module+el8.3.0+74+855e3f5d.noarch.rpm ae1861c6356a25f751701921f4bb4f6d4909e30f5f0a3992f29fb20d7d7d0efd maven-wagon-http-3.1.0-1.module+el8.3.0+74+855e3f5d.noarch.rpm 5c23a755115e85f8a8244f0219d701ab4489ee8b0e342ffdbf5e3101d0b6c1a9 maven-wagon-http-shared-3.1.0-1.module+el8.3.0+74+855e3f5d.noarch.rpm 317f893fc19cafca5ffba64667b11ce5f7b888b021b199b65dc4e05dccb9093c maven-wagon-provider-api-3.1.0-1.module+el8.3.0+74+855e3f5d.noarch.rpm 72c219e7b417dcf9c0d653c51b912447866b9c54043c99e3076d81d789a642a1 plexus-cipher-1.7-14.module+el8.3.0+74+855e3f5d.noarch.rpm d15598cc6e72733579d36a2960e4fc6a5cee91f3822ec698df9d37be2890aa21 plexus-classworlds-2.5.2-9.module+el8.3.0+74+855e3f5d.noarch.rpm 4317743cf5f3c9405a29be7a128a157dcc35274d739a652244e3e81113202556 plexus-containers-component-annotations-1.7.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm cc34dedf623b784eeed97d1b32972ea29deba8822da85e125ee04f94c7283452 plexus-interpolation-1.22-9.module+el8.3.0+74+855e3f5d.noarch.rpm 2e23be2ec94ec5b6c7b655d396cfbc90ac035d22d81afc0cff2b18af207d1123 plexus-sec-dispatcher-1.4-26.module+el8.3.0+74+855e3f5d.noarch.rpm 827da035529b00c9fe3e940f5ddae520273c4b85d81df3f9be42dbfae3a0262c plexus-utils-3.1.0-3.module+el8.3.0+74+855e3f5d.noarch.rpm 00b359572d4dd27ba27a11a093533dc7eb15aa18417277d89dfb69426996aab1 sisu-inject-0.3.3-6.module+el8.3.0+74+855e3f5d.noarch.rpm f9c004d055ccbec5294f396f757fba8589320c58d0be527c7703d39cfc4e6659 sisu-plexus-0.3.3-6.module+el8.3.0+74+855e3f5d.noarch.rpm e6e9f0f557f06117e828215563eabe25c3e060d8f2929e1bb4ea142c14473d7a slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 RLSA-2022:5331 libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. Security Fix(es): * libinput: format string vulnerability may lead to privilege escalation (CVE-2022-1215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libinput. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. Security Fix(es): * libinput: format string vulnerability may lead to privilege escalation (CVE-2022-1215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms libinput-devel-1.16.3-3.el8_6.aarch64.rpm bde3d4d77bd661d9256d7f2dec8e7353274f7b5eeafbf0673704413b022668aa RLSA-2022:6911 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.110 and .NET Runtime 6.0.10. Security Fix(es): * dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.110 and .NET Runtime 6.0.10. Security Fix(es): * dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el8_6.aarch64.rpm 5bd2d0f4ec1d3b7afde4d718fc4477b62eafffd021c77b619c7a5ca0b3de46db RLSA-2022:7006 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-1.8.0-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm b7d35d9f285a1b0dec58da3c3f4a0ffc7ebc591e4153249ebdccc04dd2a9d790 java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm 18d16f2d145b0a74d9c5708123ebc80234856f31d9b12140ffad3f696018a54a java-1.8.0-openjdk-demo-fastdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm 19365b81c215dbecc57340be70effc577928ce7e948433336c1ee582bac02acc java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm 647d993682f191b54be44e034069c6b7c440095f92b6e9fb7570a0739577e108 java-1.8.0-openjdk-devel-fastdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm 70d11b21564ba0f9687a7ecffc2d7dd9f86fe6b1a875e3ffa57d3fa9f7708815 java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm 320d6c5f7d96eed48a774fb425120467c3de9d3b7dee221671acc71d649892ea java-1.8.0-openjdk-fastdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm 9d00ba06ee69c2f9777b452d779a8173ca4b3b5ee2e550359b6093ca0596de16 java-1.8.0-openjdk-headless-fastdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm a551632ab45c43f2264420ffc7910ec143bb2b9b6d9311ea2ce9556630dee26f java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm 0fff96db56187df2caf62c76b6dfc2991037ff451380ea4e519df9e1f4f6f2e6 java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm e59b364a29f07f98415d5cd0279e46427b44814318240ab114b8f0a7becaf884 java-1.8.0-openjdk-src-fastdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm fcc84852a012c72513ec52f6a95f336c04b1eef97d9378d23839a1061cf52ce2 java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm bc1bd795a4363451df05af031f89c05069f40dcdcc3ce17b6bb42ffbf629846c RLSA-2022:7000 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618) * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) * OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) (CVE-2022-39399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 17.0.5) [Rocky Linux-8] (BZ#2132503) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618) * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) * OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) (CVE-2022-39399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 17.0.5) [Rocky Linux-8] (BZ#2132503) rocky-linux-8-aarch64-powertools-rpms java-17-openjdk-demo-fastdebug-17.0.5.0.8-2.el8_6.aarch64.rpm ea2fa9620d5fdf59ec35ae91c3a9504a1cc5945df7f5388b85b62a6acfb08591 java-17-openjdk-demo-slowdebug-17.0.5.0.8-2.el8_6.aarch64.rpm b82445472ba4c355bb43a735b0e30b3de4f1a1b0cb62d4629ffe43674000da00 java-17-openjdk-devel-fastdebug-17.0.5.0.8-2.el8_6.aarch64.rpm e7f53aacf380aecdc96d775b484133b1af4f3048155085469b3b01bc7ca21883 java-17-openjdk-devel-slowdebug-17.0.5.0.8-2.el8_6.aarch64.rpm dfd70437d7de24c2cfb5a737bf268a53498ede87755d67e0e604e0782364cb6a java-17-openjdk-fastdebug-17.0.5.0.8-2.el8_6.aarch64.rpm 85886a5ec04b03a76028a2ff29eacff6fe1b38fcce02cd752865a11a534fabd0 java-17-openjdk-headless-fastdebug-17.0.5.0.8-2.el8_6.aarch64.rpm 6b589a87fb9877b12254dffb2788d0535c0318bc2706255cc39fa52c0e883f5d java-17-openjdk-headless-slowdebug-17.0.5.0.8-2.el8_6.aarch64.rpm 590a2d579c7cca0c42f90f87b0778917ab4e85d16f996095e66c669b60a4d393 java-17-openjdk-jmods-fastdebug-17.0.5.0.8-2.el8_6.aarch64.rpm f99f1112311b2ea10a2ab159169aafc99024148a3c550858386c33e48606d76f java-17-openjdk-jmods-slowdebug-17.0.5.0.8-2.el8_6.aarch64.rpm 12e71a0739f2651eab6357b88dfbd2f1f5d00d7261067d91b5afc226e1a55eb7 java-17-openjdk-slowdebug-17.0.5.0.8-2.el8_6.aarch64.rpm 81fc3ea1aa495edba990c8a40d4889f92ac663b7e6a38d225984001285d9826f java-17-openjdk-src-fastdebug-17.0.5.0.8-2.el8_6.aarch64.rpm 4c02eee746e86de7064e85f96ce143453e339343e3f4446fa7a5d33683b51ff3 java-17-openjdk-src-slowdebug-17.0.5.0.8-2.el8_6.aarch64.rpm 5f9a40ef8d1835b293d0f2d21390925e7f160b80860d08ced51435da53664521 java-17-openjdk-static-libs-fastdebug-17.0.5.0.8-2.el8_6.aarch64.rpm 630abef35a85663ce5d1ca20cfd7674e5a57376ebe66e0e1577bad6cf38e464b java-17-openjdk-static-libs-slowdebug-17.0.5.0.8-2.el8_6.aarch64.rpm 88046dc62168e0752eae3ff58f9e9dc281c5f80011e22b3f035328e67c7e6112 RLSA-2022:7012 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618) * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) * OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) (CVE-2022-39399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 11.0.17) [Rocky Linux-8] (BZ#2131863) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618) * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) * OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) (CVE-2022-39399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 11.0.17) [Rocky Linux-8] (BZ#2131863) rocky-linux-8-aarch64-powertools-rpms java-11-openjdk-demo-fastdebug-11.0.17.0.8-2.el8_6.aarch64.rpm 0bfd462430a0f2a197344437990ca4c4cddbf4801a025ba68490251c059f2b9c java-11-openjdk-demo-slowdebug-11.0.17.0.8-2.el8_6.aarch64.rpm 44d82fd903f9044363c769ac67c54e3ba29b63eb7023490c90d6ad6033a74027 java-11-openjdk-devel-fastdebug-11.0.17.0.8-2.el8_6.aarch64.rpm 048bd77ac5d000a7ac12aa6764037c8d824686a1d739803490e76fc41beaaaa6 java-11-openjdk-devel-slowdebug-11.0.17.0.8-2.el8_6.aarch64.rpm f5b22c4c67bbf09fe53dec2a689bf2c0007c45669c1b8205282c62d21d9aefda java-11-openjdk-fastdebug-11.0.17.0.8-2.el8_6.aarch64.rpm 5a49f541ab8316e6de735f127d15569119366344541c559a99bafc6dbbac4565 java-11-openjdk-headless-fastdebug-11.0.17.0.8-2.el8_6.aarch64.rpm e53e9eac134a9bc218ba00e13a3abb8cf62cd9733d0671d47d47e51f494d6781 java-11-openjdk-headless-slowdebug-11.0.17.0.8-2.el8_6.aarch64.rpm d2323f8f91e658b75750ad32efe2df128498c09724f136b0b0c1bed8a79b4ca6 java-11-openjdk-jmods-fastdebug-11.0.17.0.8-2.el8_6.aarch64.rpm 1ed54f93628722340771739421d20bf0c65e8573fd5c475ce00ed6f418b778fc java-11-openjdk-jmods-slowdebug-11.0.17.0.8-2.el8_6.aarch64.rpm 2124bfd6883f11639b573a6b47db4edb6c703621a2064190689603bbc8c7cbfb java-11-openjdk-slowdebug-11.0.17.0.8-2.el8_6.aarch64.rpm da5092b2bc4e5a0dec9a3b8145cb97a8c9cf9d35a3fb940baa8706749cd7c8ef java-11-openjdk-src-fastdebug-11.0.17.0.8-2.el8_6.aarch64.rpm c02b7a506c3bd44e51299ac15aa5373977468de268da4d50bbe1e2e1926fd3fc java-11-openjdk-src-slowdebug-11.0.17.0.8-2.el8_6.aarch64.rpm 58fb748ba017d249d22412f3a377ee5b3567a97fbb4f0978664eb8eaa532fb23 java-11-openjdk-static-libs-fastdebug-11.0.17.0.8-2.el8_6.aarch64.rpm 5d4bbc78bc56cf20ffac042dbc71e38bbf98c9351817e9fbe1d95603e876b9e0 java-11-openjdk-static-libs-slowdebug-11.0.17.0.8-2.el8_6.aarch64.rpm f88af1e194e7f3bf235c1cf902a7a5511d6ecebc19ff9c3dabf75bcb4222e885 RLBA-2022:7459 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for flatpak. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms flatpak-devel-1.10.7-1.el8.aarch64.rpm c7235062a1e914f8c93b79d81dd06f4b7c559403309f9deb50be92f6370490bf RLSA-2022:7464 The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data. Security Fix(es): * protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference (CVE-2021-22570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for protobuf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data. Security Fix(es): * protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference (CVE-2021-22570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms protobuf-devel-3.5.0-15.el8.aarch64.rpm b6fe0e2fd888fa9462acda19a8f750731cf7f5aeb6b4137e82a3ff4dec49cce0 protobuf-lite-devel-3.5.0-15.el8.aarch64.rpm 91bd7b661b1a51403db5daa2f455e83a68c8d6293e9af269139a5427293d80b7 RLBA-2022:7465 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nmstate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms nmstate-devel-1.3.3-1.el8.aarch64.rpm 09b526f1ba5a2eccee4c21d63cfe373c74914bf0e4093c446e32df0497123e9c RLBA-2022:7468 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libnma. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libnma-devel-1.8.38-1.el8.aarch64.rpm fc78208f60388d2835d2771c2f541659c998d66ce87cbf2dcc470e1ab5fb4280 RLSA-2022:7470 The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * pki-core: access to external entities when parsing XML can lead to XXE (CVE-2022-2414) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for jackson-core, ldapjdk, glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, apache-commons-net, xmlstreambuffer, jackson-annotations, jackson-databind, pki-core, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, tomcatjss, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, jackson-jaxrs-providers, stax-ex, xerces-j2, jss, jakarta-commons-httpclient, glassfish-jaxb, xml-commons-resolver, relaxngDatatype. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * pki-core: access to external entities when parsing XML can lead to XXE (CVE-2022-2414) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__javapackages-tools apache-commons-collections-3.2.2-10.module+el8.3.0+74+855e3f5d.noarch.rpm 1962d12108c85c26d6c44584c3414afa93177a62fe5fe31b9cb6fff51cd75cb9 apache-commons-lang-2.6-21.module+el8.3.0+74+855e3f5d.noarch.rpm 2cd3cc1c2c68b00eaf7073efe0e649c14d4cbeee76322fca4dbfe239a65e1d29 apache-commons-net-3.6-3.module+el8.3.0+74+855e3f5d.noarch.rpm 0fd615658b7f48a1545a730d3142ba3c125727c552f69733e20d0c75633e7743 jakarta-commons-httpclient-3.1-28.module+el8.3.0+74+855e3f5d.noarch.rpm f71217b74ea2188f28ebd2b0d2f6677a94709d3e2ebbf4d02b333905d6c15b1e javassist-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 825f8edc1944e27c4611567fcb91aca046ba7994e92c1c9c215d2d83124920e0 javassist-javadoc-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 8da2a537026464a73387891f3983170d6049e939815a754e56afd4822208c687 slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 slf4j-jdk14-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm d9f73b25226e215f33eb7cb543ec0a7104fb91911fee655ed0c58ad11f10e7e3 velocity-1.7-24.module+el8.3.0+74+855e3f5d.noarch.rpm ade96d58f90efb5525b69336ef4b52e440d0f45532c0118e21805e9a925351a8 xalan-j2-2.7.1-38.module+el8.3.0+74+855e3f5d.noarch.rpm 10e75783a7ccfc438619489e7884709106c0989b344098087c8c203d1661edd1 xerces-j2-2.11.0-34.module+el8.3.0+74+855e3f5d.noarch.rpm fa10d9d0fc58d7b35ba8f873c84601f9362239a8016987f7965f72d099e8bf78 xml-commons-apis-1.4.01-25.module+el8.3.0+74+855e3f5d.noarch.rpm 275a59ebebead1b5939045d1d662ce6f5b273ce28d6fc7211d9e4e0a468d3630 xml-commons-resolver-1.2-26.module+el8.3.0+74+855e3f5d.noarch.rpm aaa1426f9361c3acd22134b8e459735af876af2716471524233b9ab02e98a522 RLBA-2022:7471 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libestr. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libestr-devel-0.1.10-3.el8.aarch64.rpm 37abc0b20d075c39066ca3795fad7c9ae0c3ac0cd8a35256af231cd99d559ef8 RLBA-2022:7481 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for python-qt5. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms python3-qt5-devel-5.15.0-3.el8.aarch64.rpm 13528a03d8033ab2ad3a56f4f6da30acfc70c785ecebb11b76c66a95fee49f63 RLSA-2022:7482 The Qt5 libraries packages provide Qt 5, version 5 of the Qt cross-platform application framework. The following packages have been upgraded to a later upstream version: qt5 (5.15.3). (BZ#2061377) Security Fix(es): * qt: QProcess could execute a binary from the current working directory when not found in the PATH (CVE-2022-25255) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for qt5. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Qt5 libraries packages provide Qt 5, version 5 of the Qt cross-platform application framework. The following packages have been upgraded to a later upstream version: qt5 (5.15.3). (BZ#2061377) Security Fix(es): * qt: QProcess could execute a binary from the current working directory when not found in the PATH (CVE-2022-25255) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms qt5-devel-5.15.3-1.el8.noarch.rpm 87cf5f9cb20eff95e0e51a8f3ab82a3cb7191d6dbde6fce6e30d7f9f1c94290c RLBA-2022:7487 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qt5-qtbase. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms qt5-qtbase-static-5.15.3-1.el8.aarch64.rpm 8bcb5111814f8310415b2090162f38f2400288218da98284294ddead29882542 RLBA-2022:7490 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qt5-qtdeclarative. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms qt5-qtdeclarative-static-5.15.3-1.el8.aarch64.rpm 131664c43d738c1c7a41ba9ca6a60562df1f4b05ec94357e2d63a0d83c9e019e RLBA-2022:7495 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms python3-sip-devel-4.19.25-1.el8.aarch64.rpm 29645e6f340bb0dbb905ef636e9ca03c5961ca45eef9ce690d6a3d3cc60c7832 sip-4.19.25-1.el8.aarch64.rpm f149b5742bf77733dc4a740512e7ede6fc67d53322ace9c708505813f4285005 RLBA-2022:7498 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qt5-qtquickcontrols2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms qt5-qtquickcontrols2-devel-5.15.3-1.el8.aarch64.rpm 3ba93d954fb561785c5f883d5c0071937537c1b5e7a815b044eea281f123cd32 RLBA-2022:7501 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qt5-qtserialbus. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms qt5-qtserialbus-devel-5.15.3-1.el8.aarch64.rpm db10173970e2dfa3ba6cd61cfe1d84f75e0d340d9e64c811f1c7498bdfacdb45 RLBA-2022:7504 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qt5-qttools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms qt5-qttools-static-5.15.3-2.el8.aarch64.rpm b117b12723ba7771f8dfc72f4666d7a78497dd7c41496e0097e138b18334b459 RLBA-2022:7506 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qt5-qtwayland. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms qt5-qtwayland-devel-5.15.3-1.el8.aarch64.rpm 0f7e0c3d56d40b3d626d9804bb6b7c9e7830f3b5e77197155713ffff24f6ee2e RLBA-2022:7515 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libpfm, papi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libpfm-static-4.10.1-5.el8.aarch64.rpm ff79c990b2eb8667692b376106a95a48257cd10acd73b22afa338b70ce744c29 papi-testsuite-5.6.0-16.el8.aarch64.rpm 82269cd4fb424ccaf75bcdfae576fc11c3c5735ecb4a75c7ceeac13eed1157ec python3-libpfm-4.10.1-5.el8.aarch64.rpm 63f5c49e106e2358d2d16b788c086aede1fa941ca15a3cb455d9757d2a41c6be RLBA-2022:7518 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dyninst. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms dyninst-devel-12.1.0-1.el8.aarch64.rpm 1a8d904eb105a235bc77cd6098447357c42f0614d5ee595919e421250108c3ef dyninst-doc-12.1.0-1.el8.aarch64.rpm 6dd34df92943d3d650be2a12667c87ebd607b50dba2439272d9cbd72579bdf81 dyninst-static-12.1.0-1.el8.aarch64.rpm 27b638ad8f18faca3f7e2e53c518886e0805dae51152c805ddbdc22cdce3aaa7 dyninst-testsuite-12.1.0-1.el8.aarch64.rpm ee74e728780b1d9f046476770488b1c9e8c56b5a9022fd1ed02fac4b1bdd12b8 RLSA-2022:7524 Yet Another JSON Library (YAJL) is a small event-driven (SAX-style) JSON parser written in ANSI C and a small validating JSON generator. Security Fix(es): * yajl: heap-based buffer overflow when handling large inputs due to an integer overflow (CVE-2022-24795) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for yajl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Yet Another JSON Library (YAJL) is a small event-driven (SAX-style) JSON parser written in ANSI C and a small validating JSON generator. Security Fix(es): * yajl: heap-based buffer overflow when handling large inputs due to an integer overflow (CVE-2022-24795) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms yajl-devel-2.1.0-11.el8.aarch64.rpm 0ead758ab7b0f236e0a814bf4751e83a9583e1ab2f8f3a5cb9410fc408890dff RLBA-2022:7531 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for evolution-data-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms evolution-data-server-doc-3.28.5-20.el8.noarch.rpm 7bcaa23e44e2feee8abadd9a231b1d4d64a0b5f5d802a429bc2715a95e07a0e1 evolution-data-server-perl-3.28.5-20.el8.aarch64.rpm 8e436e4b34f0b6659c09e8643a24127e570c62ace7fe6bc582f025c65ac0e218 evolution-data-server-tests-3.28.5-20.el8.aarch64.rpm 16ee72aed8c1870f09ca92d71929d12cc336bbce02efc6af66a8c3d36dfa34ef RLBA-2022:7536 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nautilus. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms nautilus-devel-3.28.1-21.el8.aarch64.rpm 0c08f730a29a9d017024c4fadf8b92556ddbfda7dc69d5901e59ae2af1f9e372 RLBA-2022:7559 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for lasso. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms lasso-devel-2.6.0-13.el8.aarch64.rpm f6ef40563d46e867b4927b85565b77812fa472e04680ea09a6d941f5471e2436 RLSA-2022:7558 WavPack is a completely open audio compression format providing lossless, high-quality lossy and a unique hybrid compression mode. Security Fix(es): * wavpack: Heap out-of-bounds read in WavpackPackSamples() (CVE-2021-44269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for wavpack. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

WavPack is a completely open audio compression format providing lossless, high-quality lossy and a unique hybrid compression mode. Security Fix(es): * wavpack: Heap out-of-bounds read in WavpackPackSamples() (CVE-2021-44269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms wavpack-devel-5.1.0-16.el8.aarch64.rpm 877e3ccc2818bde9fd8d7f03beb379944ac28e76f5efb339b641a556a778e8ea RLBA-2022:7561 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for crash. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms crash-devel-7.3.2-2.el8.aarch64.rpm 02367c77f1e1f8fddd549898d7f36bc4ad0b1b2c16d7900a08d9bda95a8237a5 RLBA-2022:7564 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gdm. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms gdm-devel-40.0-24.el8.aarch64.rpm cfc9e8b37a4ca03f325b47d3885b01c1552e4bebe0a050ff936f8326580a6636 gdm-pam-extensions-devel-40.0-24.el8.aarch64.rpm 6a2dc5291bf7b3c5554f658f181016c4516b5161aafe1859ef492d02cd49aa26 RLSA-2022:7581 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: mailcap: findmatch() function does not sanitize the second argument (CVE-2015-20107) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-urllib3, PyYAML, python-attrs, python-jinja2, python-requests, python-atomicwrites, mod_wsgi, python3x-pip, python38, python-asn1crypto, python-chardet, python-markupsafe, python-pluggy, python-py, Cython, python-psutil, python-wcwidth, babel, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python3x-setuptools, python-cffi, pytz, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: mailcap: findmatch() function does not sanitize the second argument (CVE-2015-20107) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__python38-devel python38-atomicwrites-1.3.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm 4577930f8643eab6d5dd7d0f768cde32fcd2c7a4384f0b1cf913f2cca6713313 python38-attrs-19.3.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 1045c38f448778b2e636bd48607abc9b8cb9d767fb254f02d8fc4446de2dcdb6 python38-more-itertools-7.2.0-5.module+el8.4.0+570+c2eaf144.noarch.rpm a835104b763c20cf7aa64b8508e9c0b5cf39fa6a150327a3203fdb0a8755bdef python38-packaging-19.2-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0edfb62f3f6eaa6d37cf69560eb66c4e7321fbe4d5b1a5a2cf836aa1195311be python38-pluggy-0.13.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 60dfc6122c9fd333025780bd3d6277083526e0932eb444ce6713be3f54a743d8 python38-py-1.8.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm c2a1b7e33d1d1cd09325d09c9297065b85587adeaac0d805927036daae1681f1 python38-pyparsing-2.4.5-3.module+el8.4.0+570+c2eaf144.noarch.rpm 9764b2d4672b7d858a173b448213904a8eb16937add8a417987a31c3857ae7f4 python38-pytest-4.6.6-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0369a5e14d4cbfd676ebd6157f0b988a1b9e2480e9fae9c00291b7c1d73abe86 python38-wcwidth-0.1.7-16.module+el8.4.0+570+c2eaf144.noarch.rpm b9652f15c965a3ec2e00be8240a592c91cdeb727b316863a34944a4de723859d RLSA-2022:7583 X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Xwayland is an X server for running X clients under Wayland. Security Fix(es): * xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access (CVE-2022-2319) * xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension (CVE-2022-2320) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for xorg-x11-xtrans-devel, xorg-x11-server-Xwayland, xorg-x11-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Xwayland is an X server for running X clients under Wayland. Security Fix(es): * xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access (CVE-2022-2319) * xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension (CVE-2022-2320) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms xorg-x11-server-devel-1.20.11-9.el8.aarch64.rpm 653a4590a91bc0828bc645f87aa0e6ca25ed7d084d7fca25546f5160d6ad36f5 xorg-x11-server-source-1.20.11-9.el8.noarch.rpm 3f465e1af2b55d00046615a3cc9113a0b6f600ddfce17d74e286218782f4b823 xorg-x11-xtrans-devel-1.4.0-4.el8.noarch.rpm d59bbc4e1c42e0203d582e8825b3751c20cddca6a30b1dab48fbe5591f0c2daf RLSA-2022:7585 The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: Denial of Service via crafted TIFF file (CVE-2022-0561) * libtiff: Null source pointer lead to Denial of Service via crafted TIFF file (CVE-2022-0562) * libtiff: reachable assertion (CVE-2022-0865) * libtiff: Out-of-bounds Read error in tiffcp (CVE-2022-0924) * libtiff: stack-buffer-overflow in tiffcp.c in main() (CVE-2022-1355) * libtiff: out-of-bounds read in _TIFFmemcpy() in tif_unix.c (CVE-2022-22844) * libtiff: heap buffer overflow in extractImageSection (CVE-2022-0891) * tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c (CVE-2022-0908) * tiff: Divide By Zero error in tiffcrop (CVE-2022-0909) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: Denial of Service via crafted TIFF file (CVE-2022-0561) * libtiff: Null source pointer lead to Denial of Service via crafted TIFF file (CVE-2022-0562) * libtiff: reachable assertion (CVE-2022-0865) * libtiff: Out-of-bounds Read error in tiffcp (CVE-2022-0924) * libtiff: stack-buffer-overflow in tiffcp.c in main() (CVE-2022-1355) * libtiff: out-of-bounds read in _TIFFmemcpy() in tif_unix.c (CVE-2022-22844) * libtiff: heap buffer overflow in extractImageSection (CVE-2022-0891) * tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c (CVE-2022-0908) * tiff: Divide By Zero error in tiffcrop (CVE-2022-0909) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libtiff-tools-4.0.9-23.el8.aarch64.rpm db24b77d8946476a17964f518bdb9f9c97b66732bfcbd5744dde58905ba6fea8 RLBA-2022:7589 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for yara. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms yara-devel-4.2.3-1.el8.aarch64.rpm 23d29c346cc8acfd85441ac000a68c3f1f0b6bb32c186dc210cc54d5b8516fa1 RLSA-2022:7592 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: mailcap: findmatch() function does not sanitize the second argument (CVE-2015-20107) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-toml, python-urllib3, PyYAML, python-attrs, python-iniconfig, python-requests, mod_wsgi, python3x-pip, python-py, python-chardet, python-pluggy, Cython, python-psutil, python-wcwidth, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python39, python-cffi, python3x-setuptools, pybind11, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: mailcap: findmatch() function does not sanitize the second argument (CVE-2015-20107) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms__python39-devel python39-attrs-20.3.0-2.module+el8.4.0+574+843c4898.noarch.rpm fbb8f663205787752f8a7c5a1a7dc1497d9de97321946c2f1f959b9a83e701ba python39-Cython-0.29.21-5.module+el8.4.0+574+843c4898.aarch64.rpm 637ec2d61a3f84c6a3c79abe7c5ffd13fd5b02ba0acb854b25fecd6e8edf0282 python39-iniconfig-1.1.1-2.module+el8.4.0+574+843c4898.noarch.rpm 585177d17ab59aafa2b84d8543a424a37d750a1b7d77b13d3528fba480b8178f python39-more-itertools-8.5.0-2.module+el8.4.0+574+843c4898.noarch.rpm 783f58ba2a8c29a6be5ff43e198e37fd6a63251db3b3f2bee347fab0fb814ed0 python39-packaging-20.4-4.module+el8.4.0+574+843c4898.noarch.rpm 26959ff9006b14a57368c87762d0330e3fbfea6f3e3a635a8b19b3cf935a4e20 python39-pluggy-0.13.1-3.module+el8.4.0+574+843c4898.noarch.rpm 2f8e19389c1dae284619279fe0e20688debb67181df429c7d1ca16ba88747fda python39-py-1.10.0-1.module+el8.4.0+574+843c4898.noarch.rpm 47b83d280a2e2d2082f269fe5971adb5e2baa0d5e53e67492a3471a844b8691f python39-pybind11-2.7.1-1.module+el8.6.0+795+de4edbcc.aarch64.rpm 57a56a33a3460213a62048ebf84d265c3eea23799c2dbd0fc532ccce3044c5cf python39-pybind11-devel-2.7.1-1.module+el8.6.0+795+de4edbcc.aarch64.rpm b6adb9f1239d13fe2a17f26ec0245f1650f4b103b0d5eb8e5310e6058254443e python39-pyparsing-2.4.7-5.module+el8.4.0+574+843c4898.noarch.rpm c30232fe2b752fc55b6f9baab39b970d7b5b95cb01abe8cf91ccea9bc0846dd0 python39-pytest-6.0.2-2.module+el8.4.0+574+843c4898.noarch.rpm c2f636f758cd74bc1b9a16e1f42561af64af41cbfc5e7179fd204565ad051cf6 python39-wcwidth-0.2.5-3.module+el8.4.0+574+843c4898.noarch.rpm be221a900dcb8cf7ac2f7e5660522a057fd7c0b08503b9b4ed19d9564716c881 RLSA-2022:7594 Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * poppler: A logic error in the Hints::Hints function can cause denial of service (CVE-2022-27337) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for poppler. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * poppler: A logic error in the Hints::Hints function can cause denial of service (CVE-2022-27337) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms poppler-glib-devel-20.11.0-5.el8.aarch64.rpm a687d84fe81cdd580892cd4d621a11da7c8b538373c00ba6cee275d50bb011ac poppler-cpp-20.11.0-5.el8.aarch64.rpm e555996db19fdb26407079440b3276b8fd8c06efdfd6cee6dbbdf9eb6d1af4a9 poppler-cpp-devel-20.11.0-5.el8.aarch64.rpm 15887778f889ec8c12b2ea97e2f1a97f3448721fb92f33103092deaa5722c9fa poppler-devel-20.11.0-5.el8.aarch64.rpm badae6f3964c77b1889fa60f9da52df8e7952b032a54d54f251d6960e0cf7a06 poppler-qt5-devel-20.11.0-5.el8.aarch64.rpm 231d620ab952a12cc55f2aae0a681dd4aeb7ac630e6cc2f895fdc3521864a3df RLBA-2022:7595 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for bcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms bcc-devel-0.24.0-2.el8.aarch64.rpm 65208000b6381ffcba98bcba6b029052a245ecfd8c88c0fc2cb2d12945b60587 bcc-doc-0.24.0-2.el8.noarch.rpm 68ec3588aaefcfce81f7a7e1de97007ca70673e6a1eea83584fcfd7e34c969fb RLBA-2022:7600 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for boost. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms boost-build-1.66.0-13.el8.noarch.rpm b55abb54da2283abaa0c6253aeb6df7706152ce702492c34f504e25cd31de932 boost-doc-1.66.0-13.el8.noarch.rpm bef5031eb15715588ba45b1fa0062da8652663029f75c9d0b94b7a4bb5b3aad2 boost-examples-1.66.0-13.el8.noarch.rpm ede1620a32a2a69de585e91b93eb2dc742fae2e70ce793c5c38346eec58cfac3 boost-graph-mpich-1.66.0-13.el8.aarch64.rpm 1cd6cb3880b0f4873f388f3c4bdf3dfd5646dbb471465fbe2f51cab29a98e4c0 boost-graph-openmpi-1.66.0-13.el8.aarch64.rpm 2ef6c16f663ef20125137858b759549b37e4d69553e078c7c4053b15168153a5 boost-jam-1.66.0-13.el8.aarch64.rpm eeb110538b3714e32b6d6753a2a8be98cfcf8f0213f2ba10bbb16cfd7ef52717 boost-mpich-1.66.0-13.el8.aarch64.rpm 19d3e04865cbf2481f1442b356ccd346130fd50c2230798e94749620768aed1c boost-mpich-devel-1.66.0-13.el8.aarch64.rpm 12765e2dc004c3edf09057cac6df591d724b0e0460b968e36ba3819db80e2871 boost-mpich-python3-1.66.0-13.el8.aarch64.rpm 8480324e00396c5c365c79a430c17e8b657f98088379f54b11912a611a91d810 boost-numpy3-1.66.0-13.el8.aarch64.rpm 51c09f941fb419f45df5232e54464cee730428def60cebc43d29ab3bebaf1d8c boost-openmpi-1.66.0-13.el8.aarch64.rpm ec115b2a96b6fa1d801db761d378a72b470ff3a818b4c2b6367b054c9123cc71 boost-openmpi-devel-1.66.0-13.el8.aarch64.rpm d624c10c050f52aea3409b81ea8d3eb32be7271a8a45634dd0226bbaa0ec97d3 boost-openmpi-python3-1.66.0-13.el8.aarch64.rpm fcac33cbee23efa4e85ba93984907bca50446526cb93335a642c34b6107fb797 boost-python3-1.66.0-13.el8.aarch64.rpm f9f86c2a5a1fe7fd766b3893da9f2a5fdd4b23dbd1807281bb5eac52918f5271 boost-python3-devel-1.66.0-13.el8.aarch64.rpm 5934e3f54190f365eaec0e87b79486311ef40f28ce685d86dc8f0c2fb31887fc boost-static-1.66.0-13.el8.aarch64.rpm 7ce65907b8701cd345f13f4ec4d4002f4ab88fd0af78b7c4819c8398f91b3fef RLEA-2022:7601 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for wayland-protocols, libdrm, mesa. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms mesa-libgbm-devel-22.1.5-2.el8.aarch64.rpm 73d16528ddf32211f9e710c61f6f8fca731f89943655427d63f33dd0a1d7692a mesa-libOSMesa-devel-22.1.5-2.el8.aarch64.rpm 95e63a3c63c09fa660fa842bcb9ddb70ff7204e1707d66b4db8b64076b241619 RLBA-2022:7614 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for xxhash. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms xxhash-devel-0.8.1-3.el8.aarch64.rpm 31a943cd2ec4a0b6991f574ed9d8382e26a7429b8d8bca5e8201b1bdbef56cb4 xxhash-doc-0.8.1-3.el8.noarch.rpm 68b481dfb90bc6128f2f6e11cde7157f7f30422bdde8f464dc49539ef75494cd RLSA-2022:7623 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: Privilege escalation when similar master and non-master passdbs are used (CVE-2022-30550) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dovecot. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: Privilege escalation when similar master and non-master passdbs are used (CVE-2022-30550) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms dovecot-devel-2.3.16-3.el8.aarch64.rpm dcc4ac93e85a6558c76a805b31e7920d5fc0e8bc0a1793df483a419d925c5280 RLBA-2022:7631 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms ghostscript-doc-9.27-4.el8.noarch.rpm 63caef3cf225a40dc30d6c8349e4f999d43d38e4b30a71a600dc0eaf90b697b2 ghostscript-tools-dvipdf-9.27-4.el8.aarch64.rpm b66ab65b846373eacf9e3ce210e8b3a70bd8461946a14657b3528e6b0c7be604 ghostscript-tools-fonts-9.27-4.el8.aarch64.rpm fbc4469c9613607db5e43a666b1293eccc337045d783c22bde99360724ab3900 ghostscript-tools-printing-9.27-4.el8.aarch64.rpm 423cc0e059d6ef21513986df102c100f98b1dccfe005e3a96947cfc7ca8edc6b libgs-devel-9.27-4.el8.aarch64.rpm 0a65401dea9547b396e917e8ad7fc7556bf418547333ac08df9580037efc7672 RLSA-2022:7639 OpenBLAS is an optimized BLAS library based on GotoBLAS2 1.13 BSD version. Security Fix(es): * lapack: Out-of-bounds read in *larrv (CVE-2021-4048) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for openblas. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

OpenBLAS is an optimized BLAS library based on GotoBLAS2 1.13 BSD version. Security Fix(es): * lapack: Out-of-bounds read in *larrv (CVE-2021-4048) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms openblas-devel-0.3.15-4.el8.aarch64.rpm 33aa3c49a45f273406d61d77c6b57d67a0761d4862de5eb08d3869d0c4465a59 openblas-openmp-0.3.15-4.el8.aarch64.rpm 1a00bf04d6c9a656cf403ec2bc1c10170bd1687c7405767f119c3d646175e568 openblas-openmp64_-0.3.15-4.el8.aarch64.rpm 0d715a815f22ee12146649b7ec4757b72ad7f9dbfda6ce51d8091bf65425e921 openblas-openmp64-0.3.15-4.el8.aarch64.rpm f4bc9d985b0ee822e72178609053162acae57be4280ae7647a70a9f5a02b2b63 openblas-Rblas-0.3.15-4.el8.aarch64.rpm 82770ef574c11659990de8f57170ec733045b8c26781d19b6ea5a4117561d2cd openblas-serial64_-0.3.15-4.el8.aarch64.rpm a75be6d79eb93af81c72aca5cae93b7ff47697338287a22a50b4418b79a7affc openblas-serial64-0.3.15-4.el8.aarch64.rpm 17b229fae5baeed538da874b4bf5d0bdbe0578f8686e6445ab24cdd278804bb1 openblas-static-0.3.15-4.el8.aarch64.rpm 7bd6f43f90b37da04ae54a63a7aeaa9604836fb2b2f731d7f0ef1350da9a5a20 openblas-threads64_-0.3.15-4.el8.aarch64.rpm e51c0725e14ae454d73913249dae557a5ea7113ac5c636a13a9a06d59f8d2a78 openblas-threads64-0.3.15-4.el8.aarch64.rpm 9e6d05e8fadaef9bf2240c138f350fb9100770232674eff9c72e50e4a8c9f609 RLBA-2022:7641 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for fstrm. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms fstrm-utils-0.6.1-3.el8.aarch64.rpm 7cbe9801e2001e028544b213f20210cc3411dabfa2c551bad620256c78f25595 RLSA-2022:7643 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220) * bind: DoS from specifically crafted TCP packets (CVE-2022-0396) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for bind9.16. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220) * bind: DoS from specifically crafted TCP packets (CVE-2022-0396) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms bind9.16-devel-9.16.23-0.9.el8.1.aarch64.rpm 8f5b735830df77f937084df2c692b0cca2d5952e08c9447912ed574cdad04fa4 bind9.16-dnssec-utils-9.16.23-0.9.el8.1.aarch64.rpm 64020cd9f65a95de49d6f1d1bf50c26d6587ecf824bd2174101e12087dd17786 bind9.16-doc-9.16.23-0.9.el8.1.noarch.rpm ef26712cfaaae27376f5e0ec5f4f2d57804ea16ce3668997d15a50ea6698106a python3-bind9.16-9.16.23-0.9.el8.1.noarch.rpm ca260ea4c3d4b4ea57741b6ceb3ff53bc81c9437d67e502f2cb5013ec596688e RLSA-2022:7645 OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es): * openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer (CVE-2022-1122) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for openjpeg2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es): * openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer (CVE-2022-1122) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms openjpeg2-devel-2.4.0-5.el8.aarch64.rpm 9fcb4ad792d52f614e8212966dbe933b46a259e03f8f02cf92671453edcd5cc6 RLBA-2022:7646 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libblockdev. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libblockdev-crypto-devel-2.24-11.el8.aarch64.rpm cb14c1f82e01f1371de7591977a41c114135cff1745cc17dfd7ca9c2d480de8f libblockdev-devel-2.24-11.el8.aarch64.rpm 18b97b9d72772bba6ecaa8816bbce22a64925876ce8c0c9506d3b5d4722be889 libblockdev-fs-devel-2.24-11.el8.aarch64.rpm a43a737349195369e421329867f67320166e3a2a2c96649ea9c98a28bb0607ee libblockdev-loop-devel-2.24-11.el8.aarch64.rpm e1ae1aa43c2d91514d8c01d07c713e9467180a5389624494459b47f6f1e247a9 libblockdev-lvm-devel-2.24-11.el8.aarch64.rpm 6263292aa499a6270409a992a5ccf1c75912f5fce9b21465dcdccb5fff04a238 libblockdev-mdraid-devel-2.24-11.el8.aarch64.rpm fd66045929c3d697425c068c41c9e6da49d4501407f2060f5b08a6510aef17bb libblockdev-part-devel-2.24-11.el8.aarch64.rpm 9e73605337bdb599811ac2abd3f897a3fc1b80880dc87e3b279b55a4c5ff038a libblockdev-swap-devel-2.24-11.el8.aarch64.rpm d832627d8d846cf5dfc525ee80158cc6a69273fcedd4c6d27359ad24f23bb7e1 libblockdev-utils-devel-2.24-11.el8.aarch64.rpm 2af0351939fe20b9329f0ee6010c275416633487fc517a57a09332a2f62424eb libblockdev-vdo-devel-2.24-11.el8.aarch64.rpm 3b1444a751f48ee93012c329d8fcce0325ecfadc1b03323daf8adaaf990980eb RLBA-2022:7653 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for cups-filters. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms cups-filters-devel-1.20.0-28.el8.aarch64.rpm 99ae6233a0c2336fe1611de06ccea9f47b5dea7afc307715cc119860b0c6ec33 RLBA-2022:7657 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for openslp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms openslp-devel-2.0.0-20.el8.aarch64.rpm 4988b4c0c314cc2e5740e8f8b572e729f0ebc8a58fe2ef727f041348943a50a2 RLBA-2022:7659 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gtk3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms gtk3-devel-docs-3.22.30-11.el8.aarch64.rpm 60f28864adf3dbd71fa6d0a11a0ad7527b762b08a3ef5195a6f718b9b787b257 RLBA-2022:7658 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms freerdp-devel-2.2.0-8.el8.aarch64.rpm 00ac3254caea61fedf694e2c9a8cddf10bba3d68d4c880b4bd0cc8147ec71ccd RLBA-2022:7661 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for spirv-tools, vulkan-loader, vulkan-headers, vulkan-validation-layers, vulkan-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms spirv-tools-devel-2022.2-2.el8.aarch64.rpm 72a67441532207bc8bab6fd8c3db8933c7029d916a52c469a448106bee0917eb RLBA-2022:7662 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for opencv. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms opencv-3.4.6-8.el8.aarch64.rpm 95efe1563ffdce8aee024abcb4fd75ac5beabda037656eec08cb6c44c5899186 opencv-devel-3.4.6-8.el8.aarch64.rpm 50d207869310fbe19253099bd51cbf05de17ca28471664fdaad1b797eb8b2138 RLBA-2022:7663 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for wireshark. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms wireshark-devel-2.6.2-15.el8.aarch64.rpm b327e17562ebea8d11e5232530af268ee81f70e4ce577b871b968ff1aa3cd137 RLBA-2022:7674 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for openwsman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libwsman-devel-2.6.5-9.el8.aarch64.rpm b5d8993c673e125011436e3fd2fd66aa36f54e3c5643c13dbe721d4ca755713c RLBA-2022:7091 This erratum reinstates changes made to java-1.8.0-openjdk in Rocky Linux 8.7 GA. The original builds for Rocky Linux 8.7 GA will have been superseded by newer binaries released as part of the October 2022 security update for Rocky Linux 8.6. For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for java-1.8.0-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

This erratum reinstates changes made to java-1.8.0-openjdk in Rocky Linux 8.7 GA. The original builds for Rocky Linux 8.7 GA will have been superseded by newer binaries released as part of the October 2022 security update for Rocky Linux 8.6. For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm b7d35d9f285a1b0dec58da3c3f4a0ffc7ebc591e4153249ebdccc04dd2a9d790 java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm 18d16f2d145b0a74d9c5708123ebc80234856f31d9b12140ffad3f696018a54a java-1.8.0-openjdk-demo-fastdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm 19365b81c215dbecc57340be70effc577928ce7e948433336c1ee582bac02acc java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm 647d993682f191b54be44e034069c6b7c440095f92b6e9fb7570a0739577e108 java-1.8.0-openjdk-devel-fastdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm 70d11b21564ba0f9687a7ecffc2d7dd9f86fe6b1a875e3ffa57d3fa9f7708815 java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm 320d6c5f7d96eed48a774fb425120467c3de9d3b7dee221671acc71d649892ea java-1.8.0-openjdk-fastdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm 9d00ba06ee69c2f9777b452d779a8173ca4b3b5ee2e550359b6093ca0596de16 java-1.8.0-openjdk-headless-fastdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm a551632ab45c43f2264420ffc7910ec143bb2b9b6d9311ea2ce9556630dee26f java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm 0fff96db56187df2caf62c76b6dfc2991037ff451380ea4e519df9e1f4f6f2e6 java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm e59b364a29f07f98415d5cd0279e46427b44814318240ab114b8f0a7becaf884 java-1.8.0-openjdk-src-fastdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm fcc84852a012c72513ec52f6a95f336c04b1eef97d9378d23839a1061cf52ce2 java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_7.aarch64.rpm bc1bd795a4363451df05af031f89c05069f40dcdcc3ce17b6bb42ffbf629846c RLBA-2022:7835 Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es) and Enhancement(s): * [AMDCLIENT 8.7 Bug] [Lenovo]When switch to some resolutions will be black screen [Rocky Linux-8.7.0.z] (BZ#2136746) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mutter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es) and Enhancement(s): * [AMDCLIENT 8.7 Bug] [Lenovo]When switch to some resolutions will be black screen [Rocky Linux-8.7.0.z] (BZ#2136746) rocky-linux-8-aarch64-powertools-rpms mutter-devel-3.32.2-67.el8_7.aarch64.rpm 3c003fecdd9f9bb0d839d505ee2f17c7167fe3859b91a3c7bc09ed294a795253 RLBA-2022:7258 This erratum reinstates changes made to java-17-openjdk in Rocky Linux 8.7 GA. The original builds for Rocky Linux 8.7 GA will have been superseded by newer binaries released as part of the October 2022 security update for Rocky Linux 8.6. For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

This erratum reinstates changes made to java-17-openjdk in Rocky Linux 8.7 GA. The original builds for Rocky Linux 8.7 GA will have been superseded by newer binaries released as part of the October 2022 security update for Rocky Linux 8.6. For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms java-17-openjdk-demo-fastdebug-17.0.5.0.8-1.el8_7.aarch64.rpm 1db7038e4b8776b58c8473e7e8f2f1b1f5fc53f51059eab6b31daea1947a501f java-17-openjdk-demo-slowdebug-17.0.5.0.8-1.el8_7.aarch64.rpm cec3c9a04ebe8db2186a5f559611282138209afccfc4e021b36ffa674b145ae1 java-17-openjdk-devel-fastdebug-17.0.5.0.8-1.el8_7.aarch64.rpm ed35d711c9f2d217fa186df26467f32a979e97da2229293234f77a5e44e23e1e java-17-openjdk-devel-slowdebug-17.0.5.0.8-1.el8_7.aarch64.rpm 0f3e00f91e2d13b1b80747afad0370e13440edde56ac5461cf1e105a35092b9b java-17-openjdk-fastdebug-17.0.5.0.8-1.el8_7.aarch64.rpm 423f987c2d734e2adafa322917a78e441c0f68ddc972353bba46538252b84464 java-17-openjdk-headless-fastdebug-17.0.5.0.8-1.el8_7.aarch64.rpm 2c43cbce2932c0d49ea4bdad39b566c9d562980797b66147cb6760696da1fece java-17-openjdk-headless-slowdebug-17.0.5.0.8-1.el8_7.aarch64.rpm fa43fecb9ea9a1ae9f8a24be70ac5b2ade6e6ba59cb3ea65aa3b5499e5fc11d3 java-17-openjdk-jmods-fastdebug-17.0.5.0.8-1.el8_7.aarch64.rpm 1d8c409947f4de1e5d35079f90a1c270bc2dc964b0b55244f20cf982342392a2 java-17-openjdk-jmods-slowdebug-17.0.5.0.8-1.el8_7.aarch64.rpm 9e45b8ed819fdb3cad881c2fb55e81186e9ee571569b00bce52c9ffb1893668a java-17-openjdk-slowdebug-17.0.5.0.8-1.el8_7.aarch64.rpm 32ab580d468a726d1d098e7c92693f4b283a7cec346dc12151f90fd557214818 java-17-openjdk-src-fastdebug-17.0.5.0.8-1.el8_7.aarch64.rpm b3faff2c204b1820e96aa8e094c953271f55e3b13f6336d8188b7806175646d2 java-17-openjdk-src-slowdebug-17.0.5.0.8-1.el8_7.aarch64.rpm 80d9f410eb8d947c67fc5a271f791879d8a70aeca174c25570b31af93045909e java-17-openjdk-static-libs-fastdebug-17.0.5.0.8-1.el8_7.aarch64.rpm 97471dda81e66315849e5a9221450159ee71f4745b8b261c9c74c5a5fd5534db java-17-openjdk-static-libs-slowdebug-17.0.5.0.8-1.el8_7.aarch64.rpm 1b157a81cf7d09063a79b81668ae9cce76edaf96fb2033c69c5c942d108ee409 RLBA-2022:7438 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Bug Fix(es) and Enhancement(s): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 11.0.17) [Rocky Linux-8] (BZ#2131862) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Bug Fix(es) and Enhancement(s): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 11.0.17) [Rocky Linux-8] (BZ#2131862) rocky-linux-8-aarch64-powertools-rpms java-11-openjdk-demo-fastdebug-11.0.17.0.8-1.el8_7.aarch64.rpm 3bfaf40d6ce1959875cb008f43624e57f206f6cd1a89c76c9930e86c538dd26d java-11-openjdk-demo-slowdebug-11.0.17.0.8-1.el8_7.aarch64.rpm e71e09ff9afeb55ea50b20eb34617087a6a289c6b4eb382e1497e3f57e6101d2 java-11-openjdk-devel-fastdebug-11.0.17.0.8-1.el8_7.aarch64.rpm 2d4d87d7a55274e14e6c859c7eac753ec8334ddf3652869b2298f56ea0746b20 java-11-openjdk-devel-slowdebug-11.0.17.0.8-1.el8_7.aarch64.rpm c87abd7dfc24b22c3caf80a96534964442549b62a0d6c4e9cb6ba937746562e8 java-11-openjdk-fastdebug-11.0.17.0.8-1.el8_7.aarch64.rpm bcf162dc622e3e291c90b25a55b790c63e9bfbc3794147f01388df4f36245319 java-11-openjdk-headless-fastdebug-11.0.17.0.8-1.el8_7.aarch64.rpm e6448cf97698420d5bb4b899d16660984eee1eed4f5814f8ca877700d5513f11 java-11-openjdk-headless-slowdebug-11.0.17.0.8-1.el8_7.aarch64.rpm 715903def691dcec7ebd0353f2816f4b953d2956d00e08bc11611adf0595d4f3 java-11-openjdk-jmods-fastdebug-11.0.17.0.8-1.el8_7.aarch64.rpm 023baf80b46b8d26e103d52cc29607b30309c7166964fa74ecb54df7e6941335 java-11-openjdk-jmods-slowdebug-11.0.17.0.8-1.el8_7.aarch64.rpm 2c0ddbd460a485cf844412f73354b60edae85e3508a5ce2b4461a46271f1c1e3 java-11-openjdk-slowdebug-11.0.17.0.8-1.el8_7.aarch64.rpm 92e5b26d8be188201782fdd085116005517a83d0405d55cb62cd5df434be380e java-11-openjdk-src-fastdebug-11.0.17.0.8-1.el8_7.aarch64.rpm 6e799747d770be54bed3f0f4200cc7718372a58fc710548afa4e08c2d3300a63 java-11-openjdk-src-slowdebug-11.0.17.0.8-1.el8_7.aarch64.rpm 6f5e87875377f5538082bc755ed223b7146ca53f8e31ade3cecce242b126d845 java-11-openjdk-static-libs-fastdebug-11.0.17.0.8-1.el8_7.aarch64.rpm 744db94b1d921ef0ad34f790fd7442a05d30bf18690f0d700f25992e2a7ba34b java-11-openjdk-static-libs-slowdebug-11.0.17.0.8-1.el8_7.aarch64.rpm c61da47cf51158889e07011475d6f0c5272ef5d75af0cf549bbed91c66f70bed RLBA-2022:7861 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.100 and Runtime 7.0.0 [Rocky Linux-8.7.0.z] (BZ#2137943) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.100 and Runtime 7.0.0 [Rocky Linux-8.7.0.z] (BZ#2137943) rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.100-1.el8_7.aarch64.rpm 62b0f7566db6102a5f317409cefb4e7c6c04037c04efbd4d24111c8e6c104fc8 RLBA-2022:9019 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.112 and Runtime 6.0.12 [Rocky Linux-8.7.0.z] (BZ#2150147) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.112 and Runtime 6.0.12 [Rocky Linux-8.7.0.z] (BZ#2150147) rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.112-1.el8_7.aarch64.rpm 082c3d9e67e99d567ce6f9e37e9fcca07ee2c0e2776950207b754f96d5b83148 RLBA-2022:9020 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.101 and Runtime 7.0.1 [Rocky Linux-8.7.0.z] (BZ#2150151) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.101 and Runtime 7.0.1 [Rocky Linux-8.7.0.z] (BZ#2150151) rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.101-1.el8_7.aarch64.rpm 95a0b68ad8cbc159f939575b8c77cd50f6edbc1bb608199a571c0e6aef6a13ba RLSA-2023:0079 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.113 and .NET Runtime 6.0.13. The following packages have been upgraded to a later upstream version: dotnet6.0 (6.0.113). (BZ#2154458) Security Fix(es): * dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process (CVE-2023-21538) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.113 and .NET Runtime 6.0.13. The following packages have been upgraded to a later upstream version: dotnet6.0 (6.0.113). (BZ#2154458) Security Fix(es): * dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process (CVE-2023-21538) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.113-1.el8_7.aarch64.rpm 34ca919af35ec55475602d07a47d001e1987a30bba1f4db9eb7405e72fc7c33c RLBA-2023:0081 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.102 and Runtime 7.0.2 [Rocky Linux-8.7.0.z] (BZ#2154466) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.102 and Runtime 7.0.2 [Rocky Linux-8.7.0.z] (BZ#2154466) rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.102-1.el8_7.aarch64.rpm 0d7f83838df27c16ca0f62fc32c2a791ebc773ef2e5e7e7ab55805b8ddba59b9 RLSA-2023:0095 The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058) * libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519) * libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c (CVE-2022-2867) * libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits() (CVE-2022-2869) * libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953) * libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520) * libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521) * libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits() (CVE-2022-2868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058) * libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519) * libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c (CVE-2022-2867) * libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits() (CVE-2022-2869) * libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953) * libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520) * libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521) * libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits() (CVE-2022-2868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms libtiff-tools-4.0.9-26.el8_7.aarch64.rpm 7a5f511c8aa743a1575e9948272a6c70688f9b5498b8f7925e3e30653013faf3 RLBA-2023:0102 Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Bug Fix(es) and Enhancement(s): * nmstate verificationError on OpenshiftSDN (BZ#2128555) * kubernetes-nmstate-operator deletes Virtual Functions created by sriov-fec-operator (BZ#2139698) * Addresses configured at different order than specified at state (BZ#2149048) * fail to create many veth interfaces (BZ#2150705) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nmstate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Bug Fix(es) and Enhancement(s): * nmstate verificationError on OpenshiftSDN (BZ#2128555) * kubernetes-nmstate-operator deletes Virtual Functions created by sriov-fec-operator (BZ#2139698) * Addresses configured at different order than specified at state (BZ#2149048) * fail to create many veth interfaces (BZ#2150705) rocky-linux-8-aarch64-powertools-rpms nmstate-devel-1.3.3-4.el8_7.aarch64.rpm 9e40cae0bb9f7d5c03667e91e9ffced778125e449ac06b279ed913855fb17756 RLSA-2023:0192 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * In FIPS mode, the use of a SQLite database provided by NSS was assumed, which was opened in read-only mode and with no PIN expected. This prevented the use of other databases or setting a PIN on the NSS database. This update allows more control over database use using two new properties - fips.nssdb.path and fips.nssdb.pin - which can be configured permanently in the java.security file or temporarily via command-line arguments to the Java virtual machine (RHBZ#2147473) * Prepare for the next quarterly OpenJDK upstream release (2023-01, 17.0.6) [Rocky Linux-8] (BZ#2153010) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * In FIPS mode, the use of a SQLite database provided by NSS was assumed, which was opened in read-only mode and with no PIN expected. This prevented the use of other databases or setting a PIN on the NSS database. This update allows more control over database use using two new properties - fips.nssdb.path and fips.nssdb.pin - which can be configured permanently in the java.security file or temporarily via command-line arguments to the Java virtual machine (RHBZ#2147473) * Prepare for the next quarterly OpenJDK upstream release (2023-01, 17.0.6) [Rocky Linux-8] (BZ#2153010) rocky-linux-8-aarch64-powertools-rpms java-17-openjdk-demo-fastdebug-17.0.6.0.10-3.el8_7.aarch64.rpm c7c63b500143352eb941dacfdd1fee33bc542cd5329bc61efb535e6e1e6e68d7 java-17-openjdk-demo-slowdebug-17.0.6.0.10-3.el8_7.aarch64.rpm 000524decd5696a63699ad97eb589afc9c042ee61a511fde70884edc83f4fd74 java-17-openjdk-devel-fastdebug-17.0.6.0.10-3.el8_7.aarch64.rpm fed3879cb41ff565775633146aa88f652f44b764e0f8b6ad52375098893fc538 java-17-openjdk-devel-slowdebug-17.0.6.0.10-3.el8_7.aarch64.rpm 840272e38a328803d4ecc23fb873570d8bc49798e0e8aaebb74d149726ada9e8 java-17-openjdk-fastdebug-17.0.6.0.10-3.el8_7.aarch64.rpm 3f7aede4b3980c91b70e809a767cfcd58ceb917dd5ad202dd0b17f88f72b052d java-17-openjdk-headless-fastdebug-17.0.6.0.10-3.el8_7.aarch64.rpm 2b5187f33c68429870c18cb0c6e47e27b0cf309decf15ef16ed6580b509ba327 java-17-openjdk-headless-slowdebug-17.0.6.0.10-3.el8_7.aarch64.rpm 01cb48158a5bbb8aa428f325677f21f2514443086c374a9291f73f2b98f7af59 java-17-openjdk-jmods-fastdebug-17.0.6.0.10-3.el8_7.aarch64.rpm 962256fd306e03853f2612752261b794d261a7665964439ae7dc8e0277dc38f4 java-17-openjdk-jmods-slowdebug-17.0.6.0.10-3.el8_7.aarch64.rpm 345f48a7070883571146f9661874f51037b5be2918241e3155659153e07bbf6a java-17-openjdk-slowdebug-17.0.6.0.10-3.el8_7.aarch64.rpm 7ddae8dd66f6fd349b3cadc391d9f51a48030f340458741a75ae0c1371560719 java-17-openjdk-src-fastdebug-17.0.6.0.10-3.el8_7.aarch64.rpm 5e58dc693e487294d3f6784b2678cc4ea62b947d20f33a32f64aaa7f657219b4 java-17-openjdk-src-slowdebug-17.0.6.0.10-3.el8_7.aarch64.rpm 060e7990bd30cfa353fcb871937fb1885521b1f525763bb07d85d1f33a3cacee java-17-openjdk-static-libs-fastdebug-17.0.6.0.10-3.el8_7.aarch64.rpm 5889972f86fe241481c01e594e8ae47305cb0de9242c52797a28cf1ac487c423 java-17-openjdk-static-libs-slowdebug-17.0.6.0.10-3.el8_7.aarch64.rpm ebc81f7ac437f2d537f807acca4eae4e03e720bf08895c526f57409634f51dfb RLSA-2023:0200 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-01, 11.0.18) [Rocky Linux-8] (BZ#2157797) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-01, 11.0.18) [Rocky Linux-8] (BZ#2157797) rocky-linux-8-aarch64-powertools-rpms java-11-openjdk-demo-fastdebug-11.0.18.0.10-2.el8_7.aarch64.rpm 2f44c2f88619c67d1164fe100f7479955578564fb35d60e2016140f5b782c061 java-11-openjdk-demo-slowdebug-11.0.18.0.10-2.el8_7.aarch64.rpm 597cb5a6dc375af471fcd13f008ef53bf17759a7eab6dc68f94ec88c77dda4e6 java-11-openjdk-devel-fastdebug-11.0.18.0.10-2.el8_7.aarch64.rpm 356aebde455468b10c943efd821522502fe6b1a0d8e3d863f8b42d0ceff8231f java-11-openjdk-devel-slowdebug-11.0.18.0.10-2.el8_7.aarch64.rpm c73bb86e6d3d97103a6d69897cafe6a7082c7bd98b4d9718a5894c282882d92d java-11-openjdk-fastdebug-11.0.18.0.10-2.el8_7.aarch64.rpm 1f27baaff8bb0218f465ccc6863d33e74b565ff7deadffd9e2620fc7a6aa33f9 java-11-openjdk-headless-fastdebug-11.0.18.0.10-2.el8_7.aarch64.rpm 153c9ee1bbbbdb25d8e32ee89ad8abbe31effa6ef51e206999f75f50f7fb4201 java-11-openjdk-headless-slowdebug-11.0.18.0.10-2.el8_7.aarch64.rpm c44568cd91724942755b96fbb79070721b1e9c6de5f5d49fdbc59fcd6c6b5f57 java-11-openjdk-jmods-fastdebug-11.0.18.0.10-2.el8_7.aarch64.rpm d355711dd5326e0864e8e16d452e1eef11f5c65cebc7821ba20a281aa67af01b java-11-openjdk-jmods-slowdebug-11.0.18.0.10-2.el8_7.aarch64.rpm dc8e42f5d4dc0d4641f5aab7b41b5765db0bbb14b1c9f7c909036179482e3c4b java-11-openjdk-slowdebug-11.0.18.0.10-2.el8_7.aarch64.rpm ae74329fd5a73e000d460332935bbc57ca7ebdad72712c21445d74bd07a74823 java-11-openjdk-src-fastdebug-11.0.18.0.10-2.el8_7.aarch64.rpm eaa3723c053b67df72df94e52d5f19b72953bebd559b2143868dabd9d9e66766 java-11-openjdk-src-slowdebug-11.0.18.0.10-2.el8_7.aarch64.rpm 2119bf5c4c28fead21b9a1bf6bf3401aa5f9a88c0015162661a236a7f802d5bd java-11-openjdk-static-libs-fastdebug-11.0.18.0.10-2.el8_7.aarch64.rpm 050a263d6e1fb4d52fa016e5e4f44ab0558c228aa7af4bc7162340e2eaa89021 java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-2.el8_7.aarch64.rpm 6997953eeff92c5cae9f857867350715be30bd684e2d2418246cf48b2763b3d8 RLBA-2022:7815 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for kronosnet. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libknet1-1.24-2.el8.aarch64.rpm 83109d06e8afb5ffa7919c788d4b9e753e09585180b8d023d5ca089a35c92d31 libknet1-devel-1.24-2.el8.aarch64.rpm 3b188051d0a9c7014233fc959aefb2192e68e5a09b949c89e12369f71879b842 RLEA-2020:4838 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dtc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms dtc-1.6.0-1.el8.aarch64.rpm bd44c1b92210f89ce787ee1ee9530d1c104bb0abb3c11db6ea1c84d384918e59 libfdt-devel-1.6.0-1.el8.aarch64.rpm bb45c74cd9a86723f6d3945371c8aa3e711fe84581fd10c7fe30116abe574578 RLBA-2020:4499 For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for network-manager-applet. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms jimtcl-devel-0.77-6.el8.1.aarch64.rpm 41df21377ee0f98f6cd1201f5416e90dfc400c9978b33c43b3f3e3beaee4d79a RLBA-2022:2000 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for glib2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms glib2-doc-2.56.4-158.el8_6.1.noarch.rpm aa64cb9e557a147c0ba86aef7701e556397a660ebaa7822bdc19c57b448ee3f0 glib2-static-2.56.4-158.el8_6.1.aarch64.rpm 0f8a19b268e0fe16bd451aa6559ef625a0065c97b255f4ba78f423921b3f5948 RLBA-2022:7739 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libsss_nss_idmap-devel-2.7.3-4.el8_7.1.aarch64.rpm 876fb14ca6ee70e7b6765a8c5ba645a22ff88456304b416f660290d56c48f376 RLBA-2022:7766 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for fwupd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms fwupd-devel-1.7.8-1.el8.rocky.0.3.aarch64.rpm d0cf8802b3aa1cf546d49ee80e22f3aa5810aed4c31a99ebed05b7ae305e8710 RLSA-2023:0208 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) (CVE-2023-21830) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI() (BZ#2139705) * Prepare for the next quarterly OpenJDK upstream release (2023-01, 8u362) [rhel-8] (BZ#2159910) * solr broken due to access denied ("java.io.FilePermission" "/etc/pki/java/cacerts" "read") [rhel-8, openjdk-8] (BZ#2163595) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-1.8.0-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) (CVE-2023-21830) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI() (BZ#2139705) * Prepare for the next quarterly OpenJDK upstream release (2023-01, 8u362) [rhel-8] (BZ#2159910) * solr broken due to access denied ("java.io.FilePermission" "/etc/pki/java/cacerts" "read") [rhel-8, openjdk-8] (BZ#2163595) rocky-linux-8-aarch64-powertools-rpms java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.362.b09-2.el8_7.aarch64.rpm 84ca154b41c0a60fc145dda85cd4bfc370c3341b4a20789fab480eadda0b3a86 java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.362.b09-2.el8_7.aarch64.rpm e929c0200229d2455a80e69e8a2fe40659aa0f51e7483e7f2d6b8e8d11455cc7 java-1.8.0-openjdk-demo-fastdebug-1.8.0.362.b09-2.el8_7.aarch64.rpm fca8be62a3d98c5674d91b003673b1683301dcd1b852b67ad01f0c1663af20ea java-1.8.0-openjdk-demo-slowdebug-1.8.0.362.b09-2.el8_7.aarch64.rpm b5dae2e1539a65d47e9a0de07026941357df28684452045ee5637d4ef78e4c8c java-1.8.0-openjdk-devel-fastdebug-1.8.0.362.b09-2.el8_7.aarch64.rpm 436c3fe864d618ae96d28eac21897c8ea266946cddfc62f6af6b7c6881711c41 java-1.8.0-openjdk-devel-slowdebug-1.8.0.362.b09-2.el8_7.aarch64.rpm c10d620b06db9fd583e8e6166cb235943f601a0d1fc75036b3723901a4ecae8f java-1.8.0-openjdk-fastdebug-1.8.0.362.b09-2.el8_7.aarch64.rpm 725e9e267b322e8770921b47697ce64ada67cc53afc11b8c76e831f857f98440 java-1.8.0-openjdk-headless-fastdebug-1.8.0.362.b09-2.el8_7.aarch64.rpm f6d27a485b2fbe33b914192173b684fc3538e91340b3245ee8270de8ab8f2d4f java-1.8.0-openjdk-headless-slowdebug-1.8.0.362.b09-2.el8_7.aarch64.rpm 6f6bbf587b09c9dd27fef5fc0bbce541c3d6a49c4109f3bae9702fcc20baf1ae java-1.8.0-openjdk-slowdebug-1.8.0.362.b09-2.el8_7.aarch64.rpm ca05de79562c8ac83fdcc3c833a344906ed4a81325522ee7216e557ec471a507 java-1.8.0-openjdk-src-fastdebug-1.8.0.362.b09-2.el8_7.aarch64.rpm e464756dd4e4ace64fe22f419bc2d1528c4beb30c55ae7ed8942b2ed415fea51 java-1.8.0-openjdk-src-slowdebug-1.8.0.362.b09-2.el8_7.aarch64.rpm 84e2f1c1e1e748fa02fc9648c1fa3b89000662b79163858ad5e024dfda2004ab RLSA-2023:0625 KSBA (pronounced Kasbah) is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Security Fix(es): * libksba: integer overflow to code executiona (CVE-2022-47629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for libksba. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

KSBA (pronounced Kasbah) is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Security Fix(es): * libksba: integer overflow to code executiona (CVE-2022-47629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms libksba-devel-1.3.5-9.el8_7.aarch64.rpm ff3e268c4fe5fa67c372c7332e948c594909c5626d8175ffdac0c7359ae48369 RLBA-2023:0783 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address bugs are now available. The updated versions are .NET SDK 7.0.103 and .NET Runtime 7.0.3. Bug Fix(es) and Enhancement(s): * 2166775 - Update .NET 7.0 to SDK 7.0.103 and Runtime 7.0.3 [rhel-8.7.0.z] Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address bugs are now available. The updated versions are .NET SDK 7.0.103 and .NET Runtime 7.0.3. Bug Fix(es) and Enhancement(s): * 2166775 - Update .NET 7.0 to SDK 7.0.103 and Runtime 7.0.3 [rhel-8.7.0.z] rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.103-1.el8_7.aarch64.rpm 498719b17fc506174bc1fc755cb166045adcb391e8041d773df242cf8e7f448f RLBA-2023:0784 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address bugfixes are now available. The updated versions are .NET SDK 6.0.114 and .NET Runtime 6.0.14. Security Fix(es): * 2166769 - Update .NET 6.0 to SDK 6.0.114 and Runtime 6.0.14 [rhel-8.7.0.z] Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address bugfixes are now available. The updated versions are .NET SDK 6.0.114 and .NET Runtime 6.0.14. Security Fix(es): * 2166769 - Update .NET 6.0 to SDK 6.0.114 and Runtime 6.0.14 [rhel-8.7.0.z] rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.114-1.el8_7.aarch64.rpm 82f29580b41e2759ac0a0db2fd28e68a9d5271f0bdb649d77c1a6402fdb8641c RLEA-2020:4672 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for autogen. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms autogen-5.18.12-8.el8.1.aarch64.rpm 0650d5b015f1463a2114cfd40dfda59558f6c8ef4393647fb85324ca308fb6ff autogen-libopts-devel-5.18.12-8.el8.1.aarch64.rpm fa8189b9ac3938cd80103cbd1be9a1d984e411b465f169c47082d2a58fa8910a RLBA-2020:4734 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libblockdev. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libblockdev-crypto-devel-2.24-11.el8.aarch64.rpm cb14c1f82e01f1371de7591977a41c114135cff1745cc17dfd7ca9c2d480de8f libblockdev-devel-2.24-11.el8.aarch64.rpm 18b97b9d72772bba6ecaa8816bbce22a64925876ce8c0c9506d3b5d4722be889 libblockdev-fs-devel-2.24-11.el8.aarch64.rpm a43a737349195369e421329867f67320166e3a2a2c96649ea9c98a28bb0607ee libblockdev-loop-devel-2.24-11.el8.aarch64.rpm e1ae1aa43c2d91514d8c01d07c713e9467180a5389624494459b47f6f1e247a9 libblockdev-lvm-devel-2.24-11.el8.aarch64.rpm 6263292aa499a6270409a992a5ccf1c75912f5fce9b21465dcdccb5fff04a238 libblockdev-mdraid-devel-2.24-11.el8.aarch64.rpm fd66045929c3d697425c068c41c9e6da49d4501407f2060f5b08a6510aef17bb libblockdev-part-devel-2.24-11.el8.aarch64.rpm 9e73605337bdb599811ac2abd3f897a3fc1b80880dc87e3b279b55a4c5ff038a libblockdev-swap-devel-2.24-11.el8.aarch64.rpm d832627d8d846cf5dfc525ee80158cc6a69273fcedd4c6d27359ad24f23bb7e1 libblockdev-utils-devel-2.24-11.el8.aarch64.rpm 2af0351939fe20b9329f0ee6010c275416633487fc517a57a09332a2f62424eb libblockdev-vdo-devel-2.24-11.el8.aarch64.rpm 3b1444a751f48ee93012c329d8fcce0325ecfadc1b03323daf8adaaf990980eb RLBA-2022:7462 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for anaconda. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms anaconda-widgets-devel-33.16.7.12-1.el8.rocky.0.1.aarch64.rpm 02fec851b51fd4c6e181ac2633ce588df41619ecbbbece9747a727b96fc405b8 RLBA-2022:7635 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for openscap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms openscap-engine-sce-devel-1.3.6-4.el8.rocky.0.2.aarch64.rpm f57145920f2b265a0c7f77920599faf6834fddf5c470dbe38bf177a63f4726aa RLSA-2021:1734 The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372) * grub2: Use-after-free in rmmod command (CVE-2020-25632) * grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647) * grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749) * grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779) * grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225) * grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for shim-unsigned-aarch64. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372) * grub2: Use-after-free in rmmod command (CVE-2020-25632) * grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647) * grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749) * grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779) * grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225) * grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms shim-unsigned-aarch64-15-7.el8.1.1.aarch64.rpm 50d3fdb8369d8b026f80727bf61924a9d167b365f18718a1f42c4e6d41c70e27 RLBA-2023:0831 The nfs-utils packages provide a daemon for the kernel Network File System (NFS) server and related tools, which provides better performance than the traditional Linux NFS server used by most users. These packages also contain the mount.nfs, umount.nfs, and showmount programs. Bug Fix(es) and Enhancement(s): * Update to nfs-utils 2.3.3-51 broke nfs-mountd service on Rocky Linux8.2 (BZ#2150899) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nfs-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The nfs-utils packages provide a daemon for the kernel Network File System (NFS) server and related tools, which provides better performance than the traditional Linux NFS server used by most users. These packages also contain the mount.nfs, umount.nfs, and showmount programs. Bug Fix(es) and Enhancement(s): * Update to nfs-utils 2.3.3-51 broke nfs-mountd service on Rocky Linux8.2 (BZ#2150899) rocky-linux-8-aarch64-powertools-rpms libnfsidmap-devel-2.3.3-57.el8_7.1.aarch64.rpm 25a347435dde9ac7dc003426bf7f1bb035c61e807f50c078f7771c799cbe6272 RLSA-2023:0832 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222) * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945) * kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134586) * Hardware error: RIP: copy_user_enhanced_fast_string+0xe (BZ#2137592) * Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel (BZ#2139580) * MEI support for Alder Lake-S (BZ#2141783) * Host Pod -> Cluster IP Service traffic (Pod Backend - Different Node) Flow Iperf Cannot Connect (BZ#2141959) * Rocky Linux8.7: Xorg cannot display resolution higher than 1024x768 on system using ast graphics driver (BZ#2149287) * Intel 8.7 Bug: OS doesn't boot when vmd and interrupt remapping are enabled (BZ#2149474) * i40e,iavf: SR-IOV VF devices send GARP with wrong MAC address (BZ#2149745) * Rocky Linux8.4 - boot: Add secure boot trailer (BZ#2151530) * error 524 from seccomp(2) when trying to load filter (BZ#2152138) * Workqueue: WQ_MEM_RECLAIM iscsi_ctrl_1:98 __iscsi_unbind_session [scsi_transport_iscsi] (BZ#2152734) * Connectivity issue with vDPA driver (BZ#2152912) * High Load average due to cfs cpu throttling (BZ#2153108) * The "kernel BUG at mm/usercopy.c:103!" from BZ 2041529 is back on rhel-8.5 (BZ#2153230) * Rocky Linux8: tick storm on nohz (isolated) CPU cores (BZ#2153653) * kernel BUG: scheduling while atomic: crio/7295/0x00000002 (BZ#2154460) * Azure Rocky Linux 8 z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2155272) * Azure: VM Deployment Failures Patch Request (BZ#2155280) * Azure vPCI Rocky Linux-8: add the support of multi-MSI (BZ#2155289) * MSFT MANA NET Patch Rocky Linux-8: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155437) * GSS: OCP 4.10.30 node crash after ODF upgrade : unable to handle kernel NULL pointer dereference at 0000000000000000 : ceph_get_snap_realm+0x68/0xa0 [ceph] (BZ#2155797) * Error in /usr/src/kernels/4.18.0-423.el8.x86_64/scripts/kernel-doc script causing irdma build to fail (BZ#2157905) * Rocky Linux8.8: Backport upstream patches to reduce memory cgroup memory consumption and OOM problem (BZ#2157922) * The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158813) * ethtool -m results in an out-of-bounds slab write in the be2net driver (BZ#2160182) * (Redhat OpenShift)Error downloading big ZIP files inside pod on power OCP and pod getting restarted (BZ#2160221) * i40e/iavf: VF reset task fails "Never saw reset" with 5 second timeout per VF (BZ#2160460) * iavf: It takes long time to create multiple VF interfaces and the VF interface names are not consistent (BZ#2163257) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222) * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945) * kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134586) * Hardware error: RIP: copy_user_enhanced_fast_string+0xe (BZ#2137592) * Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel (BZ#2139580) * MEI support for Alder Lake-S (BZ#2141783) * Host Pod -> Cluster IP Service traffic (Pod Backend - Different Node) Flow Iperf Cannot Connect (BZ#2141959) * Rocky Linux8.7: Xorg cannot display resolution higher than 1024x768 on system using ast graphics driver (BZ#2149287) * Intel 8.7 Bug: OS doesn't boot when vmd and interrupt remapping are enabled (BZ#2149474) * i40e,iavf: SR-IOV VF devices send GARP with wrong MAC address (BZ#2149745) * Rocky Linux8.4 - boot: Add secure boot trailer (BZ#2151530) * error 524 from seccomp(2) when trying to load filter (BZ#2152138) * Workqueue: WQ_MEM_RECLAIM iscsi_ctrl_1:98 __iscsi_unbind_session [scsi_transport_iscsi] (BZ#2152734) * Connectivity issue with vDPA driver (BZ#2152912) * High Load average due to cfs cpu throttling (BZ#2153108) * The "kernel BUG at mm/usercopy.c:103!" from BZ 2041529 is back on rhel-8.5 (BZ#2153230) * Rocky Linux8: tick storm on nohz (isolated) CPU cores (BZ#2153653) * kernel BUG: scheduling while atomic: crio/7295/0x00000002 (BZ#2154460) * Azure Rocky Linux 8 z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2155272) * Azure: VM Deployment Failures Patch Request (BZ#2155280) * Azure vPCI Rocky Linux-8: add the support of multi-MSI (BZ#2155289) * MSFT MANA NET Patch Rocky Linux-8: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155437) * GSS: OCP 4.10.30 node crash after ODF upgrade : unable to handle kernel NULL pointer dereference at 0000000000000000 : ceph_get_snap_realm+0x68/0xa0 [ceph] (BZ#2155797) * Error in /usr/src/kernels/4.18.0-423.el8.x86_64/scripts/kernel-doc script causing irdma build to fail (BZ#2157905) * Rocky Linux8.8: Backport upstream patches to reduce memory cgroup memory consumption and OOM problem (BZ#2157922) * The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158813) * ethtool -m results in an out-of-bounds slab write in the be2net driver (BZ#2160182) * (Redhat OpenShift)Error downloading big ZIP files inside pod on power OCP and pod getting restarted (BZ#2160221) * i40e/iavf: VF reset task fails "Never saw reset" with 5 second timeout per VF (BZ#2160460) * iavf: It takes long time to create multiple VF interfaces and the VF interface names are not consistent (BZ#2163257) rocky-linux-8-aarch64-powertools-rpms kernel-tools-libs-devel-4.18.0-425.13.1.el8_7.aarch64.rpm 010869ff3cda80feb58182eadb7292e0fbc50e6b9b45d460e32766cb61500551 RLSA-2023:0838 Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (CVE-2022-38023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for samba. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (CVE-2022-38023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms libsmbclient-devel-4.16.4-4.el8_7.aarch64.rpm 8748deb897fb5a7271e2d92a834f07138130e23a5e2efd226cd26397222f027d libwbclient-devel-4.16.4-4.el8_7.aarch64.rpm 8afb151fcaf908cefb5c0e8432e9cd15294ad36ad337bd0ef4a53ea06cbd0489 samba-devel-4.16.4-4.el8_7.aarch64.rpm 8157f0dca8e0221e70b1020395c1fa0e7428b865310f0e3fb5cda84345bc7d53 RLBA-2023:0850 The OpenSCAP suite enables integration of the Security Content Automation Protocol (SCAP) line of standards. The openscap packages provide the OpenSCAP library and the oscap utility that provides various SCAP capabilities. Bug Fix(es) and Enhancement(s): * xmlfilecontent probe produces invalid OVAL results (BZ#2165577) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for openscap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The OpenSCAP suite enables integration of the Security Content Automation Protocol (SCAP) line of standards. The openscap packages provide the OpenSCAP library and the oscap utility that provides various SCAP capabilities. Bug Fix(es) and Enhancement(s): * xmlfilecontent probe produces invalid OVAL results (BZ#2165577) rocky-linux-8-aarch64-powertools-rpms openscap-engine-sce-devel-1.3.6-5.el8_7.rocky.0.2.aarch64.rpm 8833b00e6629abb91dbca0367542e588961aeade5060f4e39e27f91b9a93f757 RLBA-2023:1245 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.104 and Runtime 7.0.4 [rhel-8.7.0.z] (BZ#2175026) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.104 and Runtime 7.0.4 [rhel-8.7.0.z] (BZ#2175026) rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.104-1.el8_7.aarch64.rpm 1d410a382fbd371928e3dfc7bc3961ef155035deb48d53a69f1d5c892d7ebc61 RLBA-2023:1565 The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Bug Fix(es): *Multipath segfault after running newest patched version (BZ#2161393) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for device-mapper-multipath. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Bug Fix(es): *Multipath segfault after running newest patched version (BZ#2161393) rocky-linux-8-aarch64-powertools-rpms device-mapper-multipath-devel-0.8.4-28.el8_7.3.aarch64.rpm e5a1407fa7df5f6df25e0d4d476be782b3b1abb611fa2f20b124f060567087ad RLSA-2023:1566 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266) * kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386) * kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel panic on reboot due to a bug in mei_wdt module (BZ#2139770) * Rocky Linux8: Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142170) * AMDSERVER 8.7: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151275) * Rocky Linux-8.8: Update RDMA core to Linux v6.0 (BZ#2161750) * Kernel panic observed during VxFS module unload (BZ#2162763) * Client not able to connect to rhel server: SYN is answered by chalange ACK and RST is ignored (BZ#2165587) * Rocky Linux8.4: s390/kexec: fix ipl report address for kdump (BZ#2166296) * kvm-unit-test reports unhandled exception on AMD (BZ#2166362) * Windows Server 2019 guest randomly pauses with "KVM: entry failed, hardware error 0x80000021" (BZ#2166368) * Unable to get QinQ working with ConnectX-4 Lx in SR-IOV scenario (BZ#2166665) * panic in fib6_rule_suppress+0x22 with custom xdp prog involved in (BZ#2167602) * net/mlx5e: Fix use-after-free when reverting termination table (BZ#2167640) * Rocky Linux 8.7: EEH injection failed to recover on Mellanox adapter. (BZ#2167645) * mlx5: lag and sriov fixes (BZ#2167647) * Rocky Linux8.4: dasd: fix no record found for raw_track_access (BZ#2167776) * GSS: Set of fixes in ceph kernel module to prevent OCS node kernel crash - blocklist the kclient when receiving corrupted snap trace (BZ#2168896) * Azure Rocky Linux8 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170228) * fast_isolate_freepages scans out of target zone (BZ#2170576) * Backport Request for locking/rwsem commits (BZ#2170939) * ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172550) * Hyper-V Rocky Linux8.8: Update MANA driver (BZ#2173103) Enhancement(s): * Intel 8.8 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168384) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266) * kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386) * kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel panic on reboot due to a bug in mei_wdt module (BZ#2139770) * Rocky Linux8: Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142170) * AMDSERVER 8.7: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151275) * Rocky Linux-8.8: Update RDMA core to Linux v6.0 (BZ#2161750) * Kernel panic observed during VxFS module unload (BZ#2162763) * Client not able to connect to rhel server: SYN is answered by chalange ACK and RST is ignored (BZ#2165587) * Rocky Linux8.4: s390/kexec: fix ipl report address for kdump (BZ#2166296) * kvm-unit-test reports unhandled exception on AMD (BZ#2166362) * Windows Server 2019 guest randomly pauses with "KVM: entry failed, hardware error 0x80000021" (BZ#2166368) * Unable to get QinQ working with ConnectX-4 Lx in SR-IOV scenario (BZ#2166665) * panic in fib6_rule_suppress+0x22 with custom xdp prog involved in (BZ#2167602) * net/mlx5e: Fix use-after-free when reverting termination table (BZ#2167640) * Rocky Linux 8.7: EEH injection failed to recover on Mellanox adapter. (BZ#2167645) * mlx5: lag and sriov fixes (BZ#2167647) * Rocky Linux8.4: dasd: fix no record found for raw_track_access (BZ#2167776) * GSS: Set of fixes in ceph kernel module to prevent OCS node kernel crash - blocklist the kclient when receiving corrupted snap trace (BZ#2168896) * Azure Rocky Linux8 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170228) * fast_isolate_freepages scans out of target zone (BZ#2170576) * Backport Request for locking/rwsem commits (BZ#2170939) * ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172550) * Hyper-V Rocky Linux8.8: Update MANA driver (BZ#2173103) Enhancement(s): * Intel 8.8 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168384) rocky-linux-8-aarch64-powertools-rpms kernel-tools-libs-devel-4.18.0-425.19.2.el8_7.aarch64.rpm 3e5af635ab3ca5eb4ee1929b2358c82531ba7750cb1737a14e22a592341bf981 RLBA-2023:1567 Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Bug Fix(es) and Enhancement(s): * Samba shares not accessible from MacOS Ventura after upgrade to Samba 4.16.4-2.el8 (BZ#2170394) * ctdb should have dependency for package samba-winbind-clients (BZ#2170467) * Samba with Winbind can not retrieve user groups from Active Directory (BZ#2170468) * samba-tool reports an uncaught exception (BZ#2170469) * Ship new samba subpackages (BZ#2173975) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for samba. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Bug Fix(es) and Enhancement(s): * Samba shares not accessible from MacOS Ventura after upgrade to Samba 4.16.4-2.el8 (BZ#2170394) * ctdb should have dependency for package samba-winbind-clients (BZ#2170467) * Samba with Winbind can not retrieve user groups from Active Directory (BZ#2170468) * samba-tool reports an uncaught exception (BZ#2170469) * Ship new samba subpackages (BZ#2173975) rocky-linux-8-aarch64-powertools-rpms libsmbclient-devel-4.16.4-6.el8_7.aarch64.rpm 7e2e3ec5bdc2e7bf66cf4b20e65d97dfe402f04f1867306f0e5d89dc9678e550 libwbclient-devel-4.16.4-6.el8_7.aarch64.rpm e000ae3f5aebba46da219b8f425080ba5df6afdc6b85d50bb0056689a8587b60 samba-devel-4.16.4-6.el8_7.aarch64.rpm 4c2a41bf8f3ddc71c79c6f6af6207026ba91b83b4b64deff55eaded4c8dcb971 RLBA-2023:1570 NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es) and Enhancement(s): * NetworkManager hostname lookup fails with IPv6 (BZ#2174362) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es) and Enhancement(s): * NetworkManager hostname lookup fails with IPv6 (BZ#2174362) rocky-linux-8-aarch64-powertools-rpms NetworkManager-libnm-devel-1.40.0-6.el8_7.aarch64.rpm 3da9406c37f4594eb8a8f88f5a7ed6e06c026d1d7bdd34eccec02fe806738b08 RLEA-2023:1574 Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Bug Fix(es) and Enhancement(s): * SR-IOV VF not disabled as desired, gets IPv4 and default route via DHCP (BZ#2169642) * Dual stack profiles do not set may-fail correctly (BZ#2170078) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nmstate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Bug Fix(es) and Enhancement(s): * SR-IOV VF not disabled as desired, gets IPv4 and default route via DHCP (BZ#2169642) * Dual stack profiles do not set may-fail correctly (BZ#2170078) rocky-linux-8-aarch64-powertools-rpms nmstate-devel-1.3.3-8.el8_7.aarch64.rpm 4ba2f7d3b0c516d2167c08615ae1b2ca85303c07a2efdcc4fa31f40952b6c3ff RLBA-2023:1579 UPower is a DBus daemon and a client library that provides an interface for other programs to enumerate power sources on the system and control system-wide power management. Bug Fix(es) and Enhancement(s): * Rocky Linux 8.7 Missing battery icon while the battery is charging. (BZ#2170088) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for upower. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

UPower is a DBus daemon and a client library that provides an interface for other programs to enumerate power sources on the system and control system-wide power management. Bug Fix(es) and Enhancement(s): * Rocky Linux 8.7 Missing battery icon while the battery is charging. (BZ#2170088) rocky-linux-8-aarch64-powertools-rpms upower-devel-0.99.7-4.el8_7.aarch64.rpm c7e8a1cd4477d1266651f21d2559619de838667467a9500dfb485d4b9fa70dea upower-devel-docs-0.99.7-4.el8_7.noarch.rpm 1c90886eb71223a62206ed760389e25ed8a20f292f2a15f8c466044da1b3a26b RLSA-2023:1898 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930) * OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939) * OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954) * OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967) * OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937) * OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938) * OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * In FIPS mode, the list of cryptographic services and algorithms available is limited to those that are FIPS compliant. It was found that this filtering was too strict and was also excluding service attributes. These attributes are now made available in FIPS mode, as they are in non-FIPS mode. (RHBZ#2186835) * Previously, the XML signature provider was unable to operate in FIPS mode. Following recent enhancements to FIPS mode support, the XML signature provider can now be supported. It is now enabled in FIPS mode. (RHBZ#2186827) * The PKCS#11 provider used by FIPS mode can be supported by different PKCS#11 tokens. It was found that some PKCS#11 tokens may not be initialised fully before use, leading to an exception being thrown by the provider. With this release, this exception is now expected and handled by the FIPS support code. (RHBZ#2186831) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930) * OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939) * OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954) * OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967) * OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937) * OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938) * OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * In FIPS mode, the list of cryptographic services and algorithms available is limited to those that are FIPS compliant. It was found that this filtering was too strict and was also excluding service attributes. These attributes are now made available in FIPS mode, as they are in non-FIPS mode. (RHBZ#2186835) * Previously, the XML signature provider was unable to operate in FIPS mode. Following recent enhancements to FIPS mode support, the XML signature provider can now be supported. It is now enabled in FIPS mode. (RHBZ#2186827) * The PKCS#11 provider used by FIPS mode can be supported by different PKCS#11 tokens. It was found that some PKCS#11 tokens may not be initialised fully before use, leading to an exception being thrown by the provider. With this release, this exception is now expected and handled by the FIPS support code. (RHBZ#2186831) rocky-linux-8-aarch64-powertools-rpms java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el8_7.aarch64.rpm c4fb9688490a1e8d357e1d0e276806eac25dd879cc3af86e71deb7d785c0d904 java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_7.aarch64.rpm 4a6b1a0772ad883b8c9ccd16820b2815e935654aca4dfd71baeb609f06593440 java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el8_7.aarch64.rpm c806241a90ecc005cddc6172942a1640c48baf46c688a5cd649176a7ba718cc5 java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_7.aarch64.rpm d55b56c767d6181af409277178dcaaf9df3e4eea9ac708d658a097e03fe18e36 java-17-openjdk-fastdebug-17.0.7.0.7-1.el8_7.aarch64.rpm 41058d39fbe0abe1bdc9472600816cdac0613cb61b5040a54d992635ef370ae5 java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el8_7.aarch64.rpm a21a7567fd1db6345eb021c26d206de461270c8254722975ab709bfc0b7caf21 java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_7.aarch64.rpm c5da803bbb523b0e21b3fe49d662e8646939f1104c030b2dd71a44eaa597ae9d java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el8_7.aarch64.rpm dc8780cd5d86e272bcef8f31aa3ccc362fb88dd50e843c080bb9a4197d9b8a49 java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_7.aarch64.rpm 94119ffe5e98c4c910647d639d5e292e79fdf7881f646668e9477be1d767317e java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_7.aarch64.rpm 41c544211dd921db28d5e655a6cd8674ebf929b518581cfc752538b8ed6395a5 java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el8_7.aarch64.rpm d44c2177c00ce73825653f1831b53b9ef73fd038e9917511dff9eb8a8d0ca1c6 java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_7.aarch64.rpm 307ccf0aab5ef162d4abb8669d3b6039ceb5b3d83e87ffb94d2157b699f04c9d java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el8_7.aarch64.rpm 0403d8b1ecbee4ccff84b4b7e000ad3f91199b3f31543ca4a719212a6cc428a1 java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_7.aarch64.rpm 4326c4eef49b9ed591ba09cb0cddcf9ab534fe16342291840d49c67f47042a3e RLSA-2023:1895 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930) * OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939) * OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954) * OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967) * OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937) * OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938) * OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930) * OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939) * OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954) * OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967) * OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937) * OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938) * OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm 25fa6c088b1c6003ae4e3b8af74099f153367546395d9e8858c0901bead64dae java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm e420b8ddf742512472763e5058372c68dcc46168519cf36ee17f993ced9a2592 java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm 4f824e3c51388f377cc764857b93d38dda7c6485eb1213298be5bef83c3cabf0 java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm 8b194ac76d92bfae88587633de2758f25273f1c35a5f2dd08a1e83c2238a640f java-11-openjdk-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm 85e6e8c2705e424337efc4432025cbfe81335d50f79031dbfbb54c5397a2f1c9 java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm 45a114b1e59929af1ae435836d4cd58e3a7e33ca021b50a6e1e7b6d6a3011882 java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm 7d741365dbb464e18dd9f1840d16d327a86613ab72f18490e6b64bb6020aaedc java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm 31044d85192d358800bde37f3296c4e69c7d6cec7316b5f0da7595118fd4f7d9 java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm 79204939ad3b55c4f57260fbbaa91a79c8d21aa720ff47971993ea71abae0eab java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm 31b6e063df8d867c804422110dbf84ee3986dd926b22792b36b01d9c8f408afe java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm 6034d0a94c29c2bff515da904556eb38e9a16226e5c32856c9f16a0bfff80633 java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm b1f0fb85860bb1d9d6dec88846b8985041ff57f3c5b38c235fe27c6e56d468c9 java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm 25f2c1b0181106b4286cc275c7a49eb3733de70378b254f1c3da94d0deb7f157 java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm 77a1d249c98ceb9cc1ac3acb1dd787535adf32d1a759fb63b25f29b7ff839d5b RLBA-2023:2991 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libtalloc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms python3-talloc-devel-2.3.4-1.el8.aarch64.rpm 67914a7b492edbf5dd3f9141bf5f0251c351ebe005b4472b6d1ce22da2fac6f2 RLBA-2023:3007 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libtraceevent. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libtraceevent-devel-1.5.3-1.el8.aarch64.rpm 93ec8ddb9567420af1fc62e8790486a88a77d4b09b3b7ec2126e8b4e689f6f8a RLBA-2023:3048 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for lvm2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms device-mapper-devel-1.02.181-9.el8.aarch64.rpm d0ea2d8a90c77b54af39f2f2908aa263134c924c90f503d55aebacc6b07aa0ca device-mapper-event-devel-1.02.181-9.el8.aarch64.rpm 4f3d30cbfe9c01b316d7cab49a5662ae922e25a88ca7fca5f86291eb090bd06d lvm2-devel-2.03.14-9.el8.aarch64.rpm 9433f339f0f1d10e703f5bb263ef81843a63ec2f42bf61973aaca3e8e1abf361 RLSA-2021:1849 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The following packages have been upgraded to a later upstream version: freerdp (2.2.0). (BZ#1881971) Security Fix(es): * freerdp: out of bounds read in TrioParse (CVE-2020-4030) * freerdp: out of bound reads resulting in accessing memory location outside of static array PRIMARY_DRAWING_ORDER_FIELD_BYTES (CVE-2020-11095) * freerdp: out of bounds read in PRIMARY_DRAWING_ORDER_FIELD_BYTES (CVE-2020-11097) * freerdp: out of bounds read in license_read_new_or_upgrade_license_packet (CVE-2020-11099) * freerdp: integer overflow due to missing input sanitation in rdpegfx channel (CVE-2020-15103) * freerdp: out-of-bounds read in RLEDECOMPRESS (CVE-2020-4033) * freerdp: out-of-bound read in update_read_cache_bitmap_v3_order (CVE-2020-11096) * freerdp: out-of-bound read in glyph_cache_put (CVE-2020-11098) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The following packages have been upgraded to a later upstream version: freerdp (2.2.0). (BZ#1881971) Security Fix(es): * freerdp: out of bounds read in TrioParse (CVE-2020-4030) * freerdp: out of bound reads resulting in accessing memory location outside of static array PRIMARY_DRAWING_ORDER_FIELD_BYTES (CVE-2020-11095) * freerdp: out of bounds read in PRIMARY_DRAWING_ORDER_FIELD_BYTES (CVE-2020-11097) * freerdp: out of bounds read in license_read_new_or_upgrade_license_packet (CVE-2020-11099) * freerdp: integer overflow due to missing input sanitation in rdpegfx channel (CVE-2020-15103) * freerdp: out-of-bounds read in RLEDECOMPRESS (CVE-2020-4033) * freerdp: out-of-bound read in update_read_cache_bitmap_v3_order (CVE-2020-11096) * freerdp: out-of-bound read in glyph_cache_put (CVE-2020-11098) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms freerdp-devel-2.2.0-10.el8.aarch64.rpm f392eb8e91d56a8f73e196b00b51d593ab48cd6e5fa0893063c1ae75d0bd9f26 RLBA-2023:2783 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for wpebackend-fdo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms wpebackend-fdo-devel-1.10.0-3.el8.aarch64.rpm 9512eb0bf4175da28cc84c288b8d7e7cfd51226f41d8b3e0e18cb0e231703398 RLSA-2023:2810 Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * poppler: integer overflow in JBIG2 decoder using malformed files (CVE-2022-38784) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for poppler. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * poppler: integer overflow in JBIG2 decoder using malformed files (CVE-2022-38784) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms poppler-cpp-20.11.0-6.el8.aarch64.rpm 35d9912b060d0de81aaf5826f024ed061cabff5e21a66dbaef28edd35909d9a9 poppler-cpp-devel-20.11.0-6.el8.aarch64.rpm fc87b4181ccbc70ae66d7b069552d5285762c02ffc00004cd80d6b90b2ae2ff9 poppler-devel-20.11.0-6.el8.aarch64.rpm ad840b0f32274c06a8baab3dc136213c8c2d44a4336bc6d5125dd0bbc686dc07 poppler-glib-devel-20.11.0-6.el8.aarch64.rpm cd7bde41b823120557ded2b60a535605a77d274904895eb2318da6740d2119b3 poppler-qt5-devel-20.11.0-6.el8.aarch64.rpm 4684b1c920d80ab9ad7836c5ee10ebe18f6c4ea7c675e0e98fb82f8b08d62c3b RLBA-2023:3102 The util-linux packages contain a large variety of low-level system utilities necessary for a Linux system to function. Among others, these include the libuuid and uuidd daemon. Bug Fix(es) and Enhancement(s): * Backport hint about systemd daemon-reload. (BZ#2180442) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for util-linux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The util-linux packages contain a large variety of low-level system utilities necessary for a Linux system to function. Among others, these include the libuuid and uuidd daemon. Bug Fix(es) and Enhancement(s): * Backport hint about systemd daemon-reload. (BZ#2180442) rocky-linux-8-aarch64-powertools-rpms libmount-devel-2.32.1-42.el8_8.aarch64.rpm 595c4ed836b4237afcf8ae02c084de6a87e16797c08e79d9ffb4c92975808ccf RLBA-2023:2765 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gnome-software. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms gnome-software-devel-3.36.1-11.el8.aarch64.rpm 4f17c61a3445c4953a6073cbb11600075360466a0607352f8e5aad60ddab4640 RLBA-2023:2812 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qt5-qttools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms qt5-qttools-static-5.15.3-4.el8.aarch64.rpm c13adc8e12426f5b1638fcddbc3f14382acadea5e94b9d7f325ccfb4b870278f RLBA-2023:2922 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for python3.11-psycopg2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms python3.11-psycopg2-debug-2.9.3-1.el8.aarch64.rpm a000c16fb01af3b3f34b8584611bd7585062a92cdd0b4184d185d928e6666494 python3.11-psycopg2-tests-2.9.3-1.el8.aarch64.rpm 1300ac924295321d3f9e9c3994423c9b1f835977cd5f7209980ba555a8f54b01 RLBA-2023:3092 Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Bug Fix(es) and Enhancement(s): * Rebase nmstate to latest 1.x branch. (BZ#2181166) * Failures when DNS is set to auto with DHCP and there is a static DNS search string defined. (BZ#2186178) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nmstate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Bug Fix(es) and Enhancement(s): * Rebase nmstate to latest 1.x branch. (BZ#2181166) * Failures when DNS is set to auto with DHCP and there is a static DNS search string defined. (BZ#2186178) rocky-linux-8-aarch64-powertools-rpms nmstate-devel-1.4.4-1.el8_8.aarch64.rpm 379b764005703a9bbaca1d7083d4fc1539eb4d276752ce734c671cf24c22306f RLBA-2023:3093 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.116-2.el8_8.aarch64.rpm f7ad4769e6097cd7716c8f851a48248bb40cf6f0dcf8ae3746926dca12161caa RLBA-2023:3094 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.105 and Runtime 7.0.5 [rhel-8.8.0.z] (BZ#2183589) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.105 and Runtime 7.0.5 [rhel-8.8.0.z] (BZ#2183589) rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.105-2.el8_8.aarch64.rpm 599e71d22144d86142246ce52af4b032693aa0f84f9bb3197cbdd43d1b28b6ba RLBA-2023:3099 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Bug Fix(es): * All Rocky Linux versions now share a single OpenJDK build (RHBZ#2189330) * In FIPS mode, the list of cryptographic services and algorithms available is limited to those that are FIPS compliant. It was found that this filtering was too strict and was also excluding service attributes. These attributes are now made available in FIPS mode, as they are in non-FIPS mode. (RHBZ#2186834) * Previously, the XML signature provider was unable to operate in FIPS mode. Following recent enhancements to FIPS mode support, the XML signature provider can now be supported. It is now enabled in FIPS mode. (RHBZ#2186826) * The PKCS#11 provider used by FIPS mode can be supported by different PKCS#11 tokens. It was found that some PKCS#11 tokens may not be initialised fully before use, leading to an exception being thrown by the provider. With this release, this exception is now expected and handled by the FIPS support code. (RHBZ#2186830) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Bug Fix(es): * All Rocky Linux versions now share a single OpenJDK build (RHBZ#2189330) * In FIPS mode, the list of cryptographic services and algorithms available is limited to those that are FIPS compliant. It was found that this filtering was too strict and was also excluding service attributes. These attributes are now made available in FIPS mode, as they are in non-FIPS mode. (RHBZ#2186834) * Previously, the XML signature provider was unable to operate in FIPS mode. Following recent enhancements to FIPS mode support, the XML signature provider can now be supported. It is now enabled in FIPS mode. (RHBZ#2186826) * The PKCS#11 provider used by FIPS mode can be supported by different PKCS#11 tokens. It was found that some PKCS#11 tokens may not be initialised fully before use, leading to an exception being thrown by the provider. With this release, this exception is now expected and handled by the FIPS support code. (RHBZ#2186830) rocky-linux-8-aarch64-powertools-rpms java-17-openjdk-demo-fastdebug-17.0.7.0.7-3.el8.aarch64.rpm f56a7fe460427dc12573174aae21d0c570e1b2c052c90d7e6fa945804b076a72 java-17-openjdk-demo-slowdebug-17.0.7.0.7-3.el8.aarch64.rpm 61e408777f72cd9e96cb5b47ae38cb6df49318a3c4c4b302bafd74be2cc55e3d java-17-openjdk-devel-fastdebug-17.0.7.0.7-3.el8.aarch64.rpm fa234a5c67deb1985a7a8e96fdcdd37d630f6691160dc2c7895a2e69a37324a2 java-17-openjdk-devel-slowdebug-17.0.7.0.7-3.el8.aarch64.rpm 49be380a52576f7b3f3a749d53f31688d9e1ba72c97b78f845b386913e7a9700 java-17-openjdk-fastdebug-17.0.7.0.7-3.el8.aarch64.rpm 10b878d6fb4e40f95c6f61952c830b66d36f04ed637049efc10e3ad9d08c9c26 java-17-openjdk-headless-fastdebug-17.0.7.0.7-3.el8.aarch64.rpm 88e762a6c982163c1eca1cffdf8c50267e2137e26171c9d5425306d2ea87527b java-17-openjdk-headless-slowdebug-17.0.7.0.7-3.el8.aarch64.rpm 2f5bcc0c19e1c635b4fa8442b670f42d7b356556ca15557cfc028c1866d51ae2 java-17-openjdk-jmods-fastdebug-17.0.7.0.7-3.el8.aarch64.rpm 93924523c4e8c7186b3f7b3d6a42b610a70dad4d1f49e9578235129574e9f098 java-17-openjdk-jmods-slowdebug-17.0.7.0.7-3.el8.aarch64.rpm 6b351b49498f030480dd6f1735349cc25b065e27f7ebbdf2143a52b577c286cb java-17-openjdk-slowdebug-17.0.7.0.7-3.el8.aarch64.rpm 01366dbba18afc93fbd307ef2b180bade10dc33f25448cc480f2aa47f61099d6 java-17-openjdk-src-fastdebug-17.0.7.0.7-3.el8.aarch64.rpm 2e3a9ee5d73a90474468e6c3c55638c206f179b8b21e345c0244cc2b3d8ad907 java-17-openjdk-src-slowdebug-17.0.7.0.7-3.el8.aarch64.rpm 188645bea12bad2c82af6ca36b4d397ffcd884e22af4f853a799287554a9d5bc java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-3.el8.aarch64.rpm eb2b0aae148e8d5f9cf5bb84a348a7121a3e8904b2f44ee20d6e40e5ecc4b6e1 java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-3.el8.aarch64.rpm 598b4228b969eed66e8a362c8fb17a907ae02ccfdd7c4277242c1a9eaa783eb7 RLBA-2023:3100 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Bug Fix(es): * All Rocky Linux versions now share a single OpenJDK build (RHBZ#2189327) * Attempting to obtain a HMac key generation using the Sun PKCS11 provider, as in FIPS mode, caused an error to be thrown. This is because the PKCS#11 provider did not offer the corresponding key generation algorithms. The Sun PKCS11 provider has been updated to support these algorithms. (RHBZ#2190091) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Bug Fix(es): * All Rocky Linux versions now share a single OpenJDK build (RHBZ#2189327) * Attempting to obtain a HMac key generation using the Sun PKCS11 provider, as in FIPS mode, caused an error to be thrown. This is because the PKCS#11 provider did not offer the corresponding key generation algorithms. The Sun PKCS11 provider has been updated to support these algorithms. (RHBZ#2190091) rocky-linux-8-aarch64-powertools-rpms java-11-openjdk-demo-fastdebug-11.0.19.0.7-4.el8.aarch64.rpm fabb37d5a5a3d4a3174a4b2f93be0adfff1063b393420252e896c0243dc0b157 java-11-openjdk-demo-slowdebug-11.0.19.0.7-4.el8.aarch64.rpm c193708d624805002368a92081b2e86b1418f84a51b4cae0ae2baf1c1fea25f9 java-11-openjdk-devel-fastdebug-11.0.19.0.7-4.el8.aarch64.rpm 7fa4c6d47e9b0bf196f3e304aeb8a6ffb40506754d500be8e62ebe5727457e59 java-11-openjdk-devel-slowdebug-11.0.19.0.7-4.el8.aarch64.rpm c985a5c87a04654273145f742013dfbd0a3e3b37a198826f9e20e4514fd9a604 java-11-openjdk-fastdebug-11.0.19.0.7-4.el8.aarch64.rpm 0292d7fe36cb6285c6c50ddb71a851afa3dbda72f993422dd0ac44f5c21fc060 java-11-openjdk-headless-fastdebug-11.0.19.0.7-4.el8.aarch64.rpm 2b36c0280d8469539528844e26f06f6082f25201e6051a945eb4f2af9754bcc1 java-11-openjdk-headless-slowdebug-11.0.19.0.7-4.el8.aarch64.rpm 5ed1da3d696df1d035a4b4597829c3350be7fc6d8ced52dafabcf7402c4cfb10 java-11-openjdk-jmods-fastdebug-11.0.19.0.7-4.el8.aarch64.rpm 48a1c919fa28c5c1a454f7501a9df2de968c97b886f9f8368a12014d871f0a41 java-11-openjdk-jmods-slowdebug-11.0.19.0.7-4.el8.aarch64.rpm 3489889816800b08d3a90f4fc3e76faddab6e024ab6f570c6df544a90d842d68 java-11-openjdk-slowdebug-11.0.19.0.7-4.el8.aarch64.rpm 6d6790040120a87407cb280d675610abd553b0b92fcc302953214abee7c32265 java-11-openjdk-src-fastdebug-11.0.19.0.7-4.el8.aarch64.rpm 133d56f72bbe7e4caf6361a7a63b5ffca25dee1c0c57f5eed9c4e5e2c21c4aa5 java-11-openjdk-src-slowdebug-11.0.19.0.7-4.el8.aarch64.rpm f44c72a4c82269ee59ea6590634a75927221ee46d52ce8301891200b7791013d java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-4.el8.aarch64.rpm 28aa1daf596dd460662f39975f488eeb167c04a0600ffb6be0b40e45e41e0bba java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-4.el8.aarch64.rpm 0f83ab95454f4423dfad7ec328e7e0ca531f3c38cf7e8fdbda41caa96d57144f RLBA-2023:3101 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Bug Fix(es): * All Rocky Linux versions now share a single OpenJDK build (RHBZ#2189328) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for java-1.8.0-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Bug Fix(es): * All Rocky Linux versions now share a single OpenJDK build (RHBZ#2189328) rocky-linux-8-aarch64-powertools-rpms java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-4.el8.aarch64.rpm 5c29181edb11d2991d6fc500e356114e3a115ff40d4cd93f06fa5ed34d49bc37 java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-4.el8.aarch64.rpm d1ae233695f53e3b362e2f0aa2e459b97d56a7c37688fbec55f80a5a403a9632 java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-4.el8.aarch64.rpm 5437e7c674163e3bb507fd490c330005e6d814a6a65acb6dfe3f273ad32a8bb3 java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-4.el8.aarch64.rpm 6f101a1b34a0ee8fae2e431e5d43970fb3f78bb4fb6058268d510cf088da6b30 java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-4.el8.aarch64.rpm b122d1777de9cacd0365a7430abd657a891954b0c5faa9dc79c55bdccef55a9a java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-4.el8.aarch64.rpm 422e27f5305c34760a3044c238092de383995ab031af33b9e7538e2a91ccadac java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-4.el8.aarch64.rpm c1da5dda55a7eed9cd9d9158fb1e8276f6949d6e945e921600140ac35141a13f java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-4.el8.aarch64.rpm a9b2366fc782801de00319b2e7c38522c3dd52908265f0ba2763f986f5cabec0 java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-4.el8.aarch64.rpm 2de261314ac0a79ecbeec7621ba23d9fbfb21596c66137d7e5e0d8eb16efcd61 java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-4.el8.aarch64.rpm 4bcda9cbfd2ca9c4e8cd6f8fe263176a0b5a24aefdb4794001bb534484d6010b java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-4.el8.aarch64.rpm 952ced30c699bb7af5856f824883bf373dbda304b132d4c1d134015ec0c9328f java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-4.el8.aarch64.rpm 124a129226d74746628d219c9e9aa7d9eb4a5908f134e27169e4574bb4fc7820 RLBA-2023:2978 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms opencryptoki-devel-3.19.0-2.el8.aarch64.rpm 56b85bb8770eb1539f90478bcea597c64846a21f722650248d7d084af0fdd002 RLBA-2023:2979 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libdnf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libdnf-devel-0.63.0-14.el8_8.aarch64.rpm d3e1e986ab6498d603cda25baf87a8f857163e74743608cb5ef88bff4f83a1c6 RLBA-2023:3010 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libtracefs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libtracefs-devel-1.3.1-2.el8.aarch64.rpm 8e4af60d91fd420dc9c54af64d6c877d11f708b377aaa6c0513824c70087f9d1 RLBA-2023:3036 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for librhsm. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms librhsm-devel-0.0.3-5.el8.aarch64.rpm f83fe5a4ef9c9e9e0a8028ee126e4dadebdd6026553d29d37e4d3cc5936ce998 RLBA-2023:3063 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for file. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms file-devel-5.33-24.el8.aarch64.rpm 7cdb0c2b08b351800c419674091d78e612e3c8d146d6e119bc455a0708521cb0 RLBA-2021:1801 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libgpod. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libgpod-0.8.3-24.el8.aarch64.rpm 9a2ac829d7f81e2f06b6aec6b726cb1311fb42c7457f7f0b07bd3ec64917e25e libgpod-devel-0.8.3-24.el8.aarch64.rpm 65ae4b96f8f497d581578577fd25ee939f4524a0599077b430a36def7c10b167 libgpod-doc-0.8.3-24.el8.aarch64.rpm 5cb11d20b4e3282b1d8ccaad17645b39564e2c5b323748274d37d0e6343e53a8 RLBA-2021:1837 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for liblangtag. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms liblangtag-devel-0.6.2-8.el8.aarch64.rpm 95a7a89b590ed6f6ad7bda2edfdb08cddce529dcd5dd27d90ee1641eab7a8f36 liblangtag-doc-0.6.2-8.el8.noarch.rpm f43ea18bb2eaf66a6fc1097c3d708353a0a9acfbf9031191db36ba233d6eee37 liblangtag-gobject-0.6.2-8.el8.aarch64.rpm 088dd9bb18cb323bf24edebd5ec40e7a281025af55ef8c7d8b5e2d3202323006 RLSA-2021:1842 Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples. Security Fix(es): * raptor: heap-based buffer overflows due to an error in calculating the maximum nspace declarations for the XML writer (CVE-2017-18926) * raptor2: malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common (CVE-2020-25713) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for raptor2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples. Security Fix(es): * raptor: heap-based buffer overflows due to an error in calculating the maximum nspace declarations for the XML writer (CVE-2017-18926) * raptor2: malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common (CVE-2020-25713) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms raptor2-devel-2.0.15-16.el8.aarch64.rpm 66bbc94e0c4acf980d9bbfe2c6544f56237cefe0fd247d9f681c4ca26e4b77ee RLBA-2021:4348 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for brasero. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms brasero-devel-3.12.2-5.el8.aarch64.rpm d683e41c40d8355245ac9e1f637e28b57e5c8f5e500ea7f4f2c9217c9a8c873f brasero-libs-3.12.2-5.el8.aarch64.rpm 8c1d9c22d85d7b888633240a1a63958df1001d112a244c308ae09859b4e742ab RLBA-2020:3148 Rocky Enterprise Software Foundation OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. For additional information about the items in this advisory, refer to the Technical Notes chapter of the Release Notes, https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html/release_notes/chap-technical_notes Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for python-gflags, python-oauth2client, google-api-python-client, python-httplib2, python-uritemplate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Rocky Enterprise Software Foundation OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. For additional information about the items in this advisory, refer to the Technical Notes chapter of the Release Notes, https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html/release_notes/chap-technical_notes rocky-linux-8-aarch64-powertools-rpms python3-httplib2-0.10.3-4.el8.noarch.rpm 6e8b831ea4c97e85d08e061f6ed8f03ffd62a7ab0df8bc9b2f3222fd2c33e8b7 RLSA-2023:3661 The texlive packages contain TeXLive, an implementation of TeX for Linux or UNIX systems. Security Fix(es): * texlive: arbitrary code execution allows document complied with older version (CVE-2023-32700) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for texlive. This update affects Rocky Linux 9, Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The texlive packages contain TeXLive, an implementation of TeX for Linux or UNIX systems. Security Fix(es): * texlive: arbitrary code execution allows document complied with older version (CVE-2023-32700) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms texlive-lib-devel-20180414-29.el8_8.aarch64.rpm 9de7c731763b28a9ba00cfd015e2f7f5141b2481fd224a57b4cee24d8d55abff RLBA-2023:3845 NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es): * NetworkManager brings down connection when the IPv6 link-local address is removed (BZ#2209355) * ifcfg: Mask the high bit in InfiniBand P-Key IDs again (BZ#2209975) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es): * NetworkManager brings down connection when the IPv6 link-local address is removed (BZ#2209355) * ifcfg: Mask the high bit in InfiniBand P-Key IDs again (BZ#2209975) rocky-linux-8-aarch64-powertools-rpms NetworkManager-libnm-devel-1.40.16-3.el8_8.aarch64.rpm 9de945a92b44aaa378d82a612557bc53ed449d10b05d33b6be7cf61e7d06b6d4 RLSA-2023:4100 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: named's configured cache size limit can be significantly exceeded (CVE-2023-2828) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for bind9.16. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: named's configured cache size limit can be significantly exceeded (CVE-2023-2828) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms bind9.16-devel-9.16.23-0.14.el8_8.1.aarch64.rpm 41e522a2d796494c6854cb8333ae437b8abae69f4ed485f59a859aef8bf584e7 bind9.16-doc-9.16.23-0.14.el8_8.1.noarch.rpm 9e0afbfc91960e8fcdebe49b409519c4fa1243f58b39e1102f8a3c244a6a5a10 RLSA-2023:4176 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) [rhel-8] (BZ#2219727) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-1.8.0-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) [rhel-8] (BZ#2219727) rocky-linux-8-aarch64-powertools-rpms java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm 2946dcb9692203d17d6baee6a5630fe2f8b72c86c802d871ebc939b373b771ab java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm 8f4e3fb7a742ec4b82acc7325dce0429404512b2656bff1d24c5760eafa9d976 java-1.8.0-openjdk-demo-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm b3221175168fc04c5826d51ea2594c0cd314cd6760a8c982fbb1c68bc5bce0b6 java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm ba1c6e4d6096c8eccd762bc8fe97afdaeb107fba20dc201b31e737f21de2c02d java-1.8.0-openjdk-devel-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm 2b7b426615751527f371458ec9d672811bf390f25881d6971a60f2a438110f91 java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm aee2149789fc20a3a4e721e5212f5cc50f075e0148e353a82da975ce9884b881 java-1.8.0-openjdk-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm 505828f36404fd44205bbefcfb800ad9041f0c4ebb433b7bea2afee0e0b3e067 java-1.8.0-openjdk-headless-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm cfe57958bfa077703489be3e231ea07f3b120d48ba5206beba7f79202587cf17 java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm c2581a10123dccc6e4b95e7503c27aa047f77447c10ecb2d815fd2592904ffde java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm 8a0676aacd235ab065d38883431f5adfcd5b6a4a5a91c761657bc2236daeaeb7 java-1.8.0-openjdk-src-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm 5c0234ebc6dfaa1a26eeb90c962e9377cb116560903986e57e37a4e24b9dc6cb java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm 0df71b9caf6233e1e22ce59091c8951cdb34ba06faa0349518761a9b5aa21a26 RLSA-2023:3847 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (CVE-2023-28466) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RPL-P IOTG/RPL-S IOTG: cpu frequency issues (BZ#2179332) * iscsi target deadlocks when the same host acts as an initiator to itself (i.e. connects via 127.0.0.1) (BZ#2182092) * HPEMC Rocky Linux 8 REGRESSION: acpi-cpufreq: Skip initialization if a cpufreq driver exists (BZ#2186305) * kernel[-rt]: task deadline_test:2526 blocked for more than 600 seconds. (BZ#2188623) * Dying percpu kworkers cause issues on isolated CPUs [rhel-8] (BZ#2189595) * block layer: cherry pick recent upstream fixes (up to v6.3-rc1) for 8.9 (BZ#2193236) * xfs: deadlock in xfs_btree_split_worker (BZ#2196390) * Rocky Linux 8.9 hwpoison: data loss when memory error occurs on hugetlb pagecache (BZ#2196665) * Intel E810 card unable to create a MACVLAN on interface already configured as SRIOV (BZ#2203214) * mlxsw: kselftest case -usr-libexec-kselftests-drivers-net-mlxsw-devlink-trap-policer-sh trigger call trace (BZ#2207564) * Invalid character detected by rpminspect in Documentation/translations/zh_CN/process/magic-number.rst (BZ#2208284) Enhancement(s): * Intel 8.9 FEAT SPR power: Intel SST SNC4 support (BZ#2185604) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (CVE-2023-28466) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RPL-P IOTG/RPL-S IOTG: cpu frequency issues (BZ#2179332) * iscsi target deadlocks when the same host acts as an initiator to itself (i.e. connects via 127.0.0.1) (BZ#2182092) * HPEMC Rocky Linux 8 REGRESSION: acpi-cpufreq: Skip initialization if a cpufreq driver exists (BZ#2186305) * kernel[-rt]: task deadline_test:2526 blocked for more than 600 seconds. (BZ#2188623) * Dying percpu kworkers cause issues on isolated CPUs [rhel-8] (BZ#2189595) * block layer: cherry pick recent upstream fixes (up to v6.3-rc1) for 8.9 (BZ#2193236) * xfs: deadlock in xfs_btree_split_worker (BZ#2196390) * Rocky Linux 8.9 hwpoison: data loss when memory error occurs on hugetlb pagecache (BZ#2196665) * Intel E810 card unable to create a MACVLAN on interface already configured as SRIOV (BZ#2203214) * mlxsw: kselftest case -usr-libexec-kselftests-drivers-net-mlxsw-devlink-trap-policer-sh trigger call trace (BZ#2207564) * Invalid character detected by rpminspect in Documentation/translations/zh_CN/process/magic-number.rst (BZ#2208284) Enhancement(s): * Intel 8.9 FEAT SPR power: Intel SST SNC4 support (BZ#2185604) rocky-linux-8-aarch64-powertools-rpms kernel-tools-libs-devel-4.18.0-477.15.1.el8_8.aarch64.rpm 1c039ead7a34762b4b657b36dc72cbf6c728c9eb4e590441b1ff2b460ea7b977 RLEA-2023:3849 The iproute packages contain networking utilities, such as ip and rtmon, designed to use the advanced networking capabilities of the Linux kernel. Bug Fix(es): * macvlan: Add bclim parameter (BZ#2209687) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for iproute. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The iproute packages contain networking utilities, such as ip and rtmon, designed to use the advanced networking capabilities of the Linux kernel. Bug Fix(es): * macvlan: Add bclim parameter (BZ#2209687) rocky-linux-8-aarch64-powertools-rpms iproute-devel-5.18.0-1.1.el8_8.aarch64.rpm 8d2257d5cdd3b06a19f08bacf04ac79f35c6bfdff96823f4a4ba348a7217349b RLSA-2023:3425 The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. Security Fix(es): * cups-filters: remote code execution in cups-filters, beh CUPS backend (CVE-2023-24805) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for cups-filters. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. Security Fix(es): * cups-filters: remote code execution in cups-filters, beh CUPS backend (CVE-2023-24805) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms cups-filters-devel-1.20.0-29.el8_8.2.aarch64.rpm 69868778fb90249c2d1d37f184d1fa410dc6420e2dd24fc10bf1149837ee320d RLSA-2023:3582 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. The following packages have been upgraded to a later upstream version: dotnet6.0 (6.0.118). (BZ#2212378) Security Fix(es): * dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331) * dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337) * dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128) * dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. The following packages have been upgraded to a later upstream version: dotnet6.0 (6.0.118). (BZ#2212378) Security Fix(es): * dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331) * dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337) * dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128) * dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.118-1.el8_8.aarch64.rpm 4cc7c20ca703c83cf78ca15a899dd4eca67d0edaa169643d10c21ddb49485be3 RLSA-2023:3593 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.107 and .NET Runtime 7.0.7. The following packages have been upgraded to a later upstream version: dotnet7.0 (7.0.107). (BZ#2211876) Security Fix(es): * dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331) * dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337) * dotnet: Elevation of privilege - TarFile.ExtractToDirectory ignores extraction directory argument (CVE-2023-32032) * dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128) * dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.107 and .NET Runtime 7.0.7. The following packages have been upgraded to a later upstream version: dotnet7.0 (7.0.107). (BZ#2211876) Security Fix(es): * dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331) * dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337) * dotnet: Elevation of privilege - TarFile.ExtractToDirectory ignores extraction directory argument (CVE-2023-32032) * dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128) * dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.107-1.el8_8.aarch64.rpm 8887c82e7caa0487c1db241cd88928f6454487b008a05f2db49d1da80e0593d1 RLSA-2023:3594 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix(es): * python: urllib.parse url blocklisting bypass (CVE-2023-24329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for python3.11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix(es): * python: urllib.parse url blocklisting bypass (CVE-2023-24329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms python3.11-debug-3.11.2-2.el8_8.1.aarch64.rpm 331ae9086b3f7b1b5b32dca52eb1240558859e2710a69b7103b189550aeccc7d python3.11-idle-3.11.2-2.el8_8.1.aarch64.rpm 1ad2f82d4d18878c20f07187d959e9d8a9bab4113438fbee4c0b377e415676c6 python3.11-test-3.11.2-2.el8_8.1.aarch64.rpm b6cae6f932d1b53de26033d08ff6bce3223f7244c435e737085e02ee37f45c64 RLBA-2023:3823 Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es): * [DELL 8.6 BUG]System hang after plug-in 4K monitor to Atomic dock (BZ#2209025) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mutter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es): * [DELL 8.6 BUG]System hang after plug-in 4K monitor to Atomic dock (BZ#2209025) rocky-linux-8-aarch64-powertools-rpms mutter-devel-3.32.2-69.el8_8.aarch64.rpm e6f7858818bbf0191a14cbe0e4bcbddfe88d970e7f8b9b60817ec088511c3ef2 RLSA-2023:3827 The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c (CVE-2022-48281) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c (CVE-2022-48281) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms libtiff-tools-4.0.9-28.el8_8.aarch64.rpm 3da7ddc42d48554111b1d264fed2a2cd6896a334ae9944e682c64e92daf273e1 RLBA-2023:3832 Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Enhancement(s): * [Backport to 8.X] DHCP based installation shall allow creation network bonding and allowing custom/specifying routes with nmstate. (BZ#2213554) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nmstate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Enhancement(s): * [Backport to 8.X] DHCP based installation shall allow creation network bonding and allowing custom/specifying routes with nmstate. (BZ#2213554) rocky-linux-8-aarch64-powertools-rpms nmstate-devel-1.4.4-2.el8_8.aarch64.rpm 28007faa3aedc1c67fc6fcfc9601f367d6694e78c562161923185ce7ae4b22bd RLBA-2023:3834 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.119 and Runtime 6.0.19 [rhel-8.8.0.z] (BZ#2216221) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.119 and Runtime 6.0.19 [rhel-8.8.0.z] (BZ#2216221) rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.119-1.el8_8.aarch64.rpm 82d9f9e1caaa471fb57c859b5d478acb1c21ee9654c2004bc1d7424bbe1e5277 RLBA-2023:3835 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.108 and Runtime 7.0.8 [rhel-8.8.0.z] (BZ#2216225) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.108 and Runtime 7.0.8 [rhel-8.8.0.z] (BZ#2216225) rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.108-1.el8_8.aarch64.rpm 2b4e86300ca7246199b6fbfcb32aa98812394d99d80e6f5c9fe8914b5c3d0f13 RLSA-2023:4058 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The following packages have been upgraded to a later upstream version: dotnet7.0 (SDK 7.0.109, Runtime 7.0.9). (BZ#2219633) Security Fix(es): * dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method (CVE-2023-33170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The following packages have been upgraded to a later upstream version: dotnet7.0 (SDK 7.0.109, Runtime 7.0.9). (BZ#2219633) Security Fix(es): * dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method (CVE-2023-33170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.109-1.el8_8.aarch64.rpm 6db1761b8cc67dd09c50d6cffb29aed7ff23c2785feca27f9bd18acccd07d26b RLSA-2023:4059 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The following packages have been upgraded to a later upstream version: dotnet6.0 (SDK 6.0.120, Runtime 6.0.20). (BZ#2219639) Security Fix(es): * dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method (CVE-2023-33170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The following packages have been upgraded to a later upstream version: dotnet6.0 (SDK 6.0.120, Runtime 6.0.20). (BZ#2219639) Security Fix(es): * dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method (CVE-2023-33170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el8_8.aarch64.rpm 954da152bd262c898f1a615125fabcfef79cd1fd52f2c6c09dc8933a67b1c7e4 RLSA-2023:5144 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22. Security Fix(es): * dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22. Security Fix(es): * dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.122-1.el8_8.aarch64.rpm e7c6265f70fec383248621c3580c84ca5112609eb8229c4b171ad9b18dc8d88e RLSA-2023:5244 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) * kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390) * kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776) * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004) * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001) * kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788) * kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002) * hw: amd: Cross-Process Information Leak (CVE-2023-20593) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * low memory deadlock with md devices and external (imsm) metadata handling - requires a kernfs notification backport (BZ#2208540) * Intel 8.9 BUG, SPR EMR FHF ACPI: Fix system hang during S3 wakeup (BZ#2218025) * OCS 4.8, cephfs kernel crash: mds_dispatch ceph_handle_snap unable to handle kernel NULL (BZ#2218271) * st_gmac: tx-checksum offload on vlan is not consistent with st_gmac interface (BZ#2219907) * refcount_t overflow often happens in mem_cgroup_id_get_online() (BZ#2221010) * avoid unnecessary page fault retires on shared memory types (BZ#2221100) * enable conntrack clash resolution for GRE (BZ#2223542) * ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (BZ#2224515) * libceph: harden msgr2.1 frame segment length checks [8.x] (BZ#2227073) * Important iavf bug fixes July 2023 (BZ#2228161) * i40e error: Cannot set interface MAC/vlanid to 1e:b7:e2:02:b1:aa/0 for ifname ens4f0 vf 0: Resource temporarily unavailable (BZ#2228163) * oops on cifs_mount due to null tcon (BZ#2229128) * iptables argument "--suppl-groups" in extension "owner" does not work in Rocky Linux8 (BZ#2229715) * Hyper-V Rocky Linux 8: incomplete fc_transport implementation in storvsc causes null dereference in fc_timed_out() (BZ#2230743) * Withdrawal: GFS2: could not freeze filesystem: -16 (BZ#2231825) * Rocky Linux 8 Hyper-V: Excessive hv_storvsc driver logging with srb_status SRB_STATUS_INTERNAL_ERROR (0x30) (BZ#2231988) * Rocky Linux-8: crypto: rng - Fix lock imbalance in crypto_del_rng (BZ#2232215) * Intel 8.9 iavf: Driver Update (BZ#2232399) * Hyper-V Rocky Linux-8 hv_storvsc driver logging excessive storvsc_log events for storvsc_on_io_completion() function (BZ#2233227) Enhancement(s): * Intel 8.9 FEAT, EMR perf: Add EMR CPU PMU support (BZ#2230152) * Intel 8.9 FEAT, SPR EMR power: Add uncore frequency control driver (BZ#2230158) * Intel 8.9 FEAT EMR perf: RAPL PMU support on EMR (BZ#2230162) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) * kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390) * kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776) * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004) * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001) * kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788) * kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002) * hw: amd: Cross-Process Information Leak (CVE-2023-20593) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * low memory deadlock with md devices and external (imsm) metadata handling - requires a kernfs notification backport (BZ#2208540) * Intel 8.9 BUG, SPR EMR FHF ACPI: Fix system hang during S3 wakeup (BZ#2218025) * OCS 4.8, cephfs kernel crash: mds_dispatch ceph_handle_snap unable to handle kernel NULL (BZ#2218271) * st_gmac: tx-checksum offload on vlan is not consistent with st_gmac interface (BZ#2219907) * refcount_t overflow often happens in mem_cgroup_id_get_online() (BZ#2221010) * avoid unnecessary page fault retires on shared memory types (BZ#2221100) * enable conntrack clash resolution for GRE (BZ#2223542) * ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (BZ#2224515) * libceph: harden msgr2.1 frame segment length checks [8.x] (BZ#2227073) * Important iavf bug fixes July 2023 (BZ#2228161) * i40e error: Cannot set interface MAC/vlanid to 1e:b7:e2:02:b1:aa/0 for ifname ens4f0 vf 0: Resource temporarily unavailable (BZ#2228163) * oops on cifs_mount due to null tcon (BZ#2229128) * iptables argument "--suppl-groups" in extension "owner" does not work in Rocky Linux8 (BZ#2229715) * Hyper-V Rocky Linux 8: incomplete fc_transport implementation in storvsc causes null dereference in fc_timed_out() (BZ#2230743) * Withdrawal: GFS2: could not freeze filesystem: -16 (BZ#2231825) * Rocky Linux 8 Hyper-V: Excessive hv_storvsc driver logging with srb_status SRB_STATUS_INTERNAL_ERROR (0x30) (BZ#2231988) * Rocky Linux-8: crypto: rng - Fix lock imbalance in crypto_del_rng (BZ#2232215) * Intel 8.9 iavf: Driver Update (BZ#2232399) * Hyper-V Rocky Linux-8 hv_storvsc driver logging excessive storvsc_log events for storvsc_on_io_completion() function (BZ#2233227) Enhancement(s): * Intel 8.9 FEAT, EMR perf: Add EMR CPU PMU support (BZ#2230152) * Intel 8.9 FEAT, SPR EMR power: Add uncore frequency control driver (BZ#2230158) * Intel 8.9 FEAT EMR perf: RAPL PMU support on EMR (BZ#2230162) rocky-linux-8-aarch64-powertools-rpms kernel-tools-libs-devel-4.18.0-477.27.1.el8_8.aarch64.rpm 40784c33e2195e9d6886cf63e9ea2e46c2d95bc25fe8a022019b7fb5b13e3ded RLSA-2023:5353 The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0800) * libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c (CVE-2023-0801) * libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c (CVE-2023-0802) * libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0803) * libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c (CVE-2023-0804) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0800) * libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c (CVE-2023-0801) * libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c (CVE-2023-0802) * libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0803) * libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c (CVE-2023-0804) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms libtiff-tools-4.0.9-29.el8_8.aarch64.rpm c4ad0306f1abb169f56088fc4590f1658ab631a471f41e8846933fc71b8bff15 RLSA-2023:5455 The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911) * glibc: Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) * glibc: potential use-after-free in getaddrinfo() (CVE-2023-4806) * glibc: potential use-after-free in gaih_inet() (CVE-2023-4813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911) * glibc: Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) * glibc: potential use-after-free in getaddrinfo() (CVE-2023-4806) * glibc: potential use-after-free in gaih_inet() (CVE-2023-4813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms glibc-benchtests-2.28-225.el8_8.6.aarch64.rpm 731eb88c6f36edc571c31f3f45a6115e220232ea3c9b66ee06d3405a85c72d08 glibc-nss-devel-2.28-225.el8_8.6.aarch64.rpm a30c801cfeff8f46eed95ddd1326373c53e7c11fa5f83d4801b4e2a952859ffe glibc-static-2.28-225.el8_8.6.aarch64.rpm 91970a7825428451bda57184ae2f011deee55643890f08bdf1db3ee15f9293b1 nss_hesiod-2.28-225.el8_8.6.aarch64.rpm 66bd2d69f6c9b13a09a54992ec2986b583542536d355f467e8b24f99d5528ff5 RLSA-2023:5463 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix(es): * python: TLS handshake bypass (CVE-2023-40217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for python3.11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix(es): * python: TLS handshake bypass (CVE-2023-40217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms python3.11-debug-3.11.2-2.el8_8.2.aarch64.rpm d7a7b3cc62b7e17c9185bf0906ebbab3d07b1496f3edad0680cc8616b4cebe7c python3.11-idle-3.11.2-2.el8_8.2.aarch64.rpm 1d3c9eb54bcf97d2c0c489ad2b38a1c9888516307178951ecff98247aa6436ab python3.11-test-3.11.2-2.el8_8.2.aarch64.rpm 885c4ff0c4e9eade220a6b6f0bf463d8aa6d141130b39bcab3195f8bd256c193 RLSA-2023:4517 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896) * kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281) * kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829) * kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235) * kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124) * kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * simultaneous writes to a page on xfs can result in zero-byte data (BZ#2184101) * Rocky Linux 8.4 - kernel: fix __clear_user() inline assembly constraints (BZ#2192602) * LPAR is crashed by Phyp when doing DLPAR CPU operations (BZ#2193375) * ice: ptp4l cpu usage spikes (BZ#2203285) * Kernel - Significant performance drop for getrandom system call when FIPS is enabled (compared to Rocky Linux 8.x for all x < 6.z) (BZ#2208127) * macvlan: backports from upstream (BZ#2209686) * Intel 8.9 BUG VROC: Pull VMD secondary bus reset patch (BZ#2211198) * Incorrect target abort handling causes iscsi deadlock (BZ#2211494) * swap deadlock when attempt to charge a page to a cgroup stalls waiting on I/O plugged on another task in swap code (BZ#2211513) * BUG_ON "kernel BUG at mm/rmap.c:1041!" in __page_set_anon_rmap() when vma->anon_vma==NULL (BZ#2211658) * Rocky Linux 8.9: IPMI updates and bug fixes (BZ#2211667) * Rocky Linux 8.6 opening console with mkvterm on novalink terminal fails due to drmgr reporting failure (L3:) (BZ#2212373) * Rocky Linux 8.8 - P10 DD2.0: Wrong numa_node is assigned to vpmem device (BZ#2212451) * Rocky Linux 8.8 beta: Occasional stall during initialization of ipmi_msghandler (BZ#2213189) * ESXi Rocky Linux 8: Haswell generation CPU are impacted with performance due to IBRS (BZ#2213366) * xen: fix section mismatch error with xen_callback_vector() and alloc_intr_gate() (BZ#2214281) * jitter: Fix RCT/APT health test during initialization (BZ#2215079) * aacraid misses interrupts when a CPU is disabled resulting in scsi timeouts and the adapter being unusable until reboot. (BZ#2216498) * Hyper-V Rocky Linux 8: Fix VM crash/hang Issues due to fast VF add/remove events (BZ#2216543) * rbd: avoid fast-diff corruption in snapshot-based mirroring [8.9] (BZ#2216769) * Regression of 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()") (BZ#2220810) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896) * kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281) * kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829) * kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235) * kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124) * kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * simultaneous writes to a page on xfs can result in zero-byte data (BZ#2184101) * Rocky Linux 8.4 - kernel: fix __clear_user() inline assembly constraints (BZ#2192602) * LPAR is crashed by Phyp when doing DLPAR CPU operations (BZ#2193375) * ice: ptp4l cpu usage spikes (BZ#2203285) * Kernel - Significant performance drop for getrandom system call when FIPS is enabled (compared to Rocky Linux 8.x for all x < 6.z) (BZ#2208127) * macvlan: backports from upstream (BZ#2209686) * Intel 8.9 BUG VROC: Pull VMD secondary bus reset patch (BZ#2211198) * Incorrect target abort handling causes iscsi deadlock (BZ#2211494) * swap deadlock when attempt to charge a page to a cgroup stalls waiting on I/O plugged on another task in swap code (BZ#2211513) * BUG_ON "kernel BUG at mm/rmap.c:1041!" in __page_set_anon_rmap() when vma->anon_vma==NULL (BZ#2211658) * Rocky Linux 8.9: IPMI updates and bug fixes (BZ#2211667) * Rocky Linux 8.6 opening console with mkvterm on novalink terminal fails due to drmgr reporting failure (L3:) (BZ#2212373) * Rocky Linux 8.8 - P10 DD2.0: Wrong numa_node is assigned to vpmem device (BZ#2212451) * Rocky Linux 8.8 beta: Occasional stall during initialization of ipmi_msghandler (BZ#2213189) * ESXi Rocky Linux 8: Haswell generation CPU are impacted with performance due to IBRS (BZ#2213366) * xen: fix section mismatch error with xen_callback_vector() and alloc_intr_gate() (BZ#2214281) * jitter: Fix RCT/APT health test during initialization (BZ#2215079) * aacraid misses interrupts when a CPU is disabled resulting in scsi timeouts and the adapter being unusable until reboot. (BZ#2216498) * Hyper-V Rocky Linux 8: Fix VM crash/hang Issues due to fast VF add/remove events (BZ#2216543) * rbd: avoid fast-diff corruption in snapshot-based mirroring [8.9] (BZ#2216769) * Regression of 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()") (BZ#2220810) rocky-linux-8-aarch64-powertools-rpms kernel-tools-libs-devel-4.18.0-477.21.1.el8_8.aarch64.rpm 4088b9290a8f62ce47776bdc941d9770c9ec1a9af5c90f656e03a80656c8aaba RLBA-2023:4518 The iscsi-initiator-utils packages provide the server daemon for the Internet Small Computer System Interface (iSCSI) protocol, as well as the utility programs used to manage it. The iSCSI protocol is a protocol for distributed disk access using SCSI commands sent over Internet Protocol (IP) networks. Bug Fix(es): * Patch3 reverts a patch merged upstream (BZ#2215111) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for iscsi-initiator-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The iscsi-initiator-utils packages provide the server daemon for the Internet Small Computer System Interface (iSCSI) protocol, as well as the utility programs used to manage it. The iSCSI protocol is a protocol for distributed disk access using SCSI commands sent over Internet Protocol (IP) networks. Bug Fix(es): * Patch3 reverts a patch merged upstream (BZ#2215111) rocky-linux-8-aarch64-powertools-rpms iscsi-initiator-utils-devel-6.2.1.4-8.git095f59c.el8_8.aarch64.rpm 4185e4f6c56eb43d5bee3c69723030c7fbe956e9a9c295adbf4c33b2d4a2164c RLBA-2023:4521 NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es): * VLAN of bond will not get autoconnect when bond port link revived. (BZ#2217899) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es): * VLAN of bond will not get autoconnect when bond port link revived. (BZ#2217899) rocky-linux-8-aarch64-powertools-rpms NetworkManager-libnm-devel-1.40.16-4.el8_8.aarch64.rpm b099bfc052526614f86950444206f0921cfcbc9734c1d3b784952f8a60f4844f RLBA-2023:4525 The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es): * [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed'. (BZ#2196838) * SSSD enters failed state after heavy load in the system. (BZ#2219351) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es): * [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed'. (BZ#2196838) * SSSD enters failed state after heavy load in the system. (BZ#2219351) rocky-linux-8-aarch64-powertools-rpms libsss_nss_idmap-devel-2.8.2-3.el8_8.aarch64.rpm 3374b1ec11e8674b3fcca1e10e39f183c30730c087e99a29e5ca1b5f954a8712 RLBA-2023:4528 The crash packages provide the core analysis suite, which is a self-contained tool that can be used to investigate live systems, as well as kernel core dumps created by the kexec-tools packages or the Rocky Linux kernel. Bug Fix(es): * The crash utility results in segmentation fault when non-panicking CPUs fail to get stopped at panic. (BZ#2213678) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for crash. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The crash packages provide the core analysis suite, which is a self-contained tool that can be used to investigate live systems, as well as kernel core dumps created by the kexec-tools packages or the Rocky Linux kernel. Bug Fix(es): * The crash utility results in segmentation fault when non-panicking CPUs fail to get stopped at panic. (BZ#2213678) rocky-linux-8-aarch64-powertools-rpms crash-devel-7.3.2-4.el8_8.1.aarch64.rpm 221672002de2ea1be362027f8a13be0a5259e6a7884c8eccc93c95d8e5dc98c7 RLBA-2023:4533 Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es): * Barcode scanner result is not shown correctly on gnome-terminal. (BZ#2218521) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mutter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es): * Barcode scanner result is not shown correctly on gnome-terminal. (BZ#2218521) rocky-linux-8-aarch64-powertools-rpms mutter-devel-3.32.2-70.el8_8.aarch64.rpm 21cab5d4b7ec77eb211e1e94c73bbdbee59827e3966c0a40e528b35506483bd2 RLBA-2023:4538 For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms java-11-openjdk-demo-fastdebug-11.0.20.0.8-3.el8_8.aarch64.rpm c6a122a1835a2bbf62b836c982a43a4ec8dcac285e829dffeb023920f1d0dd4f java-11-openjdk-demo-slowdebug-11.0.20.0.8-3.el8_8.aarch64.rpm 84c1fbeca45f002ee0d2f4d431fc58e03305a972499a23d1ae8edb3c1d532c24 java-11-openjdk-devel-fastdebug-11.0.20.0.8-3.el8_8.aarch64.rpm 55b89b26bc3010020f81c13c5cbe18df940a23c8fc01d873cf24b6ab3bf75ae8 java-11-openjdk-devel-slowdebug-11.0.20.0.8-3.el8_8.aarch64.rpm d2c72012326af55d9a930dcbb174864192e3f9b38b55a18e629c2de444c4e8e0 java-11-openjdk-fastdebug-11.0.20.0.8-3.el8_8.aarch64.rpm fb90aa2f08312f4e4ab642c508004a993a6d882df67e10f1512525e209952159 java-11-openjdk-headless-fastdebug-11.0.20.0.8-3.el8_8.aarch64.rpm ada82fb8631f641511d8255023a96e93d3feff462546d1f3cb6f86ef3bb10cb9 java-11-openjdk-headless-slowdebug-11.0.20.0.8-3.el8_8.aarch64.rpm 8974cbe8d920baa16d729647974c86932a6073132095694d458b4a16cac461e4 java-11-openjdk-jmods-fastdebug-11.0.20.0.8-3.el8_8.aarch64.rpm 9af3b5caa8ef49b05fcdc5a5f90c8408d84c77a906aee530accfd91f3202b86c java-11-openjdk-jmods-slowdebug-11.0.20.0.8-3.el8_8.aarch64.rpm 27582d8d9926208a6180ca79d070f79c6c051cda12f33cced0b0ae79af8bcf0e java-11-openjdk-slowdebug-11.0.20.0.8-3.el8_8.aarch64.rpm 38c63863b288ddf9072d989ea7e956ab3f87eb2ebbd164f151ed13b7a36cd488 java-11-openjdk-src-fastdebug-11.0.20.0.8-3.el8_8.aarch64.rpm d660d458ba43c39e11db970ee06c5d00d4652883703b61d828ec4b0e67f6f907 java-11-openjdk-src-slowdebug-11.0.20.0.8-3.el8_8.aarch64.rpm 50b5c185da3dd7f2aa9bf8ae621d8e3c76975925752d1e41d9fc7551e1fdc16b java-11-openjdk-static-libs-fastdebug-11.0.20.0.8-3.el8_8.aarch64.rpm 297eff811dfda74f48f35a13536939acd8b4592ef29d0f831257f6504f356bb4 java-11-openjdk-static-libs-slowdebug-11.0.20.0.8-3.el8_8.aarch64.rpm 453721cfbef38dab5f3aca498d90235eceebad170d9962e85ab199a949a28f36 RLSA-2023:4643 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10. Security Fix(es): * dotnet: RCE under dotnet commands (CVE-2023-35390) * dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10. Security Fix(es): * dotnet: RCE under dotnet commands (CVE-2023-35390) * dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.110-1.el8_8.aarch64.rpm 2950128a0fd8bb144b25ef1d64680542206a42dfc060a1fa39215f33d883321c RLSA-2023:4645 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Security Fix(es): * dotnet: RCE under dotnet commands (CVE-2023-35390) * dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Security Fix(es): * dotnet: RCE under dotnet commands (CVE-2023-35390) * dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_8.aarch64.rpm 6cb8eb00c5556efa5a8c86b9b105dc8330df622f00b4dc600b24b4c2309d4b77 RLSA-2023:5742 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Additional validity checks in the handling of Zip64 files, JDK-8302483, were introduced in the 11.0.20 release of OpenJDK, causing the use of some valid zip files to now fail with an error. This release, 11.0.20.1, allows for zero-length headers and additional padding produced by some Zip64 creation tools. With both releases, the checks can be disabled using -Djdk.util.zip.disableZip64ExtraFieldValidation=true. (RHBZ#2237170) * A maximum signature file size property, jdk.jar.maxSignatureFileSize, was introduced in the 11.0.20 release of OpenJDK by JDK-8300596, with a default of 8 MB. This default proved to be too small for some JAR files. This release, 11.0.20.1, increases it to 16 MB. * The serviceability agent would print an exception when encountering null addresses while producing thread dumps. These null values are now handled appropriately. (JDK-8243210, Rocky Linux-2763) * The /usr/bin/jfr alternative is now owned by the java-11-openjdk package (Rocky Linux-13559) * The jcmd tool is now provided by the java-11-openjdk-headless package, rather than java-11-openjdk-devel, to make it more accessible (Rocky Linux-13566) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Additional validity checks in the handling of Zip64 files, JDK-8302483, were introduced in the 11.0.20 release of OpenJDK, causing the use of some valid zip files to now fail with an error. This release, 11.0.20.1, allows for zero-length headers and additional padding produced by some Zip64 creation tools. With both releases, the checks can be disabled using -Djdk.util.zip.disableZip64ExtraFieldValidation=true. (RHBZ#2237170) * A maximum signature file size property, jdk.jar.maxSignatureFileSize, was introduced in the 11.0.20 release of OpenJDK by JDK-8300596, with a default of 8 MB. This default proved to be too small for some JAR files. This release, 11.0.20.1, increases it to 16 MB. * The serviceability agent would print an exception when encountering null addresses while producing thread dumps. These null values are now handled appropriately. (JDK-8243210, Rocky Linux-2763) * The /usr/bin/jfr alternative is now owned by the java-11-openjdk package (Rocky Linux-13559) * The jcmd tool is now provided by the java-11-openjdk-headless package, rather than java-11-openjdk-devel, to make it more accessible (Rocky Linux-13566) rocky-linux-8-aarch64-powertools-rpms java-11-openjdk-demo-fastdebug-11.0.21.0.9-2.el8_8.aarch64.rpm 54d436990fb4b01f99dca52e9ea81664e1c97464fa1fe272977c135b5bf80680 java-11-openjdk-demo-slowdebug-11.0.21.0.9-2.el8_8.aarch64.rpm 2d13edb20c7bb9c47e50fabb2ce3950d9310223ade1a5604bd115849a961f2a0 java-11-openjdk-devel-fastdebug-11.0.21.0.9-2.el8_8.aarch64.rpm 22abd045ee637e88fb77ea99bfdbc47ff96a35390410fddeb13f158f0796ffb4 java-11-openjdk-devel-slowdebug-11.0.21.0.9-2.el8_8.aarch64.rpm be5555ffc56eb526850afa0dbe093c8cb822f6d283ff9245be25ae7633029c48 java-11-openjdk-fastdebug-11.0.21.0.9-2.el8_8.aarch64.rpm 51dd2da9418b79c609d8872138c62cdbcc27d4bee8545e433519f0024b069c69 java-11-openjdk-headless-fastdebug-11.0.21.0.9-2.el8_8.aarch64.rpm 617332c700026ce003801c7a82909dcafd7a95052e6cca7f418667a46be7df35 java-11-openjdk-headless-slowdebug-11.0.21.0.9-2.el8_8.aarch64.rpm 3455ca6d6ace968d980668699ebfbadea5085a4b53c3290f690737a78fe40b18 java-11-openjdk-jmods-fastdebug-11.0.21.0.9-2.el8_8.aarch64.rpm 025e07d22a1c8922ace3f3fde7a3a545dd52ec551dd5e605e37f7dcc6a054d3f java-11-openjdk-jmods-slowdebug-11.0.21.0.9-2.el8_8.aarch64.rpm aad15e05d64ab5d6b36cf0c50d094c2371886ee888d948fef5defd1289e59345 java-11-openjdk-slowdebug-11.0.21.0.9-2.el8_8.aarch64.rpm fabf238b589bb41aefd8816a4de8bd9c63172ada3e6a185276d5a4e38e0aa009 java-11-openjdk-src-fastdebug-11.0.21.0.9-2.el8_8.aarch64.rpm d446a04d4d2e97f76232beb5e61e8d1abc6e2694fec5a4a7f5766cd6784d136d java-11-openjdk-src-slowdebug-11.0.21.0.9-2.el8_8.aarch64.rpm 3d0cd97402fd6d2bfa87e9139f3044b875daf39090e55c2a2145cdc3e4a02c81 java-11-openjdk-static-libs-fastdebug-11.0.21.0.9-2.el8_8.aarch64.rpm 8003873ebf11a2cccd39bc421619848f5882c3ccf5d47f8c7adcd7905fdd6d0d java-11-openjdk-static-libs-slowdebug-11.0.21.0.9-2.el8_8.aarch64.rpm 18a4d5e639e97b5bc4adf5a327b15939190495aa1f7b8356ed7a0aadf8236f42 RLSA-2023:6245 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.124 and .NET Runtime 6.0.24. Security Fix(es): * dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.124 and .NET Runtime 6.0.24. Security Fix(es): * dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.124-1.el8_8.aarch64.rpm 84b71a0a97524aebc0121db56b6b700d464cefc6cb507a580fe499b72df3b96b RLBA-2023:7185 For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nftables. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms nftables-devel-1.0.4-3.el8_9.aarch64.rpm 9ab23928364e036ede7748a846b13cf532a5e1c5308c57972301a56eebbb08e2 RLBA-2023:7186 For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for util-linux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libmount-devel-2.32.1-43.el8.aarch64.rpm e6bef5f767f726c5a90ea034c98776e64dced72b70a5d33400e98ec1e03473a6 RLSA-2023:7187 The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix(es): * procps: ps buffer overflow (CVE-2023-4016) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for procps-ng. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix(es): * procps: ps buffer overflow (CVE-2023-4016) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms procps-ng-devel-3.3.15-14.el8.aarch64.rpm ab8e32d8444dc8ca1287459407a55df6cb4445536a6bcabff3d7fd85c74c9cf8 RLSA-2023:7189 The fwupd packages provide a service that allows session software to update device firmware. Security Fix(es): * fwupd: world readable password in /etc/fwupd/redfish.conf (CVE-2022-3287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for fwupd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The fwupd packages provide a service that allows session software to update device firmware. Security Fix(es): * fwupd: world readable password in /etc/fwupd/redfish.conf (CVE-2022-3287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms fwupd-devel-1.7.8-2.el8.rocky.0.1.aarch64.rpm 0108beec4b0506c133e79eb2aff211f11e6aedf3a1f7247a4f0d476d8567ce70 RLSA-2023:7190 Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers. Security Fix(es): * avahi: avahi-daemon can be crashed via DBus (CVE-2023-1981) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for avahi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers. Security Fix(es): * avahi: avahi-daemon can be crashed via DBus (CVE-2023-1981) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms avahi-compat-howl-0.7-21.el8.aarch64.rpm e1717446421f1372b2bc594db01be9b4d6c502d0e715b2c0af43d65e905be45d avahi-compat-howl-devel-0.7-21.el8.aarch64.rpm ed9896729c4817fd81960eeaae670f715d50aca6a692553c6677662ace2d071a avahi-compat-libdns_sd-0.7-21.el8.aarch64.rpm 3e9b81f1df11b3fc20e89bb35e38104b4bab46d963e94cb093e6490949bd6095 avahi-compat-libdns_sd-devel-0.7-21.el8.aarch64.rpm bc06d66e4015d140a8e52dc5c9f7748c4df5606222ca62f272751e105c01ad46 avahi-devel-0.7-21.el8.aarch64.rpm e01b5103cb831b828f583ab0cf2e33e42684cef87ebe9bb80626ff1dc03b75b8 avahi-glib-devel-0.7-21.el8.aarch64.rpm fd83b841f86d1ec1da8fd9a26a8854b76b4baacd7374e5b4c23d2e4871184b0c avahi-gobject-devel-0.7-21.el8.aarch64.rpm fb80482c244b3f1bcc09f0117f20a0dd5d318e36454e1f8c67a49c342c9ad4a1 avahi-ui-0.7-21.el8.aarch64.rpm cf42a00d14dfc197152c5391778c88e4abd1ef1e813c927ec8d07ea519077b75 avahi-ui-devel-0.7-21.el8.aarch64.rpm 3eb97c58e15f6997190b34e932ec6dae751606477c0fbd20e0aabe54b270ce03 RLBA-2023:7191 For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for lvm2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms device-mapper-devel-1.02.181-13.el8_9.aarch64.rpm 459049b8c3e6d6847f3d5374c0ee67f62ea468a2521ec04b605a080b435da678 device-mapper-event-devel-1.02.181-13.el8_9.aarch64.rpm 66e2df163fa735e7b10350b2d87fca0c19e98746d66a7df354011ec6671a8bb5 lvm2-devel-2.03.14-13.el8_9.aarch64.rpm a8238a02239f843bc3fb68f55cf5b34bf3410c28ef5c7b8f6e77251057a15713 RLBA-2023:7210 The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es): * dbus and crond getting terminated with SIGBUS in sss_client code (BZ#2236414) * SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7) (BZ#2237302) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es): * dbus and crond getting terminated with SIGBUS in sss_client code (BZ#2236414) * SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7) (BZ#2237302) rocky-linux-8-aarch64-powertools-rpms libsss_nss_idmap-devel-2.9.1-4.el8_9.aarch64.rpm cba4e3aed2c19b37515649cabdc0b16001ef5933fcbcdb5ade5aeab982fe9786 RLSA-2021:1852 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. The following packages have been upgraded to a later upstream version: ghostscript (9.27). (BZ#1874523) Security Fix(es): * ghostscript: use-after-free vulnerability in igc_reloc_struct_ptr() could result in DoS (CVE-2020-14373) * ghostscript: buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS (CVE-2020-16287) * ghostscript: buffer overflow in pj_common_print_page() in devices/gdevpjet.c could result in a DoS (CVE-2020-16288) * ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a DoS (CVE-2020-16290) * ghostscript: buffer overflow in contrib/gdevdj9.c could result in a DoS (CVE-2020-16291) * ghostscript: buffer overflow in mj_raster_cmd() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16292) * ghostscript: NULL pointer dereference in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c could result in a DoS (CVE-2020-16293) * ghostscript: buffer overflow in epsc_print_page() in devices/gdevepsc.c could result in a DoS (CVE-2020-16294) * ghostscript: NULL pointer dereference in clj_media_size() in devices/gdevclj.c could result in a DoS (CVE-2020-16295) * ghostscript: buffer overflow in GetNumWrongData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-16296) * ghostscript: buffer overflow in FloydSteinbergDitheringC() in contrib/gdevbjca.c could result in a DoS (CVE-2020-16297) * ghostscript: buffer overflow in mj_color_correct() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16298) * ghostscript: division by zero in bj10v_print_page() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16299) * ghostscript: buffer overflow in tiff12_print_page() in devices/gdevtfnx.c could result in a DoS (CVE-2020-16300) * ghostscript: buffer overflow in okiibm_print_page1() in devices/gdevokii.c could result in a DoS (CVE-2020-16301) * ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a privilege escalation (CVE-2020-16302) * ghostscript: use-after-free in xps_finish_image_path() in devices/vector/gdevxps.c could result in a privilege escalation (CVE-2020-16303) * ghostscript: buffer overflow in image_render_color_thresh() in base/gxicolor.c could result in a DoS (CVE-2020-16304) * ghostscript: NULL pointer dereference in devices/gdevtsep.c could result in a DoS (CVE-2020-16306) * ghostscript: NULL pointer dereference in devices/vector/gdevtxtw.c and psi/zbfont.c could result in a DoS (CVE-2020-16307) * ghostscript: buffer overflow in p_print_image() in devices/gdevcdj.c could result in a DoS (CVE-2020-16308) * ghostscript: buffer overflow in lxm5700m_print_page() in devices/gdevlxm.c could result in a DoS (CVE-2020-16309) * ghostscript: division by zero in dot24_print_page() in devices/gdevdm24.c could result in a DoS (CVE-2020-16310) * ghostscript: buffer overflow in GetNumSameData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-17538) * ghostscript: buffer overflow in cif_print_page() in devices/gdevcif.c could result in a DoS (CVE-2020-16289) * ghostscript: buffer overflow in pcx_write_rle() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. The following packages have been upgraded to a later upstream version: ghostscript (9.27). (BZ#1874523) Security Fix(es): * ghostscript: use-after-free vulnerability in igc_reloc_struct_ptr() could result in DoS (CVE-2020-14373) * ghostscript: buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS (CVE-2020-16287) * ghostscript: buffer overflow in pj_common_print_page() in devices/gdevpjet.c could result in a DoS (CVE-2020-16288) * ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a DoS (CVE-2020-16290) * ghostscript: buffer overflow in contrib/gdevdj9.c could result in a DoS (CVE-2020-16291) * ghostscript: buffer overflow in mj_raster_cmd() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16292) * ghostscript: NULL pointer dereference in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c could result in a DoS (CVE-2020-16293) * ghostscript: buffer overflow in epsc_print_page() in devices/gdevepsc.c could result in a DoS (CVE-2020-16294) * ghostscript: NULL pointer dereference in clj_media_size() in devices/gdevclj.c could result in a DoS (CVE-2020-16295) * ghostscript: buffer overflow in GetNumWrongData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-16296) * ghostscript: buffer overflow in FloydSteinbergDitheringC() in contrib/gdevbjca.c could result in a DoS (CVE-2020-16297) * ghostscript: buffer overflow in mj_color_correct() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16298) * ghostscript: division by zero in bj10v_print_page() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16299) * ghostscript: buffer overflow in tiff12_print_page() in devices/gdevtfnx.c could result in a DoS (CVE-2020-16300) * ghostscript: buffer overflow in okiibm_print_page1() in devices/gdevokii.c could result in a DoS (CVE-2020-16301) * ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a privilege escalation (CVE-2020-16302) * ghostscript: use-after-free in xps_finish_image_path() in devices/vector/gdevxps.c could result in a privilege escalation (CVE-2020-16303) * ghostscript: buffer overflow in image_render_color_thresh() in base/gxicolor.c could result in a DoS (CVE-2020-16304) * ghostscript: NULL pointer dereference in devices/gdevtsep.c could result in a DoS (CVE-2020-16306) * ghostscript: NULL pointer dereference in devices/vector/gdevtxtw.c and psi/zbfont.c could result in a DoS (CVE-2020-16307) * ghostscript: buffer overflow in p_print_image() in devices/gdevcdj.c could result in a DoS (CVE-2020-16308) * ghostscript: buffer overflow in lxm5700m_print_page() in devices/gdevlxm.c could result in a DoS (CVE-2020-16309) * ghostscript: division by zero in dot24_print_page() in devices/gdevdm24.c could result in a DoS (CVE-2020-16310) * ghostscript: buffer overflow in GetNumSameData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-17538) * ghostscript: buffer overflow in cif_print_page() in devices/gdevcif.c could result in a DoS (CVE-2020-16289) * ghostscript: buffer overflow in pcx_write_rle() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms ghostscript-doc-9.27-11.el8.noarch.rpm f221bd7039893215b0704e74c99d7ca6dc842e26a460050aad879597f4d96f63 ghostscript-tools-dvipdf-9.27-11.el8.aarch64.rpm 458c0fcc73eca7836f53ef38c5b9f4fdab4cd1f21be52903a7ce9991cba2071b ghostscript-tools-fonts-9.27-11.el8.aarch64.rpm 849a7e24ba4d33f581d1a6e7224b7309de707032d12c2c90dfe1486a9b691724 ghostscript-tools-printing-9.27-11.el8.aarch64.rpm 9a41b256b91a3f896c12b341401b2c468a2f8675eb686744b344efab167294b2 libgs-devel-9.27-11.el8.aarch64.rpm c6a7791c69a21a5021b20764293945bd27a3dd774410bc950af9ae927e4f560a RLSA-2023:7057 Yet Another JSON Library (YAJL) is a small event-driven (SAX-style) JSON parser written in ANSI C, and a small validating JSON generator. Security Fix(es): * yajl: Memory leak in yajl_tree_parse function (CVE-2023-33460) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for yajl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Yet Another JSON Library (YAJL) is a small event-driven (SAX-style) JSON parser written in ANSI C, and a small validating JSON generator. Security Fix(es): * yajl: Memory leak in yajl_tree_parse function (CVE-2023-33460) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms yajl-devel-2.1.0-12.el8.aarch64.rpm 0b8490035d3a8b498953b37ac7d1e8ec54865d63076d9a5bc80db6e35d0f9a80 RLBA-2023:7204 Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es): * Do not use DMA-BUFs for screensharing when the other side doesn't support it (JIRA:Rocky Linux-11227) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mutter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es): * Do not use DMA-BUFs for screensharing when the other side doesn't support it (JIRA:Rocky Linux-11227) rocky-linux-8-aarch64-powertools-rpms mutter-devel-3.32.2-71.el8_9.1.aarch64.rpm 4aa2aa9caedbfa2907a33b78653f5b976290b13db629371775839a0c4fcdafe1 RLBA-2023:7133 For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libfabric. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libfabric-devel-1.18.0-1.el8.aarch64.rpm 1d7683def747f8e92db01cdef566638180f6534f8102388be5d854afa3e9fb2c RLBA-2023:7135 For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libldb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms python3-ldb-devel-2.7.2-3.el8.aarch64.rpm 459a91a4efe60b2cecd6b08334e7cd3d56e1368911d9560d88f7f61806de75c0 python-ldb-devel-common-2.7.2-3.el8.aarch64.rpm 5d016ac4df3be4b7cbdeaa8afe6e9f9f9573e60bdb97ef483a723df6fa6dc20f RLBA-2023:7297 For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nghttp2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libnghttp2-devel-1.33.0-5.el8_8.aarch64.rpm 2ce12131092d504ee4231866ca4f6af9a8e1d957e42e7d1196331b307adff78b nghttp2-1.33.0-5.el8_8.aarch64.rpm 8d1a9130bc36638adf47955c6de26439888e08adeba5ec5e1169e1c31f07ffb0 RLBA-2023:6920 For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libblockdev. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libblockdev-crypto-devel-2.28-4.el8.aarch64.rpm 83551e11204c26df850a4d47984781a9b80ba28ba1de8e1ff66255bc7a71d8f7 libblockdev-devel-2.28-4.el8.aarch64.rpm a6590d31dde307f9f1ceba09222802e3c7d61d8551e974ec751ced73143f53a7 libblockdev-fs-devel-2.28-4.el8.aarch64.rpm d1559ab3052f92c9184f143d2574074448a33f04c5e96058c84dfa7d8471f6a8 libblockdev-loop-devel-2.28-4.el8.aarch64.rpm d947ee13227b8c10760ddd89291b4ba7e34eae7f24c8ace5c9544cf3ecabfe77 libblockdev-lvm-devel-2.28-4.el8.aarch64.rpm 4f288b85e97856bedb1e3c30e7482d901d4b4bd8b0b56588239769110e356b89 libblockdev-mdraid-devel-2.28-4.el8.aarch64.rpm e0b5cb41faa7e7badd244cd8cdc01230055dcb3a6afc13e3cdf36eb516408678 libblockdev-part-devel-2.28-4.el8.aarch64.rpm 5fd02162c99589ab1cf6fd700876c0eb3323f91b899979dc7f8d3ee51d5e54e5 libblockdev-swap-devel-2.28-4.el8.aarch64.rpm 8757091a44ca8ecb060381363b8a4877f88ae68ab587898994229790126bd936 libblockdev-utils-devel-2.28-4.el8.aarch64.rpm 6a7cf5a15a0d05e6901859971700fe1db3c74c4763133b367d710fd547571fa8 libblockdev-vdo-devel-2.28-4.el8.aarch64.rpm 1ef314450ddd25b76e6347fa3a058010b8fa18f63bd6895e265c8150d2084009 RLBA-2023:6957 For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for anaconda. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms anaconda-widgets-devel-33.16.9.4-1.el8.rocky.0.1.aarch64.rpm af6e511c2ea3e862b6b0d0d0453f904214f9f95a2600483052674398ebd6393b RLBA-2023:7044 For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for openwsman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libwsman-devel-2.6.5-10.el8.aarch64.rpm 919e8bc8582c4683faae792847b2f9a3d97e7d81f9305f6fbf275619f92af379 RLSA-2023:7256 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.114 and .NET Runtime 7.0.14. Security Fix(es): * dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (CVE-2023-36049) * dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (CVE-2023-36558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.114 and .NET Runtime 7.0.14. Security Fix(es): * dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (CVE-2023-36049) * dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (CVE-2023-36558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.114-1.el8_9.aarch64.rpm f5909051a40e2e92334069b8e071ea32113d28a1dd8c74fe498c12725d5cf8a2 RLSA-2023:7258 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.125 and .NET Runtime 6.0.25. Security Fix(es): * dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (CVE-2023-36049) * dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (CVE-2023-36558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.125 and .NET Runtime 6.0.25. Security Fix(es): * dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (CVE-2023-36049) * dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (CVE-2023-36558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.125-1.el8_9.aarch64.rpm d8e959ad274b31abfe7dd1389827c47eddbd049346414ba47fac9cf3b591f2ca RLSA-2023:7549 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163) * kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812) * kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178) * kernel: use-after-free due to race condition occurring in dvb_register_device() (CVE-2022-45884) * kernel: use-after-free due to race condition occurring in dvb_net.c (CVE-2022-45886) * kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c (CVE-2022-45919) * kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Random delay receiving packets after bringing up VLAN on top of VF with vf-vlan-pruning enabled (BZ#2240750) * bpf_jit_limit hit again (BZ#2243011) * HPE Edgeline 920t resets during kdump context when ice driver is loaded and when system is booted with intel_iommu=on iommu=pt (BZ#2244625) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163) * kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812) * kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178) * kernel: use-after-free due to race condition occurring in dvb_register_device() (CVE-2022-45884) * kernel: use-after-free due to race condition occurring in dvb_net.c (CVE-2022-45886) * kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c (CVE-2022-45919) * kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Random delay receiving packets after bringing up VLAN on top of VF with vf-vlan-pruning enabled (BZ#2240750) * bpf_jit_limit hit again (BZ#2243011) * HPE Edgeline 920t resets during kdump context when ice driver is loaded and when system is booted with intel_iommu=on iommu=pt (BZ#2244625) rocky-linux-8-aarch64-powertools-rpms kernel-tools-libs-devel-4.18.0-513.9.1.el8_9.aarch64.rpm cc7b329f6ca2c3d1beb769362428096767259f929087ba519c0fc6b8413e233e RLSA-2023:7841 GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_9.aarch64.rpm ead987894d2a4c031495102c3688b41e36a4b29aacbaecd737b0e42146e93e13 RLSA-2023:7836 Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers. Security Fix(es): * avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket (CVE-2021-3468) * avahi: Reachable assertion in avahi_dns_packet_append_record (CVE-2023-38469) * avahi: Reachable assertion in avahi_escape_label (CVE-2023-38470) * avahi: Reachable assertion in dbus_set_host_name (CVE-2023-38471) * avahi: Reachable assertion in avahi_rdata_parse (CVE-2023-38472) * avahi: Reachable assertion in avahi_alternative_host_name (CVE-2023-38473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for avahi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers. Security Fix(es): * avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket (CVE-2021-3468) * avahi: Reachable assertion in avahi_dns_packet_append_record (CVE-2023-38469) * avahi: Reachable assertion in avahi_escape_label (CVE-2023-38470) * avahi: Reachable assertion in dbus_set_host_name (CVE-2023-38471) * avahi: Reachable assertion in avahi_rdata_parse (CVE-2023-38472) * avahi: Reachable assertion in avahi_alternative_host_name (CVE-2023-38473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms avahi-compat-howl-0.7-21.el8_9.1.aarch64.rpm 3d8bca590482d485c1295493f3c9d3a7ebb2fd4a8f03757f7e1997104ac6f508 avahi-compat-howl-devel-0.7-21.el8_9.1.aarch64.rpm c86d11fd32621d0d8e8a61269d1d8153b5bf370d0007392853e7a2b73bcac741 avahi-compat-libdns_sd-0.7-21.el8_9.1.aarch64.rpm d1a020ac79d4c65f2d5ae191d1cc426cae84ffc0c0b0136b952521a036a4866b avahi-compat-libdns_sd-devel-0.7-21.el8_9.1.aarch64.rpm 0388d6851cabe614949121ee296fd1949f6c6dc86b05e447bfae47e779d077fa avahi-devel-0.7-21.el8_9.1.aarch64.rpm 877626b9b051aadb44d25fb8e9836ec06161a437f7c23cc6f4d95b065c9214ec avahi-glib-devel-0.7-21.el8_9.1.aarch64.rpm 722b79528cf287cc15f91f58fa0ac840dbefcc5c3c0b459c72c7963d61cdfc66 avahi-gobject-devel-0.7-21.el8_9.1.aarch64.rpm 2f8cebe65053a31cdf7ab9c32746faffde83caa6375d8a0c0048ecf70e002f7a avahi-ui-0.7-21.el8_9.1.aarch64.rpm 6b5b0b22abe397087aec366ac607def71852a38786b8d925a9fc57916c50571d avahi-ui-devel-0.7-21.el8_9.1.aarch64.rpm b4d6e1f73769d580d8e31269717c4d993be723a30bda2537a65f50aeacc8142f RLSA-2024:0150 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1. Security Fix(es): * dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056) * dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057) * dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1. Security Fix(es): * dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056) * dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057) * dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.101-1.el8_9.aarch64.rpm fc64b3ab8f44fede5d9c56be0938079d45d1bba2fefca76b6dd8faf9516555b6 RLSA-2024:0157 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.115 and .NET Runtime 7.0.15. Security Fix(es): * dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056) * dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057) * dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.115 and .NET Runtime 7.0.15. Security Fix(es): * dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056) * dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057) * dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.115-1.el8_9.aarch64.rpm 20fb515fe11d0284f6ac2ac468b571fc10c1b6f715f60d144e0b28ef4b7afb20 RLSA-2024:0158 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26. Security Fix(es): * dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056) * dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057) * dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26. Security Fix(es): * dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056) * dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057) * dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.126-1.el8_9.aarch64.rpm a741d48e964886c7a27c818833217ff1ba010b6195a3c6823ed3e5d7536430fa RLSA-2024:0827 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.102 and .NET Runtime 8.0.2. Security Fix(es): * dotnet: Denial of Service in SignalR server (CVE-2024-21386) * dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.102 and .NET Runtime 8.0.2. Security Fix(es): * dotnet: Denial of Service in SignalR server (CVE-2024-21386) * dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.102-2.el8_9.aarch64.rpm ded1a073a9f5cff79921379cc273bf983f29ca458bba20992f679ceb042d08fd RLBA-2024:0899 The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es): * Excessive logging to sssd_nss and sssd_be in multi-domain AD forest (JIRA:Rocky Linux-19212) * latest sssd breaks logging in via XDMCP for LDAP/Kerberos users (JIRA:Rocky Linux-19994) * SSSD GPO lacks group resolution on hosts (JIRA:Rocky Linux-21085) * Make sure 8.9.z/9.3.z doesn't build 'passkey' code (JIRA:Rocky Linux-21164) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es): * Excessive logging to sssd_nss and sssd_be in multi-domain AD forest (JIRA:Rocky Linux-19212) * latest sssd breaks logging in via XDMCP for LDAP/Kerberos users (JIRA:Rocky Linux-19994) * SSSD GPO lacks group resolution on hosts (JIRA:Rocky Linux-21085) * Make sure 8.9.z/9.3.z doesn't build 'passkey' code (JIRA:Rocky Linux-21164) rocky-linux-8-aarch64-powertools-rpms libsss_nss_idmap-devel-2.9.1-4.el8_9.5.aarch64.rpm 8bbd37952782cb32e2153343dabf84af9b9fd9513448cde4301ce8e733eaea0c RLSA-2024:0806 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.116 and .NET Runtime 7.0.16. Security Fix(es): * dotnet: Denial of Service in SignalR server (CVE-2024-21386) * dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.116 and .NET Runtime 7.0.16. Security Fix(es): * dotnet: Denial of Service in SignalR server (CVE-2024-21386) * dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.116-1.el8_9.aarch64.rpm 4c67c9a732734042634578bbecf7b0bb67eea22008838ea2a348f4fbadb6bb7e RLBA-2024:1298 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK SDK_VERSION and .NET Runtime RUNTIME_VERSION. Bug Fix(es): * Update .NET 6.0 to SDK 6.0.128 and Runtime 6.0.28 [rhel-8.9.0.z] (Rocky Linux-27538) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK SDK_VERSION and .NET Runtime RUNTIME_VERSION. Bug Fix(es): * Update .NET 6.0 to SDK 6.0.128 and Runtime 6.0.28 [rhel-8.9.0.z] (Rocky Linux-27538) rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.128-1.el8_9.aarch64.rpm 2cc801d6530a50a23b046ff502128727cec811f0c29b6f27628a13e75f02dc2f RLSA-2024:1308 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.117 and .NET Runtime 7.0.17. Security Fix(es): * dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.117 and .NET Runtime 7.0.17. Security Fix(es): * dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.117-1.el8_9.aarch64.rpm 95e6c16613b51b423ca0f9c9ab76cdeb2747be168ae0be29c90283374d4b35c0 RLSA-2024:1311 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3. Security Fix(es): * dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3. Security Fix(es): * dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.103-1.el8_9.aarch64.rpm cf659c8b63b97287ec923cfc1f4f20f983f76a1b0ed82a8642fc66d26fa8e494 RLBA-2024:1604 NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es): * Reapply of device network update DNS changes retrieved from DHCPv4 to /etc/resolv.conf (JIRA:Rocky Linux-20600) * [FJ8.7 Bug]: Suppress NetworkManager's harmless warning when IPv6 is disabled at kernel level (JIRA:Rocky Linux-24968) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es): * Reapply of device network update DNS changes retrieved from DHCPv4 to /etc/resolv.conf (JIRA:Rocky Linux-20600) * [FJ8.7 Bug]: Suppress NetworkManager's harmless warning when IPv6 is disabled at kernel level (JIRA:Rocky Linux-24968) rocky-linux-8-aarch64-powertools-rpms NetworkManager-libnm-devel-1.40.16-15.el8_9.aarch64.rpm 8a3aa3e27210333c51938b329fd3fb4ba141a360a72761648d07e2db643267b2 RLBA-2024:1606 The util-linux packages contain a large variety of low-level system utilities necessary for a Linux system to function. Among others, these include the libuuid and uuidd daemon. Bug Fix(es): * lscpu throws EBUSY error if cpu is offline [rhel-8.9.0.z] (JIRA:Rocky Linux-21562) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for util-linux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The util-linux packages contain a large variety of low-level system utilities necessary for a Linux system to function. Among others, these include the libuuid and uuidd daemon. Bug Fix(es): * lscpu throws EBUSY error if cpu is offline [rhel-8.9.0.z] (JIRA:Rocky Linux-21562) rocky-linux-8-aarch64-powertools-rpms libmount-devel-2.32.1-44.el8_9.1.aarch64.rpm 9f38c69dc270cee7c89e438cac1c1e76544a414ae7cd86b28d66d3b8467320c1 RLSA-2024:1607 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096) * kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931) * kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527) * kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565) * kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042) * kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631) * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) Bug Fix(es): * OCP 4.12 crashed due to use-after-free in libceph in rhel8 (JIRA:Rocky Linux-21394) * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:Rocky Linux-24010) * Screen floods with random colour suggesting something not initialised (JIRA:Rocky Linux-21055) * kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:Rocky Linux-22766) * tx-checksumming required for accessing port in OpenShift for Rocky Linux 8.6 (JIRA:Rocky Linux-20822) * kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:Rocky Linux-22077) * kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:Rocky Linux-22930) * rbd: don't move requests to the running list on errors [8.x] (JIRA:Rocky Linux-24204) * kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (JIRA:Rocky Linux-24479) * ceph: several cap and snap fixes (JIRA:Rocky Linux-20909) * [RHVH] Migration hangs between RHVH release bellow 4.5.1 and RHVH over or equal 4.5.2 release (JIRA:Rocky Linux-23063) * unable to access smsc95xx based interface unless you start outgoing traffic. (JIRA:Rocky Linux-25719) * [Rocky Linux8] ] BUG bio-696 (Not tainted): Poison overwritten (JIRA:Rocky Linux-26101) * kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:Rocky Linux-19954) * backport smartpqi: fix disable_managed_interrupts (JIRA:Rocky Linux-26139) * kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:Rocky Linux-26331) * ceph: always check dir caps asynchronously (JIRA:Rocky Linux-27496) Enhancement(s): * [IBM 8.10 FEAT] Upgrade the qeth driver to latest from upstream, e.g. kernel 6.4 (JIRA:Rocky Linux-25811) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096) * kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931) * kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527) * kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565) * kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042) * kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631) * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) Bug Fix(es): * OCP 4.12 crashed due to use-after-free in libceph in rhel8 (JIRA:Rocky Linux-21394) * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:Rocky Linux-24010) * Screen floods with random colour suggesting something not initialised (JIRA:Rocky Linux-21055) * kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:Rocky Linux-22766) * tx-checksumming required for accessing port in OpenShift for Rocky Linux 8.6 (JIRA:Rocky Linux-20822) * kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:Rocky Linux-22077) * kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:Rocky Linux-22930) * rbd: don't move requests to the running list on errors [8.x] (JIRA:Rocky Linux-24204) * kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (JIRA:Rocky Linux-24479) * ceph: several cap and snap fixes (JIRA:Rocky Linux-20909) * [RHVH] Migration hangs between RHVH release bellow 4.5.1 and RHVH over or equal 4.5.2 release (JIRA:Rocky Linux-23063) * unable to access smsc95xx based interface unless you start outgoing traffic. (JIRA:Rocky Linux-25719) * [Rocky Linux8] ] BUG bio-696 (Not tainted): Poison overwritten (JIRA:Rocky Linux-26101) * kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:Rocky Linux-19954) * backport smartpqi: fix disable_managed_interrupts (JIRA:Rocky Linux-26139) * kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:Rocky Linux-26331) * ceph: always check dir caps asynchronously (JIRA:Rocky Linux-27496) Enhancement(s): * [IBM 8.10 FEAT] Upgrade the qeth driver to latest from upstream, e.g. kernel 6.4 (JIRA:Rocky Linux-25811) rocky-linux-8-aarch64-powertools-rpms kernel-tools-libs-devel-4.18.0-513.24.1.el8_9.aarch64.rpm af9d1a92595a805b4e9a558e2bb211fa8058f03cbbb5a68d0b282e2b76a832b3 RLSA-2024:1608 The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities. Security Fix(es): * opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) (CVE-2024-0914) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities. Security Fix(es): * opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) (CVE-2024-0914) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms opencryptoki-devel-3.21.0-10.el8_9.aarch64.rpm 126d27396355d5423f2553d839aee7b5f0fa46c82e067b03cb795ee297708c14 RLBA-2024:1600 Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. Bug Fix(es): * Evolution - Composer: Cursor jumps to the starting line when "return" key is pressed at the end of the line. (JIRA:Rocky Linux-29199) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for evolution. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. Bug Fix(es): * Evolution - Composer: Cursor jumps to the starting line when "return" key is pressed at the end of the line. (JIRA:Rocky Linux-29199) rocky-linux-8-aarch64-powertools-rpms evolution-devel-3.28.5-25.el8_9.aarch64.rpm 97970d7055359081469088f81f928c8cc7173870b633546c38cff30d35ac93b6 RLBA-2024:1732 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.129 and Runtime 6.0.29 [rhel-8.9.0.z] (Rocky Linux-31196) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.129 and Runtime 6.0.29 [rhel-8.9.0.z] (Rocky Linux-31196) rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.129-1.el8_9.aarch64.rpm e187378728c8a1c87763e8bde9eb0fae0d75dd24a24f2ece454deccff241acbb RLBA-2024:1733 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 8.0 to SDK 8.0.104 and Runtime 8.0.4 [rhel-8.9.0.z] (Rocky Linux-31206) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 8.0 to SDK 8.0.104 and Runtime 8.0.4 [rhel-8.9.0.z] (Rocky Linux-31206) rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.104-1.el8_9.aarch64.rpm e83eff7caf12e16dce0b6c5d3d6585b44c4db700cc88454f5700a756e269cc6d RLBA-2024:1735 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.118 and Runtime 7.0.18 [rhel-8.9.0.z] (Rocky Linux-31201) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.118 and Runtime 7.0.18 [rhel-8.9.0.z] (Rocky Linux-31201) rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.118-1.el8_9.aarch64.rpm bb9c705222527329deda12b38de6bc0cc820dff97997f10a41ed22626794785e RLSA-2024:1781 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408) * bind9: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled (CVE-2023-5517) * bind9: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution (CVE-2023-5679) * bind9: Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516) * bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387) * bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for bind9.16. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408) * bind9: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled (CVE-2023-5517) * bind9: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution (CVE-2023-5679) * bind9: Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516) * bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387) * bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms bind9.16-devel-9.16.23-0.16.el8_9.2.aarch64.rpm 266e39bf05ee21e39c41afe0285c3c0b3f135586434e5b40ef3d4d443cd84e3e bind9.16-doc-9.16.23-0.16.el8_9.2.noarch.rpm fdf475d9a7194a0f0cdd62be2525f5de6c5bc07c479703021b816dc63c52e047 RLSA-2024:1818 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) * OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068) * OpenJDK: Pack200 excessive memory allocation (8322114) (CVE-2024-21085) * OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507) (CVE-2024-21094) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-1.8.0-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) * OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068) * OpenJDK: Pack200 excessive memory allocation (8322114) (CVE-2024-21085) * OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507) (CVE-2024-21094) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.412.b08-2.el8.aarch64.rpm 941a6f51d060b1df5093fb729eda43c48b631686b981cd442c4b68e62c56f7e9 java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.412.b08-2.el8.aarch64.rpm 77dcc2a1d03f26a5ce4c11976e630af337eb4a56c01cc939f6a7feee274bf652 java-1.8.0-openjdk-demo-fastdebug-1.8.0.412.b08-2.el8.aarch64.rpm f4f74898c47bc45d449519002441ce5cf17c8c0426484e5711becfaad566abbe java-1.8.0-openjdk-demo-slowdebug-1.8.0.412.b08-2.el8.aarch64.rpm 1104d63c7172de58ef0e0da9281200bf1526e9c2c94ed7a843381d48850757d0 java-1.8.0-openjdk-devel-fastdebug-1.8.0.412.b08-2.el8.aarch64.rpm edc348bf7c57bdfd01ac241fa9e4a2d4767e187d427d84f2bffdd364dfe0d2c9 java-1.8.0-openjdk-devel-slowdebug-1.8.0.412.b08-2.el8.aarch64.rpm cd3972ed1a4d0fa55d9d9d61c1bdae1a2277913ba30eb003d05f3b0f65a137cb java-1.8.0-openjdk-fastdebug-1.8.0.412.b08-2.el8.aarch64.rpm d5578154a956282ec53beff2928c2f9484750c3189ad912cdcd38edeb580c4e4 java-1.8.0-openjdk-headless-fastdebug-1.8.0.412.b08-2.el8.aarch64.rpm 8d47f44dcbcfa63975a1395b09cba121c4b9278f336d34478b77cd9948560cff java-1.8.0-openjdk-headless-slowdebug-1.8.0.412.b08-2.el8.aarch64.rpm 390b764f5f1cd8a1a5a75bbfeab56bc3bdfe89a2b3bca8626cb20edf511bd200 java-1.8.0-openjdk-slowdebug-1.8.0.412.b08-2.el8.aarch64.rpm a71a1504f2b83e3c0995bbdf79f6d2464a8c62c43fcfcace1b56770e69c2006d java-1.8.0-openjdk-src-fastdebug-1.8.0.412.b08-2.el8.aarch64.rpm 30e6abc44931b99203b4490b9a7aa3534f967fa14dc5fd847534f3a7026426f6 java-1.8.0-openjdk-src-slowdebug-1.8.0.412.b08-2.el8.aarch64.rpm 9879a92a695358d51d200cf9d73d1576b21a62160e4219d80da6c470a4a4283b RLSA-2024:1828 The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) * OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068) * OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708) (CVE-2024-21012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-21-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) * OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068) * OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708) (CVE-2024-21012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms java-21-openjdk-demo-fastdebug-21.0.3.0.9-1.el8.aarch64.rpm eec41abd761ae01debd48fd04db60e68a2bf11accdfde2eb7094d38c1e4f7917 java-21-openjdk-demo-slowdebug-21.0.3.0.9-1.el8.aarch64.rpm 96c5c641ae9a8ae6592d8531582b9e44c2797d0bc5a2e222b53b1ce19cb5f851 java-21-openjdk-devel-fastdebug-21.0.3.0.9-1.el8.aarch64.rpm 58ebf548819f8e11aeec61aa7f4356e6ffa64b066c89d65c7e24ab0df53cf72b java-21-openjdk-devel-slowdebug-21.0.3.0.9-1.el8.aarch64.rpm 38d95382140ccccf1bd4f452f88a23a2782e3bf2ac418b447d9b71ffac69fcf2 java-21-openjdk-fastdebug-21.0.3.0.9-1.el8.aarch64.rpm 463259408f8dee23ca7607bd5aa8f4e5bbcef578022e5aade3bb3e60095a78c6 java-21-openjdk-headless-fastdebug-21.0.3.0.9-1.el8.aarch64.rpm de46f7d5291b0c1236bebf90ce1404634b2cfb1e61160b1b8368305802d52450 java-21-openjdk-headless-slowdebug-21.0.3.0.9-1.el8.aarch64.rpm 391f2ee55865703cba94446a2dc7dd46bcf69a6b5e4594c3ff6214229265af72 java-21-openjdk-jmods-fastdebug-21.0.3.0.9-1.el8.aarch64.rpm 65a9b986eda3bdc319f81e69992d32e183d1182d8740c11759fe5234f12d7d04 java-21-openjdk-jmods-slowdebug-21.0.3.0.9-1.el8.aarch64.rpm ef7dd0689d74424776cb40933fdace21ce69e276278c990429683b79d896be55 java-21-openjdk-slowdebug-21.0.3.0.9-1.el8.aarch64.rpm e98a646be2961336d53179b30be53e81c3f21887757b82121813f7bb31396d15 java-21-openjdk-src-fastdebug-21.0.3.0.9-1.el8.aarch64.rpm 3d99617fa7c18905d3343baa14c3951b9e55fb6005f5b55f791fcf7f9a02d7e5 java-21-openjdk-src-slowdebug-21.0.3.0.9-1.el8.aarch64.rpm 8ceb0e12a34f70c540b4f7642bf50422139a67023c12c6065945dcf1b40404c2 java-21-openjdk-static-libs-fastdebug-21.0.3.0.9-1.el8.aarch64.rpm 7eb366a71d28a81e60f8c9d667e9d002e4ed9df2614cc560befee461538d339b java-21-openjdk-static-libs-slowdebug-21.0.3.0.9-1.el8.aarch64.rpm 1ddb591c46a8946755a34dc012d1715efee24195543fcd4073658c3d7107f5e2 RLSA-2024:1822 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) * OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068) * OpenJDK: Pack200 excessive memory allocation (8322114) (CVE-2024-21085) * OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507) (CVE-2024-21094) * OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708) (CVE-2024-21012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) * OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068) * OpenJDK: Pack200 excessive memory allocation (8322114) (CVE-2024-21085) * OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507) (CVE-2024-21094) * OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708) (CVE-2024-21012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms java-11-openjdk-demo-fastdebug-11.0.23.0.9-3.el8.aarch64.rpm 32485ef703f16d823713122ac13b9fbbb5db2e20abb0d786fe3148e9b95bc39d java-11-openjdk-demo-slowdebug-11.0.23.0.9-3.el8.aarch64.rpm 725a82d23e55b22a5e34585849c10c09b8ab381bc79ffd2d592ea686ce2e2bca java-11-openjdk-devel-fastdebug-11.0.23.0.9-3.el8.aarch64.rpm 34a4f0538a16bc292484854317b804178e5cc4671452d69bd7f18ff85eaf555e java-11-openjdk-devel-slowdebug-11.0.23.0.9-3.el8.aarch64.rpm 47a9c512bacf9001985c6b8f268c10d0ceb47db6d983b9b4d12a667b5aeb9e2d java-11-openjdk-fastdebug-11.0.23.0.9-3.el8.aarch64.rpm bb58c742bf9828dcb805acbd227c6edb785874a774761d45274dc94c0d53e89c java-11-openjdk-headless-fastdebug-11.0.23.0.9-3.el8.aarch64.rpm dce8fc531a3ca222fb1d8ea7cfbdea2dfb85ab7ecaf9d087e97531d15d9d2c8e java-11-openjdk-headless-slowdebug-11.0.23.0.9-3.el8.aarch64.rpm a4e8300171f3be3acb8e539c41fdb5bcc9eacb2902502b22b71101932360608a java-11-openjdk-jmods-fastdebug-11.0.23.0.9-3.el8.aarch64.rpm 2d4b555f3c985112fd2bfb4bbd7635e61df853851d180cba848c679403fdac8b java-11-openjdk-jmods-slowdebug-11.0.23.0.9-3.el8.aarch64.rpm 8fac6f3aa61b0f4479b7ec1998cef2be8600081ecab93e21b4c67f896f31c410 java-11-openjdk-slowdebug-11.0.23.0.9-3.el8.aarch64.rpm a4ce023b0de234234a774c55e60b726e7b91f184cda0f8d8d960dc40d0bcf06b java-11-openjdk-src-fastdebug-11.0.23.0.9-3.el8.aarch64.rpm 94798aa1b67e36619a45b98088b7d8f5ee4070c1e1eceea9a6d633b7732bbc3c java-11-openjdk-src-slowdebug-11.0.23.0.9-3.el8.aarch64.rpm cd3e0fefc3fedef326b1781cd0ca9404cec3fe604bfe4e6351244e95ddbf2c4f java-11-openjdk-static-libs-fastdebug-11.0.23.0.9-3.el8.aarch64.rpm fe5f6db03a538327bf2307f3799871bd8809993fec70ca9eeae03c934df39754 java-11-openjdk-static-libs-slowdebug-11.0.23.0.9-3.el8.aarch64.rpm 8f0859f45634d9d8eeb3737f6c2a88b55fa659e35f0ba99f13d01d5d88508a5e RLSA-2024:2722 The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Out of bounds write in iconv may lead to remote code execution (CVE-2024-2961) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Out of bounds write in iconv may lead to remote code execution (CVE-2024-2961) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms glibc-benchtests-2.28-236.el8_9.13.aarch64.rpm b6accd9abd0479930ec167be2d4e4865d94cfeb28b148cad65e527f3e2ac629b glibc-nss-devel-2.28-236.el8_9.13.aarch64.rpm 5a0054cba3fceb0f5503c61ec7d7a4b145285ab775275c6b4294358c01332fc1 glibc-static-2.28-236.el8_9.13.aarch64.rpm ccab4baf384a61c857120bcf29247dfb23a4bcee97392a341b5536c556a57d67 nss_hesiod-2.28-236.el8_9.13.aarch64.rpm 24f32191f8fc9369efd063c3462e97a9014d25fc0036ad1b501a9364a7e2ddc5 RLBA-2024:1602 nftables provides a packet-filtering tool, with numerous improvements in convenience, features, and performance. It is the designated successor to iptables, ip6tables, arptables and ebtables. Bug Fix(es): * nftables counter (JIRA:Rocky Linux-2596) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nftables. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

nftables provides a packet-filtering tool, with numerous improvements in convenience, features, and performance. It is the designated successor to iptables, ip6tables, arptables and ebtables. Bug Fix(es): * nftables counter (JIRA:Rocky Linux-2596) rocky-linux-8-aarch64-powertools-rpms nftables-devel-1.0.4-4.el8.aarch64.rpm a3681ad771f2433f464d2c222cd39c959ce72369ba9a5037778f3b793a66c49e RLBA-2024:3137 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libtracefs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libtracefs-devel-1.3.1-3.el8.aarch64.rpm c4079b95a25c810bef4299de06fc7e86cb5bc16b22c6a6ae6f568c08f003bf24 RLSA-2024:3138 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms kernel-tools-libs-devel-4.18.0-553.el8_10.aarch64.rpm 546f35d0b4b1cd5edd48db58f05da644cc2896db9780ae84e581760a2d81fa75 RLBA-2024:3152 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms glibc-benchtests-2.28-251.el8_10.2.aarch64.rpm 3e286ffd0bbc14179fac84dfdb9f5d5feca332b57cb2ecb296e0dafa5918ef7d glibc-nss-devel-2.28-251.el8_10.2.aarch64.rpm 4cc1805c6d731c4d364c73c130c94aaf4ef1d0e47c50ed6ba66b45e4f2498643 glibc-static-2.28-251.el8_10.2.aarch64.rpm dc8f0f1609855039996cfec78e0d2e3eb40216a22baf3ca6b94dac130e935f14 nss_hesiod-2.28-251.el8_10.2.aarch64.rpm 56289b37d4d13ccbd9e9299897d36f749395dceacdec43f96178ac11a699d7a6 RLBA-2024:3179 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for avahi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms avahi-compat-howl-0.7-27.el8.aarch64.rpm c64049455ee6a16e2eb9b66b90fc2149e2a43d611a99dc38e796ad50324c3aa4 avahi-compat-howl-devel-0.7-27.el8.aarch64.rpm a4ec7f1f2d458d4564deaae4507697667d1449715957e79633cee8923069c34a avahi-compat-libdns_sd-0.7-27.el8.aarch64.rpm ab16054a1bccd71420c27392c58666f22989d1e4de19108c5cef8ea5b43aa58a avahi-compat-libdns_sd-devel-0.7-27.el8.aarch64.rpm 673bece7876ae6aa41e760f3e157d9f7efb182935c57d7bb4418ccb2754fe8fc avahi-devel-0.7-27.el8.aarch64.rpm 56323e377aa73a33c09ffbc16bc18138f79a846139e65e1dc2e9902558abb5f0 avahi-glib-devel-0.7-27.el8.aarch64.rpm acc0878178d4dd711d381164410eb305ff079ac211239e707c947b817e23aab9 avahi-gobject-devel-0.7-27.el8.aarch64.rpm 7099e338bafb5e1b34bcd476606e7c2f9dcddb1fb9b7caf0b25a468b18525d2a avahi-ui-0.7-27.el8.aarch64.rpm 791feee828ddbc12c40cce082495071c8a21969067c1b788b88e69b6b777c427 avahi-ui-devel-0.7-27.el8.aarch64.rpm c47bd754e6bd83cf78d34b1b20e84652c6aad7663590635191bada8e2155efee RLBA-2024:3186 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libldb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms python3-ldb-devel-2.8.0-0.el8.aarch64.rpm 11816d6cc0d1fc072d24e7bc0e3c90db95e4d7b3a8ba0dbf43b29cefa3c32031 python-ldb-devel-common-2.8.0-0.el8.aarch64.rpm fcb46081aee57cf993249b624d8dd6de05ef4b06033ca8765d81cadfa34593a9 RLBA-2024:3190 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for trousers. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms trousers-devel-0.3.15-2.el8.aarch64.rpm f6f5d96b3ed871687cd56b7ab3dcee8bed091b510809471a5e1f712c19afc931 RLBA-2024:3197 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for librepo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms librepo-devel-1.14.2-5.el8.aarch64.rpm b0535c33bb96f923c7703ff283c35bd36703d82997776f8a4c88e6c91d3faa1f RLBA-2024:3199 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms opencryptoki-devel-3.22.0-3.el8.aarch64.rpm 78582d53f330f27f04c99c3997f6b3e062135234170f3a48faaa02615952082f RLBA-2024:3230 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for file. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms file-devel-5.33-26.el8.aarch64.rpm f3821ffe5cb3742787e713311596013b357bf2ee64f325b6d1a33c110b55f082 RLBA-2024:3237 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for bash. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms bash-devel-4.4.20-5.el8.aarch64.rpm 12d7e78c13a6f81dbd8eec8751869c911f11635927ce3bc23b90cc76ba5440b0 RLBA-2024:3232 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for freeipmi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms freeipmi-devel-1.6.14-2.el8.aarch64.rpm 60c86637fa2c34d69824dfa27213321ec3c0a0efec68221dd3e7da69c88a7f1a RLEA-2024:3235 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for iproute. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms iproute-devel-6.2.0-6.el8_10.aarch64.rpm ad2718a9213473932bcc970f34c2212cb5e649f6f50e5cc7eafaff124e02da2d RLSA-2024:3270 The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: Race condition during authorization leads to GPO policies functioning inconsistently (CVE-2023-3758) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: Race condition during authorization leads to GPO policies functioning inconsistently (CVE-2023-3758) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms libsss_nss_idmap-devel-2.9.4-3.el8_10.aarch64.rpm b6b9564484b21af3310a771b52bb1d04cc627690f18d363bd0cc184ec0fea8a9 RLBA-2024:3272 The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Bug Fix(es): * Rocky Linux8.9 - Internal compiler error compiling small testcase [rhel-8.10.z] (JIRA:Rocky Linux-33426) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Bug Fix(es): * Rocky Linux8.9 - Internal compiler error compiling small testcase [rhel-8.10.z] (JIRA:Rocky Linux-33426) rocky-linux-8-aarch64-powertools-rpms gcc-plugin-devel-8.5.0-22.el8_10.aarch64.rpm 689ee2527b22e55c28f819e6be55f608fe2f1f9273d83dcc450226dc425fc83f libstdc++-static-8.5.0-22.el8_10.aarch64.rpm 798700622cff5a590edcc4328eec8745ca7efd722648750092e6c480acd42cac RLSA-2024:3341 The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): * gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for gdk-pixbuf2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): * gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms gdk-pixbuf2-xlib-2.36.12-6.el8_10.aarch64.rpm 69ab91152f95ea7631e52c941bd042e2ef9aa1af588cbeecdb34f174b0eabe3e gdk-pixbuf2-xlib-devel-2.36.12-6.el8_10.aarch64.rpm be130d35ac4cde05b58f1689de2f9bebf920e95086803db0c2ae88c5498c5620 RLSA-2024:3344 The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599) * glibc: null pointer dereferences after failed netgroup cache insertion (CVE-2024-33600) * glibc: netgroup cache may terminate daemon on memory allocation failure (CVE-2024-33601) * glibc: netgroup cache assumes NSS callback uses in-buffer strings (CVE-2024-33602) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599) * glibc: null pointer dereferences after failed netgroup cache insertion (CVE-2024-33600) * glibc: netgroup cache may terminate daemon on memory allocation failure (CVE-2024-33601) * glibc: netgroup cache assumes NSS callback uses in-buffer strings (CVE-2024-33602) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms glibc-benchtests-2.28-251.el8_10.2.aarch64.rpm 3e286ffd0bbc14179fac84dfdb9f5d5feca332b57cb2ecb296e0dafa5918ef7d glibc-nss-devel-2.28-251.el8_10.2.aarch64.rpm 4cc1805c6d731c4d364c73c130c94aaf4ef1d0e47c50ed6ba66b45e4f2498643 glibc-static-2.28-251.el8_10.2.aarch64.rpm dc8f0f1609855039996cfec78e0d2e3eb40216a22baf3ca6b94dac130e935f14 nss_hesiod-2.28-251.el8_10.2.aarch64.rpm 56289b37d4d13ccbd9e9299897d36f749395dceacdec43f96178ac11a699d7a6 RLSA-2024:3618 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) * kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744) * kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593) * kernel: pvrusb2: fix use after free on context disconnection (CVE-2023-52445) * kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer that cause loop forever (CVE-2024-26603) * kernel: use after free in i2c (CVE-2019-25162) * kernel: i2c: validate user data in compat ioctl (CVE-2021-46934) * kernel: media: dvbdev: Fix memory leak in dvb_media_device_free() (CVE-2020-36777) * kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors (CVE-2023-52477) * kernel: mtd: require write permissions for locking and badblock ioctls (CVE-2021-47055) * kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump (CVE-2024-26615) * kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627) * kernel: Integer Overflow in raid5_cache_count (CVE-2024-23307) * kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu() (CVE-2023-52565) * kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578) * kernel: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (CVE-2023-52528) * kernel: platform/x86: think-lmi: Fix reference leak (CVE-2023-52520) * kernel: RDMA/siw: Fix connection failure handling (CVE-2023-52513) * kernel: pid: take a reference when initializing `cad_pid` (CVE-2021-47118) * kernel: net/sched: act_ct: fix skb leak and crash on ooo frags (CVE-2023-52610) * kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643) * kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642) * kernel: i2c: i801: Don&#39;t generate an interrupt on bus reset (CVE-2021-47153) * kernel: xhci: handle isoc Babble and Buffer Overrun events properly (CVE-2024-26659) * kernel: hwmon: (coretemp) Fix out-of-bounds memory access (CVE-2024-26664) * kernel: wifi: mac80211: fix race condition on enabling fast-xmit (CVE-2024-26779) * kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter (CVE-2024-26744) * kernel: RDMA/qedr: Fix qedr_create_user_qp error flow (CVE-2024-26743) * kernel: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (CVE-2021-47185) * kernel: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (CVE-2024-26901) * kernel: RDMA/srpt: Do not register event handler until srpt device is fully setup (CVE-2024-26872) * kernel: usb: ulpi: Fix debugfs directory leak (CVE-2024-26919) * kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma (CVE-2024-26964) * kernel: USB: core: Fix deadlock in usb_deauthorize_interface() (CVE-2024-26934) * kernel: USB: core: Fix deadlock in port &#34;disable&#34; sysfs attribute (CVE-2024-26933) * kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993) * kernel: fat: fix uninitialized field in nostale filehandles (CVE-2024-26973) * kernel: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (CVE-2024-27059) * kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013) * kernel: net: usb: fix memory leak in smsc75xx_bind (CVE-2021-47171) * kernel: powerpc/pseries: Fix potential memleak in papr_get_attr() (CVE-2022-48669) * kernel: uio: Fix use-after-free in uio_open (CVE-2023-52439) * kernel: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (CVE-2023-52594) * kernel: wifi: rt2x00: restart beacon queue when hardware reset (CVE-2023-52595) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) * kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744) * kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593) * kernel: pvrusb2: fix use after free on context disconnection (CVE-2023-52445) * kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer that cause loop forever (CVE-2024-26603) * kernel: use after free in i2c (CVE-2019-25162) * kernel: i2c: validate user data in compat ioctl (CVE-2021-46934) * kernel: media: dvbdev: Fix memory leak in dvb_media_device_free() (CVE-2020-36777) * kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors (CVE-2023-52477) * kernel: mtd: require write permissions for locking and badblock ioctls (CVE-2021-47055) * kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump (CVE-2024-26615) * kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627) * kernel: Integer Overflow in raid5_cache_count (CVE-2024-23307) * kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu() (CVE-2023-52565) * kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578) * kernel: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (CVE-2023-52528) * kernel: platform/x86: think-lmi: Fix reference leak (CVE-2023-52520) * kernel: RDMA/siw: Fix connection failure handling (CVE-2023-52513) * kernel: pid: take a reference when initializing `cad_pid` (CVE-2021-47118) * kernel: net/sched: act_ct: fix skb leak and crash on ooo frags (CVE-2023-52610) * kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643) * kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642) * kernel: i2c: i801: Don&#39;t generate an interrupt on bus reset (CVE-2021-47153) * kernel: xhci: handle isoc Babble and Buffer Overrun events properly (CVE-2024-26659) * kernel: hwmon: (coretemp) Fix out-of-bounds memory access (CVE-2024-26664) * kernel: wifi: mac80211: fix race condition on enabling fast-xmit (CVE-2024-26779) * kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter (CVE-2024-26744) * kernel: RDMA/qedr: Fix qedr_create_user_qp error flow (CVE-2024-26743) * kernel: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (CVE-2021-47185) * kernel: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (CVE-2024-26901) * kernel: RDMA/srpt: Do not register event handler until srpt device is fully setup (CVE-2024-26872) * kernel: usb: ulpi: Fix debugfs directory leak (CVE-2024-26919) * kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma (CVE-2024-26964) * kernel: USB: core: Fix deadlock in usb_deauthorize_interface() (CVE-2024-26934) * kernel: USB: core: Fix deadlock in port &#34;disable&#34; sysfs attribute (CVE-2024-26933) * kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993) * kernel: fat: fix uninitialized field in nostale filehandles (CVE-2024-26973) * kernel: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (CVE-2024-27059) * kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013) * kernel: net: usb: fix memory leak in smsc75xx_bind (CVE-2021-47171) * kernel: powerpc/pseries: Fix potential memleak in papr_get_attr() (CVE-2022-48669) * kernel: uio: Fix use-after-free in uio_open (CVE-2023-52439) * kernel: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (CVE-2023-52594) * kernel: wifi: rt2x00: restart beacon queue when hardware reset (CVE-2023-52595) rocky-linux-8-aarch64-powertools-rpms kernel-tools-libs-devel-4.18.0-553.5.1.el8_10.aarch64.rpm 55bf36a74902e23b4efdf842d7a23fc7437cbc3f46681a303592c3ecc1cae08d RLBA-2024:2959 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for evolution, evolution-data-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms evolution-data-server-doc-3.28.5-24.el8.noarch.rpm 5e96a029757ac6f5ee8f04b22c9d730dcd2a71cbbef1ac09ef365c385cbe37db evolution-data-server-perl-3.28.5-24.el8.aarch64.rpm 744e56f2b323c9d07b1e665b208ebb184494495812fb5d4836803af107950236 evolution-data-server-tests-3.28.5-24.el8.aarch64.rpm b6c8215905331685f2bc12c8e422741f7bd424246916faf019ecf1657e7d2e2c evolution-devel-3.28.5-26.el8_10.aarch64.rpm b904dfb9f5920b5ad4d3f55eab7038897bdaed346596605aa71ae22289ef828f RLBA-2024:2969 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mutter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms mutter-devel-3.32.2-72.el8.aarch64.rpm 966d0ee8d74ad788fbb30598a4981794fd4c2dfda5b281ae4c085b4a97769201 RLSA-2024:2966 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: Divide by zero in eps_print_page in gdevepsn.c (CVE-2020-21710) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: Divide by zero in eps_print_page in gdevepsn.c (CVE-2020-21710) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms ghostscript-doc-9.27-12.el8.noarch.rpm 37446c6c6232b76f6e92db9eebddb1214c018c039131fbea630204ed0ff0fa0c ghostscript-tools-dvipdf-9.27-12.el8.aarch64.rpm cd05b0b0daa8b0703d6a95a8df8567b8f8ec267379a5008dc92dfabfc81089ca ghostscript-tools-fonts-9.27-12.el8.aarch64.rpm 0b4f3eeebbaf348ea0d2086c15d7a596e3b4a43960fca346e86ab4343dce14bc ghostscript-tools-printing-9.27-12.el8.aarch64.rpm 268c5c221745aea3edeae45ca3b7bc0a3f9b530e0eff577937dc55ba1fa5d420 libgs-devel-9.27-12.el8.aarch64.rpm c53b0347f0cc4edc2546472972204ad2f405777fbc969fc83c7921d8e63b6983 RLBA-2024:2972 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ibus-typing-booster. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms ibus-typing-booster-tests-2.1.0-7.el8.noarch.rpm a9b0783e9bb4286f31f3a4a6dedd84dd088d02770dbabbc99c5fd22ee15a5617 RLBA-2024:2971 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nmstate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms nmstate-devel-1.4.5-2.el8_9.aarch64.rpm 7118cf4c83793780e585eb77d1c1285f694ff8decd1aa90d45f7951a9673ea02 RLBA-2024:2976 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ibus-table. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms ibus-table-devel-1.9.18-8.el8.noarch.rpm 204233f915531efa708342d228322967b983fb2c226a4c2adf062db51c8884ac ibus-table-tests-1.9.18-8.el8.noarch.rpm 7fe4d15119c9f2711b7507d87bf06a7afd062f469a3576e1a6508f8652f9067e RLBA-2024:2978 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for poppler-data. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms poppler-data-devel-0.4.9-2.el8.noarch.rpm 1a5299c129ce88967efcd7998f0e97ce919a89a0958842d6cf18ba11cae85ec9 RLBA-2024:2983 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gtk-vnc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms gtk-vnc2-devel-0.9.0-3.el8.aarch64.rpm 99f1c02593c6c14c19766e19c2eda5a8d39d5cf4adaf4405b062cda1c2df37ea gvnc-devel-0.9.0-3.el8.aarch64.rpm c431323d0eda47fe6d86e262933ce89b8a50704e8981a11eb87c7e4d728a22db RLBA-2024:2993 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for jq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms jq-devel-1.6-8.el8.aarch64.rpm c2ee4fa185b305c64a89d8c0ec782be84f116c8a88cf20dc0445129e2568ab33 RLBA-2024:2998 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libblockdev. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libblockdev-crypto-devel-2.28-6.el8.aarch64.rpm fb89db456fe372e9a6e948ec2a866453e1912aeba5ccc96cddad4dfc2ec4dbc5 libblockdev-devel-2.28-6.el8.aarch64.rpm 170595ab93d1c53f5eaa6b0f01aef81282992846a814df5489f33422090e66c5 libblockdev-fs-devel-2.28-6.el8.aarch64.rpm 459a984403eae11398e5938c2217b8e932b6285fbaf070c9c90816f5f33523bf libblockdev-loop-devel-2.28-6.el8.aarch64.rpm 715429549e822d35a6fc6c9cfad59f5df5baf521597d086630b80ad19db94aa3 libblockdev-lvm-devel-2.28-6.el8.aarch64.rpm dd4941d5009caf6629038743939e2c74bab088e4ffbe10428debf2a21fe69638 libblockdev-mdraid-devel-2.28-6.el8.aarch64.rpm ddd7d7be5d927734ba8caf1f0fd65894f416f0532aaaa03c49cf375632b3fc7f libblockdev-part-devel-2.28-6.el8.aarch64.rpm c67cf1fbdd9389aa869ad884c40d5ac57f3de6b46f63d7f9e16792685ac892de libblockdev-swap-devel-2.28-6.el8.aarch64.rpm e493d6ee20f2245b0b06a3ef8df4589887402495e06040067a0bd9ae60e63ca9 libblockdev-utils-devel-2.28-6.el8.aarch64.rpm a847dab70fc4fae2aff6e1d785bbe7457982b05c4e17ada016a2a6e2eae50adb libblockdev-vdo-devel-2.28-6.el8.aarch64.rpm 072c64d1cafb727f905c80acec430f474933678a8cfdfa4d2b1d7c77fa7c67ef RLSA-2024:3005 The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (CVE-2023-44271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-pillow. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (CVE-2023-44271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms python3-pillow-devel-5.1.1-20.el8.aarch64.rpm 916c9272b9462c4fd23bd01926ae4e01514ac9f68edb78183c657738d4898f82 python3-pillow-doc-5.1.1-20.el8.noarch.rpm 0e36a5739e4cfa5af102a208aeafc752218dd46a8d0f87b57801e42aca7b8b3d python3-pillow-tk-5.1.1-20.el8.aarch64.rpm 08713cf12496af729749599ab72ac8344db028e2adf38f08bfc647c4c12b405e RLSA-2024:3008 The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes. Security Fix(es): * pmix: race condition allows attackers to obtain ownership of arbitrary files (CVE-2023-41915) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for pmix. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes. Security Fix(es): * pmix: race condition allows attackers to obtain ownership of arbitrary files (CVE-2023-41915) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms pmix-devel-2.2.5-3.el8.aarch64.rpm 6bb91a47e1466b75bdcc32315ba8baff917ec8f564a226ca8f857034c23c9a47 RLBA-2024:3034 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for papi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms papi-testsuite-5.6.0-20.el8.aarch64.rpm 702fc48b8a5f3d31138b8ebc47ed94f9b097eed420c79a69615383e902d65019 RLBA-2024:3048 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for anaconda. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms anaconda-widgets-devel-33.16.10.5-1.el8.rocky.0.1.aarch64.rpm 440a55e2ebce295da00c07ffe842b4127b64117d55bc1aa62f9425c758453c4e RLBA-2024:3052 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for oniguruma. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms oniguruma-devel-6.8.2-3.el8.aarch64.rpm f02cc1e0d4748dbc6c451329d43132beb6931862ef44f026486ba13e64d5fad3 RLSA-2024:3060 GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video (CVE-2023-40474) * gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with AES3 audio (CVE-2023-40475) * gstreamer-plugins-bad: Integer overflow in H.265 video parser leading to stack overwrite (CVE-2023-40476) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video (CVE-2023-40474) * gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with AES3 audio (CVE-2023-40475) * gstreamer-plugins-bad: Integer overflow in H.265 video parser leading to stack overwrite (CVE-2023-40476) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms gstreamer1-plugins-bad-free-devel-1.16.1-4.el8.aarch64.rpm 01d22e53015b4f1e74a3d6ce747b3388fa2f7dafb00359dde1a62e5cf0e4ad2b RLSA-2024:3059 The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libtiff-tools-4.0.9-31.el8.aarch64.rpm 10565cf3fafa8c60a6cebf132a0a84fb696d592c580c70df1af6562aa8e1b280 RLSA-2024:3066 Exempi provides a library for easy parsing of XMP metadata. Security Fix(es): * exempi: denial of service via opening of crafted audio file with ID3V2 frame (CVE-2020-18651) * exempi: denial of service via opening of crafted webp file (CVE-2020-18652) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for exempi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Exempi provides a library for easy parsing of XMP metadata. Security Fix(es): * exempi: denial of service via opening of crafted audio file with ID3V2 frame (CVE-2020-18651) * exempi: denial of service via opening of crafted webp file (CVE-2020-18652) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms exempi-devel-2.4.5-4.el8.aarch64.rpm 7c02559348b8d74f973e93b6b7bae2954eb67e7eabd0c994b089cf022c547b1e RLBA-2024:3064 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libtimezonemap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libtimezonemap-devel-0.4.5.1-5.el8.aarch64.rpm 952ec22d7991d1b86583fa73ae89b20176441eab8ab77f99af53ebb399545574 RLBA-2024:3078 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for python3.12-wheel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms python3.12-wheel-wheel-0.41.2-3.el8.noarch.rpm efda60741544e46a72c25fd8a8f84c1747a82422e3a981e535677783768b49e5 RLBA-2024:3123 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dovecot. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms dovecot-devel-2.3.16-5.el8.aarch64.rpm a5d2fe68d9207bc34faf52ec4d9a504837fa1fdc44b0fae39af51ba733211dcd RLBA-2024:3134 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dpdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms dpdk-devel-23.11-1.el8.aarch64.rpm 253862fd8321dad042831a5c4d46375a21cfde4fb03e813c94dea7d05ffe26d9 RLSA-2024:3258 X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) * xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081) * xorg-x11-server: Use-after-free in ProcRenderAddGlyphs (CVE-2024-31083) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for xorg-x11-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) * xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081) * xorg-x11-server: Use-after-free in ProcRenderAddGlyphs (CVE-2024-31083) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms xorg-x11-server-devel-1.20.11-23.el8_10.aarch64.rpm 377c3950dc68054228b239fbdee76b9f380943911b65b1d78767b6a3992a4c3c xorg-x11-server-source-1.20.11-23.el8_10.noarch.rpm 76cebb28a2c2f8fb457b2008277bfeb14b064915f0fe00459167770e2359c56a RLBA-2024:3273 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.130 and Runtime 6.0.30 (Rocky Linux-35309) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.130 and Runtime 6.0.30 (Rocky Linux-35309) rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.130-1.el8_10.aarch64.rpm 2e582de81e1722738e9729284970cf6fd220af2c469326ae9ee352b2def7a032 RLSA-2024:3340 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19. Security Fix(es): * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19. Security Fix(es): * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.119-1.el8_10.aarch64.rpm 99d01f3d88a37baab1c309c3ef7dc969b7275fa2f6c0dc9f1996671d3d8bd43c RLSA-2024:3345 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5. Security Fix(es): * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5. Security Fix(es): * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.105-1.el8_10.aarch64.rpm 3401f6d6d132b962c646c5ff15cffda64e422ff7273ddd7866e15f426fb490cd RLBA-2024:3239 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for kronosnet. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-aarch64-powertools-rpms libknet1-1.28-1.el8.aarch64.rpm 11a4e3bcd97c446b6496e01dc2e1c393d8230da8a28da07777cacf5ed99d8ed4 libknet1-devel-1.28-1.el8.aarch64.rpm 1d8b964942b8a1790e49ae929ef44f817238a78957ddcf93a37808fb00b2d9cf RLSA-2024:3961 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for flatpak. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms flatpak-devel-1.12.9-1.el8_10.aarch64.rpm ec35f6503e264ba261528aa32f25511af31287dd8b0e02c39e8a0dae964474e3 RLSA-2024:4000 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms ghostscript-doc-9.27-13.el8_10.noarch.rpm 3fb55532e743ac2ab2cb52239b3238686dbcf4e15136d325437c97520bf9ab62 ghostscript-tools-dvipdf-9.27-13.el8_10.aarch64.rpm 60868ed506125e4a56b937609fc6595df10624123fee8d262b0ee7d2d0ea6466 ghostscript-tools-fonts-9.27-13.el8_10.aarch64.rpm 03726f837dbf2e3366238aba75eca31c6346570c1502acb2ff7bc0f1fee00bcb ghostscript-tools-printing-9.27-13.el8_10.aarch64.rpm d29602c0233439485a67eea3c329709f93c178d27b2f15514259f4dea18b512c libgs-devel-9.27-13.el8_10.aarch64.rpm d13736250d55271ff133ad8e3e7c47622caf6dec1f944e3ffd873b689a292f81 RLSA-2024:4211 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555) * kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number (CVE-2023-52881,RHV-2024-1001) * kernel: ovl: fix leaked entry (CVE-2021-46972) * kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073) * kernel: gro: fix ownership transfer (CVE-2024-35890) * kernel: tls: (CVE-2024-26584, CVE-2024-26583, CVE-2024-26585) * kernel: wifi: (CVE-2024-35789, CVE-2024-27410, CVE-2024-35838, CVE-2024-35845) * kernel: mlxsw: (CVE-2024-35855, CVE-2024-35854, CVE-2024-35853, CVE-2024-35852, CVE-2024-36007) * kernel: PCI interrupt mapping cause oops [rhel-8] (CVE-2021-46909) * kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069) * kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng [rhel-8] (CVE-2023-52615) * kernel: net/mlx5e: (CVE-2023-52626, CVE-2024-35835, CVE-2023-52667, CVE-2024-35959) * kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656) * kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset [rhel-8] (CVE-2024-26801) * kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982) * kernel: netfilter: nf_tables: use timestamp to check for set element timeout [rhel-8.10] (CVE-2024-27397) * kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560) * kernel: ppp_async: limit MRU to 64K (CVE-2024-26675) * kernel: x86/mm/swap: (CVE-2024-26759, CVE-2024-26906) * kernel: tipc: fix kernel warning when sending SYN message [rhel-8] (CVE-2023-52700) * kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907) * kernel: erspan: make sure erspan_base_hdr is present in skb-&gt;head (CVE-2024-35888) * kernel: powerpc/imc-pmu/powernv: (CVE-2023-52675, CVE-2023-52686) * kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090) * kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464) * kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) * kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826) * kernel: crypto: (CVE-2024-26974, CVE-2023-52669, CVE-2023-52813) * kernel: net/mlx5/bnx2x/usb: (CVE-2024-35960, CVE-2024-35958, CVE-2021-47310, CVE-2024-26804, CVE-2021-47311, CVE-2024-26859, CVE-2021-47236, CVE-2023-52703) * kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004) * kernel: perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835) * kernel: USB/usbnet: (CVE-2023-52781, CVE-2023-52877, CVE-2021-47495) * kernel: can: (CVE-2023-52878, CVE-2021-47456) * kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356) * kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353) Bug Fix(es): * Kernel panic - kernel BUG at mm/slub.c:376! (JIRA:Rocky Linux-29783) * Temporary values in FIPS integrity test should be zeroized [rhel-8.10.z] (JIRA:Rocky Linux-35361) * Rocky Linux8.6 - kernel: s390/cpum_cf: make crypto counters upward compatible (JIRA:Rocky Linux-36048) * [Rocky Linux8] blktests block/024 failed (JIRA:Rocky Linux-8130) * Rocky Linux8.9: EEH injections results Error: Power fault on Port 0 and other call traces(Everest/1050/Shiner) (JIRA:Rocky Linux-14195) * Latency spikes with Matrox G200 graphic cards (JIRA:Rocky Linux-36172) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555) * kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number (CVE-2023-52881,RHV-2024-1001) * kernel: ovl: fix leaked entry (CVE-2021-46972) * kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073) * kernel: gro: fix ownership transfer (CVE-2024-35890) * kernel: tls: (CVE-2024-26584, CVE-2024-26583, CVE-2024-26585) * kernel: wifi: (CVE-2024-35789, CVE-2024-27410, CVE-2024-35838, CVE-2024-35845) * kernel: mlxsw: (CVE-2024-35855, CVE-2024-35854, CVE-2024-35853, CVE-2024-35852, CVE-2024-36007) * kernel: PCI interrupt mapping cause oops [rhel-8] (CVE-2021-46909) * kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069) * kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng [rhel-8] (CVE-2023-52615) * kernel: net/mlx5e: (CVE-2023-52626, CVE-2024-35835, CVE-2023-52667, CVE-2024-35959) * kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656) * kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset [rhel-8] (CVE-2024-26801) * kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982) * kernel: netfilter: nf_tables: use timestamp to check for set element timeout [rhel-8.10] (CVE-2024-27397) * kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560) * kernel: ppp_async: limit MRU to 64K (CVE-2024-26675) * kernel: x86/mm/swap: (CVE-2024-26759, CVE-2024-26906) * kernel: tipc: fix kernel warning when sending SYN message [rhel-8] (CVE-2023-52700) * kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907) * kernel: erspan: make sure erspan_base_hdr is present in skb-&gt;head (CVE-2024-35888) * kernel: powerpc/imc-pmu/powernv: (CVE-2023-52675, CVE-2023-52686) * kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090) * kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464) * kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) * kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826) * kernel: crypto: (CVE-2024-26974, CVE-2023-52669, CVE-2023-52813) * kernel: net/mlx5/bnx2x/usb: (CVE-2024-35960, CVE-2024-35958, CVE-2021-47310, CVE-2024-26804, CVE-2021-47311, CVE-2024-26859, CVE-2021-47236, CVE-2023-52703) * kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004) * kernel: perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835) * kernel: USB/usbnet: (CVE-2023-52781, CVE-2023-52877, CVE-2021-47495) * kernel: can: (CVE-2023-52878, CVE-2021-47456) * kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356) * kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353) Bug Fix(es): * Kernel panic - kernel BUG at mm/slub.c:376! (JIRA:Rocky Linux-29783) * Temporary values in FIPS integrity test should be zeroized [rhel-8.10.z] (JIRA:Rocky Linux-35361) * Rocky Linux8.6 - kernel: s390/cpum_cf: make crypto counters upward compatible (JIRA:Rocky Linux-36048) * [Rocky Linux8] blktests block/024 failed (JIRA:Rocky Linux-8130) * Rocky Linux8.9: EEH injections results Error: Power fault on Port 0 and other call traces(Everest/1050/Shiner) (JIRA:Rocky Linux-14195) * Latency spikes with Matrox G200 graphic cards (JIRA:Rocky Linux-36172) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms kernel-tools-libs-devel-4.18.0-553.8.1.el8_10.aarch64.rpm ae27f7c45f203fec94ef16a9a0759c8cbc9eacf17f83c5b7442be22e8c56a5b1 RLBA-2024:4213 X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Bug Fix(es): * Xorg crashes with malloc(): unaligned tcache chunk detected (Rocky Linux-40471) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for xorg-x11-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Bug Fix(es): * Xorg crashes with malloc(): unaligned tcache chunk detected (Rocky Linux-40471) rocky-linux-8-aarch64-powertools-rpms xorg-x11-server-devel-1.20.11-24.el8_10.aarch64.rpm 62e8cab8edfe19c82177b7f94fd2caa70d3a80759a9c329903b78d11df6542b5 xorg-x11-server-source-1.20.11-24.el8_10.noarch.rpm b8a019e4a1ad51ad42ffde50e3b1e1ba57804172aff8993ee57cd586a7234ccd RLSA-2024:4227 The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: buffer overflow in _imagingcms.c (CVE-2024-28219) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-pillow. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: buffer overflow in _imagingcms.c (CVE-2024-28219) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms python3-pillow-devel-5.1.1-21.el8_10.aarch64.rpm d4014b67a6e27de83a173c754869d0ab3eeeb2d05ecb034cff8e161c9250b46c python3-pillow-doc-5.1.1-21.el8_10.noarch.rpm 569116bdbe9340f13baa816214d4ae7ed53d41c3c56c4bf2ebadc150a8e31cc0 python3-pillow-tk-5.1.1-21.el8_10.aarch64.rpm 5f1dc62cb41565a1676529158cc2d8a59ccfc4e3d0894daca02f59a6b5086a11 RLBA-2024:4232 Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Bug Fix(es): * Applying dns configuration to nodes using NMstate make node unreachable [rhel-8.10.z] (JIRA:Rocky Linux-33059) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nmstate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Bug Fix(es): * Applying dns configuration to nodes using NMstate make node unreachable [rhel-8.10.z] (JIRA:Rocky Linux-33059) rocky-linux-8-aarch64-powertools-rpms nmstate-devel-1.4.6-2.el8_10.aarch64.rpm cacfd06dd16234b5816d51f705300327dcd3124432b7e6958ffbbd0cb2c4e713 RLBA-2024:4234 Bug Fix(es): * JQ findings from static application security testing (Rocky Linux-37827) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for jq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Bug Fix(es): * JQ findings from static application security testing (Rocky Linux-37827) rocky-linux-8-aarch64-powertools-rpms jq-devel-1.6-9.el8_10.aarch64.rpm ba2b08b28b9e2d7842ce5ba3c6fdad06aae4fb1ab6cf31ef32ec92519debcaa7 RLSA-2024:4451 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.107 and Runtime 8.0.7. Security Fix(es): * dotnet: DoS in System.Text.Json (CVE-2024-30105) * dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264) * dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.107 and Runtime 8.0.7. Security Fix(es): * dotnet: DoS in System.Text.Json (CVE-2024-30105) * dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264) * dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.107-1.el8_10.aarch64.rpm 9381d867ab4a0e82f9f34fa222acf8a12f8942d4364476a9599e871cfdf8100b RLSA-2024:4573 The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * OpenJDK: RangeCheckElimination array index overflow (8323231) (CVE-2024-21147) * OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131) * OpenJDK: Excessive symbol length can lead to infinite loop (8319859) (CVE-2024-21138) * OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) (CVE-2024-21140) * OpenJDK: Out-of-bounds access in 2D image handling (8324559) (CVE-2024-21145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for java-21-openjdk. This update affects Rocky Linux 8, Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * OpenJDK: RangeCheckElimination array index overflow (8323231) (CVE-2024-21147) * OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131) * OpenJDK: Excessive symbol length can lead to infinite loop (8319859) (CVE-2024-21138) * OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) (CVE-2024-21140) * OpenJDK: Out-of-bounds access in 2D image handling (8324559) (CVE-2024-21145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms java-21-openjdk-demo-fastdebug-21.0.4.0.7-1.el8.aarch64.rpm 057b9262cbdd495681fe6b0f2a37b4d486eccc1b71562f8f17cb21faeb950772 java-21-openjdk-demo-slowdebug-21.0.4.0.7-1.el8.aarch64.rpm 6edb40d2c7c689d531af60f4085439705b6bf0f0be6aa1773a22aed73d662207 java-21-openjdk-devel-fastdebug-21.0.4.0.7-1.el8.aarch64.rpm 80c70f4f934c79e9eec7a21c44f154f696480ee7b32a9c3409c6019ab7355162 java-21-openjdk-devel-slowdebug-21.0.4.0.7-1.el8.aarch64.rpm 6ba6b59b0263dd4ecdf7c43d28180fdfb6dcb64fb6319cbaeb969a0bd8417928 java-21-openjdk-fastdebug-21.0.4.0.7-1.el8.aarch64.rpm 1ff2b4bf2f60e4276a5d176c67ca85dc2d13e2d18874df8c623510272cb93fde java-21-openjdk-headless-fastdebug-21.0.4.0.7-1.el8.aarch64.rpm 3678a8a15b5a0a4ae83569382127971b61a653ad186f137e065aeb5d545cda69 java-21-openjdk-headless-slowdebug-21.0.4.0.7-1.el8.aarch64.rpm 96abda1ed43244415f36b7f3eb4fe5a58f2e43f49d7dc727c6852905f3281d29 java-21-openjdk-jmods-fastdebug-21.0.4.0.7-1.el8.aarch64.rpm 6a6d708038c3a1d07fa93b9297f4e9bf8d9460563d89459219f2e8ade1746b50 java-21-openjdk-jmods-slowdebug-21.0.4.0.7-1.el8.aarch64.rpm d6684b840b9c0927433fb174bcdffe1d8bd1a39c988e1169b180e7e7a284b44d java-21-openjdk-slowdebug-21.0.4.0.7-1.el8.aarch64.rpm d7134009a85fee3eb012bea366d8779873a15a8ebbe759ba55a5b5084d73eadf java-21-openjdk-src-fastdebug-21.0.4.0.7-1.el8.aarch64.rpm c695edfd30f361a8b603b7d33f835c7bb7bd9feb332390e58648b2c3c80b3fbe java-21-openjdk-src-slowdebug-21.0.4.0.7-1.el8.aarch64.rpm 9f10bda62306091682f24437b3362c8586b50a8571721afeeac5b794aefc8b57 java-21-openjdk-static-libs-fastdebug-21.0.4.0.7-1.el8.aarch64.rpm 12a274dcc7abad8034bb3c18a5581fdaaecc72247429869f66f402da7277dae7 java-21-openjdk-static-libs-slowdebug-21.0.4.0.7-1.el8.aarch64.rpm ff7b6c118b02327e8225b57fc634eb9fd96454bad324aa89eb1950fbf0d4dfc8 RLSA-2024:4617 Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es): * qtbase: qtbase: Delay any communication until encrypted() can be responded to (CVE-2024-39936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for qt5-qtbase. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es): * qtbase: qtbase: Delay any communication until encrypted() can be responded to (CVE-2024-39936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms qt5-qtbase-static-5.15.3-8.el8_10.aarch64.rpm 8d8712ee8411c9c2f4224426638a01882462021f643d620afd20039304d43030 RLSA-2024:5101 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: powerpc: Fix access beyond end of drmem array (CVE-2023-52451) * kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463) * kernel: tracing: Restructure trace_clock_global() to never block (CVE-2021-46939) * kernel: ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622) * kernel: net/sched: flower: Fix chain template offload (CVE-2024-26669) * kernel: stmmac: Clear variable when destroying workqueue (CVE-2024-26802) * kernel: efi: runtime: Fix potential overflow of soft-reserved region size (CVE-2024-26843) * kernel: quota: Fix potential NULL pointer dereference (CVE-2024-26878) * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886) * kernel: SUNRPC: fix a memleak in gss_import_v2_context (CVE-2023-52653) * kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823) * kernel: Revert &#34;net/mlx5: Block entering switchdev mode with ns inconsistency&#34; (CVE-2023-52658) * kernel: ext4: fix corruption during on-line resize (CVE-2024-35807) * kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801) * kernel: dyndbg: fix old BUG_ON in &gt;control parser (CVE-2024-35947) * kernel: net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893) * kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (CVE-2024-35876) * kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864) * kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (CVE-2023-52845) * (CVE-2023-28746) * (CVE-2023-52847) * (CVE-2021-47548) * (CVE-2024-36921) * (CVE-2024-26921) * (CVE-2021-47579) * (CVE-2024-36927) * (CVE-2024-39276) * (CVE-2024-33621) * (CVE-2024-27010) * (CVE-2024-26960) * (CVE-2024-38596) * (CVE-2022-48743) * (CVE-2024-26733) * (CVE-2024-26586) * (CVE-2024-26698) * (CVE-2023-52619) Bug Fix(es): * Rocky Linux8.6 - Spinlock statistics may show negative elapsed time and incorrectly formatted output (JIRA:Rocky Linux-17678) * [AWS][8.9]There are call traces found when booting debug-kernel for Amazon EC2 r8g.metal-24xl instance (JIRA:Rocky Linux-23841) * [rhel8] gfs2: Fix glock shrinker (JIRA:Rocky Linux-32941) * lan78xx: Microchip LAN7800 never comes up after unplug and replug (JIRA:Rocky Linux-33437) * [Hyper-V][Rocky Linux-8.10.z] Update hv_netvsc driver to TOT (JIRA:Rocky Linux-39074) * Use-after-free on proc inode-i_sb triggered by fsnotify (JIRA:Rocky Linux-40167) * blk-cgroup: Properly propagate the iostat update up the hierarchy [rhel-8.10.z] (JIRA:Rocky Linux-40939) * (JIRA:Rocky Linux-31798) * (JIRA:Rocky Linux-10263) * (JIRA:Rocky Linux-40901) * (JIRA:Rocky Linux-43547) * (JIRA:Rocky Linux-34876) Enhancement(s): * [RFE] Add module parameters 'soft_reboot_cmd' and 'soft_active_on_boot' for customizing softdog configuration (JIRA:Rocky Linux-19723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: powerpc: Fix access beyond end of drmem array (CVE-2023-52451) * kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463) * kernel: tracing: Restructure trace_clock_global() to never block (CVE-2021-46939) * kernel: ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622) * kernel: net/sched: flower: Fix chain template offload (CVE-2024-26669) * kernel: stmmac: Clear variable when destroying workqueue (CVE-2024-26802) * kernel: efi: runtime: Fix potential overflow of soft-reserved region size (CVE-2024-26843) * kernel: quota: Fix potential NULL pointer dereference (CVE-2024-26878) * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886) * kernel: SUNRPC: fix a memleak in gss_import_v2_context (CVE-2023-52653) * kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823) * kernel: Revert &#34;net/mlx5: Block entering switchdev mode with ns inconsistency&#34; (CVE-2023-52658) * kernel: ext4: fix corruption during on-line resize (CVE-2024-35807) * kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801) * kernel: dyndbg: fix old BUG_ON in &gt;control parser (CVE-2024-35947) * kernel: net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893) * kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (CVE-2024-35876) * kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864) * kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (CVE-2023-52845) * (CVE-2023-28746) * (CVE-2023-52847) * (CVE-2021-47548) * (CVE-2024-36921) * (CVE-2024-26921) * (CVE-2021-47579) * (CVE-2024-36927) * (CVE-2024-39276) * (CVE-2024-33621) * (CVE-2024-27010) * (CVE-2024-26960) * (CVE-2024-38596) * (CVE-2022-48743) * (CVE-2024-26733) * (CVE-2024-26586) * (CVE-2024-26698) * (CVE-2023-52619) Bug Fix(es): * Rocky Linux8.6 - Spinlock statistics may show negative elapsed time and incorrectly formatted output (JIRA:Rocky Linux-17678) * [AWS][8.9]There are call traces found when booting debug-kernel for Amazon EC2 r8g.metal-24xl instance (JIRA:Rocky Linux-23841) * [rhel8] gfs2: Fix glock shrinker (JIRA:Rocky Linux-32941) * lan78xx: Microchip LAN7800 never comes up after unplug and replug (JIRA:Rocky Linux-33437) * [Hyper-V][Rocky Linux-8.10.z] Update hv_netvsc driver to TOT (JIRA:Rocky Linux-39074) * Use-after-free on proc inode-i_sb triggered by fsnotify (JIRA:Rocky Linux-40167) * blk-cgroup: Properly propagate the iostat update up the hierarchy [rhel-8.10.z] (JIRA:Rocky Linux-40939) * (JIRA:Rocky Linux-31798) * (JIRA:Rocky Linux-10263) * (JIRA:Rocky Linux-40901) * (JIRA:Rocky Linux-43547) * (JIRA:Rocky Linux-34876) Enhancement(s): * [RFE] Add module parameters 'soft_reboot_cmd' and 'soft_active_on_boot' for customizing softdog configuration (JIRA:Rocky Linux-19723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms kernel-tools-libs-devel-4.18.0-553.16.1.el8_10.aarch64.rpm aa99ce956c0d1f1d2e85f7c7f9028c0aeecd70ef3cdd7227efa496349eab74e1 RLSA-2024:5079 The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c (CVE-2018-15209) * libtiff: Buffer Overflow via /libtiff/tools/tiffcrop.c (CVE-2023-25433) * libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c (CVE-2023-6228) * libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service (CVE-2023-52356) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c (CVE-2018-15209) * libtiff: Buffer Overflow via /libtiff/tools/tiffcrop.c (CVE-2023-25433) * libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c (CVE-2023-6228) * libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service (CVE-2023-52356) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms libtiff-tools-4.0.9-32.el8_10.aarch64.rpm 7db4d981e8df43a6af1e3d260b3999f62ad6918817cf28e707c169539b56691c RLSA-2024:5531 Setuptools is a collection of enhancements to the Python 3 distutils that allow you to more easily build and distribute Python 3 packages, especially ones that have dependencies on other packages. This package also contains the runtime components of setuptools, necessary to execute the software that requires pkg_resources. Security Fix(es): * pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for python3.12-setuptools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Setuptools is a collection of enhancements to the Python 3 distutils that allow you to more easily build and distribute Python 3 packages, especially ones that have dependencies on other packages. This package also contains the runtime components of setuptools, necessary to execute the software that requires pkg_resources. Security Fix(es): * pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms python3.12-setuptools-wheel-68.2.2-4.el8_10.noarch.rpm 9767ddf55bceb78f32a0855b666e5346b0de052fa44e44475a01f29505c929d6 RLSA-2024:6422 Bubblewrap (/usr/bin/bwrap) is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fix(es): * flatpak: Access to files outside sandbox for apps using persistent= (--persist) (CVE-2024-42472) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for flatpak, bubblewrap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Bubblewrap (/usr/bin/bwrap) is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fix(es): * flatpak: Access to files outside sandbox for apps using persistent= (--persist) (CVE-2024-42472) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms flatpak-devel-1.12.9-3.el8_10.aarch64.rpm 313728301804d54e772c691cc98c79e5191cbdf6fea0fa4812e93d69c08d11d3 RLSA-2024:5941 The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix(es): * libvpx: Heap buffer overflow related to VP9 encoding (CVE-2023-6349) * libvpx: Integer overflow in vpx_img_alloc() (CVE-2024-5197) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libvpx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix(es): * libvpx: Heap buffer overflow related to VP9 encoding (CVE-2023-6349) * libvpx: Integer overflow in vpx_img_alloc() (CVE-2024-5197) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms libvpx-devel-1.7.0-11.el8_10.aarch64.rpm 93055bb587a94fc05af0541459431fe3f825fa363217524f36e02e346273960c RLBA-2024:6981 The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Bug Fix(es): * libldb performance regression with indexes [rhel-8] (JIRA:Rocky Linux-12109) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libldb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Bug Fix(es): * libldb performance regression with indexes [rhel-8] (JIRA:Rocky Linux-12109) rocky-linux-8-aarch64-powertools-rpms python3-ldb-devel-2.8.0-1.el8_10.aarch64.rpm 7c849060358162eb0d5eb4600ec92300edb75d28c967d69173f1219dd0b55fc3 python-ldb-devel-common-2.8.0-1.el8_10.aarch64.rpm 9a49c079e2555a1ba8d9bfcc14969de125c67a14a283b4400fd1f1e9ee78971e RLBA-2024:6983 The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. Sample applications modeled after those included with the shadow password suite are included. Bug Fix(es) and Enhancement(s): * [libuser] Rocky Linux 8.9 Tier 0 Localization (JIRA:Rocky Linux-12111) * libuser: Fix findings from static application security testing (SAST) (JIRA:Rocky Linux-35578) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libuser. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. Sample applications modeled after those included with the shadow password suite are included. Bug Fix(es) and Enhancement(s): * [libuser] Rocky Linux 8.9 Tier 0 Localization (JIRA:Rocky Linux-12111) * libuser: Fix findings from static application security testing (SAST) (JIRA:Rocky Linux-35578) rocky-linux-8-aarch64-powertools-rpms libuser-devel-0.62-26.el8_10.aarch64.rpm bbb9c8dd000628d6ac7646691043a942fba369658ae69f4f1ca643fc5e4fcc4f RLSA-2024:6961 Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix. For the unversioned "python" executable, see manual page "unversioned-python". Security Fix(es): * python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032) * cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923) * python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service (CVE-2024-8088) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python3.12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix. For the unversioned "python" executable, see manual page "unversioned-python". Security Fix(es): * python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032) * cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923) * python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service (CVE-2024-8088) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms python3.12-debug-3.12.5-2.el8_10.aarch64.rpm fb4447e833742ff246cc48f4401e6211a7c36223904f6f0bc174bb90b054a8f1 python3.12-idle-3.12.5-2.el8_10.aarch64.rpm ca3c50555b6055051385b5944f43054329e02f81b6ec051569952ed42d2fb3f0 python3.12-test-3.12.5-2.el8_10.aarch64.rpm 53383207fcaab298a7ade0ce287f5c299c6a382adfccb9d09bb7b083aa28876a RLSA-2024:6962 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032) * cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923) * python: cpython: From NVD collector (CVE-2024-8088) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python3.11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032) * cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923) * python: cpython: From NVD collector (CVE-2024-8088) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms python3.11-debug-3.11.9-7.el8_10.aarch64.rpm 6b2da848351290a1e38a58b9d0ae705a0c7663fc3a0aae2ee6b7e433e5cf5f8f python3.11-idle-3.11.9-7.el8_10.aarch64.rpm f297f66f7a47e4a0f8965fa52be1521e615ca95afff81a83847390e70df9b5db python3.11-test-3.11.9-7.el8_10.aarch64.rpm c0bf7396f06484d27ef37d403d3f2af9fd7d61f36d395501be29081a3c7dd425 RLSA-2024:6963 The GTK+ library provides a multi-platform toolkit for creating graphical user interfaces. The gtk3 packages contain GTK+ version 3. Security Fix(es): * gtk3: gtk2: Library injection from CWD (CVE-2024-6655) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for gtk3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The GTK+ library provides a multi-platform toolkit for creating graphical user interfaces. The gtk3 packages contain GTK+ version 3. Security Fix(es): * gtk3: gtk2: Library injection from CWD (CVE-2024-6655) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms gtk3-devel-docs-3.22.30-12.el8_10.aarch64.rpm 2fd6e1189e358d40dc4ef0e8a89e4b1dde6ca3aa8944b80c579b6f7e890a500a RLBA-2024:6967 XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption". Bug Fix(es): * xmlsec1: Fix findings from static application security testing (SAST) (JIRA:Rocky Linux-36185) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for xmlsec1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption". Bug Fix(es): * xmlsec1: Fix findings from static application security testing (SAST) (JIRA:Rocky Linux-36185) rocky-linux-8-aarch64-powertools-rpms xmlsec1-devel-1.2.25-8.el8_10.aarch64.rpm 5fece1b1f9ef978785fd40f5495ae13b81ab0778f67b2fe5d2a0644f0cbd1114 xmlsec1-gcrypt-1.2.25-8.el8_10.aarch64.rpm 0a34c0839f9552e30679513e407582360ebb512363692424e5c34872bb2ba114 xmlsec1-gnutls-1.2.25-8.el8_10.aarch64.rpm 2f9eff48cb1df89b0be15e2e56a429abf52706a5ab1f885c32a1fc583665b6d4 xmlsec1-gnutls-devel-1.2.25-8.el8_10.aarch64.rpm 0f7eac954c517e82e1e17c289c615bb01e03bd6a949f6d6b1b3605c39738bc74 xmlsec1-openssl-devel-1.2.25-8.el8_10.aarch64.rpm 044982422455d995c05be63764af466e1d9a3be94aeda9c6fa2984d4dc246500 RLSA-2024:6973 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: using a large number of address headers may trigger a denial of service (CVE-2024-23184) * dovecot: very large headers can cause resource exhaustion when parsing message (CVE-2024-23185) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dovecot. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: using a large number of address headers may trigger a denial of service (CVE-2024-23184) * dovecot: very large headers can cause resource exhaustion when parsing message (CVE-2024-23185) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dovecot-devel-2.3.16-6.el8_10.aarch64.rpm e1eb18cf5e7eed9c8dcc87658dfd6197053d9416befb716d40299a35c9ba9fdb RLSA-2024:7463 The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. Security Fix(es): * cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source () * cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076) * cups: libppd: remote command injection via attacker controlled data in PPD file () For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for cups-filters. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. Security Fix(es): * cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source () * cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076) * cups: libppd: remote command injection via attacker controlled data in PPD file () For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms cups-filters-devel-1.20.0-35.el8_10.aarch64.rpm cdb4d46b3f8b50699d93bef3b3f30df24adb8dd15618be9b241ca731534bffaf RLSA-2024:7851 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.135 and .NET Runtime 6.0.35. Security Fix(es): * dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484) * dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483) * dotnet: Denial of Service in System.Text.Json (CVE-2024-43485) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es): * dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484) * dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483) * dotnet: Denial of Service in System.Text.Json (CVE-2024-43485) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.135 and .NET Runtime 6.0.35. Security Fix(es): * dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484) * dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483) * dotnet: Denial of Service in System.Text.Json (CVE-2024-43485) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es): * dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484) * dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483) * dotnet: Denial of Service in System.Text.Json (CVE-2024-43485) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.135-1.el8_10.aarch64.rpm 69c5e2d74d654e0252a1b9cd6e479ce1fcfb31b412bcb7f69c14c6418843d7b0 RLSA-2024:7868 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.110 and .NET Runtime 8.0.10. Security Fix(es): * dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution (CVE-2024-38229) * dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483) * dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484) * dotnet: Denial of Service in System.Text.Json (CVE-2024-43485) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es): * dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484) * dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483) * dotnet: Denial of Service in System.Text.Json (CVE-2024-43485) * dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution (CVE-2024-38229) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.110 and .NET Runtime 8.0.10. Security Fix(es): * dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution (CVE-2024-38229) * dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483) * dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484) * dotnet: Denial of Service in System.Text.Json (CVE-2024-43485) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es): * dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484) * dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483) * dotnet: Denial of Service in System.Text.Json (CVE-2024-43485) * dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution (CVE-2024-38229) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.110-1.el8_10.aarch64.rpm a474ae50fb3f3bceabda9cf09bf40391936a7562f50c6039defb55efb55e1d10 RLSA-2024:8121 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) * JDK: Array indexing integer overflow (8328544) (CVE-2024-21210) * JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208) * JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217) * JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-11-openjdk. This update affects Rocky Linux 8, Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) * JDK: Array indexing integer overflow (8328544) (CVE-2024-21210) * JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208) * JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217) * JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms java-11-openjdk-demo-fastdebug-11.0.25.0.9-2.el8.aarch64.rpm daadca041d04a677f589469305b55798d1a64119f98b5180b7b988066c54a7e9 java-11-openjdk-demo-slowdebug-11.0.25.0.9-2.el8.aarch64.rpm 41588e08bfeb4334bfff64a7deaccc3e43d107b92ddd0ca9d88673bd56f87e0a java-11-openjdk-devel-fastdebug-11.0.25.0.9-2.el8.aarch64.rpm 64264ab529f203781d94ccaae709402d40845c4731104f1df7923143508aef10 java-11-openjdk-devel-slowdebug-11.0.25.0.9-2.el8.aarch64.rpm 9421299b26ec7625f67efa2133762f984cd9f1b731196e0ae6ea49b876535a52 java-11-openjdk-fastdebug-11.0.25.0.9-2.el8.aarch64.rpm f595e726c9769be97feaec6b2483414d0dc833d6406daf77fb001119efe04a75 java-11-openjdk-headless-fastdebug-11.0.25.0.9-2.el8.aarch64.rpm 412810573a257952ab615f9b68194e1a0cbaaf4568d03fcca8ef00a5ebd9d343 java-11-openjdk-headless-slowdebug-11.0.25.0.9-2.el8.aarch64.rpm 246b463bfa8f7f95d00e1f94a918d845fb00da71f5dce92cdbb1bfeb0f068b80 java-11-openjdk-jmods-fastdebug-11.0.25.0.9-2.el8.aarch64.rpm ed2fdcd024f88eaca50ec15c3f7184d91f9e762611fc88c884df5386ca6e85d7 java-11-openjdk-jmods-slowdebug-11.0.25.0.9-2.el8.aarch64.rpm e09d59807551ab83582e0db812271a2df7033e493567ac1d58b5c25729dea451 java-11-openjdk-slowdebug-11.0.25.0.9-2.el8.aarch64.rpm 693d86c6aefb8941e6a64d764c9ae90b8efaf78789653b939874c64790dddd09 java-11-openjdk-src-fastdebug-11.0.25.0.9-2.el8.aarch64.rpm ca95175b886abc635af532671e85038240ac231e0c927fb0dd9e04980f9b1fde java-11-openjdk-src-slowdebug-11.0.25.0.9-2.el8.aarch64.rpm fbbeb9b0424328ea29e92a50f659e7d4463735ba7a2ee6328ee5d10ee84a40a2 java-11-openjdk-static-libs-fastdebug-11.0.25.0.9-2.el8.aarch64.rpm 43eab709c35f0204b7ac710422640ab17454041a4254e280eac6e2272997a580 java-11-openjdk-static-libs-slowdebug-11.0.25.0.9-2.el8.aarch64.rpm cc6345d4fc3aaa93a6424ab6d33da37680a0da40ae9fad5b87db61a9ba0dd2d6 RLSA-2024:8127 The OpenJDK 21 runtime environment. Security Fix(es): * giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) * JDK: Array indexing integer overflow (8328544) (CVE-2024-21210) * JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208) * JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217) * JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-21-openjdk. This update affects Rocky Linux 8, Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The OpenJDK 21 runtime environment. Security Fix(es): * giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) * JDK: Array indexing integer overflow (8328544) (CVE-2024-21210) * JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208) * JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217) * JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms java-21-openjdk-demo-fastdebug-21.0.5.0.10-3.el8.aarch64.rpm 24363f9a5e53a31ad540fc280dfc00b7fdfc425eec985c62e2ba53f9fc8bcd0c java-21-openjdk-demo-slowdebug-21.0.5.0.10-3.el8.aarch64.rpm 6199a569a718eb0fbd3e4fbc86576b1085eb88571232b6bee2a8bd5d31806c10 java-21-openjdk-devel-fastdebug-21.0.5.0.10-3.el8.aarch64.rpm 593798ec9f931b542c74a377a2c35ca32e18d8dec547d81328b8fe252bc88986 java-21-openjdk-devel-slowdebug-21.0.5.0.10-3.el8.aarch64.rpm 0312734f2d026068f92988490ba5fb331fcfb915658cc4b15931269276e55554 java-21-openjdk-fastdebug-21.0.5.0.10-3.el8.aarch64.rpm d3141efa98175ab1d715a3486a0abdabb6b8acee1715f959b23567de73ee805d java-21-openjdk-headless-fastdebug-21.0.5.0.10-3.el8.aarch64.rpm d75406196307394cfe18b1ae5750690bc63a24b634112fd0dc777e164d85276a java-21-openjdk-headless-slowdebug-21.0.5.0.10-3.el8.aarch64.rpm 0421463bd6a365d8407b02c87a715b82c72c7eb1083235477e18419f2d6b3b32 java-21-openjdk-jmods-fastdebug-21.0.5.0.10-3.el8.aarch64.rpm f2aa20e5731dd8016bceb6b2c91ee5cda0a149409ce8dce3ae4d4f4efc83ab2c java-21-openjdk-jmods-slowdebug-21.0.5.0.10-3.el8.aarch64.rpm cc30c32537e36aadeec490b7337335fb22017d5c1b953865bd7ddabb7c696c8c java-21-openjdk-slowdebug-21.0.5.0.10-3.el8.aarch64.rpm a3259d399e496cc35f0f79b5c0e6c2364431be62081d1cb8474662c9acb8f9f7 java-21-openjdk-src-fastdebug-21.0.5.0.10-3.el8.aarch64.rpm e2cd8a342ae7eebf90a130c1dece05b46e428e345e6f069f44bab5de08e110b1 java-21-openjdk-src-slowdebug-21.0.5.0.10-3.el8.aarch64.rpm fed439fc937ee25c65b240e451b1d806bb398d5eecfea37b8db8e2af4281f8d3 java-21-openjdk-static-libs-fastdebug-21.0.5.0.10-3.el8.aarch64.rpm 6fd4dc28e3b23fea227dfb0e2c9d26d7dec3fedb845c1b26becc498369e7b9df java-21-openjdk-static-libs-slowdebug-21.0.5.0.10-3.el8.aarch64.rpm c8ba9118c8e2b3b6cd9662bf26315dfab9736ae8628e37f981a2ed845b20edb7 RLSA-2024:8124 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) * JDK: Array indexing integer overflow (8328544) (CVE-2024-21210) * JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208) * JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217) * JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-17-openjdk. This update affects Rocky Linux 8, Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) * JDK: Array indexing integer overflow (8328544) (CVE-2024-21210) * JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208) * JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217) * JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms java-17-openjdk-demo-fastdebug-17.0.13.0.11-3.el8.aarch64.rpm 0e3c761061095d6297acd5847dd0e0c07a133f69f2512cdb426c36e697c64740 java-17-openjdk-demo-slowdebug-17.0.13.0.11-3.el8.aarch64.rpm 48ee0304abf6f514a3668cd596e205727ad3758fc84d9023707dc41a6233c81c java-17-openjdk-devel-fastdebug-17.0.13.0.11-3.el8.aarch64.rpm 87fd105ccef1ddde9c25da7312337ae5279afdf0c3f4032d4bead71647d3ac02 java-17-openjdk-devel-slowdebug-17.0.13.0.11-3.el8.aarch64.rpm da1b071f16dcccb5fcebb3cc61fc1ad84aaacaf2ece754ec5c9aead425c677c4 java-17-openjdk-fastdebug-17.0.13.0.11-3.el8.aarch64.rpm e847a7b6b6892bd3eb5c0f3d884dcefd66ce853edd70f7d2ff4e594f8697e60e java-17-openjdk-headless-fastdebug-17.0.13.0.11-3.el8.aarch64.rpm 32acb3268abdf45e599187dc4a9aa43249e08f8f4158b775ebd4243c760cd441 java-17-openjdk-headless-slowdebug-17.0.13.0.11-3.el8.aarch64.rpm 8dc9084cf53e4f586730acbb1e01ea15aa299a8f9c2486860d5b40fa3ae9c653 java-17-openjdk-jmods-fastdebug-17.0.13.0.11-3.el8.aarch64.rpm 4b59559bfd0459faca54255898e60fbafb673239a8e03e8629937b9cb92c9783 java-17-openjdk-jmods-slowdebug-17.0.13.0.11-3.el8.aarch64.rpm e8b45eca1b332f5eb6a0c6ac40e3043fb00506cfe084b353868fc541ed4feaae java-17-openjdk-slowdebug-17.0.13.0.11-3.el8.aarch64.rpm 9f5bf8f2326a20d291de5753007f6600896098d16bdc478b82d1810d23316d9e java-17-openjdk-src-fastdebug-17.0.13.0.11-3.el8.aarch64.rpm 9a11c6f30508f51d8cb120404ff6d012027b571f60ca9ae34e90ca0e793523c9 java-17-openjdk-src-slowdebug-17.0.13.0.11-3.el8.aarch64.rpm 22331fbd84a7eb77d0244e57c609d6c0132254b02953dbabe6202e58ef3d431f java-17-openjdk-static-libs-fastdebug-17.0.13.0.11-3.el8.aarch64.rpm b2fa8c0013e2cf55b28729e11b28b532934a47678593761d105b5ca22efba56d java-17-openjdk-static-libs-slowdebug-17.0.13.0.11-3.el8.aarch64.rpm db29d9281e3ff415be1cc6d6d0633b4b8b113f17926bb4deb28f20382babb3b2 RLSA-2024:8117 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) * JDK: Array indexing integer overflow (8328544) (CVE-2024-21210) * JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208) * JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217) * JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-1.8.0-openjdk. This update affects Rocky Linux 8, Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) * JDK: Array indexing integer overflow (8328544) (CVE-2024-21210) * JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208) * JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217) * JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.432.b06-2.el8.aarch64.rpm 5948372c3541112d160a19ecb1e25a05897a12fb8c754f0a82f9155816a25b62 java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.432.b06-2.el8.aarch64.rpm ae663e0580de1d297a2250cc26f3802a05526d2e078162627d2d7da8276254b4 java-1.8.0-openjdk-demo-fastdebug-1.8.0.432.b06-2.el8.aarch64.rpm 142a1362a6241c2abe131ec8296984a8742c63aa0ab42063b0131ed399fcddb4 java-1.8.0-openjdk-demo-slowdebug-1.8.0.432.b06-2.el8.aarch64.rpm 5e809b5335ffb26aae6c4a0914e9bd0e5706d89fead5db492db337b088b6191a java-1.8.0-openjdk-devel-fastdebug-1.8.0.432.b06-2.el8.aarch64.rpm 33355661dd4745d20c62c06053885241a1fb5ec919e7011e198a92987cabf915 java-1.8.0-openjdk-devel-slowdebug-1.8.0.432.b06-2.el8.aarch64.rpm a0e6ac46d209d28a7ed59bc020f0f57f9d6725d14642bb7bcf5137a91bf0408f java-1.8.0-openjdk-fastdebug-1.8.0.432.b06-2.el8.aarch64.rpm 52cb4b697a7b343284e04d6adf6ec8228eac2739eaa817afcbc7924391180af9 java-1.8.0-openjdk-headless-fastdebug-1.8.0.432.b06-2.el8.aarch64.rpm 56afb10b724244ab896b6292c5ec4f1e716d521e7bb9271edb8d74ce35f62f76 java-1.8.0-openjdk-headless-slowdebug-1.8.0.432.b06-2.el8.aarch64.rpm 9d92a03166d748a1296840a63af6194fe31f358be24f792c73cd6b7c6f4c092a java-1.8.0-openjdk-slowdebug-1.8.0.432.b06-2.el8.aarch64.rpm e4bb831cd02438c5124e59c67ab77f3c1ee51a4159d90ee33af67a08809d63d3 java-1.8.0-openjdk-src-fastdebug-1.8.0.432.b06-2.el8.aarch64.rpm 53cf6d072cc203354779077bc7c753e0014ce577c909976a265697e879d82957 java-1.8.0-openjdk-src-slowdebug-1.8.0.432.b06-2.el8.aarch64.rpm 18ccee919dbedf4b8e03584c84a2cb7488f23c3b1cef070ff277aca479fb05a5 RLEA-2024:8852 The libproxy packages provide a library that handles all the details of proxy configuration. The libproxy library provides a stable external API, dynamic adjustment to changing network topology, and small core footprint. It does not use external dependencies within the libproxy core, however libproxy plug-ins may have dependencies. Bug Fix(es) and Enhancement(s): * libproxy: sending more than 102400 bytes in PAC without a Content-Length present could result in buffer overflow [rhel-8.10.0] (JIRA:Rocky Linux-30660) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libproxy. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libproxy packages provide a library that handles all the details of proxy configuration. The libproxy library provides a stable external API, dynamic adjustment to changing network topology, and small core footprint. It does not use external dependencies within the libproxy core, however libproxy plug-ins may have dependencies. Bug Fix(es) and Enhancement(s): * libproxy: sending more than 102400 bytes in PAC without a Content-Length present could result in buffer overflow [rhel-8.10.0] (JIRA:Rocky Linux-30660) rocky-linux-8-aarch64-powertools-rpms libproxy-devel-0.4.15-5.5.el8_10.aarch64.rpm b1985b43314e84124e9f346c8316b4d513d5e2494f8c6dc147c226d37ac4f372 RLSA-2024:8856 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857) * kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492) * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851) * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924) * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017) * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976) * kernel: nouveau: lock the client object tree. (CVE-2024-27062) * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839) * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898) * kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939) * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608) * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586) * kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541) * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540) * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503) * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924) * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961) * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983) * kernel: ACPICA: Revert &#34;ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.&#34; (CVE-2024-40984) * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773) * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009) * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042) * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066) * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092) * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093) * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070) * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079) * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244) * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284) * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292) * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301) * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854) * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880) * kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936) * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889) * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892) * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935) * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989) * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990) * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018) * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826) * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857) * kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492) * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851) * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924) * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017) * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976) * kernel: nouveau: lock the client object tree. (CVE-2024-27062) * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839) * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898) * kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939) * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608) * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586) * kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541) * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540) * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503) * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924) * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961) * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983) * kernel: ACPICA: Revert &#34;ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.&#34; (CVE-2024-40984) * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773) * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009) * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042) * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066) * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092) * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093) * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070) * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079) * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244) * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284) * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292) * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301) * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854) * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880) * kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936) * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889) * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892) * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935) * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989) * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990) * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018) * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826) * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms kernel-tools-libs-devel-4.18.0-553.27.1.el8_10.aarch64.rpm 7b6c3976622a0d8605a5c8659dad14e510a60c712f210ed735d8ba1c46b008e6 RLSA-2024:8859 XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Security Fix(es): * libexpat: Integer Overflow or Wraparound (CVE-2024-45491) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for xmlrpc-c. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Security Fix(es): * libexpat: Integer Overflow or Wraparound (CVE-2024-45491) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms xmlrpc-c-c++-1.51.0-10.el8_10.aarch64.rpm d1abcfa913e13a86565eb408d58474226761a8f2398916287c2555e952008eae xmlrpc-c-client++-1.51.0-10.el8_10.aarch64.rpm 97567f3755a1f4aed23748de0dee839c29093fb60de2663e3baa161446aa94e3 xmlrpc-c-devel-1.51.0-10.el8_10.aarch64.rpm 84276337f8eb89250d482639b4b72bbe5e520e66d29eeab4bd74315312c70f90 RLBA-2024:8861 OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. Bug Fix(es): * LDAPChannel binding enforced on AD with AD cert using EDCSA-SHA384 ( NOT RSA)- sssd kerberos SASL fails with STARTTLS enabled on AD LDAP Port while it works with AD cert using RSA (JIRA:Rocky Linux-35538) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for openldap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. Bug Fix(es): * LDAPChannel binding enforced on AD with AD cert using EDCSA-SHA384 ( NOT RSA)- sssd kerberos SASL fails with STARTTLS enabled on AD LDAP Port while it works with AD cert using RSA (JIRA:Rocky Linux-35538) rocky-linux-8-aarch64-powertools-rpms openldap-servers-2.4.46-20.el8_10.aarch64.rpm b8188797739308339ec3d400a6561ffdc3118d44cac3e6f35ca3030cb41b843e RLBA-2024:8866 GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Bug Fix(es): * Trashing on system internal mounts is not supported (JIRA:Rocky Linux-46828) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for glib2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Bug Fix(es): * Trashing on system internal mounts is not supported (JIRA:Rocky Linux-46828) rocky-linux-8-aarch64-powertools-rpms glib2-doc-2.56.4-165.el8_10.noarch.rpm 493211e216fd6518e4a21186ecaf7ada2da794767fa9445a064735c70618f531 glib2-static-2.56.4-165.el8_10.aarch64.rpm ef345d15ca72f59c894b211597605a5a6dc4ca7cba2877f9aab1a0b3b57e358d RLSA-2024:8798 X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability (CVE-2024-9632) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for xorg-x11-server-Xwayland, xorg-x11-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability (CVE-2024-9632) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms xorg-x11-server-devel-1.20.11-25.el8_10.aarch64.rpm 2c6435bc02c2679ca5ced231465741f6fa6832274046617f98cfd1fe2869a83a xorg-x11-server-source-1.20.11-25.el8_10.noarch.rpm ff868f94f0772f91372739b5b59d1efaabc72a84f7a4888dc34060f97374b924 RLSA-2024:8831 BPF Compiler Collection (BCC) is a toolkit for easier creation of efficient kernel tracing and manipulation programs. BCC uses the extended Berkeley Packet Filter (eBPF) tool. Security Fix(es): * bcc: unprivileged users can force loading of compromised linux headers (CVE-2024-2314) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for bcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

BPF Compiler Collection (BCC) is a toolkit for easier creation of efficient kernel tracing and manipulation programs. BCC uses the extended Berkeley Packet Filter (eBPF) tool. Security Fix(es): * bcc: unprivileged users can force loading of compromised linux headers (CVE-2024-2314) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms bcc-devel-0.25.0-9.el8_10.aarch64.rpm 9eaaca3a0f3f5b02daaf5e2a4e5a4b6c4064fe64c221b970a5c7fa40f3fad3c1 bcc-doc-0.25.0-9.el8_10.noarch.rpm 8f025225175255db60efc9b0d7cd3aa2bb3099b77599bc2a0d3b447559479c60 RLSA-2024:8833 The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: NULL pointer dereference in tif_dirinfo.c (CVE-2024-7006) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: NULL pointer dereference in tif_dirinfo.c (CVE-2024-7006) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms libtiff-tools-4.0.9-33.el8_10.aarch64.rpm 5e40f78728db156951b3dbfd3a0f429629da9c545ce3f1eba4a4187d1cfd6329 RLEA-2024:8835 Vulkan validation layers Bug Fix(es) and Enhancement(s): * [8.10.z] Vulkan rebase (z-stream): glslang (JIRA:Rocky Linux-54282) * [8.10.z] Vulkan rebase (z-stream): spirv-headers (JIRA:Rocky Linux-54284) * [8.10.z] Vulkan rebase (z-stream): spirv-tools (JIRA:Rocky Linux-54285) * [8.10.z] Vulkan rebase (z-stream): vulkan-headers (JIRA:Rocky Linux-54286) * [8.10.z] Vulkan rebase (z-stream): vulkan-loader (JIRA:Rocky Linux-54287) * [8.10.z] Vulkan rebase (z-stream): vulkan-tools (JIRA:Rocky Linux-54288) * [8.10.z] Vulkan rebase (z-stream): vulkan-validation-layers (JIRA:Rocky Linux-54290) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for vulkan-validation-layers, vulkan-headers, vulkan-tools, spirv-tools, vulkan-loader. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Vulkan validation layers Bug Fix(es) and Enhancement(s): * [8.10.z] Vulkan rebase (z-stream): glslang (JIRA:Rocky Linux-54282) * [8.10.z] Vulkan rebase (z-stream): spirv-headers (JIRA:Rocky Linux-54284) * [8.10.z] Vulkan rebase (z-stream): spirv-tools (JIRA:Rocky Linux-54285) * [8.10.z] Vulkan rebase (z-stream): vulkan-headers (JIRA:Rocky Linux-54286) * [8.10.z] Vulkan rebase (z-stream): vulkan-loader (JIRA:Rocky Linux-54287) * [8.10.z] Vulkan rebase (z-stream): vulkan-tools (JIRA:Rocky Linux-54288) * [8.10.z] Vulkan rebase (z-stream): vulkan-validation-layers (JIRA:Rocky Linux-54290) rocky-linux-8-aarch64-powertools-rpms spirv-tools-devel-2024.2-1.el8_10.aarch64.rpm 797d088910da4ed36da676e607680ba05f646c607503d0de1dcf5244352d110f RLSA-2024:8836 Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix. For the unversioned "python" executable, see manual page "unversioned-python". Security Fix(es): * python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python3.12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix. For the unversioned "python" executable, see manual page "unversioned-python". Security Fix(es): * python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms python3.12-debug-3.12.6-1.el8_10.aarch64.rpm ff5dd496d7a25d0d1fd15f7f3cb1f83162ea7b31e96becc90f732ff964fcf214 python3.12-idle-3.12.6-1.el8_10.aarch64.rpm 7fb4e7d7d3fc3f12afb9817856889ace3cbe56c198bdc0f10aabf7b22d230866 python3.12-test-3.12.6-1.el8_10.aarch64.rpm 20affe5818b7153f9d27229a46408ddcf191466b368b137cbde7ac16071bc262 RLSA-2024:8838 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python3.11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-aarch64-powertools-rpms python3.11-debug-3.11.10-1.el8_10.aarch64.rpm ce61956c94fa731dca5dbbbf46c4e0de0ad02b674b4accfc7c750ec77cacacbf python3.11-idle-3.11.10-1.el8_10.aarch64.rpm fafbcc9590ec14c05f973cc9ed482cce4669be3934b54e018b608704f8d0bce1 python3.11-test-3.11.10-1.el8_10.aarch64.rpm ee7073b1d6d1f8b376d61abe0577fee65d7f867f6f9e925da66cd90558c712c7 RLBA-2024:8844 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Bug Fix(es): * Can't connect to Rocky Linux 10 installer (JIRA:Rocky Linux-53081) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Bug Fix(es): * Can't connect to Rocky Linux 10 installer (JIRA:Rocky Linux-53081) rocky-linux-8-aarch64-powertools-rpms freerdp-devel-2.11.7-1.el8_10.aarch64.rpm 458e58d7e609ed12c74a1d7059d8e6ed4286fa47da1220856a3a211bd011a571 RLBA-2024:8845 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Bug Fix(es): * Ghostscript is generating PJL of a significantly larger size (JIRA:Rocky Linux-61729) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Bug Fix(es): * Ghostscript is generating PJL of a significantly larger size (JIRA:Rocky Linux-61729) rocky-linux-8-aarch64-powertools-rpms ghostscript-doc-9.27-15.el8_10.noarch.rpm b5fd1836d5ccb6a811fd8f87a3f99a68b5568950555befa5f8b065ae19a9c536 ghostscript-tools-dvipdf-9.27-15.el8_10.aarch64.rpm 4b4812bd4c716cb113d567d6d90b6c753cd94405974c980a9f57f765e5881e87 ghostscript-tools-fonts-9.27-15.el8_10.aarch64.rpm aae491e3bf48e1cf820b3af567cf144622ccf5d84e6b6343e1be170662894c1d ghostscript-tools-printing-9.27-15.el8_10.aarch64.rpm 4f2b35d61b40b6d05d66f6eaab1e1bb1182a423839286e026f284208f60904f4 libgs-devel-9.27-15.el8_10.aarch64.rpm c67f99b7ad52f8492cadee3e812f8a9cb38a54894833b9b1585e58adcf41fd9d RLEA-2024:9519 .NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. Bug Fix(es): * Update to .NET 9 RC 1 (JIRA:Rocky Linux-59037) * Update to .NET 9 RC 2 (JIRA:Rocky Linux-62768) Enhancement(s): * New Package Request: dotnet9.0: .NET 9 for Rocky Linux 8 (JIRA:Rocky Linux-46701)Bug Fix(es) and Enhancement(s): * New Package Request: dotnet9.0: .NET 9 for Rocky Linux 8 (JIRA:Rocky Linux-46701) * Update to .NET 9 RC 1 (JIRA:Rocky Linux-59037) * Update to .NET 9 RC 2 (JIRA:Rocky Linux-62768) * Update .NET 9.0 to SDK 9.0.100 and Runtime 9.0.0 (JIRA:Rocky Linux-65536) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet9.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. Bug Fix(es): * Update to .NET 9 RC 1 (JIRA:Rocky Linux-59037) * Update to .NET 9 RC 2 (JIRA:Rocky Linux-62768) Enhancement(s): * New Package Request: dotnet9.0: .NET 9 for Rocky Linux 8 (JIRA:Rocky Linux-46701)Bug Fix(es) and Enhancement(s): * New Package Request: dotnet9.0: .NET 9 for Rocky Linux 8 (JIRA:Rocky Linux-46701) * Update to .NET 9 RC 1 (JIRA:Rocky Linux-59037) * Update to .NET 9 RC 2 (JIRA:Rocky Linux-62768) * Update .NET 9.0 to SDK 9.0.100 and Runtime 9.0.0 (JIRA:Rocky Linux-65536) rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-9.0-source-built-artifacts-9.0.100-1.el8_10.aarch64.rpm daeb49bf53856af3294df87e1210c4a9142a9e6c53358dc346a941d9010a23ce RLBA-2024:9568 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.136 and Runtime 6.0.36 (Rocky Linux-65364)Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.136 and Runtime 6.0.36 (JIRA:Rocky Linux-65364) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.136 and Runtime 6.0.36 (Rocky Linux-65364)Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.136 and Runtime 6.0.36 (JIRA:Rocky Linux-65364) rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.136-1.el8_10.aarch64.rpm f3ad61c8c7cf8339a5a34d90bc8479cdff2215be6e3d7d6d429e50e6eaf24d97 RLBA-2024:9569 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 8.0 to SDK 8.0.111 and Runtime 8.0.11 (Rocky Linux-65366)Bug Fix(es) and Enhancement(s): * Update .NET 8.0 to SDK 8.0.111 and Runtime 8.0.11 (JIRA:Rocky Linux-65366) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 8.0 to SDK 8.0.111 and Runtime 8.0.11 (Rocky Linux-65366)Bug Fix(es) and Enhancement(s): * Update .NET 8.0 to SDK 8.0.111 and Runtime 8.0.11 (JIRA:Rocky Linux-65366) rocky-linux-8-aarch64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.111-1.el8_10.1.aarch64.rpm 5b26d4138495a653cbcd0d235db9ee99008a2928d5bfecf18d1663458a0d92d9 RLBA-2024:9685 Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. Bug Fix(es): * WebKitGTK 2.46.1: Middle mouse button inserts primary clipboard twice [rhel-8.10.z] (JIRA:Rocky Linux-62681) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for evolution. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. Bug Fix(es): * WebKitGTK 2.46.1: Middle mouse button inserts primary clipboard twice [rhel-8.10.z] (JIRA:Rocky Linux-62681) rocky-linux-8-aarch64-powertools-rpms evolution-devel-3.28.5-27.el8_10.aarch64.rpm 639f1d5c03d5b41241c73f244b0ee084feaee694a63d5fa6b6155c0f4b549ef6