RLEA-2019:3511 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libvarlink. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libvarlink-devel-18-3.el8.x86_64.rpm b55cfffc5f85bde278643421a91262e344cc1726f22d1ac2434baecf528b27d8 RLSA-2019:3553 GNOME is the default desktop environment of Rocky Linux. Security Fix(es): * evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459) * gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd (CVE-2019-12795) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for pidgin, gnome-desktop3, pango, gdk-pixbuf2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GNOME is the default desktop environment of Rocky Linux. Security Fix(es): * evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459) * gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd (CVE-2019-12795) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms gdk-pixbuf2-xlib-2.36.12-5.el8.x86_64.rpm 80975f94327fde0be09114ca723eef0fe5b361abd33919599ec8bf9fc250a6c5 gdk-pixbuf2-xlib-devel-2.36.12-5.el8.x86_64.rpm e961d588a53bcac45d4e32fb87f5fc1fd165c21773b208bb0df88db93db963ae libpurple-devel-2.13.0-5.el8.x86_64.rpm 05ca7284f4fec8fd2a90a1b4885d6e7ae2f1430d8d114a10be919bedc07f35b8 pidgin-devel-2.13.0-5.el8.x86_64.rpm 54bcb129c8bce080a61d680b68bcfc5a39b152fea9a253258c7365fa3a257e07 RLBA-2019:3558 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libhbaapi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libhbaapi-devel-2.2.9-13.el8.x86_64.rpm e462f1134b87fe72e2ad737871533740ca86ce672a85d120fccffb30901cb9b5 RLBA-2019:3593 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ipset. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms ipset-devel-7.1-1.el8.x86_64.rpm 3daccfc1f91ea4cde4a2631eba295758a02824de807d38ac0f94d5d6abd5da09 RLSA-2020:0633 The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line. Security Fix(es): * ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for ppp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line. Security Fix(es): * ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms ppp-devel-2.4.7-26.el8_1.x86_64.rpm da869331b7c3621adf2515d94514b6f1756584944bf757af1c0645cbdb6eafd1 RLSA-2020:1766 GNOME is the default desktop environment of Rocky Linux. Security Fix(es): * LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp (CVE-2018-20337) * gdm: lock screen bypass when timed login is enabled (CVE-2019-3825) * gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c (CVE-2019-12447) * gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write (CVE-2019-12448) * gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges (CVE-2019-12449) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for mozjs52, gnome-tweaks, clutter, gnome-menus, mozjs60, baobab. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GNOME is the default desktop environment of Rocky Linux. Security Fix(es): * LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp (CVE-2018-20337) * gdm: lock screen bypass when timed login is enabled (CVE-2019-3825) * gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c (CVE-2019-12447) * gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write (CVE-2019-12448) * gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges (CVE-2019-12449) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms clutter-devel-1.26.2-8.el8.x86_64.rpm 7efb67322a749d8f69695596014ce87c85db9a2a0750cd4dddbf4efbe5e29275 clutter-doc-1.26.2-8.el8.x86_64.rpm 5a9d45785cd120b9105836f641313354fc4b3f603cc85705cbd326a471fc17a8 gnome-menus-devel-3.13.3-11.el8.x86_64.rpm 803fb2252c404e45c6aba93d9e220ac6317f0896f248278cdf82f0f34734e8c4 mozjs52-devel-52.9.0-2.el8.x86_64.rpm 459115c05dc47137e5b9bfa78f2d16ebe635d976efff6df0982a5d4446e54466 mozjs60-devel-60.9.0-4.el8.x86_64.rpm fa7a34b318b8ec9aa7f510d939f1ae5ff1d373c17c2f58c7cd077fbfc3b43256 RLBA-2020:1919 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ppp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms ppp-devel-2.4.7-26.el8_1.x86_64.rpm da869331b7c3621adf2515d94514b6f1756584944bf757af1c0645cbdb6eafd1 RLSA-2020:2755 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for nghttp2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libnghttp2-devel-1.33.0-3.el8_3.1.x86_64.rpm c9f1274be01ba917a2f7b29d94498c6ff51417668a1a0f9989af85b037239604 nghttp2-1.33.0-3.el8_3.1.x86_64.rpm 24e0819e0929509fd91927f2e1a688fd4aa037574c3dc18d79556d8f6e9da47e RLSA-2020:3654 The libcroco is a standalone Cascading Style Sheet level 2 (CSS2) parsing and manipulation library. Security Fix(es): * libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c (CVE-2020-12825) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libcroco. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libcroco is a standalone Cascading Style Sheet level 2 (CSS2) parsing and manipulation library. Security Fix(es): * libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c (CVE-2020-12825) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libcroco-devel-0.6.12-4.el8_2.1.x86_64.rpm 0fc17fb4015859269d277ac2ec47e7b301180c10e8b81ca58100449a89f482f2 RLSA-2020:4451 GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: gnome-remote-desktop (0.1.8), pipewire (0.3.6), vte291 (0.52.4), webkit2gtk3 (2.28.4), xdg-desktop-portal (1.6.0), xdg-desktop-portal-gtk (1.6.0). (BZ#1775345, BZ#1779691, BZ#1817143, BZ#1832347, BZ#1837406) Security Fix(es): * webkitgtk: Multiple security issues (CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-10018, CVE-2020-11793) * gnome-settings-daemon: Rocky Enterprise Software Foundation Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391) * LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for xdg-desktop-portal-gtk, tracker, LibRaw, vte291, gnome-remote-desktop, PackageKit, pipewire, pipewire0.2, potrace, gtk3, dleyna-renderer, libsoup, pygobject3, webrtc-audio-processing, frei0r-plugins, gnome-session, gsettings-desktop-schemas. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: gnome-remote-desktop (0.1.8), pipewire (0.3.6), vte291 (0.52.4), webkit2gtk3 (2.28.4), xdg-desktop-portal (1.6.0), xdg-desktop-portal-gtk (1.6.0). (BZ#1775345, BZ#1779691, BZ#1817143, BZ#1832347, BZ#1837406) Security Fix(es): * webkitgtk: Multiple security issues (CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-10018, CVE-2020-11793) * gnome-settings-daemon: Rocky Enterprise Software Foundation Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391) * LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms frei0r-devel-1.6.1-7.el8.x86_64.rpm af864b967e6bed4e5388273ea0a0621f2aea236599ce362fe7eee7079848f244 pygobject3-devel-3.28.3-2.el8.x86_64.rpm a8c2b5f779ac4b138134d9e6e20f1abedab4ccc4de23c9abd4baa5e1cb7685a1 tracker-devel-2.1.5-2.el8.x86_64.rpm 575183374c091ddefe9691f4af42e5f8d7c4dc1609d6c7ddadb76142dde0739f vte291-devel-0.52.4-2.el8.x86_64.rpm ea235c1344dba8fc01f4c46db1fa7ba98f4f1afdb4d64518d7bb6cb55dbf57b8 PackageKit-glib-devel-1.1.12-6.el8.0.2.x86_64.rpm 60dce13c69b898769b4e23859d478d6a07c966ab9953b31e675ccc1a6bd2c992 RLEA-2020:4555 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libpsl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libpsl-devel-0.20.2-6.el8.x86_64.rpm 37830e981153120e4a163d18a2f608e2d3131c5519afca75edf013586b0074b9 RLEA-2020:4556 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libnetfilter_queue. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libnetfilter_queue-devel-1.0.4-3.el8.x86_64.rpm d3ab0d2f234cda210c06d86a1f6a81a7be2a4b598a46b93ebbca319c4454dc85 RLBA-2020:4600 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for snappy. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms snappy-devel-1.1.8-3.el8.x86_64.rpm 8c5b98d76845f696d71780870778a99122f1fd2a2374cc70b27bad8be7d6732f RLSA-2021:1586 GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: accountsservice (0.6.55), webkit2gtk3 (2.30.4). (BZ#1846376, BZ#1883304) Security Fix(es): * webkitgtk: type confusion may lead to arbitrary code execution (CVE-2020-9948) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-9951) * webkitgtk: out-of-bounds write may lead to code execution (CVE-2020-9983) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13543) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13584) * glib2: insecure permissions for files and directories (CVE-2019-13012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for enchant2, cairomm, gnome-photos, webkit2gtk3, chrome-gnome-shell, geoclue2, dleyna-server, woff2, libdazzle, gtk2, gvfs, gjs, gnome-settings-daemon, gtkmm24, accountsservice, gnome-control-center, gnome-shell, gnome-software, soundtouch, gnome-boxes, gnome-terminal, libsass, libsigc++20, nautilus, OpenEXR, gnome-online-accounts, gtkmm30, dleyna-core, vala, libvisual, geocode-glib, pangomm, gtk-doc, atkmm, gdm, gamin, glibmm24, mutter, libepubgen. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: accountsservice (0.6.55), webkit2gtk3 (2.30.4). (BZ#1846376, BZ#1883304) Security Fix(es): * webkitgtk: type confusion may lead to arbitrary code execution (CVE-2020-9948) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-9951) * webkitgtk: out-of-bounds write may lead to code execution (CVE-2020-9983) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13543) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13584) * glib2: insecure permissions for files and directories (CVE-2019-13012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms atkmm-devel-2.24.2-7.el8.x86_64.rpm c2e6b58755cff493e1a39376a4a7044c90736268b48dfb36edcdd6b967aff495 atkmm-doc-2.24.2-7.el8.noarch.rpm 2598f60483489a4d971135fe643fd9a34d755e4a96c07689ab60bad21a582f59 cairomm-devel-1.12.0-8.el8.x86_64.rpm 014577dd524df14205b7d0061d0999f0a0817de7a76503b9f12c728e702d38b8 cairomm-doc-1.12.0-8.el8.noarch.rpm 138b57e136e261b564d6a902178d07fd422fe83f05caa53a50ec32705ea4174e enchant2-devel-2.2.3-3.el8.x86_64.rpm 02c07be62b968f1835412127b4a02485af27b045902d1e4bd244fcb4da4946a0 gamin-devel-0.1.10-32.el8.x86_64.rpm 8629a67a9c5d4f469d7bda8ccc2456100efda39107f546827aecbc45e58ecc3b geoclue2-devel-2.5.5-2.el8.x86_64.rpm 34b869a45260f5db78d085d2235fe77ec5ccd1849c5c22e80759d78a92ba3518 gjs-devel-1.56.2-5.el8.x86_64.rpm 1e7467017b563bb328fd0a06253f5d821b7a7a68fdf14b5abbaae3ba6b5725da glibmm24-devel-2.56.0-2.el8.x86_64.rpm 59daf3af6e6cdbcd0f43b82cd207ff276f7a37a449571362f306ef37f75b9019 glibmm24-doc-2.56.0-2.el8.noarch.rpm e4c1b83ec081cc5d49aa33270b12bc407eea45ebad3ccdce525e46a88e79503a gtkmm24-devel-2.24.5-6.el8.x86_64.rpm 0337d12eeeff3f309314396bbe1debc45147ca4a54a6a769a82af93c5510ffc2 gtkmm24-docs-2.24.5-6.el8.noarch.rpm b139c29053b16cd003baef27d687666b3ab39b9c8903011d1b3c7f82f5c275e6 gtkmm30-devel-3.22.2-3.el8.x86_64.rpm e986946f5b2f1c963c330a7904643710cc4e952da1495236d246e81b804877f3 gtkmm30-doc-3.22.2-3.el8.noarch.rpm 71f74a9b26e199050e0eaf869affba48af9648adea4818093b740b72964dca47 libdazzle-devel-3.28.5-2.el8.x86_64.rpm 5cdd898783b9a065033b1689447a467a4465e19f47f5278c76fbb15569fdeb4d libepubgen-devel-0.1.0-3.el8.x86_64.rpm ed1b22dc8e696b4f842a577d3af9fbbc8c7a880a4a67b66b9a175cbd5c3995a5 libsass-3.4.5-6.el8.x86_64.rpm 62804b308676433da995707a21c7f1b112890e7a7d17f3935b17f814657e5c41 libsass-devel-3.4.5-6.el8.x86_64.rpm a82feb403cfca34b1ba812d92942535f9c3dae0647c1666afc4b2afe84477870 libsigc++20-devel-2.10.0-6.el8.x86_64.rpm c3faa98649c7d51e1d8c97a378940912a44ae62c94780927abaff13df566e780 libsigc++20-doc-2.10.0-6.el8.noarch.rpm 4bd0fad981c77439d2f94977a0c5314b008dfa87658055909df65a2cae90ae80 libvisual-devel-0.4.0-25.el8.x86_64.rpm c296e5610958ca85ab4bb85343cdfd4765c41111ad757b539b4bf452e2d6cac2 OpenEXR-devel-2.2.0-12.el8.x86_64.rpm 376e8c3fca1c2dfe45762515965fd32bee4be4038f8fab5541fd920d617854a1 pangomm-devel-2.40.1-6.el8.x86_64.rpm 59de632c088b8f3f157b716e4c76d27a82bc93ec5823bb6deb2c3ee3c637228b pangomm-doc-2.40.1-6.el8.noarch.rpm 68d1b3c4e9b3cf47ccffa9b02a5ffc49639d3769b9ebb167cd1008c3709debf5 soundtouch-devel-2.0.0-3.el8.x86_64.rpm c1d6f943c9248ec0d1a51b4b5b64b21cbcab7a008836ae5b7ab2583e5f665e24 vala-0.40.19-2.el8.x86_64.rpm 4ce756f0d7c9b3150d3a6bae4d68f2d1516b962c225b399d6eb60d182a17d5ac vala-devel-0.40.19-2.el8.x86_64.rpm ba60b658fb7a8df486fa65d17aae26e70df57d29f44d6d4519ac9260ebc88679 woff2-devel-1.0.2-5.el8.x86_64.rpm 569a9ec62e22fd6550e095591dc2e93f324bafefe7835ccfdccc2dc5ad72cbd3 RLBA-2021:1587 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for librabbitmq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms librabbitmq-devel-0.9.0-3.el8.x86_64.rpm cfa54fe671f1c76b7a3ca7fc92136cfe507940547635deb741698e12314042c1 RLBA-2021:1612 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for avahi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms avahi-compat-howl-0.7-20.el8.x86_64.rpm 8edae4ff0773e3d38f52465e569e7be973bf6c080a3bc6316212f55eb6084995 avahi-compat-howl-devel-0.7-20.el8.x86_64.rpm 5f9e658cc48a1c6ed3a0d1f3ac81ce92f1b4e68c5b7811038905b8ac5164e36e avahi-compat-libdns_sd-0.7-20.el8.x86_64.rpm cc7eff911c02f95bcc810d1da70c812cf2ed763ea015266c8084533603bb7761 avahi-compat-libdns_sd-devel-0.7-20.el8.x86_64.rpm 3a2572f99075805d409478af4324259466b3ec584584747fef3114260974099c avahi-devel-0.7-20.el8.x86_64.rpm 19adf179c904c8c0b0e4b0c8b6a6953921746e95bd0fada758ffeb4254387abb avahi-glib-devel-0.7-20.el8.x86_64.rpm c0d8db33667b57f7c881e23d4119df17a49edead3d80dfa177ae0d4b851997d8 avahi-gobject-devel-0.7-20.el8.x86_64.rpm 91e8c26ae4ef6fa7a470bebf460ddbf8ec568834ed9f696c28a204fea2c00e38 avahi-ui-0.7-20.el8.x86_64.rpm 7417fb13aba845332d2ceded701990d7ee68fc6d7048cfa5fc23db88848f87c2 avahi-ui-devel-0.7-20.el8.x86_64.rpm d3fe252afe6ee6a7675ff3850d32e6fb3ee0fa6d4295c0c9871a537148459980 RLSA-2021:1627 TrouSerS is an implementation of the Trusted Computing Group's Software Stack (TSS) specification. TrouSerS enables the user to write applications that make use of the Trusted Platform Module (TPM) hardware. The following packages have been upgraded to a later upstream version: trousers (0.3.15). (BZ#1725782) Security Fix(es): * trousers: tss user still has read and write access to the /etc/tcsd.conf file if tcsd is started as root (CVE-2020-24331) * trousers: tss user can be used to create or corrupt existing files, this could lead to DoS (CVE-2020-24332) * trousers: fails to drop the root gid privilege when no longer needed (CVE-2020-24330) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for trousers. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

TrouSerS is an implementation of the Trusted Computing Group's Software Stack (TSS) specification. TrouSerS enables the user to write applications that make use of the Trusted Platform Module (TPM) hardware. The following packages have been upgraded to a later upstream version: trousers (0.3.15). (BZ#1725782) Security Fix(es): * trousers: tss user still has read and write access to the /etc/tcsd.conf file if tcsd is started as root (CVE-2020-24331) * trousers: tss user can be used to create or corrupt existing files, this could lead to DoS (CVE-2020-24332) * trousers: fails to drop the root gid privilege when no longer needed (CVE-2020-24330) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms trousers-devel-0.3.15-1.el8.x86_64.rpm 62f21a42b4cfb1808bbc995066ae9a621f640c0fb028a3505e6d419bf700a32c RLBA-2021:1628 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for tpm-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms tpm-tools-devel-1.3.9.2-1.el8.x86_64.rpm 3e09afc3c1ec21a7b0fc7fadebecf307f5d47abbec4326be135bf29fb696209e RLBA-2021:1689 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for librepo, librhsm. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms librhsm-devel-0.0.3-4.el8.x86_64.rpm 5f4c650fd8a1c375bdb24d9eebdf8ebbf88599faa31f10b756fd97ded80d550d RLBA-2021:1696 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for intel-cmt-cat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms intel-cmt-cat-devel-4.0.0-0.el8.x86_64.rpm 35751cd4efa547d53328014fe341aa066cfbdd7360eb9dca5fb9811c872b2024 RLEA-2021:1712 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libpcap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libpcap-devel-1.9.1-5.el8.x86_64.rpm e786615300f617b808f0c372bc9bad2074b599b707e0fddf4c15730d872f59bb RLEA-2021:1720 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ima-evm-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms ima-evm-utils-devel-1.3.2-12.el8.x86_64.rpm beb45fe21f7460179800abfa4bee06e6e306fb8c826d1ae1525f2d125af02218 RLBA-2021:1731 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for userspace-rcu. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms userspace-rcu-devel-0.10.1-4.el8.x86_64.rpm d0f6a8504e2ad49da0dcdf713317d36722beae6aa352d6fc4d7b1895505a5233 RLBA-2021:3594 The libdb packages provide the Berkeley Database, an embedded database supporting both traditional and client/server applications. Bug Fix(es) and Enhancement(s): * [FJ8.4 Bug]: [REG]The rpm command hangs and the CPU usage reaches 100% (BZ#2001972) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libdb packages provide the Berkeley Database, an embedded database supporting both traditional and client/server applications. Bug Fix(es) and Enhancement(s): * [FJ8.4 Bug]: [REG]The rpm command hangs and the CPU usage reaches 100% (BZ#2001972) rocky-linux-8-x86-64-powertools-rpms libdb-cxx-5.3.28-42.el8_4.x86_64.rpm cf736b0b588c375926cac5720eaf0b5c12a03396fdd0702b30c45778c299d5da libdb-cxx-devel-5.3.28-42.el8_4.x86_64.rpm 70ded5decf8add2e61325131a2d587bd4db8afae0f8e69a5d20c82dc960a1944 libdb-devel-doc-5.3.28-42.el8_4.noarch.rpm 75d6fad816ec9f39c8f77f2d0eb7abcf6a01acb377b20d0d26e389a6a21bf15a libdb-sql-5.3.28-42.el8_4.x86_64.rpm c011c66393e6cfd53143facc502816d2087e2c1a34e50a9f0878c013dc8acb4a libdb-sql-devel-5.3.28-42.el8_4.x86_64.rpm e50bcd585f11e4a80adef287c3b1660a9c27db2ffbcbcb0295d88ae8fd328c69 RLBA-2021:4371 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libxcrypt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libxcrypt-static-4.1.1-6.el8.x86_64.rpm 6cd698f481382473e361ea705ee6a38e407ae017b4bdd7747f9961295f6c3be3 RLSA-2021:4373 PCRE is a Perl-compatible regular expression library. Security Fix(es): * pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 (CVE-2019-20838) * pcre: Integer overflow when parsing callout numeric arguments (CVE-2020-14155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for pcre. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

PCRE is a Perl-compatible regular expression library. Security Fix(es): * pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 (CVE-2019-20838) * pcre: Integer overflow when parsing callout numeric arguments (CVE-2020-14155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms pcre-static-8.42-6.el8.x86_64.rpm 5a941c237db592d0dc03ddbd75cc732309b95423a614390a96fc7903e0c70b37 RLBA-2021:4377 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for quota. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms quota-devel-4.04-14.el8.x86_64.rpm 36ab026ce8a8b89cd44c442b181f01f91216fe9c4a02d1fb068acb8a015fd3d3 RLSA-2021:4381 GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300) Security Fix(es): * webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558) * LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918) * webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788) * webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789) * webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799) * webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801) * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844) * webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870) * webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871) * webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775) * webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779) * webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806) * webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663) * webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665) * webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682) * webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689) * webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734) * webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749) * webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795) * webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799) * webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623) * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241) * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for gnome-shell-extensions, webkit2gtk3, LibRaw, gnome-settings-daemon, gsettings-desktop-schemas, gnome-autoar, mutter, accountsservice, gnome-control-center, gnome-online-accounts, gnome-shell, gtk3, gdm, vino, gnome-software, gnome-session, gnome-calculator. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300) Security Fix(es): * webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558) * LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918) * webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788) * webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789) * webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799) * webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801) * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844) * webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870) * webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871) * webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775) * webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779) * webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806) * webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663) * webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665) * webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682) * webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689) * webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734) * webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749) * webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795) * webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799) * webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623) * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241) * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms gnome-software-devel-3.36.1-10.el8.x86_64.rpm 58c7567875b23220f2cde0c79cdfdb45fa3d092b1505c7943dc22c5a545fd6dd LibRaw-devel-0.19.5-3.el8.x86_64.rpm d8eecd1384d7cc1762be8ec456703c2733bf058a979fd0f89d816acf840f39c0 RLEA-2021:4405 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libmodulemd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libmodulemd-devel-2.13.0-1.el8.x86_64.rpm ac3528e86d31b6c386766b2028b8139ce328326b2f210034902483eaf83945bc RLBA-2021:4412 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mpitests, mvapich2, ucx, qperf, opensm, rpm-mpi-hooks, rdma-core, mstflint, libvma, openmpi, fabtests, perftest, libfabric, mpich. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms opensm-devel-3.3.24-1.el8.x86_64.rpm 621ad039af7ffca86e413e5bd1b914ef2a950ad07cc1679d5bb557ade494242d RLBA-2021:4446 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for iscsi-initiator-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms iscsi-initiator-utils-devel-6.2.1.4-4.git095f59c.el8.x86_64.rpm ba066da9f10cef6ab1253966efe0e86c5f491f31f849ccfbbd7a158c89c47875 RLEA-2021:4450 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for tss2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms tss2-devel-1.6.0-1.el8.x86_64.rpm 60518da1f13980a092eddebd156e815cb9bf79a3e4b1288fbf05cdbbd37e86dd RLBA-2021:4475 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for freeipmi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms freeipmi-devel-1.6.8-1.el8.x86_64.rpm b78026e3c9c6cde5dd92a0f4d1f612d417381daa98790aa03f3bc2cc5b389e97 RLBA-2021:4477 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for parted. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms parted-devel-3.2-39.el8.x86_64.rpm 3f4318622b1f8c870e2c7e9d2c77eda3170974aa8ac5a8d6bee27a1fc24f8789 RLBA-2021:4483 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for OpenIPMI. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms OpenIPMI-devel-2.0.31-3.el8.x86_64.rpm c5ab15f7866bda26bc6c6d0e37385aad298a10df037429d3ce4f05f926a85cb2 RLEA-2021:4488 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for hwloc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms hwloc-devel-2.2.0-3.el8.x86_64.rpm ae23cdce52f1f08e32f1b1a8d6351d85dd3d8e613319358bb67ce92e3a123368 RLBA-2021:4505 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mobile-broadband-provider-info. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms mobile-broadband-provider-info-devel-20210805-1.el8.noarch.rpm 7a39848d36b0cce3fb579b79202c4b768831698134392940e50d2ced22975191 RLBA-2021:4507 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for fontconfig. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms fontconfig-devel-doc-2.13.1-4.el8.noarch.rpm f40bd239864c2fb6e63422c5c25a7e6c13abdf87edb075da0286845426005066 RLSA-2021:4510 The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fix(es): * lua: segmentation fault in getlocal and setlocal functions in ldebug.c (CVE-2020-24370) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for lua. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fix(es): * lua: segmentation fault in getlocal and setlocal functions in ldebug.c (CVE-2020-24370) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms lua-devel-5.3.4-12.el8.x86_64.rpm 7080d7eee1d52749bbc868db901af43634198e25e6570a4ad40f279c1958871e RLSA-2021:4513 The libsepol library provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy (the policy compiler) and similar tools, as well as by programs like load_policy that need to perform specific transformations on binary policies (for example, customizing policy boolean settings). Security Fix(es): * libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36084) * libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36085) * libsepol: use-after-free in cil_reset_classpermission() (CVE-2021-36086) * libsepol: heap-based buffer overflow in ebitmap_match_any() (CVE-2021-36087) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libsepol. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libsepol library provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy (the policy compiler) and similar tools, as well as by programs like load_policy that need to perform specific transformations on binary policies (for example, customizing policy boolean settings). Security Fix(es): * libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36084) * libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36085) * libsepol: use-after-free in cil_reset_classpermission() (CVE-2021-36086) * libsepol: heap-based buffer overflow in ebitmap_match_any() (CVE-2021-36087) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libsepol-static-2.9-3.el8.x86_64.rpm 3f4c77f797a85af2568a1e2c7e94b941468e0b66d023eb6694f8c4facb94646d RLEA-2022:2014 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mpitests, ucx, rdma-core, mstflint, libvma, libpsm2, fabtests, openmpi, pmix, perftest, eth-tools, mpich, libfabric. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libpsm2-devel-11.2.206-1.el8.x86_64.rpm fc9b4652423089fd9733632c2a521603fa39fa9d8e1c0b04abd47d0e1a0c6c44 pmix-devel-2.2.5-1.el8.x86_64.rpm 56542ebf0d731fc741c1561e5bf555d92b165590556d290dabff5a65c4445a4b python3-mpich-3.4.2-1.el8.x86_64.rpm 3945065c2b3fed8987ed18a940f1a0de541447ba754a30bfec1f45e66a918896 python3-openmpi-4.1.1-3.el8.x86_64.rpm 15f474daedc8256029bc4ea4951abd34638b8babdcbb1e5b04ff178e636b53e8 RLBA-2022:2027 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for json-c. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms json-c-doc-0.13.1-3.el8.noarch.rpm d27af04338be30aed0ad2d64bb84dddd51cda618cc346f82d726f0c63a94f98a RLBA-2022:2060 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for kmod. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms kmod-devel-25-19.el8.x86_64.rpm 67d7b54350816190c99ebeca303edccf1b8640409ef2db3780ede9fac9772841 RLBA-2022:2009 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ModemManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms ModemManager-devel-1.18.2-1.el8.x86_64.rpm 9da4c3ff58e0f68d2e9360595b1df77811d63dd5294d6e58e4b52e1d761eacc9 ModemManager-glib-devel-1.18.2-1.el8.x86_64.rpm 953162e7c211cbdb5767cb3438010fca5f267a1ba5988a58193c8049779ed53f RLBA-2022:2035 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libstoragemgmt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libstoragemgmt-devel-1.9.1-3.el8.x86_64.rpm 200ec66c6c5030ea60a22bee2ae51f6f7c5b1244b1d0b5dc42e6b107872f554c RLBA-2022:2046 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libcomps. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libcomps-devel-0.1.18-1.el8.x86_64.rpm 3f65a2ef348bb06ad92a2eb74f4385d32060a9b971915aae3b3ce21104eeaf5f RLBA-2022:2089 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for pcsc-lite. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms pcsc-lite-devel-1.9.5-1.el8.x86_64.rpm 8bc520e7470d97941874ac02348dee114d67ebe9a8b1ac5cb9a2250f90131ddd RLBA-2022:2099 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sysfsutils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libsysfs-devel-2.1.0-25.el8.x86_64.rpm 612454a49a2453271955df91b96dc17c506b5220d7c8ecc6f691fe656d51cb71 RLBA-2022:2101 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libnftnl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libnftnl-devel-1.1.5-5.el8.x86_64.rpm ed87881348d985de817ec2af41c51dcd2c9f9ce1cbcf4c46387f8f31e08e82bf RLBA-2022:2117 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gpgme. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms gpgme-devel-1.13.1-11.el8.x86_64.rpm c8e04f808b5d9fb2331402a39460d65019fdea05abf6a6b1f1ec23a38eb21292 gpgmepp-devel-1.13.1-11.el8.x86_64.rpm d6406b65554f93b2098f0b252267941cb5a13617124d0427d2f9a32cce2ec603 qgpgme-devel-1.13.1-11.el8.x86_64.rpm 4e8b5f2a357786ff92df408f27dbd38148c2ea347f36433ddff770739e4e3269 RLBA-2022:2118 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for texinfo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms texinfo-6.5-7.el8.x86_64.rpm f7bb262e62284adc68544fd7367ac7ded693836962eceb557b7b924b8bb601c6 texinfo-tex-6.5-7.el8.x86_64.rpm 2133b685d454b1c9df5f3a6c497773e86de13fa77a28f9ff7215c9ec2917b2f7 RLSA-2022:4991 XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for xz. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms xz-lzma-compat-5.2.4-4.el8_6.x86_64.rpm c46443322d333712b48c8e4f4dbe41066ea0ee1dd84f1886d008b4183929e24c RLSA-2022:5095 The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733) * grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap (CVE-2021-3695) * grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696) * grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697) * grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734) * grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735) * grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736) * shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for grub2, shim, shim-unsigned-x64, mokutil. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733) * grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap (CVE-2021-3695) * grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696) * grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697) * grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734) * grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735) * grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736) * shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms shim-unsigned-x64-15.6-1.el8.x86_64.rpm 0d5a1c86b1620393a1a07885918311a62775b9ab5f49f308de7cbac7521a2711 RLSA-2022:5498 Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): * libsolv: Heap-based buffer overflow in testcase_read() in src/testcase.c (CVE-2021-3200) * satellite: foreman: Authenticate remote code execution through Sendmail configuration (CVE-2021-3584) * candlepin: Allow unintended SCA certificate to authenticate Candlepin (CVE-2021-4142) * candlepin: netty: Information disclosure via the local system temporary directory (CVE-2021-21290) * candlepin: netty: Possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) * candlepin: netty: Request smuggling via content-length header (CVE-2021-21409) * tfm-rubygem-sidekiq: XSS via the queue name of the live-poll feature (CVE-2021-30151) * python-sqlparse: ReDoS via regular expression in StripComments filter (CVE-2021-32839) * libsolv: various flaws (CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938) * tfm-rubygem-puma: Inconsistent Interpretation of HTTP Requests in puma (CVE-2021-41136) * logback-classic: Remote code execution through JNDI call from within its configuration file (CVE-2021-42550) * candlepin: netty: Control chars in header names may lead to HTTP request smuggling (CVE-2021-43797) * python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) * python3-django: Potential bypass of an upstream access control based on URL paths (CVE-2021-44420) * libsolv: Heap overflow (CVE-2021-44568) * python3-django: Various flaws (CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 CVE-2022-22818) * tfm-rubygem-actionpack: Information leak between requests (CVE-2022-23633) * tfm-rubygem-puma: rubygem-rails: Information leak between requests (CVE-2022-23634) * python3-django: Denial-of-service possibility in file uploads (CVE-2022-23833) * tfm-rubygem-sidekiq: WebUI Denial of Service caused by number of days on graph (CVE-2022-23837) * python3-django: Various flaws (CVE-2022-28346 CVE-2022-28347) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: * New repo layout for Satellite, Utils, Maintenance, and Client repos. * Support for Rocky Linux 9 clients * Module-based installation on Rocky Linux 8 * Upgrading Satellite Server and Capsule Server installations from Rocky Linux 7 to Rocky Linux 8 * Connected and Disconnected servers supported on Rocky Linux 7 and Rocky Linux 8 * Inter-Server Synchronization improvements * Puppet integration optional and disabled by default * Pulp 3 updated to Python 3.8 * Change to Capsule certificate archive * New default port for communication with Rocky Enterprise Software Foundation Subscription Management * (RHSM) API on Capsule servers * New Content Views Page (Content Publication workflow simplification) * New Hosts Page (Technology Preview) * Registration and preview templates * Simplified host content source changing * Improved behavior for configuring and running remote jobs * Provisioning improvements * New error signaling unsupported options in TASK-Filter * Virt-who configuration enhanced to support Nutanix AHV * Cloud Connector configuration updated * Improved Insights adoption The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): * libsolv: Heap-based buffer overflow in testcase_read() in src/testcase.c (CVE-2021-3200) * satellite: foreman: Authenticate remote code execution through Sendmail configuration (CVE-2021-3584) * candlepin: Allow unintended SCA certificate to authenticate Candlepin (CVE-2021-4142) * candlepin: netty: Information disclosure via the local system temporary directory (CVE-2021-21290) * candlepin: netty: Possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) * candlepin: netty: Request smuggling via content-length header (CVE-2021-21409) * tfm-rubygem-sidekiq: XSS via the queue name of the live-poll feature (CVE-2021-30151) * python-sqlparse: ReDoS via regular expression in StripComments filter (CVE-2021-32839) * libsolv: various flaws (CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938) * tfm-rubygem-puma: Inconsistent Interpretation of HTTP Requests in puma (CVE-2021-41136) * logback-classic: Remote code execution through JNDI call from within its configuration file (CVE-2021-42550) * candlepin: netty: Control chars in header names may lead to HTTP request smuggling (CVE-2021-43797) * python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) * python3-django: Potential bypass of an upstream access control based on URL paths (CVE-2021-44420) * libsolv: Heap overflow (CVE-2021-44568) * python3-django: Various flaws (CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 CVE-2022-22818) * tfm-rubygem-actionpack: Information leak between requests (CVE-2022-23633) * tfm-rubygem-puma: rubygem-rails: Information leak between requests (CVE-2022-23634) * python3-django: Denial-of-service possibility in file uploads (CVE-2022-23833) * tfm-rubygem-sidekiq: WebUI Denial of Service caused by number of days on graph (CVE-2022-23837) * python3-django: Various flaws (CVE-2022-28346 CVE-2022-28347) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: * New repo layout for Satellite, Utils, Maintenance, and Client repos. * Support for Rocky Linux 9 clients * Module-based installation on Rocky Linux 8 * Upgrading Satellite Server and Capsule Server installations from Rocky Linux 7 to Rocky Linux 8 * Connected and Disconnected servers supported on Rocky Linux 7 and Rocky Linux 8 * Inter-Server Synchronization improvements * Puppet integration optional and disabled by default * Pulp 3 updated to Python 3.8 * Change to Capsule certificate archive * New default port for communication with Rocky Enterprise Software Foundation Subscription Management * (RHSM) API on Capsule servers * New Content Views Page (Content Publication workflow simplification) * New Hosts Page (Technology Preview) * Registration and preview templates * Simplified host content source changing * Improved behavior for configuring and running remote jobs * Provisioning improvements * New error signaling unsupported options in TASK-Filter * Virt-who configuration enhanced to support Nutanix AHV * Cloud Connector configuration updated * Improved Insights adoption The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. rocky-linux-8-x86-64-powertools-rpms libdb-cxx-5.3.28-42.el8_4.x86_64.rpm cf736b0b588c375926cac5720eaf0b5c12a03396fdd0702b30c45778c299d5da RLSA-2022:5809 The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Security Fix(es): * pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c (CVE-2022-1586) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for pcre2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Security Fix(es): * pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c (CVE-2022-1586) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms pcre2-tools-10.32-3.el8_6.x86_64.rpm 57d4ede3f1df3f4b0e9ad776e60869ebdfec4b9d033e7a96398e2119993a74e4 RLBA-2022:5815 The bash packages provide Bash (Bourne-again shell), which is the default shell for Rocky Linux. Bug Fix(es) and Enhancement(s): * Segfault in 'buffered_getchar()' function in bash (BZ#2097659) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for bash. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The bash packages provide Bash (Bourne-again shell), which is the default shell for Rocky Linux. Bug Fix(es) and Enhancement(s): * Segfault in 'buffered_getchar()' function in bash (BZ#2097659) rocky-linux-8-x86-64-powertools-rpms bash-devel-4.4.20-4.el8_6.x86_64.rpm 844e7b305035f1e3e1b64f77c1c016684e74e85c58e6fc6bb9c7d4e7e1c1b6dc RLSA-2022:7089 KSBA (pronounced Kasbah) is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Security Fix(es): * libksba: integer overflow may lead to remote code execution (CVE-2022-3515) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for libksba. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

KSBA (pronounced Kasbah) is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Security Fix(es): * libksba: integer overflow may lead to remote code execution (CVE-2022-3515) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libksba-devel-1.3.5-8.el8_6.x86_64.rpm 596312ded83140c492cd15da7e9cbe3342c4dfc783de66601b320d4cb954e322 RLBA-2022:7107 GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Bug Fix(es) and Enhancement(s): * Add --interface-info-[body|header] modes to gdbus-codegen. (BZ#2124615) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for glib2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Bug Fix(es) and Enhancement(s): * Add --interface-info-[body|header] modes to gdbus-codegen. (BZ#2124615) rocky-linux-8-x86-64-powertools-rpms glib2-doc-2.56.4-158.el8_6.1.noarch.rpm aa64cb9e557a147c0ba86aef7701e556397a660ebaa7822bdc19c57b448ee3f0 glib2-static-2.56.4-158.el8_6.1.x86_64.rpm 6227fcea57978647be3169b9610d7d1f26e0106aa3fcfda58fceac58218ab411 RLBA-2022:7116 The libsemanage library provides an API for the manipulation of SELinux binary policies. It is used by the checkpolicy compiler and similar utilitlies, as well as by programs such as load_policy, which must perform specific transformations on binary policies, such as customizing policy Boolean settings. Bug Fix(es) and Enhancement(s): * libsemanage's check_ext_changes doesn't pick up boolean changes (BZ#2129139) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libsemanage. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libsemanage library provides an API for the manipulation of SELinux binary policies. It is used by the checkpolicy compiler and similar utilitlies, as well as by programs such as load_policy, which must perform specific transformations on binary policies, such as customizing policy Boolean settings. Bug Fix(es) and Enhancement(s): * libsemanage's check_ext_changes doesn't pick up boolean changes (BZ#2129139) rocky-linux-8-x86-64-powertools-rpms libsemanage-devel-2.9-9.el8.x86_64.rpm 3b309975209093583f7e85fa97ef6ebd90775dc71bca15add81205f248428791 RLBA-2022:7682 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for babeltrace. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libbabeltrace-devel-1.5.4-4.el8.x86_64.rpm d00291636f6382afa86e163e231d179d10c9e70c4a0f1940df7b790882fd02bb python3-babeltrace-1.5.4-4.el8.x86_64.rpm c4dff5bf4b76d10fea887ed56e5846e80dd8bd4844020d2d9a0709dd60d4e043 RLSA-2022:7683 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516) * race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558) * use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640) * memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002) * smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168) * NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617) * swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854) * uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016) * race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048) * use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055) * use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184) * NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852) * buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078) * nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586) * openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639) * use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938) * net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368) * possible to use the debugger to write zero into a location of choice (CVE-2022-21499) * Spectre-BHB (CVE-2022-23960) * Post-barrier Return Stack Buffer Predictions (CVE-2022-26373) * memory leak in drivers/hid/hid-elo.c (CVE-2022-27950) * double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390) * use after free in SUNRPC subsystem (CVE-2022-28893) * use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581) * DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946) * nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516) * race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558) * use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640) * memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002) * smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168) * NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617) * swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854) * uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016) * race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048) * use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055) * use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184) * NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852) * buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078) * nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586) * openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639) * use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938) * net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368) * possible to use the debugger to write zero into a location of choice (CVE-2022-21499) * Spectre-BHB (CVE-2022-23960) * Post-barrier Return Stack Buffer Predictions (CVE-2022-26373) * memory leak in drivers/hid/hid-elo.c (CVE-2022-27950) * double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390) * use after free in SUNRPC subsystem (CVE-2022-28893) * use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581) * DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946) * nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-425.3.1.el8.x86_64.rpm 8cc554311d3d2340eed11c83d932636ac1b1de3cb6d41ef5968acab86002b3a1 RLBA-2022:7684 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms glibc-benchtests-2.28-211.el8.x86_64.rpm d8ea288d97e0f5484bcdf961fc6a14c93878a875625c4bee5b9a8e4bab0c7ff5 glibc-nss-devel-2.28-211.el8.x86_64.rpm 9ad2d64dca61f1ba8be1934bccd94abccd7e84321d84eaf392f1afd64cfc1065 glibc-static-2.28-211.el8.x86_64.rpm 7fa5900087a19e28ede7a2990ebc4b071da71db650a3717c98074324d4453b3c nss_hesiod-2.28-211.el8.x86_64.rpm e658a020ab7fd2893ca9e84a67c756bb38cd2677183a7b531144e87d87aaa8b8 RLBA-2022:7688 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms gcc-plugin-devel-8.5.0-15.el8.x86_64.rpm c4a26671473d5a49658ddd47c8f149e15307f5539ff97caf37d31843808304f7 libstdc++-static-8.5.0-15.el8.x86_64.rpm 7c7e9421f7f4d34479c5dfe11f647a4aafad18f2dc7088dc4a2d9d6b1b617504 RLBA-2022:7689 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for accel-config. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms accel-config-devel-3.4.6.3-1.el8.x86_64.rpm e34842b9ce1fe5617085d6b78be88ac0984f3eb382678ca6ef8eeb3d75901459 RLSA-2022:7692 XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Security Fix(es): * expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143) * expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822) * expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823) * expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824) * expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825) * expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826) * expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for xmlrpc-c. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Security Fix(es): * expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143) * expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822) * expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823) * expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824) * expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825) * expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826) * expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms xmlrpc-c-c++-1.51.0-8.el8.x86_64.rpm 4cb43c89d8443572ccba99d30a52b16903cffbbb0cada967aeac454536483adf xmlrpc-c-client++-1.51.0-8.el8.x86_64.rpm 3d83423f1af01ece22e402ff49d6954b4155ebdf4c9454d6ba6a7c0bcae8a6a3 xmlrpc-c-devel-1.51.0-8.el8.x86_64.rpm b40f1d2272acbe688e27519b4ee13f6895d6af7025c58b10d1e5f67c7b35dea9 RLBA-2022:7698 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for samba. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libsmbclient-devel-4.16.4-2.el8.x86_64.rpm 816a339e1fd62b999499e6200d9c2818cb5188faacc648b5b104552be96c70f5 libwbclient-devel-4.16.4-2.el8.x86_64.rpm 7b3f385448b9e517f94da2b250df484a79f06110a0e93fdbe1a44a434a4dd284 samba-devel-4.16.4-2.el8.x86_64.rpm 434c736e5304a61e61edcf86d6b112b4641ba64554018c27e552f2d12bae76a8 RLBA-2022:7707 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nftables. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms nftables-devel-0.9.3-26.el8.x86_64.rpm b9e61f33cf37bce5032bf4da2401a50ec3370e478eae82d1e14724d4851236cd RLBA-2022:7711 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libdnf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libdnf-devel-0.63.0-11.1.el8.x86_64.rpm 021428a44d145684833940de20027a0d1e48925011c1871a56e37e9c98493e46 RLBA-2022:7713 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libsolv. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libsolv-devel-0.7.20-3.el8.x86_64.rpm 7b70f8e4aa0b0e9ec004b5c77050075c6fa62b9c5c267006f6c33a8c45852730 libsolv-tools-0.7.20-3.el8.x86_64.rpm 5b6c1f5a8de76005c5930ae1ad6dd4507626659c71ed8cdbd5de1dac07c3dbb6 RLBA-2022:7714 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for device-mapper-multipath. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms device-mapper-multipath-devel-0.8.4-28.el8.x86_64.rpm 3378b75fb3bb938262a1f3b5dd3cdf146e1eb3d1c5841e21f3d76001d4b3b597 RLBA-2022:7717 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for elfutils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms elfutils-devel-static-0.187-4.el8.x86_64.rpm e6ef74d29e23463c1c6d57e0439d75a1b9cf1602c4f057ad6fc7aadd95a51754 elfutils-libelf-devel-static-0.187-4.el8.x86_64.rpm eba652f151b11f3a89a66f6e6d5ac0bb1e78ff0e6f812dcbd8bb23ae82b670f7 RLSA-2022:7720 The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. Security Fix(es): * e2fsprogs: out-of-bounds read/write via crafted filesystem (CVE-2022-1304) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for e2fsprogs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. Security Fix(es): * e2fsprogs: out-of-bounds read/write via crafted filesystem (CVE-2022-1304) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libss-devel-1.45.6-5.el8.x86_64.rpm fc00d579b548b0d629b833b8a82c32987f6d4132ca216f722907a3a76d0c3c42 RLBA-2022:7724 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for zlib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms zlib-static-1.2.11-20.el8.x86_64.rpm 60c5e420faa4668e444b7323f0b4ef22fa8a0536c9a9018044a622d1180e35f6 RLBA-2022:7731 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ding-libs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libbasicobjects-devel-0.1.1-40.el8.x86_64.rpm 0ce2c29f3dfc6fd705c96f06bd3b5a8052404201a0f63d2a2d29439aedb2de1b libcollection-devel-0.7.0-40.el8.x86_64.rpm c8540206be1695e437db19e2d63c1b932d6dd451e1cdf42525c618cb42772471 libini_config-devel-1.3.1-40.el8.x86_64.rpm 62274ace92c041e8ef3a5ea6feef64f70331b0a7d11cbc22a5bdfca2a854cb1b libpath_utils-devel-0.2.1-40.el8.x86_64.rpm 5292a249e8ebbf952ec9ceec04272a4ec23113bf27d3bb25e587aa2a7fc81964 libref_array-devel-0.1.5-40.el8.x86_64.rpm 95d67fc397b29e46839a864d564a8b698e91a04eef9a7ddb49578fabe6c2493c RLSA-2022:7730 The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. The following packages have been upgraded to a later upstream version: libldb (2.5.2). (BZ#2077484) Security Fix(es): * samba: AD users can induce a use-after-free in the server process with an LDAP add or modify request (CVE-2022-32746) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libldb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. The following packages have been upgraded to a later upstream version: libldb (2.5.2). (BZ#2077484) Security Fix(es): * samba: AD users can induce a use-after-free in the server process with an LDAP add or modify request (CVE-2022-32746) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms python3-ldb-devel-2.5.2-2.el8.x86_64.rpm c3af53ecf6f76a78d370e87f826c88290225a55eff72d87c43f598afdc18fee5 python-ldb-devel-common-2.5.2-2.el8.x86_64.rpm 4c2894314e8c4d5d4e1803fade1573946f3842f4f883e8a881dbc0ba5549958a RLBA-2022:7735 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for bluez. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms bluez-libs-devel-5.63-1.el8.x86_64.rpm d0a31e25b13cef8d45bbe0618decc65408b0c49961b2683a6469fb5979b049aa RLBA-2022:7737 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms opencryptoki-devel-3.18.0-3.el8.x86_64.rpm f2557bd5bebaa7a091645f7dd3cc583ba9e139e378e92c7c7399765ee851b827 RLBA-2022:7752 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for iproute. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms iproute-devel-5.18.0-1.el8.x86_64.rpm fcf3bbd5e1a3cbbed77e7520c7fac74e0bb1b75ffcc179abac909be97784e550 RLBA-2022:7757 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sg3_utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms sg3_utils-devel-1.44-6.el8.x86_64.rpm 97e97fc87f051e0793cee362b49794372d83c9e37d3025b9919ccfb15162b959 RLBA-2022:7767 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libbpf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libbpf-devel-0.5.0-1.el8.x86_64.rpm edabe5705de9122a498fbb51beea48429a5c07baf36ff16172ab5f2ac0fec866 libbpf-static-0.5.0-1.el8.x86_64.rpm d65a1501c7cd159dc778c4e216f46b7276c9542e9481a46d8e27cc51350b2606 RLBA-2022:7768 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nfs-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libnfsidmap-devel-2.3.3-57.el8.x86_64.rpm 2b1d24af2c7a5101445542e5d614748dd6ae53026a2d4083b26cb4987bd6f02f RLBA-2022:7774 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sanlock. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms sanlock-devel-3.8.4-4.el8.x86_64.rpm 5755ad82fa027ed85fc981fd191c5d2879565a2dfd0f05593ef5fe814c63f3e9 RLBA-2022:7780 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for librepo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms librepo-devel-1.14.2-3.el8.x86_64.rpm f3c51c6c823b7dbabed71be27516b8a7c6d7ad838c7f87fdcc197588dca221d7 RLBA-2022:7783 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for util-linux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libmount-devel-2.32.1-38.el8.x86_64.rpm 6855b9e3ca21e05c1a6c5ef5b4a83286af773db5f29c73f15035c2c913a08bd2 RLBA-2022:7786 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libselinux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libselinux-static-2.9-6.el8.x86_64.rpm 1a46617cee57e7cb7b5d2dc6325e38ca3f74c88a57c5a6ce4dfd5a6c06b80f39 RLBA-2022:7788 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libarchive. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libarchive-devel-3.3.3-4.el8.x86_64.rpm 24e5b4cdbcd833e5586e42f978f588fd70bc0d423411d8d09c26ef4a67e4bc41 RLBA-2022:7792 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for lvm2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms device-mapper-devel-1.02.181-6.el8.x86_64.rpm 1c50202905c43826e40b0c092dfd488a69f2a34fabce789f031fe3fee09e6eed device-mapper-event-devel-1.02.181-6.el8.x86_64.rpm baeb70958ce26bf4c2ebdeaaa2de337e1a005b8c846c948b1e619e29bd129d38 lvm2-devel-2.03.14-6.el8.x86_64.rpm afcacda10e7f9e217ba24c97bbf96fd79fbca379f5280d075e6b90c9f850f278 RLBA-2022:7794 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for shadow-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms shadow-utils-subid-devel-4.6-17.el8.x86_64.rpm fd67877a03332ea9b5b5eda7153a14cc6512b43e4c7dd6c1309482ba37f7af52 RLEA-2022:7797 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ucx, rdma-core, mstflint, libvma, fabtests, eth-tools, libfabric. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libfabric-devel-1.15.1-1.el8.x86_64.rpm d5ecc4d990416bb89045e042eb977d892ad42eababfba96f5c24d603e63f791c RLBA-2022:7800 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for tpm2-abrmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms tpm2-abrmd-devel-2.3.3-3.el8.x86_64.rpm ee49f6a365703c595c173c0fca9a2148fb5afb21d713f35fb2fe56b587ac754e RLBA-2022:7802 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for liblockfile. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms liblockfile-devel-1.14-2.el8.x86_64.rpm 2b9f29dab011a911bd23f424e71a07c0936b0d95a7d5e7c04b1f7c2ae8aaa118 RLBA-2022:7803 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libtalloc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms python3-talloc-devel-2.3.3-2.el8.x86_64.rpm 7195d505efe37a47e5b52b0a71ab66b71f1a9b7bebf7d95c0c7a89ed9bea0e60 RLBA-2022:7804 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libsemanage. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libsemanage-devel-2.9-9.el8.x86_64.rpm 3b309975209093583f7e85fa97ef6ebd90775dc71bca15add81205f248428791 RLBA-2022:7808 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for file. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms file-devel-5.33-21.el8.x86_64.rpm 04d26c78b1ab2d0322a554cfa178526ef909e5cd577bc5970e409487fb80bd49 RLBA-2022:7809 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libpwquality. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libpwquality-devel-1.4.4-5.el8.x86_64.rpm d9a6321599443187658562beacc635266726c83d6310709ed453a301a8f7331c RLBA-2022:7828 NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es) and Enhancement(s): * Host ip changed when start vm (BZ#2132285) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es) and Enhancement(s): * Host ip changed when start vm (BZ#2132285) rocky-linux-8-x86-64-powertools-rpms NetworkManager-libnm-devel-1.40.0-2.el8_7.x86_64.rpm f6ab8988cb8e197e63d51a45e86798afa2eae0bc63ef44e3f7ef9167885a5f7f RLBA-2022:7829 The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es) and Enhancement(s): * Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) (BZ#2128544) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es) and Enhancement(s): * Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) (BZ#2128544) rocky-linux-8-x86-64-powertools-rpms libsss_nss_idmap-devel-2.7.3-4.el8_7.1.x86_64.rpm d1deb446dcde3bfb1432c47d870ff5cf89dcc4ad0ff0b475955272a47f2d1a3b RLSA-2022:7928 The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fix(es): * device-mapper-multipath: Regression of CVE-2022-41974 fix in Rocky Linux (CVE-2022-3787) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for device-mapper-multipath. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fix(es): * device-mapper-multipath: Regression of CVE-2022-41974 fix in Rocky Linux (CVE-2022-3787) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms device-mapper-multipath-devel-0.8.4-28.el8_7.1.x86_64.rpm 52542115b9311da7aa2eec9cc8313a1b80eca456ca2f0e6042c1446d52676b0a RLSA-2022:8506 Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) * python3-django: Possible XSS via template tag (CVE-2022-22818) * tfm-rubygem-nokogiri: ReDoS in HTML encoding detection (CVE-2022-24836) * tfm-rubygem-sinatra: Path traversal possible outside of public_dir when serving static files (CVE-2022-29970) * tfm-rubygem-git: Package vulnerable to Command Injection via git argument injection (CVE-2022-25648) * rubygem-rails-html-sanitizer: Possible XSS with certain configurations (CVE-2022-32209) * python3-django: Potential SQL injection via Trunc and Extract arguments (CVE-2022-34265) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) * python3-django: Possible XSS via template tag (CVE-2022-22818) * tfm-rubygem-nokogiri: ReDoS in HTML encoding detection (CVE-2022-24836) * tfm-rubygem-sinatra: Path traversal possible outside of public_dir when serving static files (CVE-2022-29970) * tfm-rubygem-git: Package vulnerable to Command Injection via git argument injection (CVE-2022-25648) * rubygem-rails-html-sanitizer: Possible XSS with certain configurations (CVE-2022-32209) * python3-django: Potential SQL injection via Trunc and Extract arguments (CVE-2022-34265) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document. rocky-linux-8-x86-64-powertools-rpms libdb-cxx-5.3.28-42.el8_4.x86_64.rpm cf736b0b588c375926cac5720eaf0b5c12a03396fdd0702b30c45778c299d5da RLBA-2022:9028 The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Bug Fix(es) and Enhancement(s): * Transaction picks old build to satisfy dependencies (BZ#2151895) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libsolv. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Bug Fix(es) and Enhancement(s): * Transaction picks old build to satisfy dependencies (BZ#2151895) rocky-linux-8-x86-64-powertools-rpms libsolv-devel-0.7.20-4.el8_7.x86_64.rpm 787ea51bf9b49eb9fcf12dff1e530b1ab7f99301755f45f9780c0d191eaf3fe8 libsolv-tools-0.7.20-4.el8_7.x86_64.rpm 00931441f124736ccf08e461333daa305bff8dde67f15f2c169916bb093d3cdd RLBA-2023:0086 The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities. Bug Fix(es) and Enhancement(s): * Rocky Linux8.7 - opencryptoki C_GenerateKeyPair() fails after generating > 500 RSA keys with CEX7 crypto cards (BZ#2129059) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities. Bug Fix(es) and Enhancement(s): * Rocky Linux8.7 - opencryptoki C_GenerateKeyPair() fails after generating > 500 RSA keys with CEX7 crypto cards (BZ#2129059) rocky-linux-8-x86-64-powertools-rpms opencryptoki-devel-3.18.0-5.el8_7.x86_64.rpm f8b5b59b4c42c9a304a4538fc466ecb563eaabcd6128a3cf0d4cd1f32fa5e723 RLBA-2023:0090 The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Bug Fix(es) and Enhancement(s): * Rocky Linux8.4 - zlib: inflate() does not update strm.adler if DFLTCC is used (BZ#2137336) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for zlib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Bug Fix(es) and Enhancement(s): * Rocky Linux8.4 - zlib: inflate() does not update strm.adler if DFLTCC is used (BZ#2137336) rocky-linux-8-x86-64-powertools-rpms zlib-static-1.2.11-21.el8_7.x86_64.rpm fcb13a7d6970816360df953e34da60107d58ab46e54ee4b0eacbe06eac6345da RLBA-2023:0098 NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es) and Enhancement(s): * crio occasionally fails to start during deployment (BZ#2132281) * DNS servers are not sorted according to priority in resolv.conf (BZ#2135733) * Hostname is not configured during IPI installation of OpenShift 4.10.3 on baremetal when using NMState and static IP config for a bond network interface. (BZ#2152891) * NMCLI OVS connections intermittently get stuck in "activating" state after power cycle or crash (BZ#2153429) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es) and Enhancement(s): * crio occasionally fails to start during deployment (BZ#2132281) * DNS servers are not sorted according to priority in resolv.conf (BZ#2135733) * Hostname is not configured during IPI installation of OpenShift 4.10.3 on baremetal when using NMState and static IP config for a bond network interface. (BZ#2152891) * NMCLI OVS connections intermittently get stuck in "activating" state after power cycle or crash (BZ#2153429) rocky-linux-8-x86-64-powertools-rpms NetworkManager-libnm-devel-1.40.0-5.el8_7.x86_64.rpm d98d89c0b3e798b94bbaabfbed62c0c9bf12a22521fcdf7b0deb52ce6f9d1af4 RLSA-2023:0101 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Rocky Linux8.4 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127849) * vfio zero page mappings fail after 2M instances (BZ#2128515) * ice: Driver Update up to 5.19 (BZ#2130992) * atlantic: missing hybernate/resume fixes (BZ#2131935) * Bluefield 2 DPU would crash and reboot due to a kernel panic (BZ#2134084) * Fix issue that enables STABLE_WRITES by default and causes performance regressions (BZ#2135813) * ice: Intel E810 PTP clock glitching (BZ#2136036) * ice: configure link-down-on-close on and change interface mtu to 9000,the interface can't up (BZ#2136216) * ice: dump additional CSRs for Tx hang debugging (BZ#2136513) * ice,iavf: system panic during sriov sriov_test_cntvf_reboot testing (BZ#2137270) * After upgrading to ocp4.11.1, our dpdk application using vlan strip offload is not working (BZ#2138157) * i40e: orphaned-leaky memory when interacting with driver memory parameters (BZ#2138205) * WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309 hrtimer_start_range_ns+0x35d/0x400 (BZ#2138953) * DELL EMC 8.6-RT: System is not booting into RT Kernel with perc12. (BZ#2139216) * Lenovo 8.7: The VGA display shows no signal when install Rocky Linux8.7 (BZ#2140152) * Host Pod -> NodePort Service traffic (Host Backend - Same Node) Flow Iperf Cannot Pass Traffic (BZ#2141878) * mlx5_core: mlx5_cmd_check messages scrolling with hardware offload enabled (BZ#2141957) * net/ice: VIRTCHNL_OP_CONFIG_VSI_QUEUES command handling failure with in-tree driver (BZ#2142017) * Rocky Linux:8.6+ IBM Partner issue - Loopback driver with ABORT_TASKS causing hangs in scsi eh, this bug was cloned for Rocky Linux8.6 and need this patch in 8.6+ (BZ#2144583) * AMdCLIENT 8.8: The kernel command line parameter "nomodeset" not working properly (BZ#2145218) * Path loss during Volume Ownership Change on Rocky Linux 8.7 SAS (BZ#2147374) * net/ice: OP_SET_RSS_HENA command not supported with in-tree driver (BZ#2148130) * iavf panic: iavf 0000:ca:01.0: Failed to init adminq: -53 (BZ#2149081) * Intel 8.8 iavf: Driver Update (bugfixes) (BZ#2149742) * Azure Rocky Linux-8 PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150912) * Rocky Linux-8.7: System fails to boot with soft lockup while loading/unloading an unsigned (E) kernel module. (BZ#2152206) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Rocky Linux8.4 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127849) * vfio zero page mappings fail after 2M instances (BZ#2128515) * ice: Driver Update up to 5.19 (BZ#2130992) * atlantic: missing hybernate/resume fixes (BZ#2131935) * Bluefield 2 DPU would crash and reboot due to a kernel panic (BZ#2134084) * Fix issue that enables STABLE_WRITES by default and causes performance regressions (BZ#2135813) * ice: Intel E810 PTP clock glitching (BZ#2136036) * ice: configure link-down-on-close on and change interface mtu to 9000,the interface can't up (BZ#2136216) * ice: dump additional CSRs for Tx hang debugging (BZ#2136513) * ice,iavf: system panic during sriov sriov_test_cntvf_reboot testing (BZ#2137270) * After upgrading to ocp4.11.1, our dpdk application using vlan strip offload is not working (BZ#2138157) * i40e: orphaned-leaky memory when interacting with driver memory parameters (BZ#2138205) * WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309 hrtimer_start_range_ns+0x35d/0x400 (BZ#2138953) * DELL EMC 8.6-RT: System is not booting into RT Kernel with perc12. (BZ#2139216) * Lenovo 8.7: The VGA display shows no signal when install Rocky Linux8.7 (BZ#2140152) * Host Pod -> NodePort Service traffic (Host Backend - Same Node) Flow Iperf Cannot Pass Traffic (BZ#2141878) * mlx5_core: mlx5_cmd_check messages scrolling with hardware offload enabled (BZ#2141957) * net/ice: VIRTCHNL_OP_CONFIG_VSI_QUEUES command handling failure with in-tree driver (BZ#2142017) * Rocky Linux:8.6+ IBM Partner issue - Loopback driver with ABORT_TASKS causing hangs in scsi eh, this bug was cloned for Rocky Linux8.6 and need this patch in 8.6+ (BZ#2144583) * AMdCLIENT 8.8: The kernel command line parameter "nomodeset" not working properly (BZ#2145218) * Path loss during Volume Ownership Change on Rocky Linux 8.7 SAS (BZ#2147374) * net/ice: OP_SET_RSS_HENA command not supported with in-tree driver (BZ#2148130) * iavf panic: iavf 0000:ca:01.0: Failed to init adminq: -53 (BZ#2149081) * Intel 8.8 iavf: Driver Update (bugfixes) (BZ#2149742) * Azure Rocky Linux-8 PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150912) * Rocky Linux-8.7: System fails to boot with soft lockup while loading/unloading an unsigned (E) kernel module. (BZ#2152206) rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-425.10.1.el8_7.x86_64.rpm 51f2fc3580cf373e22a17c036858a4648a8edc7385c85a9e12cc1822a6291682 RLBA-2023:0105 The util-linux packages contain a large variety of low-level system utilities necessary for a Linux system to function. Among others, these include the libuuid and uuidd daemon. Bug Fix(es) and Enhancement(s): * Add --cont-clock feature for libuuid and uuidd [Rocky Linux-8] (BZ#2143252) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for util-linux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The util-linux packages contain a large variety of low-level system utilities necessary for a Linux system to function. Among others, these include the libuuid and uuidd daemon. Bug Fix(es) and Enhancement(s): * Add --cont-clock feature for libuuid and uuidd [Rocky Linux-8] (BZ#2143252) rocky-linux-8-x86-64-powertools-rpms libmount-devel-2.32.1-39.el8_7.x86_64.rpm 1c807988df1b5c20a31fae4f8aa4f8c8e3d8c680ca577d5341fd22a4f88f95b1 RLBA-2023:0106 The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Bug Fix(es) and Enhancement(s): * The ">>" operator of std::normal_distribution does not work properly. (BZ#2144075) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Bug Fix(es) and Enhancement(s): * The ">>" operator of std::normal_distribution does not work properly. (BZ#2144075) rocky-linux-8-x86-64-powertools-rpms gcc-plugin-devel-8.5.0-16.el8_7.x86_64.rpm 2a8cb2f94d43ece0d98e479c73d922ad499f94ad193c450187062a19ffdd51f5 libstdc++-static-8.5.0-16.el8_7.x86_64.rpm d7b2140af002c655e76651e18d114dc1200871d680195f25e2405361e9d56d41 RLBA-2023:0124 The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es) and Enhancement(s): * Analyzer: Optimize and remove duplicate messages in verbose list (BZ#2139871) * SSSD: `sssctl analyze` command shouldn't require 'root' privileged (BZ#2142961) * UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around (BZ#2148989) * authenticating against external IdP services okta (native app) with OAuth client secret failed (BZ#2152883) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es) and Enhancement(s): * Analyzer: Optimize and remove duplicate messages in verbose list (BZ#2139871) * SSSD: `sssctl analyze` command shouldn't require 'root' privileged (BZ#2142961) * UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around (BZ#2148989) * authenticating against external IdP services okta (native app) with OAuth client secret failed (BZ#2152883) rocky-linux-8-x86-64-powertools-rpms libsss_nss_idmap-devel-2.7.3-4.el8_7.3.x86_64.rpm 5ae5bb594fa12024761c878f6c8dd943ba3997d02c3deb5dfa303a8d7d8ea3bd RLSA-2019:1529 The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up (CVE-2018-8037) * tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014) * tomcat: Open redirect in default servlet (CVE-2018-11784) * tomcat: Host name verification missing in WebSocket client (CVE-2018-8034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, xmlstreambuffer, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, stax-ex, xerces-j2, jakarta-commons-httpclient, glassfish-jaxb, xml-commons-resolver, relaxngDatatype. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up (CVE-2018-8037) * tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014) * tomcat: Open redirect in default servlet (CVE-2018-11784) * tomcat: Host name verification missing in WebSocket client (CVE-2018-8034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms__javapackages-tools apache-commons-collections-3.2.2-10.module+el8.3.0+74+855e3f5d.noarch.rpm 1962d12108c85c26d6c44584c3414afa93177a62fe5fe31b9cb6fff51cd75cb9 apache-commons-lang-2.6-21.module+el8.3.0+74+855e3f5d.noarch.rpm 2cd3cc1c2c68b00eaf7073efe0e649c14d4cbeee76322fca4dbfe239a65e1d29 jakarta-commons-httpclient-3.1-28.module+el8.3.0+74+855e3f5d.noarch.rpm f71217b74ea2188f28ebd2b0d2f6677a94709d3e2ebbf4d02b333905d6c15b1e javassist-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 825f8edc1944e27c4611567fcb91aca046ba7994e92c1c9c215d2d83124920e0 javassist-javadoc-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 8da2a537026464a73387891f3983170d6049e939815a754e56afd4822208c687 slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 slf4j-jdk14-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm d9f73b25226e215f33eb7cb543ec0a7104fb91911fee655ed0c58ad11f10e7e3 velocity-1.7-24.module+el8.3.0+74+855e3f5d.noarch.rpm ade96d58f90efb5525b69336ef4b52e440d0f45532c0118e21805e9a925351a8 xalan-j2-2.7.1-38.module+el8.3.0+74+855e3f5d.noarch.rpm 10e75783a7ccfc438619489e7884709106c0989b344098087c8c203d1661edd1 xerces-j2-2.11.0-34.module+el8.3.0+74+855e3f5d.noarch.rpm fa10d9d0fc58d7b35ba8f873c84601f9362239a8016987f7965f72d099e8bf78 xml-commons-apis-1.4.01-25.module+el8.3.0+74+855e3f5d.noarch.rpm 275a59ebebead1b5939045d1d662ce6f5b273ce28d6fc7211d9e4e0a468d3630 xml-commons-resolver-1.2-26.module+el8.3.0+74+855e3f5d.noarch.rpm aaa1426f9361c3acd22134b8e459735af876af2716471524233b9ab02e98a522 RLSA-2019:2720 The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, xmlstreambuffer, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, jackson-jaxrs-providers, stax-ex, xerces-j2, jakarta-commons-httpclient, glassfish-jaxb, xml-commons-resolver, relaxngDatatype. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms__javapackages-tools apache-commons-collections-3.2.2-10.module+el8.3.0+74+855e3f5d.noarch.rpm 1962d12108c85c26d6c44584c3414afa93177a62fe5fe31b9cb6fff51cd75cb9 apache-commons-lang-2.6-21.module+el8.3.0+74+855e3f5d.noarch.rpm 2cd3cc1c2c68b00eaf7073efe0e649c14d4cbeee76322fca4dbfe239a65e1d29 jakarta-commons-httpclient-3.1-28.module+el8.3.0+74+855e3f5d.noarch.rpm f71217b74ea2188f28ebd2b0d2f6677a94709d3e2ebbf4d02b333905d6c15b1e javassist-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 825f8edc1944e27c4611567fcb91aca046ba7994e92c1c9c215d2d83124920e0 javassist-javadoc-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 8da2a537026464a73387891f3983170d6049e939815a754e56afd4822208c687 slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 slf4j-jdk14-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm d9f73b25226e215f33eb7cb543ec0a7104fb91911fee655ed0c58ad11f10e7e3 velocity-1.7-24.module+el8.3.0+74+855e3f5d.noarch.rpm ade96d58f90efb5525b69336ef4b52e440d0f45532c0118e21805e9a925351a8 xalan-j2-2.7.1-38.module+el8.3.0+74+855e3f5d.noarch.rpm 10e75783a7ccfc438619489e7884709106c0989b344098087c8c203d1661edd1 xerces-j2-2.11.0-34.module+el8.3.0+74+855e3f5d.noarch.rpm fa10d9d0fc58d7b35ba8f873c84601f9362239a8016987f7965f72d099e8bf78 xml-commons-apis-1.4.01-25.module+el8.3.0+74+855e3f5d.noarch.rpm 275a59ebebead1b5939045d1d662ce6f5b273ce28d6fc7211d9e4e0a468d3630 xml-commons-resolver-1.2-26.module+el8.3.0+74+855e3f5d.noarch.rpm aaa1426f9361c3acd22134b8e459735af876af2716471524233b9ab02e98a522 RLSA-2019:2722 The libwmf packages provide a library for reading and converting Windows Metafile Format (WMF) vector graphics. The library is used by applications such as GIMP and ImageMagick. Security Fix(es): * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for libwmf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libwmf packages provide a library for reading and converting Windows Metafile Format (WMF) vector graphics. The library is used by applications such as GIMP and ImageMagick. Security Fix(es): * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libwmf-devel-0.2.9-8.el8_0.x86_64.rpm 481abd43d3feb0529704ab3e0dcc26f70544d0a8fcf7a6a315654115305f920e RLEA-2019:3367 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for google-noto-cjk-fonts. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms google-noto-sans-cjk-jp-fonts-20190416-1.el8.noarch.rpm a0e76579364810ba3d2d252d31a1596f921074ca5c231f74257bb2585c08a59b RLBA-2019:3411 This update fixes two issues in lttng-ust and subpackages. There was a bad shebang in the /usr/bin/lttng-gen-tp utility that prevented users from executing it. This issue has been fixed. lttng-ust was only available for x86_64 architectures. lttng-ust is now available for all architectures supported on Rocky Linux. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for lttng-ust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

This update fixes two issues in lttng-ust and subpackages. There was a bad shebang in the /usr/bin/lttng-gen-tp utility that prevented users from executing it. This issue has been fixed. lttng-ust was only available for x86_64 architectures. lttng-ust is now available for all architectures supported on Rocky Linux. rocky-linux-8-x86-64-powertools-rpms lttng-ust-devel-2.8.1-11.el8.x86_64.rpm 3cc474cd8a36e34564c94a9cc79e2210b9809f02fa4d1ac1489743683f97b920 RLBA-2019:3416 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, xmlstreambuffer, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, jackson-jaxrs-providers, stax-ex, xerces-j2, jakarta-commons-httpclient, glassfish-jaxb, xml-commons-resolver, relaxngDatatype. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__javapackages-tools apache-commons-collections-3.2.2-10.module+el8.3.0+74+855e3f5d.noarch.rpm 1962d12108c85c26d6c44584c3414afa93177a62fe5fe31b9cb6fff51cd75cb9 apache-commons-lang-2.6-21.module+el8.3.0+74+855e3f5d.noarch.rpm 2cd3cc1c2c68b00eaf7073efe0e649c14d4cbeee76322fca4dbfe239a65e1d29 jakarta-commons-httpclient-3.1-28.module+el8.3.0+74+855e3f5d.noarch.rpm f71217b74ea2188f28ebd2b0d2f6677a94709d3e2ebbf4d02b333905d6c15b1e javassist-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 825f8edc1944e27c4611567fcb91aca046ba7994e92c1c9c215d2d83124920e0 javassist-javadoc-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 8da2a537026464a73387891f3983170d6049e939815a754e56afd4822208c687 slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 slf4j-jdk14-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm d9f73b25226e215f33eb7cb543ec0a7104fb91911fee655ed0c58ad11f10e7e3 velocity-1.7-24.module+el8.3.0+74+855e3f5d.noarch.rpm ade96d58f90efb5525b69336ef4b52e440d0f45532c0118e21805e9a925351a8 xalan-j2-2.7.1-38.module+el8.3.0+74+855e3f5d.noarch.rpm 10e75783a7ccfc438619489e7884709106c0989b344098087c8c203d1661edd1 xerces-j2-2.11.0-34.module+el8.3.0+74+855e3f5d.noarch.rpm fa10d9d0fc58d7b35ba8f873c84601f9362239a8016987f7965f72d099e8bf78 xml-commons-apis-1.4.01-25.module+el8.3.0+74+855e3f5d.noarch.rpm 275a59ebebead1b5939045d1d662ce6f5b273ce28d6fc7211d9e4e0a468d3630 xml-commons-resolver-1.2-26.module+el8.3.0+74+855e3f5d.noarch.rpm aaa1426f9361c3acd22134b8e459735af876af2716471524233b9ab02e98a522 RLBA-2019:3449 GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-9-dyninst packages to Rocky Enterprise Software Foundation Eneterprise Linux 8. For instructions on usage, see Using GCC Toolset linked from the References section. Components and specifics of this version are documented in the GCC Toolset 9 chapter. For detailed changes in this release, see the Rocky Linux 8.1 Release Notes. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gcc-toolset-9-dyninst. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-9-dyninst packages to Rocky Enterprise Software Foundation Eneterprise Linux 8. For instructions on usage, see Using GCC Toolset linked from the References section. Components and specifics of this version are documented in the GCC Toolset 9 chapter. For detailed changes in this release, see the Rocky Linux 8.1 Release Notes. rocky-linux-8-x86-64-powertools-rpms gcc-toolset-9-dyninst-devel-10.1.0-1.el8.x86_64.rpm 25be7f58a2ad3243bec5ec7a5a1cb391ccb58bf13c12b931a60c13241a853f70 gcc-toolset-9-dyninst-doc-10.1.0-1.el8.x86_64.rpm 9ce3622b8685c7430a86a9d565bd7828087bb30f0d429c3e8177701300010db2 gcc-toolset-9-dyninst-static-10.1.0-1.el8.x86_64.rpm 6d6f16d7c92a605d70e58c47cfd69c28c718f8ac6de95a3a0e04348732db0db2 gcc-toolset-9-dyninst-testsuite-10.1.0-1.el8.x86_64.rpm 06fee52368438078977d5ba569d1a16b4603cc5fa9882bc470fcb05187f332e9 RLBA-2019:3462 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libcdio. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libcdio-devel-2.0.0-3.el8.x86_64.rpm 2f7b391e51e204ac8354d9adebe507119481a1c5f44a932fffd9ebb0bcf42758 RLBA-2019:3490 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ldns. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms ldns-devel-1.7.0-21.el8.x86_64.rpm fd347da61725a1c70cd72ba719c9a9e80a2c4ac14e8f90daeb3fd44c5ef018e0 RLEA-2019:3557 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for cmocka, nss_wrapper, uid_wrapper, socket_wrapper. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libcmocka-1.1.5-1.el8.x86_64.rpm eee28e8ec3b991b4493ef9143691fab3b83c58acfcc4c034d028e6646621d81a libcmocka-devel-1.1.5-1.el8.x86_64.rpm 9a234ea9270da7660f61405fd41c1413004b0b00a88a8f29d3c1c61ee830885e socket_wrapper-1.2.3-1.el8.x86_64.rpm 2ddf17622f2e3d468a7eef994f9904f166dcd7630781dd2b810854dd221df59c uid_wrapper-1.2.4-4.el8.x86_64.rpm 511c1090950862922ede55be3e55e04f775387ae5251bd0cc2cd0db6d2a95032 RLSA-2019:3703 The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix(es): * libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392) * libvorbis: stack buffer overflow in bark_noise_hybridmp function (CVE-2018-10393) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for libvorbis. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix(es): * libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392) * libvorbis: stack buffer overflow in bark_noise_hybridmp function (CVE-2018-10393) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libvorbis-devel-1.3.6-2.el8.x86_64.rpm 39a5c6764e8d558798b29b9225b39dff812e03817f51b6c2692c9c180b57afaa libvorbis-devel-docs-1.3.6-2.el8.noarch.rpm 0ec54402929c83ee0af4f575e419e9f859ae3c1f202e05ed60124210e96622b7 RLSA-2019:3708 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.17), galera (25.3.26). (BZ#1701687, BZ#1711265, BZ#1741358) Security Fix(es): * mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627) * mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628) * mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739) * mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740) * mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758) * mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for asio, Judy. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.17), galera (25.3.26). (BZ#1701687, BZ#1711265, BZ#1741358) Security Fix(es): * mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627) * mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628) * mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739) * mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740) * mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758) * mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__mariadb-devel asio-devel-1.10.8-7.module+el8.5.0+777+18007c86.x86_64.rpm 5187c3c76d35c482b55726598b3c290b9641f4f86bc340a1b69d561588041f39 RLSA-2020:1577 The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. The following packages have been upgraded to a later upstream version: exiv2 (0.27.2). (BZ#1651917) Security Fix(es): * exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS (CVE-2019-20421) * exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp (CVE-2017-18005) * exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp (CVE-2018-4868) * exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp (CVE-2018-9303) * exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp (CVE-2018-9304) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305) * exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772) * exiv2: information leak via a crafted file (CVE-2018-11037) * exiv2: buffer overflow in samples/geotag.cpp (CVE-2018-14338) * exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp (CVE-2018-17229) * exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp (CVE-2018-17230) * exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282) * exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581) * exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915) * exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107) * exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108) * exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535) * exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607) * exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096) * exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097) * exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098) * exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099) * exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service (CVE-2019-9143) * exiv2: denial of service in PngImage::readMetadata (CVE-2019-13109) * exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service (CVE-2019-13111) * exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service (CVE-2019-13112) * exiv2: invalid data location in CRW image file causing denial of service (CVE-2019-13113) * exiv2: null-pointer dereference in http.c causing denial of service (CVE-2019-13114) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9306) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libgexiv2, gnome-color-manager, gegl, exiv2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. The following packages have been upgraded to a later upstream version: exiv2 (0.27.2). (BZ#1651917) Security Fix(es): * exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS (CVE-2019-20421) * exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp (CVE-2017-18005) * exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp (CVE-2018-4868) * exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp (CVE-2018-9303) * exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp (CVE-2018-9304) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305) * exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772) * exiv2: information leak via a crafted file (CVE-2018-11037) * exiv2: buffer overflow in samples/geotag.cpp (CVE-2018-14338) * exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp (CVE-2018-17229) * exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp (CVE-2018-17230) * exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282) * exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581) * exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915) * exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107) * exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108) * exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535) * exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607) * exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096) * exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097) * exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098) * exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099) * exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service (CVE-2019-9143) * exiv2: denial of service in PngImage::readMetadata (CVE-2019-13109) * exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service (CVE-2019-13111) * exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service (CVE-2019-13112) * exiv2: invalid data location in CRW image file causing denial of service (CVE-2019-13113) * exiv2: null-pointer dereference in http.c causing denial of service (CVE-2019-13114) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9306) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libgexiv2-devel-0.10.8-4.el8.x86_64.rpm c7351f9ff7b1f78bd32bca1e16ca81993842cc132ad241ef0c0ac8930f8297fb RLEA-2020:1607 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for http-parser. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms http-parser-devel-2.8.0-9.el8.x86_64.rpm 4251a3fda6ed074886adf31fb7bcddf8dceb378d7765417de9b39540f885daa0 RLEA-2020:1611 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for xkeyboard-config, libevdev, libxkbcommon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libxkbcommon-x11-devel-0.9.1-1.el8.x86_64.rpm cd19e2270c9d0e36f669b704af16da94c2f944fdbf8810e3034ab54f98fa86ab RLSA-2020:1616 Irssi is a modular IRC client with Perl scripting. Security Fix(es): * irssi: use after free when sending SASL login to server (CVE-2019-13045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for irssi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Irssi is a modular IRC client with Perl scripting. Security Fix(es): * irssi: use after free when sending SASL login to server (CVE-2019-13045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms irssi-devel-1.1.1-3.el8.x86_64.rpm 00db89f6a03e417ebf72e13306b6dabf386e41aa1bb52c8934e73e94fd33e04e RLBA-2020:1617 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for pmdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libpmemblk-debug-1.6.1-1.el8.x86_64.rpm 27f9f27d53da4c09a58d09cce05c8d5585a3879b5930e42f57134e9b30ee0bf1 libpmem-debug-1.6.1-1.el8.x86_64.rpm 93caee38effdd15edf3bde3cd07fa93d376880864638d16af40864ae52ead1d5 libpmemlog-debug-1.6.1-1.el8.x86_64.rpm 241224a3f0537fdee13950f64705e3bdb7880abfb95115117099e3d6fd060e75 libpmemobj-debug-1.6.1-1.el8.x86_64.rpm 9f0f42fd9a950429ca81222800b41c5024cd2826b593980f01c27c8590212053 libpmempool-debug-1.6.1-1.el8.x86_64.rpm f577702ae850a2c8ba416c89ac5ffbebc4dd2f0ac7997c76da79809f4ffe4502 librpmem-debug-1.6.1-1.el8.x86_64.rpm d9ac3a971c84938d3857263b23d433e0ba5fbd177d24343e8292f8dc0dbbcd26 libvmem-debug-1.6.1-1.el8.x86_64.rpm 26ef14d42be534b7aaa40950cd94caff8e3d78fd68a1b61c8073e7ad5dd60ca1 libvmmalloc-debug-1.6.1-1.el8.x86_64.rpm 7d0f02015820202ac841496d74622450b23ca65fb55d81adf7b89e85eb5c94a2 RLBA-2020:1622 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for python-greenlet. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms python3-greenlet-devel-0.4.13-4.el8.x86_64.rpm d7d397426c1297dcf75e61c1d748796a2d35f7aec558124d12cbe0746b8cf44f RLSA-2020:1631 The GStreamer library provides a streaming media framework based on graphs of media data filters. The libmad package is an MPEG audio decoder capable of 24-bit output. Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Security Fix(es): * libmad: Double-free in the mad_decoder_run() function (CVE-2018-7263) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for libmad, gstreamer1-plugins-ugly-free, gstreamer1-plugins-bad-free, SDL2, orc, gstreamer1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The GStreamer library provides a streaming media framework based on graphs of media data filters. The libmad package is an MPEG audio decoder capable of 24-bit output. Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Security Fix(es): * libmad: Double-free in the mad_decoder_run() function (CVE-2018-7263) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms gstreamer1-plugins-bad-free-devel-1.16.1-1.el8.x86_64.rpm 8caca4ead49406bbaffdc25c059c7a30edaef7a3e11b8e8cc92156df79e15c6a libmad-devel-0.15.1b-25.el8.x86_64.rpm a0d5fd453c6cf1fa4675e091e54e8205d7ce9ae190200bee009ca4027e47446c SDL2-2.0.10-2.el8.x86_64.rpm aaac7c83a4ceef6f5c8913ab096f61eb5c84855ea10ae8f0a43a756bf6a74358 SDL2-devel-2.0.10-2.el8.x86_64.rpm ce4ac1e284814258b75d1106c9e3735166d9420437dca3f9b80f1bc12f89f18b SDL2-static-2.0.10-2.el8.x86_64.rpm cbc7c59cf338e914ee8e5b14e52668047dc7d672704b6df5ee05141098a9762f RLBA-2020:1633 For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libepoxy, wayland, libxcb, mesa-libGLw, wayland-protocols, libXpm, xorg-x11-drv-libinput, pixman, xorg-x11-drv-wacom. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms xorg-x11-drv-libinput-devel-0.29.0-1.el8.x86_64.rpm 429c2e5c4a6b20a19cb3e6b120d265277fc9629174e4df042b652e70c56a9af3 xorg-x11-drv-wacom-devel-0.38.0-1.el8.x86_64.rpm a2a05bbe70a2b7160850c721ab6e6a6d4d137e9d3add6a0425bff30072b72ef7 RLSA-2020:1644 The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig (CVE-2019-14540) * jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource (CVE-2019-16335) * jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* (CVE-2019-16942) * jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource (CVE-2019-16943) * jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* (CVE-2019-17531) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for jackson-core, glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, xmlstreambuffer, jackson-annotations, jackson-databind, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, jackson-jaxrs-providers, stax-ex, xerces-j2, jakarta-commons-httpclient, glassfish-jaxb, xml-commons-resolver, relaxngDatatype. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig (CVE-2019-14540) * jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource (CVE-2019-16335) * jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* (CVE-2019-16942) * jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource (CVE-2019-16943) * jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* (CVE-2019-17531) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__javapackages-tools apache-commons-collections-3.2.2-10.module+el8.3.0+74+855e3f5d.noarch.rpm 1962d12108c85c26d6c44584c3414afa93177a62fe5fe31b9cb6fff51cd75cb9 apache-commons-lang-2.6-21.module+el8.3.0+74+855e3f5d.noarch.rpm 2cd3cc1c2c68b00eaf7073efe0e649c14d4cbeee76322fca4dbfe239a65e1d29 jakarta-commons-httpclient-3.1-28.module+el8.3.0+74+855e3f5d.noarch.rpm f71217b74ea2188f28ebd2b0d2f6677a94709d3e2ebbf4d02b333905d6c15b1e javassist-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 825f8edc1944e27c4611567fcb91aca046ba7994e92c1c9c215d2d83124920e0 javassist-javadoc-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 8da2a537026464a73387891f3983170d6049e939815a754e56afd4822208c687 slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 slf4j-jdk14-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm d9f73b25226e215f33eb7cb543ec0a7104fb91911fee655ed0c58ad11f10e7e3 velocity-1.7-24.module+el8.3.0+74+855e3f5d.noarch.rpm ade96d58f90efb5525b69336ef4b52e440d0f45532c0118e21805e9a925351a8 xalan-j2-2.7.1-38.module+el8.3.0+74+855e3f5d.noarch.rpm 10e75783a7ccfc438619489e7884709106c0989b344098087c8c203d1661edd1 xerces-j2-2.11.0-34.module+el8.3.0+74+855e3f5d.noarch.rpm fa10d9d0fc58d7b35ba8f873c84601f9362239a8016987f7965f72d099e8bf78 xml-commons-apis-1.4.01-25.module+el8.3.0+74+855e3f5d.noarch.rpm 275a59ebebead1b5939045d1d662ce6f5b273ce28d6fc7211d9e4e0a468d3630 xml-commons-resolver-1.2-26.module+el8.3.0+74+855e3f5d.noarch.rpm aaa1426f9361c3acd22134b8e459735af876af2716471524233b9ab02e98a522 RLSA-2020:1686 The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es): * libmspack: buffer overflow in function chmd_read_headers() (CVE-2019-1010305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for libmspack. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es): * libmspack: buffer overflow in function chmd_read_headers() (CVE-2019-1010305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libmspack-devel-0.7-0.3.alpha.el8.4.x86_64.rpm 2458522593e9ac1a4dea66e4a773ee44229bd20d5f17a9b4d9d5696ff7cc5159 RLEA-2020:1694 This enhancement update adds the python38:3.8 module to Rocky Linux 8. (BZ#1747329) For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for python-more-itertools, pytest, python-psycopg2, python-urllib3, python-attrs, python-jinja2, python-requests, python-atomicwrites, mod_wsgi, python-asn1crypto, python-py, python-chardet, python-markupsafe, python-pluggy, Cython, python-psutil, python-wcwidth, babel, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python3x-setuptools, python-cffi, pytz, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

This enhancement update adds the python38:3.8 module to Rocky Linux 8. (BZ#1747329) For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__python38-devel python38-atomicwrites-1.3.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm 4577930f8643eab6d5dd7d0f768cde32fcd2c7a4384f0b1cf913f2cca6713313 python38-attrs-19.3.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 1045c38f448778b2e636bd48607abc9b8cb9d767fb254f02d8fc4446de2dcdb6 python38-more-itertools-7.2.0-5.module+el8.4.0+570+c2eaf144.noarch.rpm a835104b763c20cf7aa64b8508e9c0b5cf39fa6a150327a3203fdb0a8755bdef python38-packaging-19.2-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0edfb62f3f6eaa6d37cf69560eb66c4e7321fbe4d5b1a5a2cf836aa1195311be python38-pluggy-0.13.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 60dfc6122c9fd333025780bd3d6277083526e0932eb444ce6713be3f54a743d8 python38-py-1.8.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm c2a1b7e33d1d1cd09325d09c9297065b85587adeaac0d805927036daae1681f1 python38-pyparsing-2.4.5-3.module+el8.4.0+570+c2eaf144.noarch.rpm 9764b2d4672b7d858a173b448213904a8eb16937add8a417987a31c3857ae7f4 python38-pytest-4.6.6-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0369a5e14d4cbfd676ebd6157f0b988a1b9e2480e9fae9c00291b7c1d73abe86 python38-wcwidth-0.1.7-16.module+el8.4.0+570+c2eaf144.noarch.rpm b9652f15c965a3ec2e00be8240a592c91cdeb727b316863a34944a4de723859d RLBA-2020:1723 For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for uom-parent, parfait, uom-systems, uom-se, si-units, uom-lib, unit-api, log4j12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__javapackages-tools log4j12-1.2.17-22.module+el8.3.0+74+855e3f5d.noarch.rpm 9961be644ddb26496002a814c140467e745ae1f78f8d2c45821b6ed204c8d895 log4j12-javadoc-1.2.17-22.module+el8.3.0+74+855e3f5d.noarch.rpm 741bc047281e2b80e32525a1edead2b0bdf377079a04e68d11e69259af00e18e RLBA-2020:1743 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for librevenge. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.2 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms librevenge-devel-0.0.4-12.el8.x86_64.rpm 7c5a344fb67de4664e80d56db30ef68fae05feeb209e859b127354008f08ba06 RLSA-2020:4629 The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix(es): * libvpx: Double free in ParseContentEncodingEntry() in mkvparser.cc (CVE-2019-2126) * libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232) * libvpx: Resource exhaustion after memory leak in mkvparser.cc (CVE-2019-9371) * libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libvpx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix(es): * libvpx: Double free in ParseContentEncodingEntry() in mkvparser.cc (CVE-2019-2126) * libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232) * libvpx: Resource exhaustion after memory leak in mkvparser.cc (CVE-2019-9371) * libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libvpx-devel-1.7.0-8.el8.x86_64.rpm 42cc29b42d68ba1fdaf62c305e95655e3f08893108479fc45ddc8ad678c04e1d RLBA-2020:4658 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for munge. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms munge-devel-0.5.13-2.el8.x86_64.rpm 1132f36538f51a5a9b8e8ee7669c81957db62c8cc62892f5c5e77635c01d825b RLBA-2020:4678 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for tog-pegasus. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms tog-pegasus-devel-2.14.1-46.el8.x86_64.rpm d106ebf60ea5c3814e7d75a8b9b0df3e0f54196a419f9a4fc7fcd0d058a123e0 RLEA-2020:4700 For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for drpm. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms drpm-devel-0.4.1-3.el8.x86_64.rpm 837a611293825d704d3c86daba09ff03e421bf458abe70b173dfd429ceb8b110 RLSA-2020:4847 The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * bootstrap: XSS in the data-target attribute (CVE-2016-10735) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * pki: Dogtag's python client does not validate certificates (CVE-2020-15720) * pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146) * pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179) * pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221) * pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for jackson-core, ldapjdk, glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, apache-commons-net, xmlstreambuffer, jackson-annotations, jackson-databind, pki-servlet-engine, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, jackson-jaxrs-providers, stax-ex, xerces-j2, jakarta-commons-httpclient, glassfish-jaxb, xml-commons-resolver, relaxngDatatype. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * bootstrap: XSS in the data-target attribute (CVE-2016-10735) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * pki: Dogtag's python client does not validate certificates (CVE-2020-15720) * pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146) * pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179) * pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221) * pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__javapackages-tools apache-commons-collections-3.2.2-10.module+el8.3.0+74+855e3f5d.noarch.rpm 1962d12108c85c26d6c44584c3414afa93177a62fe5fe31b9cb6fff51cd75cb9 apache-commons-lang-2.6-21.module+el8.3.0+74+855e3f5d.noarch.rpm 2cd3cc1c2c68b00eaf7073efe0e649c14d4cbeee76322fca4dbfe239a65e1d29 apache-commons-net-3.6-3.module+el8.3.0+74+855e3f5d.noarch.rpm 0fd615658b7f48a1545a730d3142ba3c125727c552f69733e20d0c75633e7743 jakarta-commons-httpclient-3.1-28.module+el8.3.0+74+855e3f5d.noarch.rpm f71217b74ea2188f28ebd2b0d2f6677a94709d3e2ebbf4d02b333905d6c15b1e javassist-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 825f8edc1944e27c4611567fcb91aca046ba7994e92c1c9c215d2d83124920e0 javassist-javadoc-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 8da2a537026464a73387891f3983170d6049e939815a754e56afd4822208c687 slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 slf4j-jdk14-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm d9f73b25226e215f33eb7cb543ec0a7104fb91911fee655ed0c58ad11f10e7e3 velocity-1.7-24.module+el8.3.0+74+855e3f5d.noarch.rpm ade96d58f90efb5525b69336ef4b52e440d0f45532c0118e21805e9a925351a8 xalan-j2-2.7.1-38.module+el8.3.0+74+855e3f5d.noarch.rpm 10e75783a7ccfc438619489e7884709106c0989b344098087c8c203d1661edd1 xerces-j2-2.11.0-34.module+el8.3.0+74+855e3f5d.noarch.rpm fa10d9d0fc58d7b35ba8f873c84601f9362239a8016987f7965f72d099e8bf78 xml-commons-apis-1.4.01-25.module+el8.3.0+74+855e3f5d.noarch.rpm 275a59ebebead1b5939045d1d662ce6f5b273ce28d6fc7211d9e4e0a468d3630 xml-commons-resolver-1.2-26.module+el8.3.0+74+855e3f5d.noarch.rpm aaa1426f9361c3acd22134b8e459735af876af2716471524233b9ab02e98a522 RLEA-2020:4742 For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libXft, xorg-x11-xkb-utils, xorg-x11-xtrans-devel, xorg-x11-drv-intel, libvdpau, libxkbfile, libXxf86dga, libXau, libXrandr, xorg-x11-proto-devel, xorg-x11-util-macros, libXext, libXi, libXdmcp, libXmu, libXvMC, mesa-demos, xorg-x11-drv-ati. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libvdpau-devel-1.4-2.el8.x86_64.rpm 0e80529ff0a76b61f9ba58affbfdfb6c11a8f96c9090596412d983d573096bd5 libXdmcp-devel-1.1.3-1.el8.x86_64.rpm 17bc999f9dc4c974658f835891fcbb50c0594b5a5fd18280c50ce8f8d88c9df2 libxkbfile-devel-1.1.0-1.el8.x86_64.rpm c9528fea28ab82cd047809954ccd123349d1a017d2b8c20464e01da4a0606594 libXvMC-devel-1.0.12-1.el8.x86_64.rpm 8fa4bcb83469c4dcc02c0e13d492faf83da055f331a8d99e0f7168f760a7f456 xorg-x11-util-macros-1.19.2-1.el8.noarch.rpm cc9c2966178ea156cd7345951bc4620e234bc546bddaedbb6ffdc59aa502aa64 xorg-x11-xkb-utils-devel-7.7-28.el8.x86_64.rpm 5aada8ac744bf05c212e223fe314fd4e6a11b2afa63f95ee8f8f266876ea1c80 RLBA-2020:4773 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libgit2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libgit2-devel-0.26.8-2.el8.x86_64.rpm 8aa4c57dd3411d756d1b5413a2b1f92cea011f865154a5bd9d757513af36233b RLSA-2020:4827 Oniguruma is a regular expressions library that supports a variety of character encodings. Security Fix(es): * oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for oniguruma. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Oniguruma is a regular expressions library that supports a variety of character encodings. Security Fix(es): * oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms oniguruma-devel-6.8.2-2.el8.x86_64.rpm 6babe63aa4aadf8563387b56c0fd7352fd0a71829f5b35af36d1ce75021669ca RLBA-2020:4832 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for torque. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms torque-4.2.10-25.el8.x86_64.rpm c783e9247f1188ce2b7061fb4e2f96813de191d01c7b8b44d41205fc5c2ae430 torque-devel-4.2.10-25.el8.x86_64.rpm f6574a0385db5c9c8eb1d49be390a76ae31c456b1d00930e7807cfe414409989 RLBA-2020:4834 GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-10-systemtap packages to Rocky Enterprise Software Foundation Eneterprise Linux 8. For instructions on usage, see Using GCC Toolset linked from the References section. Components and specifics of this version are documented in the GCC Toolset 10 chapter. For detailed changes in this release, see the Rocky Linux 8.3 Release Notes. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gcc-toolset-9-gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-10-systemtap packages to Rocky Enterprise Software Foundation Eneterprise Linux 8. For instructions on usage, see Using GCC Toolset linked from the References section. Components and specifics of this version are documented in the GCC Toolset 10 chapter. For detailed changes in this release, see the Rocky Linux 8.3 Release Notes. rocky-linux-8-x86-64-powertools-rpms gcc-toolset-9-gcc-plugin-devel-9.2.1-2.3.el8.x86_64.rpm f94984ce4db107b7d91806dd22c8eac9c3da58117164e220084fe316c2c734d0 RLSA-2020:5393 The libexif packages provide a library for extracting extra information from image files. Security Fix(es): * libexif: out of bounds write due to an integer overflow in exif-entry.c (CVE-2020-0452) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for libexif. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libexif packages provide a library for extracting extra information from image files. Security Fix(es): * libexif: out of bounds write due to an integer overflow in exif-entry.c (CVE-2020-0452) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libexif-devel-0.6.22-5.el8_3.x86_64.rpm 23859001acab3eba827a20b15cc772a3f2392ae2247807f07d219a4e4ac2dec6 RLSA-2021:1242 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.28), galera (25.3.32). Security Fix(es): * mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user (CVE-2021-27928) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for Judy, asio, mariadb, galera. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.28), galera (25.3.32). Security Fix(es): * mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user (CVE-2021-27928) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms__mariadb-devel asio-devel-1.10.8-7.module+el8.5.0+777+18007c86.x86_64.rpm 5187c3c76d35c482b55726598b3c290b9641f4f86bc340a1b69d561588041f39 RLBA-2021:1765 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for brltty. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms brlapi-devel-0.6.7-32.el8.x86_64.rpm 838e8ca4dedf62cf97d26f82e2b09257f5ecd1427751ea935323cd33220a814d RLSA-2021:1775 The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for jackson-core, ldapjdk, glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, apache-commons-net, xmlstreambuffer, jackson-annotations, jackson-databind, pki-servlet-engine, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, tomcatjss, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, jackson-jaxrs-providers, stax-ex, xerces-j2, jss, jakarta-commons-httpclient, glassfish-jaxb, xml-commons-resolver, relaxngDatatype. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__javapackages-tools apache-commons-collections-3.2.2-10.module+el8.3.0+74+855e3f5d.noarch.rpm 1962d12108c85c26d6c44584c3414afa93177a62fe5fe31b9cb6fff51cd75cb9 apache-commons-lang-2.6-21.module+el8.3.0+74+855e3f5d.noarch.rpm 2cd3cc1c2c68b00eaf7073efe0e649c14d4cbeee76322fca4dbfe239a65e1d29 apache-commons-net-3.6-3.module+el8.3.0+74+855e3f5d.noarch.rpm 0fd615658b7f48a1545a730d3142ba3c125727c552f69733e20d0c75633e7743 jakarta-commons-httpclient-3.1-28.module+el8.3.0+74+855e3f5d.noarch.rpm f71217b74ea2188f28ebd2b0d2f6677a94709d3e2ebbf4d02b333905d6c15b1e javassist-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 825f8edc1944e27c4611567fcb91aca046ba7994e92c1c9c215d2d83124920e0 javassist-javadoc-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 8da2a537026464a73387891f3983170d6049e939815a754e56afd4822208c687 slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 slf4j-jdk14-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm d9f73b25226e215f33eb7cb543ec0a7104fb91911fee655ed0c58ad11f10e7e3 velocity-1.7-24.module+el8.3.0+74+855e3f5d.noarch.rpm ade96d58f90efb5525b69336ef4b52e440d0f45532c0118e21805e9a925351a8 xalan-j2-2.7.1-38.module+el8.3.0+74+855e3f5d.noarch.rpm 10e75783a7ccfc438619489e7884709106c0989b344098087c8c203d1661edd1 xerces-j2-2.11.0-34.module+el8.3.0+74+855e3f5d.noarch.rpm fa10d9d0fc58d7b35ba8f873c84601f9362239a8016987f7965f72d099e8bf78 xml-commons-apis-1.4.01-25.module+el8.3.0+74+855e3f5d.noarch.rpm 275a59ebebead1b5939045d1d662ce6f5b273ce28d6fc7211d9e4e0a468d3630 xml-commons-resolver-1.2-26.module+el8.3.0+74+855e3f5d.noarch.rpm aaa1426f9361c3acd22134b8e459735af876af2716471524233b9ab02e98a522 RLSA-2021:1789 GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. The following packages have been upgraded to a later upstream version: gssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928) Security Fix(es): * hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for gssdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. The following packages have been upgraded to a later upstream version: gssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928) Security Fix(es): * hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms gssdp-devel-1.0.5-1.el8.x86_64.rpm d4bbf56fa34cba0393f1216625f4e534d2c328326c17b9907b0e63cc7039b2cd gssdp-docs-1.0.5-1.el8.noarch.rpm bdafd56ed53b0ceea90602bba9e077c3c9ee44a7278f44e90814d74c8ca6ad8e RLBA-2021:1801 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libgpod. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libgpod-devel-0.8.3-24.el8.x86_64.rpm aa8f46c5961b5a4ebf0e571f19cbcc686dbc9e81ce0efbc5c6b7149103dcbab5 libgpod-doc-0.8.3-24.el8.x86_64.rpm f3780ae72061e712d61beee20aaf880fb05a2c4b43537c700bd8ded53622fc7c RLBA-2021:1802 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gnome-bluetooth. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms gnome-bluetooth-libs-devel-3.34.3-1.el8.x86_64.rpm df73c2c5a8d6d8b112a946859f083db25d4cca44e381a2cb613ea78456d4e0ea RLSA-2021:1811 LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix(es): * libvncserver: uninitialized memory contents are vulnerable to Information Leak (CVE-2018-21247) * libvncserver: buffer overflow in ConnectClientToUnixSock() (CVE-2019-20839) * libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference (CVE-2020-14397) * libvncserver: libvncclient/rfbproto.c does not limit TextChat size (CVE-2020-14405) * libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS (CVE-2020-25708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libvncserver. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix(es): * libvncserver: uninitialized memory contents are vulnerable to Information Leak (CVE-2018-21247) * libvncserver: buffer overflow in ConnectClientToUnixSock() (CVE-2019-20839) * libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference (CVE-2020-14397) * libvncserver: libvncclient/rfbproto.c does not limit TextChat size (CVE-2020-14405) * libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS (CVE-2020-25708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libvncserver-devel-0.9.11-17.el8.x86_64.rpm ab26ed97b0092e45b1f9ee8cc88c968ea93a910e1dcea1bfc5b3f7425a47a8ca RLBA-2021:1837 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for liblangtag. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms liblangtag-devel-0.6.2-8.el8.x86_64.rpm 540877be09424c58d535951df06d1521b68b384b1f177222428af874a09b64f2 liblangtag-doc-0.6.2-8.el8.noarch.rpm f43ea18bb2eaf66a6fc1097c3d708353a0a9acfbf9031191db36ba233d6eee37 liblangtag-gobject-0.6.2-8.el8.x86_64.rpm 94a9a1f1f151079b579d033c266d922c5ae028611d1d2392b471006f96f815cd RLSA-2021:1842 Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples. Security Fix(es): * raptor: heap-based buffer overflows due to an error in calculating the maximum nspace declarations for the XML writer (CVE-2017-18926) * raptor2: malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common (CVE-2020-25713) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for raptor2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples. Security Fix(es): * raptor: heap-based buffer overflows due to an error in calculating the maximum nspace declarations for the XML writer (CVE-2017-18926) * raptor2: malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common (CVE-2020-25713) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms raptor2-devel-2.0.15-16.el8.x86_64.rpm 43dedd1645d8d8b77152aabdd15e9bfff99bca1e2552d507c6672e6b7973438e RLBA-2021:1848 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dconf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms dconf-devel-0.28.0-4.el8.x86_64.rpm eb8355efa75e51704f5e1cba816ed07117563c84366676942375c8915b21ed34 RLBA-2021:1858 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sendmail. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms sendmail-milter-devel-8.15.2-34.el8.x86_64.rpm 9a0d7fea578eee0f6b5102c4424175ccf5677f17b5f51ec32bc2bfc61ffa924e RLEA-2021:1900 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for memkind. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms memkind-devel-1.10.1-1.el8.x86_64.rpm 1e2a6bf8bc658ab60fc719917cac174e3837a366f748959c529b05dbdfa5fa61 RLBA-2021:1902 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for uuid. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms uuid-devel-1.6.2-43.el8.x86_64.rpm c3fab57562eb28f08bb495cace2ab00bcf75d68b4880fdf64b506125d24f41e1 RLBA-2021:1903 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for pulseaudio, twolame. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms twolame-devel-0.3.13-12.el8.x86_64.rpm 8316627e7aa115e5eb43b618b19f3a8ea2dd0574aa20c7616ebc55e980d002dd RLBA-2021:1912 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ilmbase. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms ilmbase-devel-2.2.0-13.el8.x86_64.rpm 44192c7dad471ab2fa421190226fe4873207d4c22d049defa6fc2659a0616ef4 RLBA-2021:1914 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libsmi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libsmi-devel-0.4.8-23.el8.x86_64.rpm 371ad54cfac29f89300c3fedac078d15033057eec9e036b4026dd6c9ae63e6c4 RLEA-2021:1919 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. This enhancement update adds the python39:3.9 module to Rocky Linux 8. (BZ#1877430) For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-toml, python-urllib3, PyYAML, python-attrs, python-iniconfig, python-requests, mod_wsgi, python3x-pip, python-py, python-chardet, python-pluggy, Cython, python-psutil, python-wcwidth, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python39, python-cffi, python3x-setuptools, pybind11, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. This enhancement update adds the python39:3.9 module to Rocky Linux 8. (BZ#1877430) For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__python39-devel python39-attrs-20.3.0-2.module+el8.4.0+574+843c4898.noarch.rpm fbb8f663205787752f8a7c5a1a7dc1497d9de97321946c2f1f959b9a83e701ba python39-Cython-0.29.21-5.module+el8.4.0+574+843c4898.x86_64.rpm 984098a65cb57d7f43523d0b2ecb2ee3d8b84ab5f9a5491b834760657560bb39 python39-iniconfig-1.1.1-2.module+el8.4.0+574+843c4898.noarch.rpm 585177d17ab59aafa2b84d8543a424a37d750a1b7d77b13d3528fba480b8178f python39-more-itertools-8.5.0-2.module+el8.4.0+574+843c4898.noarch.rpm 783f58ba2a8c29a6be5ff43e198e37fd6a63251db3b3f2bee347fab0fb814ed0 python39-packaging-20.4-4.module+el8.4.0+574+843c4898.noarch.rpm 26959ff9006b14a57368c87762d0330e3fbfea6f3e3a635a8b19b3cf935a4e20 python39-pluggy-0.13.1-3.module+el8.4.0+574+843c4898.noarch.rpm 2f8e19389c1dae284619279fe0e20688debb67181df429c7d1ca16ba88747fda python39-py-1.10.0-1.module+el8.4.0+574+843c4898.noarch.rpm 47b83d280a2e2d2082f269fe5971adb5e2baa0d5e53e67492a3471a844b8691f python39-pyparsing-2.4.7-5.module+el8.4.0+574+843c4898.noarch.rpm c30232fe2b752fc55b6f9baab39b970d7b5b95cb01abe8cf91ccea9bc0846dd0 python39-pytest-6.0.2-2.module+el8.4.0+574+843c4898.noarch.rpm c2f636f758cd74bc1b9a16e1f42561af64af41cbfc5e7179fd204565ad051cf6 python39-wcwidth-0.2.5-3.module+el8.4.0+574+843c4898.noarch.rpm be221a900dcb8cf7ac2f7e5660522a057fd7c0b08503b9b4ed19d9564716c881 RLSA-2021:1924 The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Security Fix(es): * spice: Client initiated renegotiation denial of service (CVE-2021-20201) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for spice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Security Fix(es): * spice: Client initiated renegotiation denial of service (CVE-2021-20201) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms spice-server-devel-0.14.3-4.el8.x86_64.rpm e9847d24a2c0bf6141bfa84df4299a682bedfd5f3c37ede1c4fed24a7df16909 RLBA-2021:1942 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ibus-typing-booster. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms ibus-typing-booster-tests-2.1.0-5.el8.noarch.rpm 1ac4fe22dcf12bb14596745aaa355c043f2379e91c39347ff3c3833255db8179 RLBA-2021:1948 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ibus-table. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms ibus-table-devel-1.9.18-6.el8.noarch.rpm 5bc682aa187f8b6b8ce9d2bf0585b94cd324c8b97f3eb6aba7e125d09a0faafc ibus-table-tests-1.9.18-6.el8.noarch.rpm fc1d94b9f987c33e6ed095f0ccbc31b564362a7f806f479c1f2b559afa53cbad RLSA-2021:2363 GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. Security Fix(es): * gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services (CVE-2021-33516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for gupnp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. Security Fix(es): * gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services (CVE-2021-33516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms gupnp-devel-1.0.6-2.el8_4.x86_64.rpm 2e7bba80b123a5897eb871379d964dfc4bbc455658f4d5780696d37d4849a230 RLSA-2021:2583 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * PyYAML: incomplete fix for CVE-2020-1747 (CVE-2020-14343) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-urllib3, PyYAML, python-attrs, python-jinja2, python-requests, python-atomicwrites, mod_wsgi, python3x-pip, python38, python-asn1crypto, python-chardet, python-markupsafe, python-pluggy, python-py, Cython, python-psutil, python-wcwidth, babel, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python3x-setuptools, python-cffi, pytz, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * PyYAML: incomplete fix for CVE-2020-1747 (CVE-2020-14343) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms__python38-devel python38-atomicwrites-1.3.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm 4577930f8643eab6d5dd7d0f768cde32fcd2c7a4384f0b1cf913f2cca6713313 python38-attrs-19.3.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 1045c38f448778b2e636bd48607abc9b8cb9d767fb254f02d8fc4446de2dcdb6 python38-more-itertools-7.2.0-5.module+el8.4.0+570+c2eaf144.noarch.rpm a835104b763c20cf7aa64b8508e9c0b5cf39fa6a150327a3203fdb0a8755bdef python38-packaging-19.2-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0edfb62f3f6eaa6d37cf69560eb66c4e7321fbe4d5b1a5a2cf836aa1195311be python38-pluggy-0.13.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 60dfc6122c9fd333025780bd3d6277083526e0932eb444ce6713be3f54a743d8 python38-py-1.8.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm c2a1b7e33d1d1cd09325d09c9297065b85587adeaac0d805927036daae1681f1 python38-pyparsing-2.4.5-3.module+el8.4.0+570+c2eaf144.noarch.rpm 9764b2d4672b7d858a173b448213904a8eb16937add8a417987a31c3857ae7f4 python38-pytest-4.6.6-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0369a5e14d4cbfd676ebd6157f0b988a1b9e2480e9fae9c00291b7c1d73abe86 python38-wcwidth-0.1.7-16.module+el8.4.0+570+c2eaf144.noarch.rpm b9652f15c965a3ec2e00be8240a592c91cdeb727b316863a34944a4de723859d RLSA-2021:3075 libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fix(es): * libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes (CVE-2021-22918) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for libuv. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fix(es): * libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes (CVE-2021-22918) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libuv-devel-1.41.1-1.el8_4.x86_64.rpm 7ff6e4cfa9af46728a3b6842b60e1af7072f582a40cf28bad24c597417575a63 RLSA-2021:4160 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Information disclosure via pydoc (CVE-2021-3426) * python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733) * python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957) * python-ipaddress: Improper input validation of octal strings (CVE-2021-29921) * python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503) * python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572) * python: urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-toml, python-urllib3, PyYAML, python-attrs, python-iniconfig, python-requests, mod_wsgi, python3x-pip, python-py, python-chardet, python-pluggy, Cython, python-psutil, python-wcwidth, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python39, python-cffi, python3x-setuptools, pybind11, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Information disclosure via pydoc (CVE-2021-3426) * python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733) * python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957) * python-ipaddress: Improper input validation of octal strings (CVE-2021-29921) * python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503) * python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572) * python: urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__python39-devel python39-attrs-20.3.0-2.module+el8.4.0+574+843c4898.noarch.rpm fbb8f663205787752f8a7c5a1a7dc1497d9de97321946c2f1f959b9a83e701ba python39-Cython-0.29.21-5.module+el8.4.0+574+843c4898.x86_64.rpm 984098a65cb57d7f43523d0b2ecb2ee3d8b84ab5f9a5491b834760657560bb39 python39-iniconfig-1.1.1-2.module+el8.4.0+574+843c4898.noarch.rpm 585177d17ab59aafa2b84d8543a424a37d750a1b7d77b13d3528fba480b8178f python39-more-itertools-8.5.0-2.module+el8.4.0+574+843c4898.noarch.rpm 783f58ba2a8c29a6be5ff43e198e37fd6a63251db3b3f2bee347fab0fb814ed0 python39-packaging-20.4-4.module+el8.4.0+574+843c4898.noarch.rpm 26959ff9006b14a57368c87762d0330e3fbfea6f3e3a635a8b19b3cf935a4e20 python39-pluggy-0.13.1-3.module+el8.4.0+574+843c4898.noarch.rpm 2f8e19389c1dae284619279fe0e20688debb67181df429c7d1ca16ba88747fda python39-py-1.10.0-1.module+el8.4.0+574+843c4898.noarch.rpm 47b83d280a2e2d2082f269fe5971adb5e2baa0d5e53e67492a3471a844b8691f python39-pyparsing-2.4.7-5.module+el8.4.0+574+843c4898.noarch.rpm c30232fe2b752fc55b6f9baab39b970d7b5b95cb01abe8cf91ccea9bc0846dd0 python39-pytest-6.0.2-2.module+el8.4.0+574+843c4898.noarch.rpm c2f636f758cd74bc1b9a16e1f42561af64af41cbfc5e7179fd204565ad051cf6 python39-wcwidth-0.2.5-3.module+el8.4.0+574+843c4898.noarch.rpm be221a900dcb8cf7ac2f7e5660522a057fd7c0b08503b9b4ed19d9564716c881 RLBA-2021:4180 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for evolution, evolution-ews, evolution-mapi, evolution-data-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms evolution-devel-3.28.5-18.el8.x86_64.rpm 5a734d2af61c5862ea817a0269d6b2201cb894667bc91364eee5852500bd2941 RLBA-2021:4219 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libevdev, libinput. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libevdev-devel-1.10.0-1.el8.x86_64.rpm 618b165fdee3cf4a84bc5f67fa81155a91fa3dcb32c55a21583c94c046750921 RLBA-2021:4224 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libwacom. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libwacom-devel-1.6-3.el8.x86_64.rpm 0cc786d2701ea10f746637178a18b8628ec011f9d31d7aef606b78661ccd9549 RLSA-2021:4235 JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es): * jasper: Heap-based buffer overflow in cp_create() in jpc_enc.c (CVE-2020-27828) * jasper: Heap-based buffer over-read in jp2_decode() in jp2_dec.c (CVE-2021-3272) * jasper: Out of bounds read in jp2_decode() in jp2_dec.c (CVE-2021-26926) * jasper: NULL pointer dereference in jp2_decode() in jp2_dec.c (CVE-2021-26927) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for jasper. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es): * jasper: Heap-based buffer overflow in cp_create() in jpc_enc.c (CVE-2020-27828) * jasper: Heap-based buffer over-read in jp2_decode() in jp2_dec.c (CVE-2021-3272) * jasper: Out of bounds read in jp2_decode() in jp2_dec.c (CVE-2021-26926) * jasper: NULL pointer dereference in jp2_decode() in jp2_dec.c (CVE-2021-26927) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms jasper-devel-2.0.14-5.el8.x86_64.rpm 68fcf6dc499450693ab138c389fa8ffcc89840bf66414229428c41855a922916 RLEA-2021:4239 For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for jackson-core, ldapjdk, glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, apache-commons-net, xmlstreambuffer, jackson-annotations, jackson-databind, pki-servlet-engine, pki-core, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, tomcatjss, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, jackson-jaxrs-providers, stax-ex, xerces-j2, jss, jakarta-commons-httpclient, glassfish-jaxb, xml-commons-resolver, relaxngDatatype. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__javapackages-tools apache-commons-collections-3.2.2-10.module+el8.3.0+74+855e3f5d.noarch.rpm 1962d12108c85c26d6c44584c3414afa93177a62fe5fe31b9cb6fff51cd75cb9 apache-commons-lang-2.6-21.module+el8.3.0+74+855e3f5d.noarch.rpm 2cd3cc1c2c68b00eaf7073efe0e649c14d4cbeee76322fca4dbfe239a65e1d29 apache-commons-net-3.6-3.module+el8.3.0+74+855e3f5d.noarch.rpm 0fd615658b7f48a1545a730d3142ba3c125727c552f69733e20d0c75633e7743 jakarta-commons-httpclient-3.1-28.module+el8.3.0+74+855e3f5d.noarch.rpm f71217b74ea2188f28ebd2b0d2f6677a94709d3e2ebbf4d02b333905d6c15b1e javassist-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 825f8edc1944e27c4611567fcb91aca046ba7994e92c1c9c215d2d83124920e0 javassist-javadoc-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 8da2a537026464a73387891f3983170d6049e939815a754e56afd4822208c687 slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 slf4j-jdk14-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm d9f73b25226e215f33eb7cb543ec0a7104fb91911fee655ed0c58ad11f10e7e3 velocity-1.7-24.module+el8.3.0+74+855e3f5d.noarch.rpm ade96d58f90efb5525b69336ef4b52e440d0f45532c0118e21805e9a925351a8 xalan-j2-2.7.1-38.module+el8.3.0+74+855e3f5d.noarch.rpm 10e75783a7ccfc438619489e7884709106c0989b344098087c8c203d1661edd1 xerces-j2-2.11.0-34.module+el8.3.0+74+855e3f5d.noarch.rpm fa10d9d0fc58d7b35ba8f873c84601f9362239a8016987f7965f72d099e8bf78 xml-commons-apis-1.4.01-25.module+el8.3.0+74+855e3f5d.noarch.rpm 275a59ebebead1b5939045d1d662ce6f5b273ce28d6fc7211d9e4e0a468d3630 xml-commons-resolver-1.2-26.module+el8.3.0+74+855e3f5d.noarch.rpm aaa1426f9361c3acd22134b8e459735af876af2716471524233b9ab02e98a522 RLSA-2021:4256 Graphviz is open-source graph-visualization software. Graph visualization is a way of representing structural information as diagrams of abstract graphs and networks. It has important applications in networking, bioinformatics, software engineering, database and web design, machine learning, and in visual interfaces for other technical domains. Security Fix(es): * graphviz: off-by-one in parse_reclbl() in lib/common/shapes.c (CVE-2020-18032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for graphviz. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Graphviz is open-source graph-visualization software. Graph visualization is a way of representing structural information as diagrams of abstract graphs and networks. It has important applications in networking, bioinformatics, software engineering, database and web design, machine learning, and in visual interfaces for other technical domains. Security Fix(es): * graphviz: off-by-one in parse_reclbl() in lib/common/shapes.c (CVE-2020-18032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms graphviz-devel-2.40.1-43.el8.x86_64.rpm e1e8173e1914d82f5c3a6fa7eaf654004c000c87a1274f6e1fbd48ed95f76c0c graphviz-doc-2.40.1-43.el8.x86_64.rpm a0dfbd3dc216c9271181dc43ebeecbc457599800168f72dfdb228c92705f070b graphviz-gd-2.40.1-43.el8.x86_64.rpm 531acd08da7b5412e3d4776dabf12880d63e342ebf92720ec57c50075eda290a graphviz-python3-2.40.1-43.el8.x86_64.rpm cb5963412954fd5c0b1ea8d6fbe37a35342d444c0c305590a101483e3b868c43 RLBA-2021:4285 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libvoikko. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libvoikko-devel-4.1.1-3.el8.x86_64.rpm 3b8764640cafbca51f6358f15274adf0306ce8faa90b807f21047cf08842ee78 RLEA-2021:4286 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for lpsolve. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms lpsolve-devel-5.5.2.0-21.el8.x86_64.rpm 575756117820b4a5aa4d9f32cc1268f85247a084e65a836a2e0a1437424130c7 RLSA-2021:4288 The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es): * libjpeg-turbo: Stack-based buffer overflow in the "transform" component (CVE-2020-17541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libjpeg-turbo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es): * libjpeg-turbo: Stack-based buffer overflow in the "transform" component (CVE-2020-17541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms turbojpeg-devel-1.5.3-12.el8.x86_64.rpm 0bd633f0e92569f88919a56bc585fd4310141a602f223601140264640815ff59 RLEA-2021:4289 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sblim-gather. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms sblim-gather-provider-2.2.9-24.el8.x86_64.rpm cf328bb559b9bc12384b98fea0d797f0ba451a444ba72fdf33ac89aa99d66316 RLSA-2021:4316 The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: infinite loop via the return value of zzip_file_read() as used in unzzip_cat_file() (CVE-2020-18442) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for zziplib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: infinite loop via the return value of zzip_file_read() as used in unzzip_cat_file() (CVE-2020-18442) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms zziplib-devel-0.13.68-9.el8.x86_64.rpm 6bf0ded659672ca2b9e29d7e5d9c70af0d49098ea377ef252c6b38fb0f5b5556 RLEA-2021:4322 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for unicode-ucd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms unicode-ucd-unihan-11.0.0-2.el8.noarch.rpm 870061428ed38494e9a2d305b81fbd430429a6e5761f94caf6537f474b0f3bf0 RLEA-2021:4335 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for tesseract. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms tesseract-devel-4.1.1-2.el8.x86_64.rpm d537e4f4b740fb22d30d6a9ff44b4db19c1c265995c93832ed0558cd64599111 RLSA-2021:4339 Grilo is a framework that provides access to different sources of multimedia content, using a pluggable system. The grilo package contains the core library and elements. Security Fix(es): * grilo: missing TLS certificate verification (CVE-2021-39365) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for grilo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Grilo is a framework that provides access to different sources of multimedia content, using a pluggable system. The grilo package contains the core library and elements. Security Fix(es): * grilo: missing TLS certificate verification (CVE-2021-39365) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms grilo-devel-0.3.6-3.el8.x86_64.rpm a2ea12bbbc72333e8a30ef14a3bebe660e01d60f7d6b4f4467c7edd6c17707c8 RLBA-2021:4348 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for brasero. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms brasero-devel-3.12.2-5.el8.x86_64.rpm 969d10d6ee1a2fc0cefe5eeca99b5f6fa3f9b2403fada12250254af0c822c260 RLSA-2021:4162 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python-psutil: Double free because of refcount mishandling (CVE-2019-18874) * python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493) * python: Information disclosure via pydoc (CVE-2021-3426) * python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771) * python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336) * python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957) * python-ipaddress: Improper input validation of octal strings (CVE-2021-29921) * python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503) * python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-urllib3, PyYAML, python-attrs, python-jinja2, python-requests, python-atomicwrites, mod_wsgi, python3x-pip, python38, python-asn1crypto, python-chardet, python-markupsafe, python-pluggy, python-py, Cython, python-psutil, python-wcwidth, babel, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python3x-setuptools, python-cffi, pytz, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python-psutil: Double free because of refcount mishandling (CVE-2019-18874) * python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493) * python: Information disclosure via pydoc (CVE-2021-3426) * python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771) * python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336) * python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957) * python-ipaddress: Improper input validation of octal strings (CVE-2021-29921) * python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503) * python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__python38-devel python38-atomicwrites-1.3.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm 4577930f8643eab6d5dd7d0f768cde32fcd2c7a4384f0b1cf913f2cca6713313 python38-attrs-19.3.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 1045c38f448778b2e636bd48607abc9b8cb9d767fb254f02d8fc4446de2dcdb6 python38-more-itertools-7.2.0-5.module+el8.4.0+570+c2eaf144.noarch.rpm a835104b763c20cf7aa64b8508e9c0b5cf39fa6a150327a3203fdb0a8755bdef python38-packaging-19.2-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0edfb62f3f6eaa6d37cf69560eb66c4e7321fbe4d5b1a5a2cf836aa1195311be python38-pluggy-0.13.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 60dfc6122c9fd333025780bd3d6277083526e0932eb444ce6713be3f54a743d8 python38-py-1.8.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm c2a1b7e33d1d1cd09325d09c9297065b85587adeaac0d805927036daae1681f1 python38-pyparsing-2.4.5-3.module+el8.4.0+570+c2eaf144.noarch.rpm 9764b2d4672b7d858a173b448213904a8eb16937add8a417987a31c3857ae7f4 python38-pytest-4.6.6-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0369a5e14d4cbfd676ebd6157f0b988a1b9e2480e9fae9c00291b7c1d73abe86 python38-wcwidth-0.1.7-16.module+el8.4.0+570+c2eaf144.noarch.rpm b9652f15c965a3ec2e00be8240a592c91cdeb727b316863a34944a4de723859d RLBA-2021:4533 The Intelligent Input Bus (IBus) is an input method framework for multilingual input in Unix-like operating systems. Bug fix: * Previously, in GNOME Wayland desktop in Rocky Linux 8.5, the IBus emoji candidate pop-up was used with IBus UI and the selected candidate could not inserted into the target input focus smartly. With this update, the IBus emoji candidate pop-up is used with GNOME-Shell UI in GNOME Wayland desktop and the selected candidate is inserted into the input focus correctly. (BZ#2014064) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ibus. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Intelligent Input Bus (IBus) is an input method framework for multilingual input in Unix-like operating systems. Bug fix: * Previously, in GNOME Wayland desktop in Rocky Linux 8.5, the IBus emoji candidate pop-up was used with IBus UI and the selected candidate could not inserted into the target input focus smartly. With this update, the IBus emoji candidate pop-up is used with GNOME-Shell UI in GNOME Wayland desktop and the selected candidate is inserted into the input focus correctly. (BZ#2014064) rocky-linux-8-x86-64-powertools-rpms ibus-devel-1.5.19-14.el8_5.x86_64.rpm a5f98ea4f90e5f5144d9b8e488fd9b5cc1f7a2057b600880ea9ed5998627a40a ibus-devel-docs-1.5.19-14.el8_5.noarch.rpm 67b3b057ac52c0ba48ad6774949daad44c1f1f14a2dbc5fafac3108532735d46 RLSA-2021:4585 The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in gcc in order to facilitate detection of BiDi Unicode characters: This update implements a new warning option -Wbidirectional to warn about possibly dangerous bidirectional characters. There are three levels of warning supported by gcc: "-Wbidirectional=unpaired", which warns about improperly terminated BiDi contexts. (This is the default.) "-Wbidirectional=none", which turns the warning off. "-Wbidirectional=any", which warns about any use of bidirectional characters. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for gcc-toolset-10-gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in gcc in order to facilitate detection of BiDi Unicode characters: This update implements a new warning option -Wbidirectional to warn about possibly dangerous bidirectional characters. There are three levels of warning supported by gcc: "-Wbidirectional=unpaired", which warns about improperly terminated BiDi contexts. (This is the default.) "-Wbidirectional=none", which turns the warning off. "-Wbidirectional=any", which warns about any use of bidirectional characters. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms gcc-toolset-10-gcc-plugin-devel-10.3.1-1.2.el8_5.x86_64.rpm 16b03b3e767c1d93d00e842975820844cd40c642efefd4e71ce636a76cf625a2 RLSA-2022:0643 The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions (CVE-2022-22817) * python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c (CVE-2022-22816) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for python-pillow. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions (CVE-2022-22817) * python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c (CVE-2022-22816) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms python3-pillow-devel-5.1.1-18.el8_5.x86_64.rpm 8c12dab34ee56930c031cb88215f56b97daa4a1e4f677db8ff16f1497360952e python3-pillow-doc-5.1.1-18.el8_5.noarch.rpm 64ec44d65dab3eb5c18b94a53711ac2b79553ff54ec1c3aec07c94e9186ab63f python3-pillow-tk-5.1.1-18.el8_5.x86_64.rpm df7e40a191a9673b3ed7a768697057ba9e27d4f147d4b7f89937dd158194d231 RLSA-2022:1764 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packages have been upgraded to a later upstream version: python38 (3.8), python38-devel (3.8). (BZ#1997680, BZ#1997860) Security Fix(es): * python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733) * python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) * python: urllib.parse does not sanitize URLs containing ASCII newline and tabs (CVE-2022-0391) * python: urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-urllib3, PyYAML, python-attrs, python-jinja2, python-requests, python-atomicwrites, mod_wsgi, python3x-pip, python38, python-asn1crypto, python-chardet, python-markupsafe, python-pluggy, python-py, Cython, python-psutil, python-wcwidth, babel, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python3x-setuptools, python-cffi, pytz, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packages have been upgraded to a later upstream version: python38 (3.8), python38-devel (3.8). (BZ#1997680, BZ#1997860) Security Fix(es): * python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733) * python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) * python: urllib.parse does not sanitize URLs containing ASCII newline and tabs (CVE-2022-0391) * python: urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__python38-devel python38-atomicwrites-1.3.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm 4577930f8643eab6d5dd7d0f768cde32fcd2c7a4384f0b1cf913f2cca6713313 python38-attrs-19.3.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 1045c38f448778b2e636bd48607abc9b8cb9d767fb254f02d8fc4446de2dcdb6 python38-more-itertools-7.2.0-5.module+el8.4.0+570+c2eaf144.noarch.rpm a835104b763c20cf7aa64b8508e9c0b5cf39fa6a150327a3203fdb0a8755bdef python38-packaging-19.2-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0edfb62f3f6eaa6d37cf69560eb66c4e7321fbe4d5b1a5a2cf836aa1195311be python38-pluggy-0.13.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 60dfc6122c9fd333025780bd3d6277083526e0932eb444ce6713be3f54a743d8 python38-py-1.8.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm c2a1b7e33d1d1cd09325d09c9297065b85587adeaac0d805927036daae1681f1 python38-pyparsing-2.4.5-3.module+el8.4.0+570+c2eaf144.noarch.rpm 9764b2d4672b7d858a173b448213904a8eb16937add8a417987a31c3857ae7f4 python38-pytest-4.6.6-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0369a5e14d4cbfd676ebd6157f0b988a1b9e2480e9fae9c00291b7c1d73abe86 python38-wcwidth-0.1.7-16.module+el8.4.0+570+c2eaf144.noarch.rpm b9652f15c965a3ec2e00be8240a592c91cdeb727b316863a34944a4de723859d RLBA-2022:1770 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for evince. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms evince-devel-3.28.4-16.el8.x86_64.rpm d3b050de94e206faaf8409bc2676a77da9536d62109367461ec8cf34bb854787 RLBA-2022:1790 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libpinyin. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libpinyin-devel-2.2.0-2.el8.x86_64.rpm f8403e6b354f9473be39fc4e0706775f1386d324583892ccae5efab89b5813fe RLBA-2022:1794 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libmemcached. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libmemcached-devel-1.0.18-17.el8.x86_64.rpm fc34c97d21c54141c03a8f8162a3748cd237c299bf31678319a2e1056b10a32f RLBA-2022:1800 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for accountsservice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms accountsservice-devel-0.6.55-4.el8.x86_64.rpm c40340ac22ac24a3b36ad7bd0ccfb90fb4acdf318271a609a20b2831261cf17e RLBA-2022:1822 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ibus. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms ibus-devel-docs-1.5.19-14.el8_5.noarch.rpm 67b3b057ac52c0ba48ad6774949daad44c1f1f14a2dbc5fafac3108532735d46 ibus-devel-1.5.19-14.el8_5.x86_64.rpm a5f98ea4f90e5f5144d9b8e488fd9b5cc1f7a2057b600880ea9ed5998627a40a RLBA-2022:1827 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for librdkafka. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms librdkafka-devel-0.11.4-3.el8.x86_64.rpm bbeeb469910382e90ad5ac65cc8b4b7c82824f2eca0cff5234120fdad7dfb8be RLSA-2022:1842 Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. The following packages have been upgraded to a later upstream version: exiv2 (0.27.5). (BZ#2018422) Security Fix(es): * exiv2: stack exhaustion issue in the printIFDStructure function may lead to DoS (CVE-2020-18898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for exiv2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. The following packages have been upgraded to a later upstream version: exiv2 (0.27.5). (BZ#2018422) Security Fix(es): * exiv2: stack exhaustion issue in the printIFDStructure function may lead to DoS (CVE-2020-18898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms exiv2-devel-0.27.5-2.el8.x86_64.rpm 60eef0b012434184198483e4f39fa8b8763a8558a8dbdf21c221f2768467b8b7 exiv2-doc-0.27.5-2.el8.noarch.rpm d2c75b50927dab8d284c052574cdd762ffe1c4debdc3c7c25d3b324f3626d998 RLBA-2022:1871 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for corosync. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms corosync-vqsim-3.1.5-2.el8.x86_64.rpm 0c9f32f7001b4c447e86f3785cf88386a7f45017a0a6fddaf0962f684284c1f4 RLBA-2022:1895 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libecpg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libecpg-devel-13.5-3.el8.x86_64.rpm 9302415704847d76147eac23f84a33ec88e16c3c2b5a8f3ddb1b63c111072825 RLSA-2022:1763 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-toml, python-urllib3, PyYAML, python-attrs, python-iniconfig, python-requests, mod_wsgi, python3x-pip, python-py, python-chardet, python-pluggy, Cython, python-psutil, python-wcwidth, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python39, python-cffi, python3x-setuptools, pybind11, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__python39-devel python39-attrs-20.3.0-2.module+el8.4.0+574+843c4898.noarch.rpm fbb8f663205787752f8a7c5a1a7dc1497d9de97321946c2f1f959b9a83e701ba python39-Cython-0.29.21-5.module+el8.4.0+574+843c4898.x86_64.rpm 984098a65cb57d7f43523d0b2ecb2ee3d8b84ab5f9a5491b834760657560bb39 python39-iniconfig-1.1.1-2.module+el8.4.0+574+843c4898.noarch.rpm 585177d17ab59aafa2b84d8543a424a37d750a1b7d77b13d3528fba480b8178f python39-more-itertools-8.5.0-2.module+el8.4.0+574+843c4898.noarch.rpm 783f58ba2a8c29a6be5ff43e198e37fd6a63251db3b3f2bee347fab0fb814ed0 python39-packaging-20.4-4.module+el8.4.0+574+843c4898.noarch.rpm 26959ff9006b14a57368c87762d0330e3fbfea6f3e3a635a8b19b3cf935a4e20 python39-pluggy-0.13.1-3.module+el8.4.0+574+843c4898.noarch.rpm 2f8e19389c1dae284619279fe0e20688debb67181df429c7d1ca16ba88747fda python39-py-1.10.0-1.module+el8.4.0+574+843c4898.noarch.rpm 47b83d280a2e2d2082f269fe5971adb5e2baa0d5e53e67492a3471a844b8691f python39-pybind11-2.7.1-1.module+el8.6.0+795+de4edbcc.x86_64.rpm 9cff00f82f11e7120a62805cef08a46eac99fa503704a15cef53c8ebd457e9fa python39-pybind11-devel-2.7.1-1.module+el8.6.0+795+de4edbcc.x86_64.rpm bfcdaa17cd74b8e55159ce5a1aadfc9b7e79981afbfbc35f9bae18fbb14527b5 python39-pyparsing-2.4.7-5.module+el8.4.0+574+843c4898.noarch.rpm c30232fe2b752fc55b6f9baab39b970d7b5b95cb01abe8cf91ccea9bc0846dd0 python39-pytest-6.0.2-2.module+el8.4.0+574+843c4898.noarch.rpm c2f636f758cd74bc1b9a16e1f42561af64af41cbfc5e7179fd204565ad051cf6 python39-wcwidth-0.2.5-3.module+el8.4.0+574+843c4898.noarch.rpm be221a900dcb8cf7ac2f7e5660522a057fd7c0b08503b9b4ed19d9564716c881 RLBA-2022:1769 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libgit2-glib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libgit2-glib-devel-0.26.4-3.el8.x86_64.rpm fa469090d51b89fbb68471272bf086d171845ce21a4c37506e719ea569f4d9ed RLBA-2022:1788 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for jq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms jq-devel-1.6-3.el8.x86_64.rpm 51540e5cccc75e55f93f13fb3b324d99d91924a54b13370379f10383306e132c RLSA-2022:1808 GNU Aspell is a spell checker designed to eventually replace Ispell. It can either be used as a library or as an independent spell checker. Security Fix(es): * aspell: Heap-buffer-overflow in acommon::ObjStack::dup_top (CVE-2019-25051) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for aspell. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GNU Aspell is a spell checker designed to eventually replace Ispell. It can either be used as a library or as an independent spell checker. Security Fix(es): * aspell: Heap-buffer-overflow in acommon::ObjStack::dup_top (CVE-2019-25051) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms aspell-devel-0.60.6.1-22.el8.x86_64.rpm d4afea0ae1a0a43e3bd0e8b2162b78011aefed59eb8a695e6f97e2670d801095 RLSA-2022:1820 The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fix(es): * udisks2: insecure defaults in user-accessible mount helpers allow for a DoS (CVE-2021-3802) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for udisks2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fix(es): * udisks2: insecure defaults in user-accessible mount helpers allow for a DoS (CVE-2021-3802) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libudisks2-devel-2.9.0-9.el8.x86_64.rpm d3d52becc8d66102931ef4a61bb8c5668091e1f2c1bb5b913bd84b1f129f5be9 RLSA-2022:1861 Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fix(es): * apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for apache-commons-io, atinject, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, glassfish-el, apache-commons-cli, guava20, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, jansi-native, apache-commons-logging, apache-commons-lang3, plexus-interpolation, sisu, httpcomponents-core, maven, cdi-api, jsoup, geronimo-annotation, google-guice, plexus-utils, slf4j, jboss-interceptors-1.2-api, maven-wagon, jansi, apache-commons-codec, hawtjni. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fix(es): * apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__javapackages-tools aopalliance-1.0-17.module+el8.3.0+74+855e3f5d.noarch.rpm fbb6c1c479c14f3cfd59b7ef1410cd4fd5d0e38a3b20d988d04626b9cc984b2c apache-commons-cli-1.4-4.module+el8.3.0+74+855e3f5d.noarch.rpm 45019b04925e7755a011ea89b09ea72f83c4084017f3937292afd4c5ceb0ac98 apache-commons-codec-1.11-3.module+el8.3.0+74+855e3f5d.noarch.rpm 3aa2b01dd5152ec46aa9671caf520795ba501397d983b795c13d44ff624e1610 apache-commons-io-2.6-3.module+el8.3.0+74+855e3f5d.noarch.rpm 89e481e422ef99164e35d7211632853fcd0d4878369545985364dc50721254ab apache-commons-lang3-3.7-3.module+el8.3.0+74+855e3f5d.noarch.rpm 2a5f240d60dbc890037880b26f6611fc23dac46b8f50ae6ccaa149ee1cc5ed1a apache-commons-logging-1.2-13.module+el8.3.0+74+855e3f5d.noarch.rpm d789f181483d77171796dffad8e30470feac289a4034ee715731bbd6e1641444 atinject-1-28.20100611svn86.module+el8.3.0+74+855e3f5d.noarch.rpm e4b82afc0bb5526846c4eeb9cb79c26bce4d30934e1ced93d1d3e7307e074f74 cdi-api-1.2-8.module+el8.3.0+74+855e3f5d.noarch.rpm 2e8c720fdbc5e3482949b1de0b3eed0c2b7d8595a3ffabce476a6e1daa850018 geronimo-annotation-1.0-23.module+el8.3.0+74+855e3f5d.noarch.rpm e7b5122e8672fbe03fcb8fb36bceb4efb9a048fc2b3cd8fd0d7abb1557395780 glassfish-el-api-3.0.1-0.7.b08.module+el8.3.0+74+855e3f5d.noarch.rpm c4fc22d030b1a3a0f1b2465385e403e86f330d136a7c0eb0770d6cd26151763e google-guice-4.1-11.module+el8.3.0+74+855e3f5d.noarch.rpm df35552be68618d49606464e558fc5ba46b7700378df8925e57521f8eb3f98c3 guava20-20.0-8.module+el8.3.0+74+855e3f5d.noarch.rpm 4b8a8bac2501f5672cfffe49ebd189b8b788b60d59c26f813dfd9c8f76fc2a2b hawtjni-runtime-1.16-2.module+el8.3.0+74+855e3f5d.noarch.rpm 4c65ddc64dbfc58c468643f55731d9dd50323a6f86ec3ab2d865671ccb7d7c7a httpcomponents-core-4.4.10-3.module+el8.3.0+74+855e3f5d.noarch.rpm 288373332ddbb4d44cbbc09a258f2ef678f9f82fcc675deb67fc1cf17e5433de jansi-1.17.1-1.module+el8.3.0+74+855e3f5d.noarch.rpm 91dc0aea768418adad49fd93dc91922be6e49f27ea74d2a6d8fcde0691999e1b jansi-native-1.7-7.module+el8.3.0+74+855e3f5d.x86_64.rpm bb4d2d6d77cbee8970153afab3cee9136a3c06de021d8ed79437092eb48cb2ea jboss-interceptors-1.2-api-1.0.0-8.module+el8.3.0+74+855e3f5d.noarch.rpm 1dfd33dda1d4c8109071d38142354c33ef297ad4481ae97ec23b228b0fe3f9d7 jcl-over-slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm 3c363400689340b536e66c15f577a12a5b655144873247cae92fa1ab1d84c550 jsoup-1.11.3-3.module+el8.3.0+74+855e3f5d.noarch.rpm 3992d95096226f182c24e41a93e1d0df2eea9757c1ddf8e02869944dbd9d5a56 maven-3.5.4-5.module+el8.3.0+74+855e3f5d.noarch.rpm 11eabb9b6ad822066845a124cd8fd58161bf8cea2bd30361d52b99f20bc532aa maven-lib-3.5.4-5.module+el8.3.0+74+855e3f5d.noarch.rpm 186959635948722c4a8fc4e957e62a2f684f231cb2e8dad402ac4aee732c22ef maven-resolver-api-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm 78318ad89591627ff7b70d576dcfa7ddbd8b84cbc96bf10cfbfb3f00551f9d35 maven-resolver-connector-basic-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm 8af445addb2ecf224118b43b189343bd81d61a7f1ed4919ba5e2a7b96884f094 maven-resolver-impl-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm d9efb68794c75fb6807690fa7b154010930804532539a082cf1f8c801987b002 maven-resolver-spi-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm 84864ba6c437c4a79443cc8ad6709f1e3f4bef7805953b5593e7b7f85f112f4b maven-resolver-transport-wagon-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm c2ad084bdc61acc14f125e9dc97517c8b7bd1fe11f1fa51e0aa52bccae1104ba maven-resolver-util-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm 50d2691f67b8937dc531975ac7b181b883dd480ff8ada2724efdbe55781271f8 maven-shared-utils-3.2.1-0.1.module+el8.3.0+74+855e3f5d.noarch.rpm 11617b79504bcb21ca362f90b50fe5a79c33f7e23a497c0f1f9fd72d875f14d5 maven-wagon-file-3.1.0-1.module+el8.3.0+74+855e3f5d.noarch.rpm ae1861c6356a25f751701921f4bb4f6d4909e30f5f0a3992f29fb20d7d7d0efd maven-wagon-http-3.1.0-1.module+el8.3.0+74+855e3f5d.noarch.rpm 5c23a755115e85f8a8244f0219d701ab4489ee8b0e342ffdbf5e3101d0b6c1a9 maven-wagon-http-shared-3.1.0-1.module+el8.3.0+74+855e3f5d.noarch.rpm 317f893fc19cafca5ffba64667b11ce5f7b888b021b199b65dc4e05dccb9093c maven-wagon-provider-api-3.1.0-1.module+el8.3.0+74+855e3f5d.noarch.rpm 72c219e7b417dcf9c0d653c51b912447866b9c54043c99e3076d81d789a642a1 plexus-cipher-1.7-14.module+el8.3.0+74+855e3f5d.noarch.rpm d15598cc6e72733579d36a2960e4fc6a5cee91f3822ec698df9d37be2890aa21 plexus-classworlds-2.5.2-9.module+el8.3.0+74+855e3f5d.noarch.rpm 4317743cf5f3c9405a29be7a128a157dcc35274d739a652244e3e81113202556 plexus-containers-component-annotations-1.7.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm cc34dedf623b784eeed97d1b32972ea29deba8822da85e125ee04f94c7283452 plexus-interpolation-1.22-9.module+el8.3.0+74+855e3f5d.noarch.rpm 2e23be2ec94ec5b6c7b655d396cfbc90ac035d22d81afc0cff2b18af207d1123 plexus-sec-dispatcher-1.4-26.module+el8.3.0+74+855e3f5d.noarch.rpm 827da035529b00c9fe3e940f5ddae520273c4b85d81df3f9be42dbfae3a0262c plexus-utils-3.1.0-3.module+el8.3.0+74+855e3f5d.noarch.rpm 00b359572d4dd27ba27a11a093533dc7eb15aa18417277d89dfb69426996aab1 sisu-inject-0.3.3-6.module+el8.3.0+74+855e3f5d.noarch.rpm f9c004d055ccbec5294f396f757fba8589320c58d0be527c7703d39cfc4e6659 sisu-plexus-0.3.3-6.module+el8.3.0+74+855e3f5d.noarch.rpm e6e9f0f557f06117e828215563eabe25c3e060d8f2929e1bb4ea142c14473d7a slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 RLBA-2022:1875 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for adwaita-icon-theme. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms adwaita-icon-theme-devel-3.28.0-3.el8.noarch.rpm 38a09e434c702743b2398bc56aac1f98b2f3bcf378e88ba7ec10569f1722ef1c RLBA-2022:1889 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for texlive. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms texlive-lib-devel-20180414-25.el8.x86_64.rpm 48da9ca89130641bb9a0ff43c79f632f0590273367aeec21badf94d07a38d89b RLBA-2022:1918 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for webrtc-audio-processing. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms webrtc-audio-processing-devel-0.3-10.el8.x86_64.rpm 83bd130189fed6c59e17cacb8af1136f6781c4c6a4925a0f3616198d44c3cccc RLBA-2022:1944 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for netpbm. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms netpbm-devel-10.82.00-7.el8.x86_64.rpm d50cf532ec1c958d44a0c0933dceb36b78718fcb473b243b9860e8233365eb7a netpbm-doc-10.82.00-7.el8.x86_64.rpm bb25411d1db17f35f2c562e1f9e30755de211cb9a63faf6dc1ca0c53d732a1a2 RLBA-2022:1949 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for python-pillow. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms python3-pillow-devel-5.1.1-18.el8_5.x86_64.rpm 8c12dab34ee56930c031cb88215f56b97daa4a1e4f677db8ff16f1497360952e python3-pillow-doc-5.1.1-18.el8_5.noarch.rpm 64ec44d65dab3eb5c18b94a53711ac2b79553ff54ec1c3aec07c94e9186ab63f python3-pillow-tk-5.1.1-18.el8_5.x86_64.rpm df7e40a191a9673b3ed7a768697057ba9e27d4f147d4b7f89937dd158194d231 RLBA-2022:1960 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gegl04. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms gegl04-devel-0.4.4-7.el8.x86_64.rpm 130325379544f54dee4abd3a6245368173cc51621c3747f0c5915032afd8c564 RLSA-2022:1968 libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): * libsndfile: heap out-of-bounds read in src/flac.c in flac_buffer_copy (CVE-2021-4156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libsndfile. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): * libsndfile: heap out-of-bounds read in src/flac.c in flac_buffer_copy (CVE-2021-4156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libsndfile-devel-1.0.28-12.el8.x86_64.rpm 96308dce5b3999484db5f192ca96424c96ec849a57d2c635cdf36d2a259470c9 RLSA-2022:2200 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core Runtime 5.0.17. Security Fix(es): * dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267) * dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117) * dotnet: parsing HTML causes Denial of Service (CVE-2022-29145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet5.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core Runtime 5.0.17. Security Fix(es): * dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267) * dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117) * dotnet: parsing HTML causes Denial of Service (CVE-2022-29145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-5.0-source-built-artifacts-5.0.214-1.el8_6.x86_64.rpm 38c5793ab9b4b78cf189732088e3dd88f3b7531cb91916c6a745fb37fe47fa57 RLSA-2022:4798 The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Security Fix(es): * maven-shared-utils: Command injection via Commandline class (CVE-2022-29599) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for apache-commons-io, atinject, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, glassfish-el, apache-commons-cli, guava20, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, jansi-native, apache-commons-logging, apache-commons-lang3, plexus-interpolation, sisu, httpcomponents-core, maven, cdi-api, jsoup, geronimo-annotation, google-guice, plexus-utils, slf4j, jboss-interceptors-1.2-api, maven-wagon, jansi, apache-commons-codec, hawtjni. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Security Fix(es): * maven-shared-utils: Command injection via Commandline class (CVE-2022-29599) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms__javapackages-tools aopalliance-1.0-17.module+el8.3.0+74+855e3f5d.noarch.rpm fbb6c1c479c14f3cfd59b7ef1410cd4fd5d0e38a3b20d988d04626b9cc984b2c apache-commons-cli-1.4-4.module+el8.3.0+74+855e3f5d.noarch.rpm 45019b04925e7755a011ea89b09ea72f83c4084017f3937292afd4c5ceb0ac98 apache-commons-codec-1.11-3.module+el8.3.0+74+855e3f5d.noarch.rpm 3aa2b01dd5152ec46aa9671caf520795ba501397d983b795c13d44ff624e1610 apache-commons-io-2.6-3.module+el8.3.0+74+855e3f5d.noarch.rpm 89e481e422ef99164e35d7211632853fcd0d4878369545985364dc50721254ab apache-commons-lang3-3.7-3.module+el8.3.0+74+855e3f5d.noarch.rpm 2a5f240d60dbc890037880b26f6611fc23dac46b8f50ae6ccaa149ee1cc5ed1a apache-commons-logging-1.2-13.module+el8.3.0+74+855e3f5d.noarch.rpm d789f181483d77171796dffad8e30470feac289a4034ee715731bbd6e1641444 atinject-1-28.20100611svn86.module+el8.3.0+74+855e3f5d.noarch.rpm e4b82afc0bb5526846c4eeb9cb79c26bce4d30934e1ced93d1d3e7307e074f74 cdi-api-1.2-8.module+el8.3.0+74+855e3f5d.noarch.rpm 2e8c720fdbc5e3482949b1de0b3eed0c2b7d8595a3ffabce476a6e1daa850018 geronimo-annotation-1.0-23.module+el8.3.0+74+855e3f5d.noarch.rpm e7b5122e8672fbe03fcb8fb36bceb4efb9a048fc2b3cd8fd0d7abb1557395780 glassfish-el-api-3.0.1-0.7.b08.module+el8.3.0+74+855e3f5d.noarch.rpm c4fc22d030b1a3a0f1b2465385e403e86f330d136a7c0eb0770d6cd26151763e google-guice-4.1-11.module+el8.3.0+74+855e3f5d.noarch.rpm df35552be68618d49606464e558fc5ba46b7700378df8925e57521f8eb3f98c3 guava20-20.0-8.module+el8.3.0+74+855e3f5d.noarch.rpm 4b8a8bac2501f5672cfffe49ebd189b8b788b60d59c26f813dfd9c8f76fc2a2b hawtjni-runtime-1.16-2.module+el8.3.0+74+855e3f5d.noarch.rpm 4c65ddc64dbfc58c468643f55731d9dd50323a6f86ec3ab2d865671ccb7d7c7a httpcomponents-client-4.5.5-4.module+el8.3.0+74+855e3f5d.noarch.rpm 8caedd5d895c3f289c37183e3fd8caea734fccb9e97de32f62c7c5828d1c400c httpcomponents-core-4.4.10-3.module+el8.3.0+74+855e3f5d.noarch.rpm 288373332ddbb4d44cbbc09a258f2ef678f9f82fcc675deb67fc1cf17e5433de jansi-1.17.1-1.module+el8.3.0+74+855e3f5d.noarch.rpm 91dc0aea768418adad49fd93dc91922be6e49f27ea74d2a6d8fcde0691999e1b jansi-native-1.7-7.module+el8.3.0+74+855e3f5d.x86_64.rpm bb4d2d6d77cbee8970153afab3cee9136a3c06de021d8ed79437092eb48cb2ea jboss-interceptors-1.2-api-1.0.0-8.module+el8.3.0+74+855e3f5d.noarch.rpm 1dfd33dda1d4c8109071d38142354c33ef297ad4481ae97ec23b228b0fe3f9d7 jcl-over-slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm 3c363400689340b536e66c15f577a12a5b655144873247cae92fa1ab1d84c550 jsoup-1.11.3-3.module+el8.3.0+74+855e3f5d.noarch.rpm 3992d95096226f182c24e41a93e1d0df2eea9757c1ddf8e02869944dbd9d5a56 maven-3.5.4-5.module+el8.3.0+74+855e3f5d.noarch.rpm 11eabb9b6ad822066845a124cd8fd58161bf8cea2bd30361d52b99f20bc532aa maven-lib-3.5.4-5.module+el8.3.0+74+855e3f5d.noarch.rpm 186959635948722c4a8fc4e957e62a2f684f231cb2e8dad402ac4aee732c22ef maven-resolver-api-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm 78318ad89591627ff7b70d576dcfa7ddbd8b84cbc96bf10cfbfb3f00551f9d35 maven-resolver-connector-basic-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm 8af445addb2ecf224118b43b189343bd81d61a7f1ed4919ba5e2a7b96884f094 maven-resolver-impl-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm d9efb68794c75fb6807690fa7b154010930804532539a082cf1f8c801987b002 maven-resolver-spi-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm 84864ba6c437c4a79443cc8ad6709f1e3f4bef7805953b5593e7b7f85f112f4b maven-resolver-transport-wagon-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm c2ad084bdc61acc14f125e9dc97517c8b7bd1fe11f1fa51e0aa52bccae1104ba maven-resolver-util-1.1.1-2.module+el8.3.0+74+855e3f5d.noarch.rpm 50d2691f67b8937dc531975ac7b181b883dd480ff8ada2724efdbe55781271f8 maven-wagon-file-3.1.0-1.module+el8.3.0+74+855e3f5d.noarch.rpm ae1861c6356a25f751701921f4bb4f6d4909e30f5f0a3992f29fb20d7d7d0efd maven-wagon-http-3.1.0-1.module+el8.3.0+74+855e3f5d.noarch.rpm 5c23a755115e85f8a8244f0219d701ab4489ee8b0e342ffdbf5e3101d0b6c1a9 maven-wagon-http-shared-3.1.0-1.module+el8.3.0+74+855e3f5d.noarch.rpm 317f893fc19cafca5ffba64667b11ce5f7b888b021b199b65dc4e05dccb9093c maven-wagon-provider-api-3.1.0-1.module+el8.3.0+74+855e3f5d.noarch.rpm 72c219e7b417dcf9c0d653c51b912447866b9c54043c99e3076d81d789a642a1 plexus-cipher-1.7-14.module+el8.3.0+74+855e3f5d.noarch.rpm d15598cc6e72733579d36a2960e4fc6a5cee91f3822ec698df9d37be2890aa21 plexus-classworlds-2.5.2-9.module+el8.3.0+74+855e3f5d.noarch.rpm 4317743cf5f3c9405a29be7a128a157dcc35274d739a652244e3e81113202556 plexus-containers-component-annotations-1.7.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm cc34dedf623b784eeed97d1b32972ea29deba8822da85e125ee04f94c7283452 plexus-interpolation-1.22-9.module+el8.3.0+74+855e3f5d.noarch.rpm 2e23be2ec94ec5b6c7b655d396cfbc90ac035d22d81afc0cff2b18af207d1123 plexus-sec-dispatcher-1.4-26.module+el8.3.0+74+855e3f5d.noarch.rpm 827da035529b00c9fe3e940f5ddae520273c4b85d81df3f9be42dbfae3a0262c plexus-utils-3.1.0-3.module+el8.3.0+74+855e3f5d.noarch.rpm 00b359572d4dd27ba27a11a093533dc7eb15aa18417277d89dfb69426996aab1 sisu-inject-0.3.3-6.module+el8.3.0+74+855e3f5d.noarch.rpm f9c004d055ccbec5294f396f757fba8589320c58d0be527c7703d39cfc4e6659 sisu-plexus-0.3.3-6.module+el8.3.0+74+855e3f5d.noarch.rpm e6e9f0f557f06117e828215563eabe25c3e060d8f2929e1bb4ea142c14473d7a slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 RLSA-2022:5331 libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. Security Fix(es): * libinput: format string vulnerability may lead to privilege escalation (CVE-2022-1215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libinput. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. Security Fix(es): * libinput: format string vulnerability may lead to privilege escalation (CVE-2022-1215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libinput-devel-1.16.3-3.el8_6.x86_64.rpm e6400d9b21e1e37d13c5a21110ae734572c013bd697bf03816ab46f2c326f3bd RLSA-2022:6911 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.110 and .NET Runtime 6.0.10. Security Fix(es): * dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.110 and .NET Runtime 6.0.10. Security Fix(es): * dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el8_6.x86_64.rpm 1cbcca90d2cdc1d5f35c3b5f4db79a156b6a0845ea8bc1574fe5db38a42feade RLSA-2022:6912 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.424 and .NET Runtime 3.1.30. Security Fix(es): * dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dotnet3.1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.424 and .NET Runtime 3.1.30. Security Fix(es): * dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.el8_6.x86_64.rpm 41101dd3f8ff7a7c01f931ee295267a353fc76455d2178f3453f663ad66b0ca9 RLSA-2022:7006 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-1.8.0-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm 3cef33c78b2f42e882e31396800a7e7a77a438464e0fb9e5df6f5590168191f5 java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm de6a5d608f6467a24663041665d51422d4e493ac1c101a525e3541e3b1386468 java-1.8.0-openjdk-demo-fastdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm 8a3f8739bbb570f135b48b139b8deb4483c1a5ed74513508a9b3ab9963ddb3c4 java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm 39bd3a4cff79ce3b51c2d1a48beed90ec649a7659a79835bec2f28d9d215b804 java-1.8.0-openjdk-devel-fastdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm 18998d30a80304090d7d09058dd699c2709357f53f80cd00340a900234a6e82b java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm 54e7765f5887a30d51beac1bf549796144d53d9ad45e5bd40a2c5d610ecfaa43 java-1.8.0-openjdk-fastdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm 87fa31eb51c521f01a08afa4c70b19378f935cc28e510713fef9c2c1b77a7674 java-1.8.0-openjdk-headless-fastdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm dc0e1af58c48b9310823e14f5bd81893f89cd1bb29053004956d73129b6d92a5 java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm 414d93b60d9bd30e7ccabe3cc27c3871888a43e010be78eeeed978c6722334e6 java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm 2b650c0caea3dd048776a3a1be5178a0c278e2661e13c20b44850406a58446f8 java-1.8.0-openjdk-src-fastdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm fe7845d76a14046a8d6a15a25485e5c01314a80c45c5a1ee500f39d7d38672fb java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm ad5dbf3c07042ccfb98dc3c465d616cea1af956c59ff146b54153e63b375739e RLSA-2022:7000 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618) * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) * OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) (CVE-2022-39399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 17.0.5) [Rocky Linux-8] (BZ#2132503) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618) * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) * OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) (CVE-2022-39399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 17.0.5) [Rocky Linux-8] (BZ#2132503) rocky-linux-8-x86-64-powertools-rpms java-17-openjdk-demo-fastdebug-17.0.5.0.8-2.el8_6.x86_64.rpm 8bb849ad4470713193d7e1224add3ced02d09b3ed69f35f797d6b671412ee910 java-17-openjdk-demo-slowdebug-17.0.5.0.8-2.el8_6.x86_64.rpm f377e9f4068fa01f6ecaf0b3d6819c9b2a8383702e4f6a704a2018e098a7bfd0 java-17-openjdk-devel-fastdebug-17.0.5.0.8-2.el8_6.x86_64.rpm 19de1bba805290f61e5f968cfd0b2bea3417b85502d67a81d174aa362b865b69 java-17-openjdk-devel-slowdebug-17.0.5.0.8-2.el8_6.x86_64.rpm 94fbd464a15a7141c7a85080424e3c290ea9cb48923b568a56ce3ee516412229 java-17-openjdk-fastdebug-17.0.5.0.8-2.el8_6.x86_64.rpm f82ca739841e5b69d59a755ddef5208718e4055093239878494c3f045565ecd4 java-17-openjdk-headless-fastdebug-17.0.5.0.8-2.el8_6.x86_64.rpm 5a8f49c86e85eef2d55a657e52bdbf0cd2f282b216521dcd18d1ae344272a610 java-17-openjdk-headless-slowdebug-17.0.5.0.8-2.el8_6.x86_64.rpm cad284436b0719c442897b73dbcbc098d61eb79bb6bc2a05e6f7db32237723e8 java-17-openjdk-jmods-fastdebug-17.0.5.0.8-2.el8_6.x86_64.rpm f981f3fe1939cda61a8a0427a7681200b52a1ee3d5827a53c011ce1af9a155be java-17-openjdk-jmods-slowdebug-17.0.5.0.8-2.el8_6.x86_64.rpm f688317cd674165a7956a551a1600b5426f3beebcb8a2bf162627e969c2535c5 java-17-openjdk-slowdebug-17.0.5.0.8-2.el8_6.x86_64.rpm b31ce4bc62c018008151039ccb8fc3af9358c6464532e1969c3910a7961c6cf1 java-17-openjdk-src-fastdebug-17.0.5.0.8-2.el8_6.x86_64.rpm f9bf519adc164ad47f44efec8f465a40ed00c894b21f9dc436758ecdd26553a0 java-17-openjdk-src-slowdebug-17.0.5.0.8-2.el8_6.x86_64.rpm 3a2f765632fe551be35ea2900a2d469fd3e97da8107b11f67fd6cf5f8656fff2 java-17-openjdk-static-libs-fastdebug-17.0.5.0.8-2.el8_6.x86_64.rpm 08f7a49fc734e62fda1ea4dfcbb30f937cb6c250036066c2e0be3326d34d6f17 java-17-openjdk-static-libs-slowdebug-17.0.5.0.8-2.el8_6.x86_64.rpm 1d2c2f820e4b3fe97ae0341b3e2bdac14650343bfdf068888e9043769757bbd9 RLSA-2022:7012 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618) * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) * OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) (CVE-2022-39399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 11.0.17) [Rocky Linux-8] (BZ#2131863) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618) * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) * OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) (CVE-2022-39399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 11.0.17) [Rocky Linux-8] (BZ#2131863) rocky-linux-8-x86-64-powertools-rpms java-11-openjdk-demo-fastdebug-11.0.17.0.8-2.el8_6.x86_64.rpm 036fa1a95c3b943f4ef15e2372a7625ace28d99ca782af0b049d77f8cf992ffd java-11-openjdk-demo-slowdebug-11.0.17.0.8-2.el8_6.x86_64.rpm b7f5679d4de33eb947e77ad6e3ad66b2b276c86332c3bca20233311e85837d6c java-11-openjdk-devel-fastdebug-11.0.17.0.8-2.el8_6.x86_64.rpm cfcf3c1affcdd43f5903d180531523a8093dff13341082eec2e52fbc8c2384e7 java-11-openjdk-devel-slowdebug-11.0.17.0.8-2.el8_6.x86_64.rpm 6c1159dbc6b3ed02693b6b3c05a02f5d99dd0d599c78153d1953ed372cf37ebf java-11-openjdk-fastdebug-11.0.17.0.8-2.el8_6.x86_64.rpm c89e3c6a7c7b8c25305035a3963b88e24c3ed9660e124ee541a8c3fbf42c58a6 java-11-openjdk-headless-fastdebug-11.0.17.0.8-2.el8_6.x86_64.rpm e819da4ca9fcffc39ebdba47e1c01c48f08eac4a358f70e119d91aa3ad740eef java-11-openjdk-headless-slowdebug-11.0.17.0.8-2.el8_6.x86_64.rpm fcedbca60fb611b44aacf63293fb6226bd2fed415f18aefa44fde21710357963 java-11-openjdk-jmods-fastdebug-11.0.17.0.8-2.el8_6.x86_64.rpm 50023cbb9d1bc660e65d59c94cbb7a1f803455902cb67b52f4879b5a4030a10d java-11-openjdk-jmods-slowdebug-11.0.17.0.8-2.el8_6.x86_64.rpm 5e8fd6106301e75912a7ee5b094b375be6f63be87ad4076f67777c3f0d1e13c6 java-11-openjdk-slowdebug-11.0.17.0.8-2.el8_6.x86_64.rpm 943d51ce84587e92b4fd40c0dd4cb45237b9e630188af3ba962e37656fb6e883 java-11-openjdk-src-fastdebug-11.0.17.0.8-2.el8_6.x86_64.rpm 606332081b5358872568cbb6a46a359886ae20440c0706109cd8a821d20997d4 java-11-openjdk-src-slowdebug-11.0.17.0.8-2.el8_6.x86_64.rpm 43ff6a69ce530f16b48a221e91807d34f6a474962ecb9ed295a799d20a994d1e java-11-openjdk-static-libs-fastdebug-11.0.17.0.8-2.el8_6.x86_64.rpm c00d9893853d6fb7f67c95a2cbfbcb04a403a481fc3a955ce72acddd9544839a java-11-openjdk-static-libs-slowdebug-11.0.17.0.8-2.el8_6.x86_64.rpm c28856ff4021ade7b45fafd66ee5d858aa0d2e7425cd9aac543121b3b171984e RLBA-2022:7459 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for flatpak. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms flatpak-devel-1.10.7-1.el8.x86_64.rpm cbdd75282a26c8aee9095bae0b85aa7e23bf13a38c60215c0638f4552b754760 RLSA-2022:7461 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * libreoffice: Incorrect trust validation of signature with ambiguous KeyInfo children (CVE-2021-25636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * libreoffice: Incorrect trust validation of signature with ambiguous KeyInfo children (CVE-2021-25636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libreoffice-sdk-6.4.7.2-11.el8.x86_64.rpm da5831287dcf86cd844e3816e34c605f0cd9f9f2d2a36a41e697354ed6031e3e libreoffice-sdk-doc-6.4.7.2-11.el8.x86_64.rpm 66fe87a018b9bfaa117690aa05a9a8522c859492933b02f22f7b95d1dfe0ff56 RLSA-2022:7464 The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data. Security Fix(es): * protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference (CVE-2021-22570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for protobuf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data. Security Fix(es): * protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference (CVE-2021-22570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms protobuf-devel-3.5.0-15.el8.x86_64.rpm 57a717d009e1bfd3de07280fb89054a9298dabb1c5858d452ca008dba4d3f3f8 protobuf-lite-devel-3.5.0-15.el8.x86_64.rpm 45388af6f4670678841f70eedc8244c35f63e9e146aa1c4f7c1117c02baa2bc1 RLBA-2022:7465 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nmstate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms nmstate-devel-1.3.3-1.el8.x86_64.rpm acf7b7714012420307d55d19470a7222572fdfb3ce5cd442acac988da9e4edee RLBA-2022:7468 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libnma. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libnma-devel-1.8.38-1.el8.x86_64.rpm def1b3b202b3c3d916a1c3700c0bc5dd86df67be96c0c74cd66dfcb218c574ba RLSA-2022:7470 The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * pki-core: access to external entities when parsing XML can lead to XXE (CVE-2022-2414) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for jackson-core, ldapjdk, glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, apache-commons-net, xmlstreambuffer, jackson-annotations, jackson-databind, pki-core, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, tomcatjss, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, jackson-jaxrs-providers, stax-ex, xerces-j2, jss, jakarta-commons-httpclient, glassfish-jaxb, xml-commons-resolver, relaxngDatatype. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): * pki-core: access to external entities when parsing XML can lead to XXE (CVE-2022-2414) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__javapackages-tools apache-commons-collections-3.2.2-10.module+el8.3.0+74+855e3f5d.noarch.rpm 1962d12108c85c26d6c44584c3414afa93177a62fe5fe31b9cb6fff51cd75cb9 apache-commons-lang-2.6-21.module+el8.3.0+74+855e3f5d.noarch.rpm 2cd3cc1c2c68b00eaf7073efe0e649c14d4cbeee76322fca4dbfe239a65e1d29 apache-commons-net-3.6-3.module+el8.3.0+74+855e3f5d.noarch.rpm 0fd615658b7f48a1545a730d3142ba3c125727c552f69733e20d0c75633e7743 jakarta-commons-httpclient-3.1-28.module+el8.3.0+74+855e3f5d.noarch.rpm f71217b74ea2188f28ebd2b0d2f6677a94709d3e2ebbf4d02b333905d6c15b1e javassist-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 825f8edc1944e27c4611567fcb91aca046ba7994e92c1c9c215d2d83124920e0 javassist-javadoc-3.18.1-8.module+el8.3.0+74+855e3f5d.noarch.rpm 8da2a537026464a73387891f3983170d6049e939815a754e56afd4822208c687 slf4j-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm ccb1053be94370d918f0d931da4129bcc3dea1a5fd5a8bdb2786f45297e4d777 slf4j-jdk14-1.7.25-4.module+el8.3.0+74+855e3f5d.noarch.rpm d9f73b25226e215f33eb7cb543ec0a7104fb91911fee655ed0c58ad11f10e7e3 velocity-1.7-24.module+el8.3.0+74+855e3f5d.noarch.rpm ade96d58f90efb5525b69336ef4b52e440d0f45532c0118e21805e9a925351a8 xalan-j2-2.7.1-38.module+el8.3.0+74+855e3f5d.noarch.rpm 10e75783a7ccfc438619489e7884709106c0989b344098087c8c203d1661edd1 xerces-j2-2.11.0-34.module+el8.3.0+74+855e3f5d.noarch.rpm fa10d9d0fc58d7b35ba8f873c84601f9362239a8016987f7965f72d099e8bf78 xml-commons-apis-1.4.01-25.module+el8.3.0+74+855e3f5d.noarch.rpm 275a59ebebead1b5939045d1d662ce6f5b273ce28d6fc7211d9e4e0a468d3630 xml-commons-resolver-1.2-26.module+el8.3.0+74+855e3f5d.noarch.rpm aaa1426f9361c3acd22134b8e459735af876af2716471524233b9ab02e98a522 RLBA-2022:7471 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libestr. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libestr-devel-0.1.10-3.el8.x86_64.rpm 51d625fb787885bade8eff0b662b1aeeb92014a494e01ec79a2005e7644d0e76 RLBA-2022:7481 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for python-qt5. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms python3-qt5-devel-5.15.0-3.el8.x86_64.rpm 9874b2a14178b887c61be31a8f50360c235646bb2d3d12f7884817c5b0938dc5 RLSA-2022:7482 The Qt5 libraries packages provide Qt 5, version 5 of the Qt cross-platform application framework. The following packages have been upgraded to a later upstream version: qt5 (5.15.3). (BZ#2061377) Security Fix(es): * qt: QProcess could execute a binary from the current working directory when not found in the PATH (CVE-2022-25255) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for qt5. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Qt5 libraries packages provide Qt 5, version 5 of the Qt cross-platform application framework. The following packages have been upgraded to a later upstream version: qt5 (5.15.3). (BZ#2061377) Security Fix(es): * qt: QProcess could execute a binary from the current working directory when not found in the PATH (CVE-2022-25255) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms qt5-devel-5.15.3-1.el8.noarch.rpm 87cf5f9cb20eff95e0e51a8f3ab82a3cb7191d6dbde6fce6e30d7f9f1c94290c RLBA-2022:7487 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qt5-qtbase. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms qt5-qtbase-static-5.15.3-1.el8.x86_64.rpm e8644736925703a4af22af3bcd4a79102b006f25b04ac6d011fa3bce94fa62c7 RLBA-2022:7490 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qt5-qtdeclarative. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms qt5-qtdeclarative-static-5.15.3-1.el8.x86_64.rpm b482bb46b9e9585f9bca2c0c0c1b3509c24f2df64dbe1b71a999944b988233ca RLBA-2022:7495 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms python3-sip-devel-4.19.25-1.el8.x86_64.rpm 375872d9c5296e548159cf19d77992e974aa3f3d97e67e253dd06904931499b4 RLBA-2022:7498 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qt5-qtquickcontrols2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms qt5-qtquickcontrols2-devel-5.15.3-1.el8.x86_64.rpm 708342c1fc31dd441acfe3267330d00617fe7715236687b552bb2b195272e082 RLBA-2022:7501 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qt5-qtserialbus. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms qt5-qtserialbus-devel-5.15.3-1.el8.x86_64.rpm dc5791ebede89da78abb13a9ea8d60cd8c1e0a78c71d4a95a699dee9cc47a116 RLBA-2022:7504 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qt5-qttools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms qt5-qttools-static-5.15.3-2.el8.x86_64.rpm 5b1fa67f2fc16d716e114f9f44ba7a878a2ceb63e4de8f34e02e50d2d7e5ea6c RLBA-2022:7506 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qt5-qtwayland. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms qt5-qtwayland-devel-5.15.3-1.el8.x86_64.rpm b42250ceaf989385e35b55079b23544d00f63eeb339c205e69bab5286a40d735 RLBA-2022:7515 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libpfm, papi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libpfm-static-4.10.1-5.el8.x86_64.rpm e1172e4399a01644242083e6ae72c9488e61731c6eb6a27057ab300b00f0033d papi-testsuite-5.6.0-16.el8.x86_64.rpm 743b0a9c9d8e21bdc17d115509f2c6ae7b7655e128f988a3002a1b245eb0bad2 python3-libpfm-4.10.1-5.el8.x86_64.rpm 81c60af0d14f690c0a31627fbf358c63f74b4395efa320b140ce867217abd001 RLBA-2022:7518 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dyninst. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms dyninst-devel-12.1.0-1.el8.x86_64.rpm a44838cbb0164cedb452cbdc5179d5bc4b1bca893686a61d6bfc00f439e40992 dyninst-doc-12.1.0-1.el8.x86_64.rpm 4f742d6406d6fe61056a299f61d095ccca98402e462529d8e3edc18c459b7ba7 dyninst-static-12.1.0-1.el8.x86_64.rpm 55e742f2e94587076f1c66bf8761784b769a54954d6a5a5adb8a63d469826e14 dyninst-testsuite-12.1.0-1.el8.x86_64.rpm e538b597be5c4207b2d94c74e9bcfed512de98084ec3b87bd3d02d16251145f0 RLSA-2022:7524 Yet Another JSON Library (YAJL) is a small event-driven (SAX-style) JSON parser written in ANSI C and a small validating JSON generator. Security Fix(es): * yajl: heap-based buffer overflow when handling large inputs due to an integer overflow (CVE-2022-24795) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for yajl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Yet Another JSON Library (YAJL) is a small event-driven (SAX-style) JSON parser written in ANSI C and a small validating JSON generator. Security Fix(es): * yajl: heap-based buffer overflow when handling large inputs due to an integer overflow (CVE-2022-24795) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms yajl-devel-2.1.0-11.el8.x86_64.rpm effbf8b7362876a616c89ba09fb64afcd897bf7f09e1c43cf1a68696f36e4024 RLBA-2022:7531 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for evolution-data-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms evolution-data-server-doc-3.28.5-20.el8.noarch.rpm 7bcaa23e44e2feee8abadd9a231b1d4d64a0b5f5d802a429bc2715a95e07a0e1 evolution-data-server-perl-3.28.5-20.el8.x86_64.rpm 6ce04e5aa7c0ebcf4ff1743943883f32f5ad166ab766e9136387d406405ec755 evolution-data-server-tests-3.28.5-20.el8.x86_64.rpm 64327093b61e35faa467331628e8abe012d4b27a67a9be8f01cc42d1f77715a8 RLBA-2022:7536 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nautilus. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms nautilus-devel-3.28.1-21.el8.x86_64.rpm 68f3cc36d793188ccc8274f37089fdd257c82fa218cbf603bf3e888cd53f9b60 RLBA-2022:7559 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for lasso. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms lasso-devel-2.6.0-13.el8.x86_64.rpm 3ce25977e96abf463aad0867267b14b623ad06585f4b2fd36f1a6e1e55baec71 RLSA-2022:7558 WavPack is a completely open audio compression format providing lossless, high-quality lossy and a unique hybrid compression mode. Security Fix(es): * wavpack: Heap out-of-bounds read in WavpackPackSamples() (CVE-2021-44269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for wavpack. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

WavPack is a completely open audio compression format providing lossless, high-quality lossy and a unique hybrid compression mode. Security Fix(es): * wavpack: Heap out-of-bounds read in WavpackPackSamples() (CVE-2021-44269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms wavpack-devel-5.1.0-16.el8.x86_64.rpm a8b5660ad53172cc2e38a44e74f08ce54d6e52f56278d4d2407d9ff4727c149e RLBA-2022:7561 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for crash. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms crash-devel-7.3.2-2.el8.x86_64.rpm 2f7482aa061d7bffa7c74c93df7032499b1b27d5a9047e2ca057694913764c8c RLBA-2022:7564 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gdm. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms gdm-devel-40.0-24.el8.x86_64.rpm 154cae926acce84210a8749a2972891a093e7322c321118702055609a8f2ac02 gdm-pam-extensions-devel-40.0-24.el8.x86_64.rpm 5352d848710867bd6539292513379b9691f69da44ffe1c1dc98970a21706b1d0 RLSA-2022:7581 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: mailcap: findmatch() function does not sanitize the second argument (CVE-2015-20107) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-urllib3, PyYAML, python-attrs, python-jinja2, python-requests, python-atomicwrites, mod_wsgi, python3x-pip, python38, python-asn1crypto, python-chardet, python-markupsafe, python-pluggy, python-py, Cython, python-psutil, python-wcwidth, babel, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python3x-setuptools, python-cffi, pytz, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: mailcap: findmatch() function does not sanitize the second argument (CVE-2015-20107) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__python38-devel python38-atomicwrites-1.3.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm 4577930f8643eab6d5dd7d0f768cde32fcd2c7a4384f0b1cf913f2cca6713313 python38-attrs-19.3.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 1045c38f448778b2e636bd48607abc9b8cb9d767fb254f02d8fc4446de2dcdb6 python38-more-itertools-7.2.0-5.module+el8.4.0+570+c2eaf144.noarch.rpm a835104b763c20cf7aa64b8508e9c0b5cf39fa6a150327a3203fdb0a8755bdef python38-packaging-19.2-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0edfb62f3f6eaa6d37cf69560eb66c4e7321fbe4d5b1a5a2cf836aa1195311be python38-pluggy-0.13.0-3.module+el8.4.0+570+c2eaf144.noarch.rpm 60dfc6122c9fd333025780bd3d6277083526e0932eb444ce6713be3f54a743d8 python38-py-1.8.0-8.module+el8.4.0+570+c2eaf144.noarch.rpm c2a1b7e33d1d1cd09325d09c9297065b85587adeaac0d805927036daae1681f1 python38-pyparsing-2.4.5-3.module+el8.4.0+570+c2eaf144.noarch.rpm 9764b2d4672b7d858a173b448213904a8eb16937add8a417987a31c3857ae7f4 python38-pytest-4.6.6-3.module+el8.4.0+570+c2eaf144.noarch.rpm 0369a5e14d4cbfd676ebd6157f0b988a1b9e2480e9fae9c00291b7c1d73abe86 python38-wcwidth-0.1.7-16.module+el8.4.0+570+c2eaf144.noarch.rpm b9652f15c965a3ec2e00be8240a592c91cdeb727b316863a34944a4de723859d RLSA-2022:7583 X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Xwayland is an X server for running X clients under Wayland. Security Fix(es): * xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access (CVE-2022-2319) * xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension (CVE-2022-2320) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for xorg-x11-xtrans-devel, xorg-x11-server-Xwayland, xorg-x11-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Xwayland is an X server for running X clients under Wayland. Security Fix(es): * xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access (CVE-2022-2319) * xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension (CVE-2022-2320) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms xorg-x11-server-devel-1.20.11-9.el8.x86_64.rpm cc435d7fe99b6e868efb56eeb22c337773b901cc1b7d76524dfede93b56ebe09 xorg-x11-server-source-1.20.11-9.el8.noarch.rpm 3f465e1af2b55d00046615a3cc9113a0b6f600ddfce17d74e286218782f4b823 xorg-x11-xtrans-devel-1.4.0-4.el8.noarch.rpm d59bbc4e1c42e0203d582e8825b3751c20cddca6a30b1dab48fbe5591f0c2daf RLSA-2022:7585 The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: Denial of Service via crafted TIFF file (CVE-2022-0561) * libtiff: Null source pointer lead to Denial of Service via crafted TIFF file (CVE-2022-0562) * libtiff: reachable assertion (CVE-2022-0865) * libtiff: Out-of-bounds Read error in tiffcp (CVE-2022-0924) * libtiff: stack-buffer-overflow in tiffcp.c in main() (CVE-2022-1355) * libtiff: out-of-bounds read in _TIFFmemcpy() in tif_unix.c (CVE-2022-22844) * libtiff: heap buffer overflow in extractImageSection (CVE-2022-0891) * tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c (CVE-2022-0908) * tiff: Divide By Zero error in tiffcrop (CVE-2022-0909) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: Denial of Service via crafted TIFF file (CVE-2022-0561) * libtiff: Null source pointer lead to Denial of Service via crafted TIFF file (CVE-2022-0562) * libtiff: reachable assertion (CVE-2022-0865) * libtiff: Out-of-bounds Read error in tiffcp (CVE-2022-0924) * libtiff: stack-buffer-overflow in tiffcp.c in main() (CVE-2022-1355) * libtiff: out-of-bounds read in _TIFFmemcpy() in tif_unix.c (CVE-2022-22844) * libtiff: heap buffer overflow in extractImageSection (CVE-2022-0891) * tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c (CVE-2022-0908) * tiff: Divide By Zero error in tiffcrop (CVE-2022-0909) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libtiff-tools-4.0.9-23.el8.x86_64.rpm 3a41fac559024d991001df5f3aff24e5729204b04a5ea21d735a1e16400600ca RLBA-2022:7589 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for yara. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms yara-devel-4.2.3-1.el8.x86_64.rpm ba370cd6d24021a9e1138f176b8b6aea12d4525daffd8cc4493226b06b9a17f0 RLSA-2022:7592 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: mailcap: findmatch() function does not sanitize the second argument (CVE-2015-20107) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-toml, python-urllib3, PyYAML, python-attrs, python-iniconfig, python-requests, mod_wsgi, python3x-pip, python-py, python-chardet, python-pluggy, Cython, python-psutil, python-wcwidth, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python39, python-cffi, python3x-setuptools, pybind11, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: mailcap: findmatch() function does not sanitize the second argument (CVE-2015-20107) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms__python39-devel python39-attrs-20.3.0-2.module+el8.4.0+574+843c4898.noarch.rpm fbb8f663205787752f8a7c5a1a7dc1497d9de97321946c2f1f959b9a83e701ba python39-Cython-0.29.21-5.module+el8.4.0+574+843c4898.x86_64.rpm 984098a65cb57d7f43523d0b2ecb2ee3d8b84ab5f9a5491b834760657560bb39 python39-iniconfig-1.1.1-2.module+el8.4.0+574+843c4898.noarch.rpm 585177d17ab59aafa2b84d8543a424a37d750a1b7d77b13d3528fba480b8178f python39-more-itertools-8.5.0-2.module+el8.4.0+574+843c4898.noarch.rpm 783f58ba2a8c29a6be5ff43e198e37fd6a63251db3b3f2bee347fab0fb814ed0 python39-packaging-20.4-4.module+el8.4.0+574+843c4898.noarch.rpm 26959ff9006b14a57368c87762d0330e3fbfea6f3e3a635a8b19b3cf935a4e20 python39-pluggy-0.13.1-3.module+el8.4.0+574+843c4898.noarch.rpm 2f8e19389c1dae284619279fe0e20688debb67181df429c7d1ca16ba88747fda python39-py-1.10.0-1.module+el8.4.0+574+843c4898.noarch.rpm 47b83d280a2e2d2082f269fe5971adb5e2baa0d5e53e67492a3471a844b8691f python39-pybind11-2.7.1-1.module+el8.6.0+795+de4edbcc.x86_64.rpm 9cff00f82f11e7120a62805cef08a46eac99fa503704a15cef53c8ebd457e9fa python39-pybind11-devel-2.7.1-1.module+el8.6.0+795+de4edbcc.x86_64.rpm bfcdaa17cd74b8e55159ce5a1aadfc9b7e79981afbfbc35f9bae18fbb14527b5 python39-pyparsing-2.4.7-5.module+el8.4.0+574+843c4898.noarch.rpm c30232fe2b752fc55b6f9baab39b970d7b5b95cb01abe8cf91ccea9bc0846dd0 python39-pytest-6.0.2-2.module+el8.4.0+574+843c4898.noarch.rpm c2f636f758cd74bc1b9a16e1f42561af64af41cbfc5e7179fd204565ad051cf6 python39-wcwidth-0.2.5-3.module+el8.4.0+574+843c4898.noarch.rpm be221a900dcb8cf7ac2f7e5660522a057fd7c0b08503b9b4ed19d9564716c881 RLSA-2022:7594 Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * poppler: A logic error in the Hints::Hints function can cause denial of service (CVE-2022-27337) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for poppler. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * poppler: A logic error in the Hints::Hints function can cause denial of service (CVE-2022-27337) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms poppler-glib-devel-20.11.0-5.el8.x86_64.rpm 2226bb3187f1375ad644e59963069b652e5c92e6d93ba61691ef533757db20dd poppler-cpp-20.11.0-5.el8.x86_64.rpm 03dcae9ab3c5fe8dfde0de5d125c9814ce0c5ae5d42e72dfdf98a0a153c14286 poppler-cpp-devel-20.11.0-5.el8.x86_64.rpm 1727dc5cb024c9f2ae8fe8079f9445deb5e33fcb9c5c14cf9cf5f1889cfc4f52 poppler-devel-20.11.0-5.el8.x86_64.rpm 425535e3c0a3160a360fba3956abd4ad533d9529d9de3cd1ea89ff40b2c70a01 poppler-qt5-devel-20.11.0-5.el8.x86_64.rpm 3d7525849dfa7a2949d2a694175c3cd3416c46ec7798445db6b48a80333978ef RLBA-2022:7595 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for bcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms bcc-devel-0.24.0-2.el8.x86_64.rpm 5fe2da4e01e6ae2d25d6951bb391673ba53f199e91bdf0795ebe634b014495ce bcc-doc-0.24.0-2.el8.noarch.rpm 68ec3588aaefcfce81f7a7e1de97007ca70673e6a1eea83584fcfd7e34c969fb RLBA-2022:7600 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for boost. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms boost-build-1.66.0-13.el8.noarch.rpm b55abb54da2283abaa0c6253aeb6df7706152ce702492c34f504e25cd31de932 boost-doc-1.66.0-13.el8.noarch.rpm bef5031eb15715588ba45b1fa0062da8652663029f75c9d0b94b7a4bb5b3aad2 boost-examples-1.66.0-13.el8.noarch.rpm ede1620a32a2a69de585e91b93eb2dc742fae2e70ce793c5c38346eec58cfac3 boost-graph-mpich-1.66.0-13.el8.x86_64.rpm 9e06c336c14648323ae62f3cd5a83aa77037effd0314089cfd2fad7c458f1d72 boost-graph-openmpi-1.66.0-13.el8.x86_64.rpm 26b7ed98c4c69a33bc889a54cd0c7cc4202db53d7e0e88e48220ec8b9e681790 boost-jam-1.66.0-13.el8.x86_64.rpm 47b190872e078c7f8c326f568ac59488c0710bdd38f84457289e10fb9aca4e50 boost-mpich-1.66.0-13.el8.x86_64.rpm ceb6733a0fff8d33ce3b120b3a8a5f7ef28ef040d3ca5ec1b9436d6a78f04c2c boost-mpich-devel-1.66.0-13.el8.x86_64.rpm c2889190b6ac4be270ebb642ebbbae6c1046c865f34839c3640f73ed46649db1 boost-mpich-python3-1.66.0-13.el8.x86_64.rpm 5a83559d3005ae673f84ef8aa075bf368dbf20d8a4bd500612bc72855ed707a3 boost-numpy3-1.66.0-13.el8.x86_64.rpm 7550c08555782afb51674dad2f28e99fc435002049f29d03f33e9223915058a4 boost-openmpi-1.66.0-13.el8.x86_64.rpm 58962ac54f40035d50d5c68ffe0cda1b8b05e62d1d89c0050935748abb654a37 boost-openmpi-devel-1.66.0-13.el8.x86_64.rpm 8607bf51468b1e8d6068423eccbaeb4e85f42aa46ee31c47a4b9bf5db359f257 boost-openmpi-python3-1.66.0-13.el8.x86_64.rpm 8124adbcaf09c4b6f5fa94b45039a519fbb10fa4ad3109ae13dd7729e36a3b22 boost-python3-1.66.0-13.el8.x86_64.rpm 99afef7aa008ac5c43d6433b6f929b459da0a2882a75981e2b243debf9a8b1e0 boost-python3-devel-1.66.0-13.el8.x86_64.rpm 6ca1604272b1d57cb2790aecd0454648d4e6d149d40471c34811aedada810c49 boost-static-1.66.0-13.el8.x86_64.rpm 4e19b25971991dac653695d29d182eeb2a1c17774b76e8e1b32b4aadf0b1336f RLEA-2022:7601 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for wayland-protocols, libdrm, mesa. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms mesa-libgbm-devel-22.1.5-2.el8.x86_64.rpm 4efffd2e0bc7d2328612318469da17d092a2133d1689869ca0b3d517ddb33fcd mesa-libOSMesa-devel-22.1.5-2.el8.x86_64.rpm 13b6703a927e37782c015825b956094e4a2e1d12eb88f7bdd8c4b50dd1854094 RLBA-2022:7614 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for xxhash. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms xxhash-devel-0.8.1-3.el8.x86_64.rpm 04c53a6918391478e67b4e22befba046bd7cc566c2375bde450b37be203074a5 xxhash-doc-0.8.1-3.el8.noarch.rpm 68b481dfb90bc6128f2f6e11cde7157f7f30422bdde8f464dc49539ef75494cd RLSA-2022:7623 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: Privilege escalation when similar master and non-master passdbs are used (CVE-2022-30550) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dovecot. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: Privilege escalation when similar master and non-master passdbs are used (CVE-2022-30550) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms dovecot-devel-2.3.16-3.el8.x86_64.rpm 31a72734edde4e27c0f441d332d0f3e4c37adf8ee5c0d57e684394671c3919ce RLBA-2022:7631 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms ghostscript-doc-9.27-4.el8.noarch.rpm 63caef3cf225a40dc30d6c8349e4f999d43d38e4b30a71a600dc0eaf90b697b2 ghostscript-tools-dvipdf-9.27-4.el8.x86_64.rpm 14b3bc4fd77b4bb89ae6b868b24ea97fc194a788610eb9866a44ad4ae735c8fd ghostscript-tools-fonts-9.27-4.el8.x86_64.rpm 6b118e7ad7a55210d78b3a609d982bcf09d4df5e05c95dfd4cb5cf6ed2bdb8ab ghostscript-tools-printing-9.27-4.el8.x86_64.rpm 707e3a1f4a5a4a8452c852ddb821db5d0fd093257f7626318a9c63140c55265b libgs-devel-9.27-4.el8.x86_64.rpm a346d823fadf5700b7fb05c177ebb39a9fad66da0fb196ff1b5424e6ff852147 RLSA-2022:7639 OpenBLAS is an optimized BLAS library based on GotoBLAS2 1.13 BSD version. Security Fix(es): * lapack: Out-of-bounds read in *larrv (CVE-2021-4048) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for openblas. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

OpenBLAS is an optimized BLAS library based on GotoBLAS2 1.13 BSD version. Security Fix(es): * lapack: Out-of-bounds read in *larrv (CVE-2021-4048) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms openblas-devel-0.3.15-4.el8.x86_64.rpm 489928f7e4ecad2cf0c0d46a6e7d223b74f4506595bd39bbd2ff55d744f2721e openblas-openmp-0.3.15-4.el8.x86_64.rpm 4cd44ea7aebfa2e362decae4a505400b1d67983b6b21dcdfca1cd275bb6b2b30 openblas-openmp64_-0.3.15-4.el8.x86_64.rpm d1c2f0a7531fcbef678a494b7929c72654cd89c404420fee6b5251a8667befda openblas-openmp64-0.3.15-4.el8.x86_64.rpm 290fc3418275a5b2e52801feb46197fcdcc9dfb9b8be30585887d493cd0545c4 openblas-Rblas-0.3.15-4.el8.x86_64.rpm 6f02f30805ada366250b98dd7569662c401a3aa467f206ba01d35912dfd8ad1d openblas-serial64_-0.3.15-4.el8.x86_64.rpm 2e7b11ed4e95bb955de61cc26d1b57f14ec2eb9f278c99823623d0adfbd1b46e openblas-serial64-0.3.15-4.el8.x86_64.rpm 55042df66424d99e7d414d4cba2a9be8d01c74526c9b69aa538ff1eae8df0525 openblas-static-0.3.15-4.el8.x86_64.rpm 232c7bd0d7db4981090c727130a588ae2665fa41ccdd89d322c3eb9f4492cd1e openblas-threads64_-0.3.15-4.el8.x86_64.rpm 098dd3c46bc1967a6618327876f589aec4ea04b2909f235e03c0afb2ed6dbbba openblas-threads64-0.3.15-4.el8.x86_64.rpm 50331f708bb74065fef9b2b1db08f9cee7930b7ec17da10d3a24d83b87bca73a RLBA-2022:7641 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for fstrm. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms fstrm-utils-0.6.1-3.el8.x86_64.rpm 284cbf4262826f79f6afc46ac70e2a9e13dab914b9b079df4bf3a36de5332310 RLSA-2022:7643 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220) * bind: DoS from specifically crafted TCP packets (CVE-2022-0396) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for bind9.16. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220) * bind: DoS from specifically crafted TCP packets (CVE-2022-0396) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms bind9.16-devel-9.16.23-0.9.el8.1.x86_64.rpm 5c2c9bf659b06376f99f5e4903b695212b2b769afaaa32e9ad7e13fb5b67914b bind9.16-dnssec-utils-9.16.23-0.9.el8.1.x86_64.rpm 31da42939a673fa5da8bd62e7b4ad2560e65db24d15d29ba1188a4ac0e264eff bind9.16-doc-9.16.23-0.9.el8.1.noarch.rpm ef26712cfaaae27376f5e0ec5f4f2d57804ea16ce3668997d15a50ea6698106a python3-bind9.16-9.16.23-0.9.el8.1.noarch.rpm ca260ea4c3d4b4ea57741b6ceb3ff53bc81c9437d67e502f2cb5013ec596688e RLSA-2022:7645 OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es): * openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer (CVE-2022-1122) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for openjpeg2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es): * openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer (CVE-2022-1122) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms openjpeg2-devel-2.4.0-5.el8.x86_64.rpm e8ad21348c1d21ff79a376924eb62995eb62a23adec2ed1a421e0d675773db18 RLBA-2022:7646 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libblockdev. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libblockdev-crypto-devel-2.24-11.el8.x86_64.rpm 99666e02b0ca9caa8ab819c249a5f32b0fff0e5b5d79e7d8cf86385ed3783151 libblockdev-devel-2.24-11.el8.x86_64.rpm 489b4532e3e74d79a6ab4fe6cd5aec581c9bcc208a986f7cea4d6cc084169305 libblockdev-fs-devel-2.24-11.el8.x86_64.rpm 38a2e52015511a9d259abc57ed36412e38278400ff47f831f6b67a479c121142 libblockdev-loop-devel-2.24-11.el8.x86_64.rpm 1930325da4d0a558261dd41e9e8340894f6791f0bfdb0348060e4dc5530bca52 libblockdev-lvm-devel-2.24-11.el8.x86_64.rpm 1355aa2e933e9b3afe2ea3a1cc945a48aeb4b82e60a2dda9e9db72382e1b0569 libblockdev-mdraid-devel-2.24-11.el8.x86_64.rpm cd7ea15db2e26e59ce680988ccbedc782cd6e9f7d8e76daf477ee296cf5f9abe libblockdev-part-devel-2.24-11.el8.x86_64.rpm 158545ab0f3f9dd06ec1fb4f80c7529f681985ce49817ea1e969d078445fc96a libblockdev-swap-devel-2.24-11.el8.x86_64.rpm bd43acaa895fe9aea4b8428cad79a015152ba5b8361e93ab067f5ce7d97ef749 libblockdev-utils-devel-2.24-11.el8.x86_64.rpm 60d797fd505b5191fe54f91a1c6ae0890231ab16885fe6d8d6c8a55c62a1f32f libblockdev-vdo-devel-2.24-11.el8.x86_64.rpm c59272fc46b5d75a1a5891fcd054b3aea6d12909546847b486b98d40871c842d RLBA-2022:7653 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for cups-filters. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms cups-filters-devel-1.20.0-28.el8.x86_64.rpm e5968f3bae34a638049db12139cc2160341b69d66137e01a8e8c5e7e0ef0f07e RLBA-2022:7657 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for openslp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms openslp-devel-2.0.0-20.el8.x86_64.rpm 0a885c7a28d79c4cce3a886a3988e9be8a1b8b2d681981b8af8f3cf87aab3f8d RLBA-2022:7659 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gtk3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms gtk3-devel-docs-3.22.30-11.el8.x86_64.rpm dee1010aae4e09bc7533b87e8632bf726a588cce14f115c9510a1b8f2e06bddf RLBA-2022:7658 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms freerdp-devel-2.2.0-8.el8.x86_64.rpm a17dbb2125ae08e0962706084560b60b1fbae55a923db9cb70550798772b4cfc RLBA-2022:7661 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for spirv-tools, vulkan-loader, vulkan-headers, vulkan-validation-layers, vulkan-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms spirv-tools-devel-2022.2-2.el8.x86_64.rpm 6483c1123ae46f33ea778ac539636c38a36ee9350d9a7a270fb0616333f5aaa2 RLBA-2022:7662 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for opencv. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms opencv-3.4.6-8.el8.x86_64.rpm edc7f4a3b0d887fd32c98c6acef1b0c138ad898d688eb6543c33cdc5d2a10f4f opencv-devel-3.4.6-8.el8.x86_64.rpm 9d24854067b58bee0eb35942460bb0a53900b43d8bf8f6529af1109dac5ba23a RLBA-2022:7663 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for wireshark. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms wireshark-devel-2.6.2-15.el8.x86_64.rpm 4dd81551f0e0d797493ad62a8988f946faab8f3c19e54958955175a170803504 RLBA-2022:7667 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qatzip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms qatzip-devel-1.0.9-1.el8.x86_64.rpm ee2993bdafd3e631222b22d0380a8569e4e4a972daa741bf5e2b54146662c374 RLBA-2022:7668 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qatlib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms qatlib-devel-22.07.0-1.el8.x86_64.rpm 4e7d9cc94db3e7bf9783d58b0749624860ff0526d2a4550404e4db4806fa0aef qatlib-tests-22.07.0-1.el8.x86_64.rpm b5800898bc9db543e336fb5dcb5cba1a25dcb71058b237936d9884192410d003 RLBA-2022:7674 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for openwsman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libwsman-devel-2.6.5-9.el8.x86_64.rpm 02976d491f247962686617466589bc8558c43acee72d4c551dee5fd5084fe620 RLBA-2022:7091 This erratum reinstates changes made to java-1.8.0-openjdk in Rocky Linux 8.7 GA. The original builds for Rocky Linux 8.7 GA will have been superseded by newer binaries released as part of the October 2022 security update for Rocky Linux 8.6. For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for java-1.8.0-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

This erratum reinstates changes made to java-1.8.0-openjdk in Rocky Linux 8.7 GA. The original builds for Rocky Linux 8.7 GA will have been superseded by newer binaries released as part of the October 2022 security update for Rocky Linux 8.6. For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm 3cef33c78b2f42e882e31396800a7e7a77a438464e0fb9e5df6f5590168191f5 java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm de6a5d608f6467a24663041665d51422d4e493ac1c101a525e3541e3b1386468 java-1.8.0-openjdk-demo-fastdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm 8a3f8739bbb570f135b48b139b8deb4483c1a5ed74513508a9b3ab9963ddb3c4 java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm 39bd3a4cff79ce3b51c2d1a48beed90ec649a7659a79835bec2f28d9d215b804 java-1.8.0-openjdk-devel-fastdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm 18998d30a80304090d7d09058dd699c2709357f53f80cd00340a900234a6e82b java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm 54e7765f5887a30d51beac1bf549796144d53d9ad45e5bd40a2c5d610ecfaa43 java-1.8.0-openjdk-fastdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm 87fa31eb51c521f01a08afa4c70b19378f935cc28e510713fef9c2c1b77a7674 java-1.8.0-openjdk-headless-fastdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm dc0e1af58c48b9310823e14f5bd81893f89cd1bb29053004956d73129b6d92a5 java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm 414d93b60d9bd30e7ccabe3cc27c3871888a43e010be78eeeed978c6722334e6 java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm 2b650c0caea3dd048776a3a1be5178a0c278e2661e13c20b44850406a58446f8 java-1.8.0-openjdk-src-fastdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm fe7845d76a14046a8d6a15a25485e5c01314a80c45c5a1ee500f39d7d38672fb java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_7.x86_64.rpm ad5dbf3c07042ccfb98dc3c465d616cea1af956c59ff146b54153e63b375739e RLBA-2022:7835 Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es) and Enhancement(s): * [AMDCLIENT 8.7 Bug] [Lenovo]When switch to some resolutions will be black screen [Rocky Linux-8.7.0.z] (BZ#2136746) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mutter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es) and Enhancement(s): * [AMDCLIENT 8.7 Bug] [Lenovo]When switch to some resolutions will be black screen [Rocky Linux-8.7.0.z] (BZ#2136746) rocky-linux-8-x86-64-powertools-rpms mutter-devel-3.32.2-67.el8_7.x86_64.rpm 22971e9268ced764a3245de04c28dad307c91508256ce3d0ff2dedad35c89bfb RLBA-2022:7258 This erratum reinstates changes made to java-17-openjdk in Rocky Linux 8.7 GA. The original builds for Rocky Linux 8.7 GA will have been superseded by newer binaries released as part of the October 2022 security update for Rocky Linux 8.6. For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

This erratum reinstates changes made to java-17-openjdk in Rocky Linux 8.7 GA. The original builds for Rocky Linux 8.7 GA will have been superseded by newer binaries released as part of the October 2022 security update for Rocky Linux 8.6. For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms java-17-openjdk-demo-fastdebug-17.0.5.0.8-1.el8_7.x86_64.rpm 004f32d9d4a53d507f722f8d81ce27f2af248d2e1f6c965e74d2c6c6b6507890 java-17-openjdk-demo-slowdebug-17.0.5.0.8-1.el8_7.x86_64.rpm b825cae25b6f3de1d46a5cb3f67d69fe3a894e47eaceb570d99cee65a343448a java-17-openjdk-devel-fastdebug-17.0.5.0.8-1.el8_7.x86_64.rpm 1890f1670680098bafee74785e6e313d4fe4c1c107cca1c3a5097a9be5f23739 java-17-openjdk-devel-slowdebug-17.0.5.0.8-1.el8_7.x86_64.rpm 010616999aee22eeba94385e622bdce2b860af623f6e695ac134480cdf276ed5 java-17-openjdk-fastdebug-17.0.5.0.8-1.el8_7.x86_64.rpm 157d0b2936b02f1bbcff8c7da925c3180de0c53deef9046a9ad6786dc1a5bb21 java-17-openjdk-headless-fastdebug-17.0.5.0.8-1.el8_7.x86_64.rpm 66f0cb8778df124b660fdbb44c621e932dd19041177f8f26b903510f902bb8b6 java-17-openjdk-headless-slowdebug-17.0.5.0.8-1.el8_7.x86_64.rpm 96483996fbf87ba427725c40dd777423f7772e5fd79faaeca01a7d822aafd1d7 java-17-openjdk-jmods-fastdebug-17.0.5.0.8-1.el8_7.x86_64.rpm ca77d0c4139d04e8393786312f1998490f8c1fdbef77a427f5cc432a09a17d01 java-17-openjdk-jmods-slowdebug-17.0.5.0.8-1.el8_7.x86_64.rpm 2b6a935e952ad1f82e8cfa130a5f738ea25dc946275a585c506f7af7dc577385 java-17-openjdk-slowdebug-17.0.5.0.8-1.el8_7.x86_64.rpm 49646510197e38c7a90b6f47490c0b78e6e793133cc74196d4a8108fbaafe254 java-17-openjdk-src-fastdebug-17.0.5.0.8-1.el8_7.x86_64.rpm cfe2a5151512c9c81aaf213d8505701c878465f5aa01462137d4c9b0eae176d6 java-17-openjdk-src-slowdebug-17.0.5.0.8-1.el8_7.x86_64.rpm 35285a0cee454f90464874d53a3e0bd722e54f33a292229cf2e6c2cb63a44cc2 java-17-openjdk-static-libs-fastdebug-17.0.5.0.8-1.el8_7.x86_64.rpm fbf5a55140b59bda7e64c0529970a4dfdf05f2c0fda2470e7e1f43e408f7a846 java-17-openjdk-static-libs-slowdebug-17.0.5.0.8-1.el8_7.x86_64.rpm f2865e3d9e2be4192bae7f180a4ea669d1d5378f80cf39f04fc8294f7938fdf7 RLBA-2022:7438 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Bug Fix(es) and Enhancement(s): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 11.0.17) [Rocky Linux-8] (BZ#2131862) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Bug Fix(es) and Enhancement(s): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 11.0.17) [Rocky Linux-8] (BZ#2131862) rocky-linux-8-x86-64-powertools-rpms java-11-openjdk-demo-fastdebug-11.0.17.0.8-1.el8_7.x86_64.rpm f148280fbf827f77e2f8f946a2ee0a0b6ce47aec707c228a161f442217c6e11e java-11-openjdk-demo-slowdebug-11.0.17.0.8-1.el8_7.x86_64.rpm de38a1dd3a259c75fb2b6d868d8cac1c40ec71c8d07fa8a0f4296d3df7c09a07 java-11-openjdk-devel-fastdebug-11.0.17.0.8-1.el8_7.x86_64.rpm 696d934789e3a2fda411df1545f7e5582a2b8578e2978320a5d3449b36093479 java-11-openjdk-devel-slowdebug-11.0.17.0.8-1.el8_7.x86_64.rpm 7f300816ae19ad8e7f18f02810945a8e7d6546f9eb7ed911e4c79a7246633577 java-11-openjdk-fastdebug-11.0.17.0.8-1.el8_7.x86_64.rpm 4ddf42ecac2a1e8a2b6fe305f6afa8471add5b8ced7bcef268079273f92631a2 java-11-openjdk-headless-fastdebug-11.0.17.0.8-1.el8_7.x86_64.rpm 014df5ae5f4ad53478baab36f22ed313672d870dbd1430e6b66f18bee5270ee5 java-11-openjdk-headless-slowdebug-11.0.17.0.8-1.el8_7.x86_64.rpm 8d7416f9a9efce8133707bd7d8b1faaf8e87a2e6ef5a659736fc85b3da6702dd java-11-openjdk-jmods-fastdebug-11.0.17.0.8-1.el8_7.x86_64.rpm 6dbcf62aadcc64fae7a3b494d857112ea21361194fb362bd9ad459f4b05e51aa java-11-openjdk-jmods-slowdebug-11.0.17.0.8-1.el8_7.x86_64.rpm 6351cfe42e6c31e2c7e2e3e5ec5a893bba98b0e052c6123103cbc23bbb826cbd java-11-openjdk-slowdebug-11.0.17.0.8-1.el8_7.x86_64.rpm 804789c443f65e458fe2aba404fd61f35a9f9bfaf723d980fafa46b2cc3e872c java-11-openjdk-src-fastdebug-11.0.17.0.8-1.el8_7.x86_64.rpm eb403aa2513d236fe13aa3a7fa43f67acac5030c8d3abc2fed359b9e6ef42fc8 java-11-openjdk-src-slowdebug-11.0.17.0.8-1.el8_7.x86_64.rpm c15fdc8ab7fc150059b2f959ed1abbd1e5445c369def9fe3dc77372fe19c4868 java-11-openjdk-static-libs-fastdebug-11.0.17.0.8-1.el8_7.x86_64.rpm a453bba4567368e741a4cea3c2b2bce7dd5603e785c8f545265570aa719b7604 java-11-openjdk-static-libs-slowdebug-11.0.17.0.8-1.el8_7.x86_64.rpm a11964990805407fe9e8ac6499d7fad3a3e225fdfe837d86276d8ccb1da2e3bd RLBA-2022:7861 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.100 and Runtime 7.0.0 [Rocky Linux-8.7.0.z] (BZ#2137943) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.100 and Runtime 7.0.0 [Rocky Linux-8.7.0.z] (BZ#2137943) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.100-1.el8_7.x86_64.rpm c04656434015f8c7d9a52b2622a1846ea3402247772dee96889913b4a68cc0e6 RLBA-2022:9018 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET Core 3.1 to SDK 3.1.426 and Runtime 3.1.32 [Rocky Linux-8.7.0.z] (BZ#2148219) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet3.1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET Core 3.1 to SDK 3.1.426 and Runtime 3.1.32 [Rocky Linux-8.7.0.z] (BZ#2148219) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-3.1-source-built-artifacts-3.1.426-1.el8_7.x86_64.rpm 7915447c7672a2c1eaf2b7df962c1320d841d8df48971c0d9488f1c135a29fb8 RLBA-2022:9019 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.112 and Runtime 6.0.12 [Rocky Linux-8.7.0.z] (BZ#2150147) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.112 and Runtime 6.0.12 [Rocky Linux-8.7.0.z] (BZ#2150147) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.112-1.el8_7.x86_64.rpm 5cab7c2338ac557ab1678b625a23012efef18e5c1aa89c758c19a6c56a18f929 RLBA-2022:9020 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.101 and Runtime 7.0.1 [Rocky Linux-8.7.0.z] (BZ#2150151) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.101 and Runtime 7.0.1 [Rocky Linux-8.7.0.z] (BZ#2150151) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.101-1.el8_7.x86_64.rpm fc123b982742827f0fe8be31631c3bd7e9d209e8e46d3d3d1c614f570b4d642d RLSA-2023:0079 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.113 and .NET Runtime 6.0.13. The following packages have been upgraded to a later upstream version: dotnet6.0 (6.0.113). (BZ#2154458) Security Fix(es): * dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process (CVE-2023-21538) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.113 and .NET Runtime 6.0.13. The following packages have been upgraded to a later upstream version: dotnet6.0 (6.0.113). (BZ#2154458) Security Fix(es): * dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process (CVE-2023-21538) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.113-1.el8_7.x86_64.rpm 363db33af9692b8e96fa36e2fcc58a41510fdeaf1e0544dd599c0757bf2736f9 RLBA-2023:0081 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.102 and Runtime 7.0.2 [Rocky Linux-8.7.0.z] (BZ#2154466) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.102 and Runtime 7.0.2 [Rocky Linux-8.7.0.z] (BZ#2154466) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.102-1.el8_7.x86_64.rpm 0c6b3fae9573a9eb8677e20cfb9c3006ddba6640c8dbaa6e3be84746d795cb63 RLSA-2023:0089 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * libreoffice: Macro URL arbitrary script execution (CVE-2022-3140) * libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation (CVE-2022-26305) * libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password (CVE-2022-26306) * libreoffice: Weak Master Keys (CVE-2022-26307) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * libreoffice: Macro URL arbitrary script execution (CVE-2022-3140) * libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation (CVE-2022-26305) * libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password (CVE-2022-26306) * libreoffice: Weak Master Keys (CVE-2022-26307) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libreoffice-sdk-6.4.7.2-12.el8_7.x86_64.rpm 6e0c3f3ef9c7c94259abbc9727f80b354833abe62ea6105c9c49bd7a05b27687 libreoffice-sdk-doc-6.4.7.2-12.el8_7.x86_64.rpm 262cd60fb36a53f9def73ac545283f0fe8386121f4751fdaa6a63fa98a640f96 RLSA-2023:0095 The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058) * libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519) * libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c (CVE-2022-2867) * libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits() (CVE-2022-2869) * libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953) * libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520) * libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521) * libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits() (CVE-2022-2868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058) * libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519) * libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c (CVE-2022-2867) * libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits() (CVE-2022-2869) * libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953) * libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520) * libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521) * libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits() (CVE-2022-2868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libtiff-tools-4.0.9-26.el8_7.x86_64.rpm 92b4d9cdecac10471f5ec0e5e10b52ebbf5bfd53564a42028de88acf1acac00c RLBA-2023:0102 Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Bug Fix(es) and Enhancement(s): * nmstate verificationError on OpenshiftSDN (BZ#2128555) * kubernetes-nmstate-operator deletes Virtual Functions created by sriov-fec-operator (BZ#2139698) * Addresses configured at different order than specified at state (BZ#2149048) * fail to create many veth interfaces (BZ#2150705) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nmstate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Bug Fix(es) and Enhancement(s): * nmstate verificationError on OpenshiftSDN (BZ#2128555) * kubernetes-nmstate-operator deletes Virtual Functions created by sriov-fec-operator (BZ#2139698) * Addresses configured at different order than specified at state (BZ#2149048) * fail to create many veth interfaces (BZ#2150705) rocky-linux-8-x86-64-powertools-rpms nmstate-devel-1.3.3-4.el8_7.x86_64.rpm b5af40541eaf160a72f6d809b5a1ee898c8739bddeb80b21b726e7c5eba2cf25 RLSA-2023:0192 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * In FIPS mode, the use of a SQLite database provided by NSS was assumed, which was opened in read-only mode and with no PIN expected. This prevented the use of other databases or setting a PIN on the NSS database. This update allows more control over database use using two new properties - fips.nssdb.path and fips.nssdb.pin - which can be configured permanently in the java.security file or temporarily via command-line arguments to the Java virtual machine (RHBZ#2147473) * Prepare for the next quarterly OpenJDK upstream release (2023-01, 17.0.6) [Rocky Linux-8] (BZ#2153010) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * In FIPS mode, the use of a SQLite database provided by NSS was assumed, which was opened in read-only mode and with no PIN expected. This prevented the use of other databases or setting a PIN on the NSS database. This update allows more control over database use using two new properties - fips.nssdb.path and fips.nssdb.pin - which can be configured permanently in the java.security file or temporarily via command-line arguments to the Java virtual machine (RHBZ#2147473) * Prepare for the next quarterly OpenJDK upstream release (2023-01, 17.0.6) [Rocky Linux-8] (BZ#2153010) rocky-linux-8-x86-64-powertools-rpms java-17-openjdk-demo-fastdebug-17.0.6.0.10-3.el8_7.x86_64.rpm 1702e80c1f8e30364e2005b3c2d79125e8714f9d44beb0a883900845f7d41031 java-17-openjdk-demo-slowdebug-17.0.6.0.10-3.el8_7.x86_64.rpm 330890fbcaf8b55250a9f8ab87daae4de4e14d1b391355447887bd5a4c8d938b java-17-openjdk-devel-fastdebug-17.0.6.0.10-3.el8_7.x86_64.rpm bde6c6ae00acaf348851b4d4c2e9de0c00783e03a48fa3956a2751525fca50b3 java-17-openjdk-devel-slowdebug-17.0.6.0.10-3.el8_7.x86_64.rpm bf115ca6af519d80f2ff10d2b22c674e82d8af9e969a2b44fb5c347271b4a472 java-17-openjdk-fastdebug-17.0.6.0.10-3.el8_7.x86_64.rpm 17ea21517c6c46e3c370d5f1abb31cbd9425f840a9cee4661497f8f68237b9e0 java-17-openjdk-headless-fastdebug-17.0.6.0.10-3.el8_7.x86_64.rpm 273c03a63de6b7b6cbb594e246f5f9678cb3cca6e30210c431ea2814418b1876 java-17-openjdk-headless-slowdebug-17.0.6.0.10-3.el8_7.x86_64.rpm 8ebb76c9e38a60c1c4025cb7f05c546f1fa1ecacca6470a305ff4a2388eff0de java-17-openjdk-jmods-fastdebug-17.0.6.0.10-3.el8_7.x86_64.rpm 552473df6ec8c2cd137c75ff23b0c0a77d5248c4af90a3aaf68a9485e8a13f1a java-17-openjdk-jmods-slowdebug-17.0.6.0.10-3.el8_7.x86_64.rpm 1193f79d3ec3552b45deadc818f926f5f9881e34995711e815fcd32a861977aa java-17-openjdk-slowdebug-17.0.6.0.10-3.el8_7.x86_64.rpm 17c2b3de25ab6201b72700c8aefffa768254811e23564f5fd66c5d7360b4956d java-17-openjdk-src-fastdebug-17.0.6.0.10-3.el8_7.x86_64.rpm 92799ac1a6c8bf1a4efd4bb14a85f9f6207290f0f0805979873c5679168c7330 java-17-openjdk-src-slowdebug-17.0.6.0.10-3.el8_7.x86_64.rpm 98f73d00398ab11c852a2fef1199b942854a04c7f5f2a5d75ddac653327f1e0b java-17-openjdk-static-libs-fastdebug-17.0.6.0.10-3.el8_7.x86_64.rpm 8d4e5bf10c4b9ba8218f7d8eb48173aa7a3cdd85d3d8f87b22174987b8fa935d java-17-openjdk-static-libs-slowdebug-17.0.6.0.10-3.el8_7.x86_64.rpm 0c905b92e8d597092ad21d648ca84da6c939718305a8587ab12d426600c01840 RLSA-2023:0200 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-01, 11.0.18) [Rocky Linux-8] (BZ#2157797) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-01, 11.0.18) [Rocky Linux-8] (BZ#2157797) rocky-linux-8-x86-64-powertools-rpms java-11-openjdk-demo-fastdebug-11.0.18.0.10-2.el8_7.x86_64.rpm 31e70a9b053387cb360107e99c30be5ff3e8b77bda963c229ed133905fb5f075 java-11-openjdk-demo-slowdebug-11.0.18.0.10-2.el8_7.x86_64.rpm 8049109dcc4eec82d129c5ba68b3caef10c1fb02386aa67ba74433694cc5b2e7 java-11-openjdk-devel-fastdebug-11.0.18.0.10-2.el8_7.x86_64.rpm 511236322c0d829ec3f55813232f2b4e22938eb9db7c3e122368a2ef519644c4 java-11-openjdk-devel-slowdebug-11.0.18.0.10-2.el8_7.x86_64.rpm e04bb4eb4e6004d0bee5cfbc0f8ae351914efd5d4192616feb51388b1fe3f18f java-11-openjdk-fastdebug-11.0.18.0.10-2.el8_7.x86_64.rpm 98da2a7e7c5a6247fc30fe4600ff5494177764a4c6b5d5d514e976c1503b4393 java-11-openjdk-headless-fastdebug-11.0.18.0.10-2.el8_7.x86_64.rpm cf60dc0f680873b776bd229dc8dbbbfd6df343cf25380e0833507e08aace573f java-11-openjdk-headless-slowdebug-11.0.18.0.10-2.el8_7.x86_64.rpm 0d0c573e9d794b88c354765df0aa0e29defbc39ffda15f26ec6226e840aa6e81 java-11-openjdk-jmods-fastdebug-11.0.18.0.10-2.el8_7.x86_64.rpm d2728df00657698634850600c0b40ca8e685d9582508de1c2d94ae9d7a791063 java-11-openjdk-jmods-slowdebug-11.0.18.0.10-2.el8_7.x86_64.rpm 5d6bd6a9441d0b10b4033b7fd3d19824afdd5719cd1ad7fddaf7c2f68a968f39 java-11-openjdk-slowdebug-11.0.18.0.10-2.el8_7.x86_64.rpm 15b5910a4008ad2c91fa87ff75184a12bd3eb1b8d19e3604732244345a7e3dc1 java-11-openjdk-src-fastdebug-11.0.18.0.10-2.el8_7.x86_64.rpm 370d5c425db2b4aaef0c8d1e2bdd7e93ff3a50b103c7870a8b6765d508c41335 java-11-openjdk-src-slowdebug-11.0.18.0.10-2.el8_7.x86_64.rpm a995ed838160de30700f0c38a8921729448113305a443552fbc0f924ddbb1745 java-11-openjdk-static-libs-fastdebug-11.0.18.0.10-2.el8_7.x86_64.rpm 1bd8a0583252e4a38613497feebbfdac02ef7ddd78008829f4e140926db59b27 java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-2.el8_7.x86_64.rpm 8e2382a55bd8dc1af394e1cdfe1b21d71430a0dcfb0be247dd560526ea1c8708 RLBA-2020:3148 Rocky Enterprise Software Foundation OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. For additional information about the items in this advisory, refer to the Technical Notes chapter of the Release Notes, https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html/release_notes/chap-technical_notes Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for python-gflags, python-oauth2client, google-api-python-client, python-httplib2, python-uritemplate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Rocky Enterprise Software Foundation OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. For additional information about the items in this advisory, refer to the Technical Notes chapter of the Release Notes, https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html/release_notes/chap-technical_notes rocky-linux-8-x86-64-powertools-rpms python3-httplib2-0.10.3-4.el8.noarch.rpm 6e8b831ea4c97e85d08e061f6ed8f03ffd62a7ab0df8bc9b2f3222fd2c33e8b7 RLBA-2022:7815 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for kronosnet. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libknet1-1.24-2.el8.x86_64.rpm c47aa11ed5bedc2c7041becda3a67d03e63d5af4fa1c9948e36c1fc5b9dd11c6 libknet1-devel-1.24-2.el8.x86_64.rpm 2d9dc38cabc94373740a450f4dc1cde0b367f2cd1b83808293eb061a0d2471c2 RLBA-2021:4840 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update to 6ce5818b1c1828ccdc8ac63d460d029c6391a401 [Rocky Linux-8.5.0.z] (BZ#2024345) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet5.0, dotnet5.0-build-reference-packages. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update to 6ce5818b1c1828ccdc8ac63d460d029c6391a401 [Rocky Linux-8.5.0.z] (BZ#2024345) rocky-linux-8-x86-64-powertools-rpms dotnet5.0-build-reference-packages-0-12.20211117git6ce5818.el8_5.x86_64.rpm 9ad049bfe9d2d1ee6feb1e402eb4299e0627dc5ad6df4c05cc12bde6904b528e RLEA-2022:0322 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET Core 3.1 to SDK 3.1.416 and Runtime 3.1.22 [Rocky Linux-8.5.0.z] (BZ#2031429) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet-build-reference-packages, dotnet3.1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET Core 3.1 to SDK 3.1.416 and Runtime 3.1.22 [Rocky Linux-8.5.0.z] (BZ#2031429) rocky-linux-8-x86-64-powertools-rpms dotnet-build-reference-packages-0-11.20211215git045b288.el8_5.x86_64.rpm 7cc225bc2b285291ec66b3ef0a9d45ac1115a771cd18a022a1f11dbe6130848d RLEA-2020:4838 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dtc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms dtc-1.6.0-1.el8.x86_64.rpm 7994145929ccc0679aa9e79172f457e060bcc5553d01f1ea21a65eb8db91f6a6 libfdt-devel-1.6.0-1.el8.x86_64.rpm f2bd14d75286386c6320f8532bdfd70077d905397f49e8b3bf413637b90c0f7e RLBA-2020:4499 For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for network-manager-applet. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms jimtcl-devel-0.77-6.el8.1.x86_64.rpm 2eff50d56b783bbeb134f3b2125a0f9babf62e82b7a868504070ec4b6864ac85 RLSA-2021:1849 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The following packages have been upgraded to a later upstream version: freerdp (2.2.0). (BZ#1881971) Security Fix(es): * freerdp: out of bounds read in TrioParse (CVE-2020-4030) * freerdp: out of bound reads resulting in accessing memory location outside of static array PRIMARY_DRAWING_ORDER_FIELD_BYTES (CVE-2020-11095) * freerdp: out of bounds read in PRIMARY_DRAWING_ORDER_FIELD_BYTES (CVE-2020-11097) * freerdp: out of bounds read in license_read_new_or_upgrade_license_packet (CVE-2020-11099) * freerdp: integer overflow due to missing input sanitation in rdpegfx channel (CVE-2020-15103) * freerdp: out-of-bounds read in RLEDECOMPRESS (CVE-2020-4033) * freerdp: out-of-bound read in update_read_cache_bitmap_v3_order (CVE-2020-11096) * freerdp: out-of-bound read in glyph_cache_put (CVE-2020-11098) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The following packages have been upgraded to a later upstream version: freerdp (2.2.0). (BZ#1881971) Security Fix(es): * freerdp: out of bounds read in TrioParse (CVE-2020-4030) * freerdp: out of bound reads resulting in accessing memory location outside of static array PRIMARY_DRAWING_ORDER_FIELD_BYTES (CVE-2020-11095) * freerdp: out of bounds read in PRIMARY_DRAWING_ORDER_FIELD_BYTES (CVE-2020-11097) * freerdp: out of bounds read in license_read_new_or_upgrade_license_packet (CVE-2020-11099) * freerdp: integer overflow due to missing input sanitation in rdpegfx channel (CVE-2020-15103) * freerdp: out-of-bounds read in RLEDECOMPRESS (CVE-2020-4033) * freerdp: out-of-bound read in update_read_cache_bitmap_v3_order (CVE-2020-11096) * freerdp: out-of-bound read in glyph_cache_put (CVE-2020-11098) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms freerdp-devel-2.2.0-10.el8.x86_64.rpm 05879fccdffdd391d1cb4044c0aba9bed0313aced40f4a4fcc9db681088eafff RLSA-2021:1852 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. The following packages have been upgraded to a later upstream version: ghostscript (9.27). (BZ#1874523) Security Fix(es): * ghostscript: use-after-free vulnerability in igc_reloc_struct_ptr() could result in DoS (CVE-2020-14373) * ghostscript: buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS (CVE-2020-16287) * ghostscript: buffer overflow in pj_common_print_page() in devices/gdevpjet.c could result in a DoS (CVE-2020-16288) * ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a DoS (CVE-2020-16290) * ghostscript: buffer overflow in contrib/gdevdj9.c could result in a DoS (CVE-2020-16291) * ghostscript: buffer overflow in mj_raster_cmd() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16292) * ghostscript: NULL pointer dereference in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c could result in a DoS (CVE-2020-16293) * ghostscript: buffer overflow in epsc_print_page() in devices/gdevepsc.c could result in a DoS (CVE-2020-16294) * ghostscript: NULL pointer dereference in clj_media_size() in devices/gdevclj.c could result in a DoS (CVE-2020-16295) * ghostscript: buffer overflow in GetNumWrongData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-16296) * ghostscript: buffer overflow in FloydSteinbergDitheringC() in contrib/gdevbjca.c could result in a DoS (CVE-2020-16297) * ghostscript: buffer overflow in mj_color_correct() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16298) * ghostscript: division by zero in bj10v_print_page() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16299) * ghostscript: buffer overflow in tiff12_print_page() in devices/gdevtfnx.c could result in a DoS (CVE-2020-16300) * ghostscript: buffer overflow in okiibm_print_page1() in devices/gdevokii.c could result in a DoS (CVE-2020-16301) * ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a privilege escalation (CVE-2020-16302) * ghostscript: use-after-free in xps_finish_image_path() in devices/vector/gdevxps.c could result in a privilege escalation (CVE-2020-16303) * ghostscript: buffer overflow in image_render_color_thresh() in base/gxicolor.c could result in a DoS (CVE-2020-16304) * ghostscript: NULL pointer dereference in devices/gdevtsep.c could result in a DoS (CVE-2020-16306) * ghostscript: NULL pointer dereference in devices/vector/gdevtxtw.c and psi/zbfont.c could result in a DoS (CVE-2020-16307) * ghostscript: buffer overflow in p_print_image() in devices/gdevcdj.c could result in a DoS (CVE-2020-16308) * ghostscript: buffer overflow in lxm5700m_print_page() in devices/gdevlxm.c could result in a DoS (CVE-2020-16309) * ghostscript: division by zero in dot24_print_page() in devices/gdevdm24.c could result in a DoS (CVE-2020-16310) * ghostscript: buffer overflow in GetNumSameData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-17538) * ghostscript: buffer overflow in cif_print_page() in devices/gdevcif.c could result in a DoS (CVE-2020-16289) * ghostscript: buffer overflow in pcx_write_rle() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. The following packages have been upgraded to a later upstream version: ghostscript (9.27). (BZ#1874523) Security Fix(es): * ghostscript: use-after-free vulnerability in igc_reloc_struct_ptr() could result in DoS (CVE-2020-14373) * ghostscript: buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS (CVE-2020-16287) * ghostscript: buffer overflow in pj_common_print_page() in devices/gdevpjet.c could result in a DoS (CVE-2020-16288) * ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a DoS (CVE-2020-16290) * ghostscript: buffer overflow in contrib/gdevdj9.c could result in a DoS (CVE-2020-16291) * ghostscript: buffer overflow in mj_raster_cmd() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16292) * ghostscript: NULL pointer dereference in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c could result in a DoS (CVE-2020-16293) * ghostscript: buffer overflow in epsc_print_page() in devices/gdevepsc.c could result in a DoS (CVE-2020-16294) * ghostscript: NULL pointer dereference in clj_media_size() in devices/gdevclj.c could result in a DoS (CVE-2020-16295) * ghostscript: buffer overflow in GetNumWrongData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-16296) * ghostscript: buffer overflow in FloydSteinbergDitheringC() in contrib/gdevbjca.c could result in a DoS (CVE-2020-16297) * ghostscript: buffer overflow in mj_color_correct() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16298) * ghostscript: division by zero in bj10v_print_page() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16299) * ghostscript: buffer overflow in tiff12_print_page() in devices/gdevtfnx.c could result in a DoS (CVE-2020-16300) * ghostscript: buffer overflow in okiibm_print_page1() in devices/gdevokii.c could result in a DoS (CVE-2020-16301) * ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a privilege escalation (CVE-2020-16302) * ghostscript: use-after-free in xps_finish_image_path() in devices/vector/gdevxps.c could result in a privilege escalation (CVE-2020-16303) * ghostscript: buffer overflow in image_render_color_thresh() in base/gxicolor.c could result in a DoS (CVE-2020-16304) * ghostscript: NULL pointer dereference in devices/gdevtsep.c could result in a DoS (CVE-2020-16306) * ghostscript: NULL pointer dereference in devices/vector/gdevtxtw.c and psi/zbfont.c could result in a DoS (CVE-2020-16307) * ghostscript: buffer overflow in p_print_image() in devices/gdevcdj.c could result in a DoS (CVE-2020-16308) * ghostscript: buffer overflow in lxm5700m_print_page() in devices/gdevlxm.c could result in a DoS (CVE-2020-16309) * ghostscript: division by zero in dot24_print_page() in devices/gdevdm24.c could result in a DoS (CVE-2020-16310) * ghostscript: buffer overflow in GetNumSameData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-17538) * ghostscript: buffer overflow in cif_print_page() in devices/gdevcif.c could result in a DoS (CVE-2020-16289) * ghostscript: buffer overflow in pcx_write_rle() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms ghostscript-doc-9.27-11.el8.noarch.rpm f221bd7039893215b0704e74c99d7ca6dc842e26a460050aad879597f4d96f63 ghostscript-tools-dvipdf-9.27-11.el8.x86_64.rpm cb6792a587e28fe2b900d41cd1641cdf2f6ceeb0e98d91373f1d28f9f705f9e7 ghostscript-tools-fonts-9.27-11.el8.x86_64.rpm 205181bfef6b5a514bc90e7011791659ea97fdac151bd1100ae60d1c520a0eb0 ghostscript-tools-printing-9.27-11.el8.x86_64.rpm 6d52888b96409c28e2627c16b7dd0b61a90dc8b4340ab6f68dfa2d193d97b6d8 libgs-devel-9.27-11.el8.x86_64.rpm 4c6e3560c23f94f02befb1f554b10a15928ca4dcb09a3446b1068aaab63c7349 RLBA-2022:2000 For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for glib2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms glib2-doc-2.56.4-158.el8_6.1.noarch.rpm aa64cb9e557a147c0ba86aef7701e556397a660ebaa7822bdc19c57b448ee3f0 glib2-static-2.56.4-158.el8_6.1.x86_64.rpm 6227fcea57978647be3169b9610d7d1f26e0106aa3fcfda58fceac58218ab411 RLSA-2023:0208 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) (CVE-2023-21830) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI() (BZ#2139705) * Prepare for the next quarterly OpenJDK upstream release (2023-01, 8u362) [rhel-8] (BZ#2159910) * solr broken due to access denied ("java.io.FilePermission" "/etc/pki/java/cacerts" "read") [rhel-8, openjdk-8] (BZ#2163595) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-1.8.0-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) (CVE-2023-21830) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI() (BZ#2139705) * Prepare for the next quarterly OpenJDK upstream release (2023-01, 8u362) [rhel-8] (BZ#2159910) * solr broken due to access denied ("java.io.FilePermission" "/etc/pki/java/cacerts" "read") [rhel-8, openjdk-8] (BZ#2163595) rocky-linux-8-x86-64-powertools-rpms java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.362.b09-2.el8_7.x86_64.rpm 3d107948a53e1ad1238a8fce18aa10091bfccb9985c43f9d2523b3a68d8d15e2 java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.362.b09-2.el8_7.x86_64.rpm 7fabf6175ba5cd322454382b3fb8cae2c5b6db72ee8f9a6d0391330083e8575e java-1.8.0-openjdk-demo-fastdebug-1.8.0.362.b09-2.el8_7.x86_64.rpm 948dd789b3692ea8b6e11f7cbcd20c53bda8af025c0a32a399c1c602b9c7c8b7 java-1.8.0-openjdk-demo-slowdebug-1.8.0.362.b09-2.el8_7.x86_64.rpm ec8c7b2a3eeb2f0e1737905829ff8def75d14f3f545ea8ce7ba894367a24d32c java-1.8.0-openjdk-devel-fastdebug-1.8.0.362.b09-2.el8_7.x86_64.rpm 4b730892a6a6e5b467301f43615a0c94c7eeb35e280c8882bc18ae12db074e43 java-1.8.0-openjdk-devel-slowdebug-1.8.0.362.b09-2.el8_7.x86_64.rpm 1a89dfed17bd224f29f613e53077cfd6483456bffbfe4a85bbb0ac94e8a9aa85 java-1.8.0-openjdk-fastdebug-1.8.0.362.b09-2.el8_7.x86_64.rpm 4c9ad8217570c9defa735da0e35eda7d63a1287d73e760cbabcd8f234619f1e7 java-1.8.0-openjdk-headless-fastdebug-1.8.0.362.b09-2.el8_7.x86_64.rpm f009c10fd73f5b66d1db9fb76604a3d2b7f5328edf769134bcc69e7ecfdc6858 java-1.8.0-openjdk-headless-slowdebug-1.8.0.362.b09-2.el8_7.x86_64.rpm 839c9417c3ade14c28d739ec78229140a006d7d4597b033d2e7b021497df7c18 java-1.8.0-openjdk-slowdebug-1.8.0.362.b09-2.el8_7.x86_64.rpm 30523df7df6ffcc5f1cfb5d92b9a00a6860beaac12c0f0fda5a3a581d319484a java-1.8.0-openjdk-src-fastdebug-1.8.0.362.b09-2.el8_7.x86_64.rpm e61ad854136574fb02bfb8cde68c196b0970ec67127e68e6ccef381a4f74947e java-1.8.0-openjdk-src-slowdebug-1.8.0.362.b09-2.el8_7.x86_64.rpm 709f580d41d047995b696e792c266625b48d83cbd1e7e3decfe4da35a0d18064 RLBA-2022:0315 Rocky Enterprise Software Foundation Gluster Storage is software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. Bug fix(es): * Previously, granular entry self heal took more time than the full entry self heal when there were many entry self heals pending due to the creation and deletion heavy workloads. With this update, the extra lookup to delete the stale index is removed from the code path of the granular entry self heal, which improves the heal performance in the creation and deletion heavy workloads when the granular entry self heal is enabled. (BZ#1994593) Users of glusterfs with Rocky Enterprise Software Foundation Gluster Storage are advised to upgrade to these updated packages. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for glusterfs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Rocky Enterprise Software Foundation Gluster Storage is software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. Bug fix(es): * Previously, granular entry self heal took more time than the full entry self heal when there were many entry self heals pending due to the creation and deletion heavy workloads. With this update, the extra lookup to delete the stale index is removed from the code path of the granular entry self heal, which improves the heal performance in the creation and deletion heavy workloads when the granular entry self heal is enabled. (BZ#1994593) Users of glusterfs with Rocky Enterprise Software Foundation Gluster Storage are advised to upgrade to these updated packages. rocky-linux-8-x86-64-powertools-rpms glusterfs-api-devel-6.0-61.3.el8.x86_64.rpm 525a9ade52503d73cf4544ebab25532739a6184b4946e6b173936f215026c655 glusterfs-devel-6.0-61.3.el8.x86_64.rpm c03e3c50834db85be0060c9793b7f82745b41e04656655ebe9fe2419b1d48499 RLBA-2022:7739 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libsss_nss_idmap-devel-2.7.3-4.el8_7.1.x86_64.rpm d1deb446dcde3bfb1432c47d870ff5cf89dcc4ad0ff0b475955272a47f2d1a3b RLBA-2022:7766 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for fwupd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms fwupd-devel-1.7.8-1.el8.rocky.0.3.x86_64.rpm e762c6daa24c249825b0b3728719700bbb0a9e75bd9d75f6b1686a1d3d9b8394 RLEA-2020:4672 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for autogen. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms autogen-5.18.12-8.el8.1.x86_64.rpm ef71e9c73dc90421eb259f2e4c47107bff1b55f9eec5764c0ae628e5d0275901 autogen-libopts-devel-5.18.12-8.el8.1.x86_64.rpm a870efa1315a45b5fd0172eb2ced72192e7733acecee30c4462f3de42c3a5931 RLBA-2020:4734 For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libblockdev. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Enterprise Linux 8.3 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libblockdev-crypto-devel-2.24-11.el8.x86_64.rpm 99666e02b0ca9caa8ab819c249a5f32b0fff0e5b5d79e7d8cf86385ed3783151 libblockdev-devel-2.24-11.el8.x86_64.rpm 489b4532e3e74d79a6ab4fe6cd5aec581c9bcc208a986f7cea4d6cc084169305 libblockdev-fs-devel-2.24-11.el8.x86_64.rpm 38a2e52015511a9d259abc57ed36412e38278400ff47f831f6b67a479c121142 libblockdev-loop-devel-2.24-11.el8.x86_64.rpm 1930325da4d0a558261dd41e9e8340894f6791f0bfdb0348060e4dc5530bca52 libblockdev-lvm-devel-2.24-11.el8.x86_64.rpm 1355aa2e933e9b3afe2ea3a1cc945a48aeb4b82e60a2dda9e9db72382e1b0569 libblockdev-mdraid-devel-2.24-11.el8.x86_64.rpm cd7ea15db2e26e59ce680988ccbedc782cd6e9f7d8e76daf477ee296cf5f9abe libblockdev-part-devel-2.24-11.el8.x86_64.rpm 158545ab0f3f9dd06ec1fb4f80c7529f681985ce49817ea1e969d078445fc96a libblockdev-swap-devel-2.24-11.el8.x86_64.rpm bd43acaa895fe9aea4b8428cad79a015152ba5b8361e93ab067f5ce7d97ef749 libblockdev-utils-devel-2.24-11.el8.x86_64.rpm 60d797fd505b5191fe54f91a1c6ae0890231ab16885fe6d8d6c8a55c62a1f32f libblockdev-vdo-devel-2.24-11.el8.x86_64.rpm c59272fc46b5d75a1a5891fcd054b3aea6d12909546847b486b98d40871c842d RLBA-2022:7462 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for anaconda. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms anaconda-widgets-devel-33.16.7.12-1.el8.rocky.0.1.x86_64.rpm 0fbcbd9612a1896c5b78316890164e0786a3a98b1a1848c3885a63acfa4165f7 RLBA-2022:7635 For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for openscap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms openscap-engine-sce-devel-1.3.6-4.el8.rocky.0.2.x86_64.rpm d3159c26e066933735f3a290f40f20139a2832a477a389a30b45ffc5fa0ce37a RLSA-2023:0625 KSBA (pronounced Kasbah) is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Security Fix(es): * libksba: integer overflow to code executiona (CVE-2022-47629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for libksba. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

KSBA (pronounced Kasbah) is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Security Fix(es): * libksba: integer overflow to code executiona (CVE-2022-47629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libksba-devel-1.3.5-9.el8_7.x86_64.rpm 4e97d71de0cd9278c72702dacaa0c8bb396ac6b7dedef18fdd544327319220a1 RLBA-2023:0783 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address bugs are now available. The updated versions are .NET SDK 7.0.103 and .NET Runtime 7.0.3. Bug Fix(es) and Enhancement(s): * 2166775 - Update .NET 7.0 to SDK 7.0.103 and Runtime 7.0.3 [rhel-8.7.0.z] Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address bugs are now available. The updated versions are .NET SDK 7.0.103 and .NET Runtime 7.0.3. Bug Fix(es) and Enhancement(s): * 2166775 - Update .NET 7.0 to SDK 7.0.103 and Runtime 7.0.3 [rhel-8.7.0.z] rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.103-1.el8_7.x86_64.rpm edc2c14a66b6ff60be97376cef707ff6e24f4a424c3d0e22a21c468ddbb1e8ba RLBA-2023:0784 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address bugfixes are now available. The updated versions are .NET SDK 6.0.114 and .NET Runtime 6.0.14. Security Fix(es): * 2166769 - Update .NET 6.0 to SDK 6.0.114 and Runtime 6.0.14 [rhel-8.7.0.z] Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address bugfixes are now available. The updated versions are .NET SDK 6.0.114 and .NET Runtime 6.0.14. Security Fix(es): * 2166769 - Update .NET 6.0 to SDK 6.0.114 and Runtime 6.0.14 [rhel-8.7.0.z] rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.114-1.el8_7.x86_64.rpm b3a75746634b6d346559d5d48e148449c9b0c008a5dbac5eb601fb45763c1e56 RLBA-2023:0831 The nfs-utils packages provide a daemon for the kernel Network File System (NFS) server and related tools, which provides better performance than the traditional Linux NFS server used by most users. These packages also contain the mount.nfs, umount.nfs, and showmount programs. Bug Fix(es) and Enhancement(s): * Update to nfs-utils 2.3.3-51 broke nfs-mountd service on Rocky Linux8.2 (BZ#2150899) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nfs-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The nfs-utils packages provide a daemon for the kernel Network File System (NFS) server and related tools, which provides better performance than the traditional Linux NFS server used by most users. These packages also contain the mount.nfs, umount.nfs, and showmount programs. Bug Fix(es) and Enhancement(s): * Update to nfs-utils 2.3.3-51 broke nfs-mountd service on Rocky Linux8.2 (BZ#2150899) rocky-linux-8-x86-64-powertools-rpms libnfsidmap-devel-2.3.3-57.el8_7.1.x86_64.rpm 2d3c1bf4cc4fdb3531a5eb388e60af0e2a9ac03d64804321c171b362df752d7e RLSA-2023:0832 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222) * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945) * kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134586) * Hardware error: RIP: copy_user_enhanced_fast_string+0xe (BZ#2137592) * Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel (BZ#2139580) * MEI support for Alder Lake-S (BZ#2141783) * Host Pod -> Cluster IP Service traffic (Pod Backend - Different Node) Flow Iperf Cannot Connect (BZ#2141959) * Rocky Linux8.7: Xorg cannot display resolution higher than 1024x768 on system using ast graphics driver (BZ#2149287) * Intel 8.7 Bug: OS doesn't boot when vmd and interrupt remapping are enabled (BZ#2149474) * i40e,iavf: SR-IOV VF devices send GARP with wrong MAC address (BZ#2149745) * Rocky Linux8.4 - boot: Add secure boot trailer (BZ#2151530) * error 524 from seccomp(2) when trying to load filter (BZ#2152138) * Workqueue: WQ_MEM_RECLAIM iscsi_ctrl_1:98 __iscsi_unbind_session [scsi_transport_iscsi] (BZ#2152734) * Connectivity issue with vDPA driver (BZ#2152912) * High Load average due to cfs cpu throttling (BZ#2153108) * The "kernel BUG at mm/usercopy.c:103!" from BZ 2041529 is back on rhel-8.5 (BZ#2153230) * Rocky Linux8: tick storm on nohz (isolated) CPU cores (BZ#2153653) * kernel BUG: scheduling while atomic: crio/7295/0x00000002 (BZ#2154460) * Azure Rocky Linux 8 z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2155272) * Azure: VM Deployment Failures Patch Request (BZ#2155280) * Azure vPCI Rocky Linux-8: add the support of multi-MSI (BZ#2155289) * MSFT MANA NET Patch Rocky Linux-8: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155437) * GSS: OCP 4.10.30 node crash after ODF upgrade : unable to handle kernel NULL pointer dereference at 0000000000000000 : ceph_get_snap_realm+0x68/0xa0 [ceph] (BZ#2155797) * Error in /usr/src/kernels/4.18.0-423.el8.x86_64/scripts/kernel-doc script causing irdma build to fail (BZ#2157905) * Rocky Linux8.8: Backport upstream patches to reduce memory cgroup memory consumption and OOM problem (BZ#2157922) * The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158813) * ethtool -m results in an out-of-bounds slab write in the be2net driver (BZ#2160182) * (Redhat OpenShift)Error downloading big ZIP files inside pod on power OCP and pod getting restarted (BZ#2160221) * i40e/iavf: VF reset task fails "Never saw reset" with 5 second timeout per VF (BZ#2160460) * iavf: It takes long time to create multiple VF interfaces and the VF interface names are not consistent (BZ#2163257) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222) * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945) * kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134586) * Hardware error: RIP: copy_user_enhanced_fast_string+0xe (BZ#2137592) * Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel (BZ#2139580) * MEI support for Alder Lake-S (BZ#2141783) * Host Pod -> Cluster IP Service traffic (Pod Backend - Different Node) Flow Iperf Cannot Connect (BZ#2141959) * Rocky Linux8.7: Xorg cannot display resolution higher than 1024x768 on system using ast graphics driver (BZ#2149287) * Intel 8.7 Bug: OS doesn't boot when vmd and interrupt remapping are enabled (BZ#2149474) * i40e,iavf: SR-IOV VF devices send GARP with wrong MAC address (BZ#2149745) * Rocky Linux8.4 - boot: Add secure boot trailer (BZ#2151530) * error 524 from seccomp(2) when trying to load filter (BZ#2152138) * Workqueue: WQ_MEM_RECLAIM iscsi_ctrl_1:98 __iscsi_unbind_session [scsi_transport_iscsi] (BZ#2152734) * Connectivity issue with vDPA driver (BZ#2152912) * High Load average due to cfs cpu throttling (BZ#2153108) * The "kernel BUG at mm/usercopy.c:103!" from BZ 2041529 is back on rhel-8.5 (BZ#2153230) * Rocky Linux8: tick storm on nohz (isolated) CPU cores (BZ#2153653) * kernel BUG: scheduling while atomic: crio/7295/0x00000002 (BZ#2154460) * Azure Rocky Linux 8 z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2155272) * Azure: VM Deployment Failures Patch Request (BZ#2155280) * Azure vPCI Rocky Linux-8: add the support of multi-MSI (BZ#2155289) * MSFT MANA NET Patch Rocky Linux-8: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155437) * GSS: OCP 4.10.30 node crash after ODF upgrade : unable to handle kernel NULL pointer dereference at 0000000000000000 : ceph_get_snap_realm+0x68/0xa0 [ceph] (BZ#2155797) * Error in /usr/src/kernels/4.18.0-423.el8.x86_64/scripts/kernel-doc script causing irdma build to fail (BZ#2157905) * Rocky Linux8.8: Backport upstream patches to reduce memory cgroup memory consumption and OOM problem (BZ#2157922) * The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158813) * ethtool -m results in an out-of-bounds slab write in the be2net driver (BZ#2160182) * (Redhat OpenShift)Error downloading big ZIP files inside pod on power OCP and pod getting restarted (BZ#2160221) * i40e/iavf: VF reset task fails "Never saw reset" with 5 second timeout per VF (BZ#2160460) * iavf: It takes long time to create multiple VF interfaces and the VF interface names are not consistent (BZ#2163257) rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-425.13.1.el8_7.x86_64.rpm 4e7c4e22c34e466674545ab534d71fe048d85e43a20a863bf73e90124073a870 RLSA-2023:0838 Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (CVE-2022-38023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for samba. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (CVE-2022-38023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libsmbclient-devel-4.16.4-4.el8_7.x86_64.rpm dc47e0b24ed2976c4a7682795b5a4b408312345fc61e2f3db928433bb29921d9 libwbclient-devel-4.16.4-4.el8_7.x86_64.rpm 22200537496b6fdd0dd221e49bd6707636b9203121db2e32204ba62bee10d28c samba-devel-4.16.4-4.el8_7.x86_64.rpm d3d0f896316d5406dabe44d4b7ad9979a359a6c3ad255336a32bac27abc6a59b RLBA-2023:0850 The OpenSCAP suite enables integration of the Security Content Automation Protocol (SCAP) line of standards. The openscap packages provide the OpenSCAP library and the oscap utility that provides various SCAP capabilities. Bug Fix(es) and Enhancement(s): * xmlfilecontent probe produces invalid OVAL results (BZ#2165577) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for openscap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The OpenSCAP suite enables integration of the Security Content Automation Protocol (SCAP) line of standards. The openscap packages provide the OpenSCAP library and the oscap utility that provides various SCAP capabilities. Bug Fix(es) and Enhancement(s): * xmlfilecontent probe produces invalid OVAL results (BZ#2165577) rocky-linux-8-x86-64-powertools-rpms openscap-engine-sce-devel-1.3.6-5.el8_7.rocky.0.2.x86_64.rpm f074559ef4ea882ce0d8b868126b83d7531a3cb245174184db4a365cc810dcd7 RLBA-2023:1245 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.104 and Runtime 7.0.4 [rhel-8.7.0.z] (BZ#2175026) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.104 and Runtime 7.0.4 [rhel-8.7.0.z] (BZ#2175026) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.104-1.el8_7.x86_64.rpm 1b621861a0e113b2dc07d0006b977e1760be56e8f4f86ff8783151126ab5cb3c RLBA-2023:1565 The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Bug Fix(es): *Multipath segfault after running newest patched version (BZ#2161393) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for device-mapper-multipath. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Bug Fix(es): *Multipath segfault after running newest patched version (BZ#2161393) rocky-linux-8-x86-64-powertools-rpms device-mapper-multipath-devel-0.8.4-28.el8_7.3.x86_64.rpm e43454f269517344b8900c7793797fa1049355c17fb163bb3f853efe90396db8 RLSA-2023:1566 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266) * kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386) * kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel panic on reboot due to a bug in mei_wdt module (BZ#2139770) * Rocky Linux8: Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142170) * AMDSERVER 8.7: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151275) * Rocky Linux-8.8: Update RDMA core to Linux v6.0 (BZ#2161750) * Kernel panic observed during VxFS module unload (BZ#2162763) * Client not able to connect to rhel server: SYN is answered by chalange ACK and RST is ignored (BZ#2165587) * Rocky Linux8.4: s390/kexec: fix ipl report address for kdump (BZ#2166296) * kvm-unit-test reports unhandled exception on AMD (BZ#2166362) * Windows Server 2019 guest randomly pauses with "KVM: entry failed, hardware error 0x80000021" (BZ#2166368) * Unable to get QinQ working with ConnectX-4 Lx in SR-IOV scenario (BZ#2166665) * panic in fib6_rule_suppress+0x22 with custom xdp prog involved in (BZ#2167602) * net/mlx5e: Fix use-after-free when reverting termination table (BZ#2167640) * Rocky Linux 8.7: EEH injection failed to recover on Mellanox adapter. (BZ#2167645) * mlx5: lag and sriov fixes (BZ#2167647) * Rocky Linux8.4: dasd: fix no record found for raw_track_access (BZ#2167776) * GSS: Set of fixes in ceph kernel module to prevent OCS node kernel crash - blocklist the kclient when receiving corrupted snap trace (BZ#2168896) * Azure Rocky Linux8 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170228) * fast_isolate_freepages scans out of target zone (BZ#2170576) * Backport Request for locking/rwsem commits (BZ#2170939) * ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172550) * Hyper-V Rocky Linux8.8: Update MANA driver (BZ#2173103) Enhancement(s): * Intel 8.8 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168384) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266) * kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386) * kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel panic on reboot due to a bug in mei_wdt module (BZ#2139770) * Rocky Linux8: Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142170) * AMDSERVER 8.7: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151275) * Rocky Linux-8.8: Update RDMA core to Linux v6.0 (BZ#2161750) * Kernel panic observed during VxFS module unload (BZ#2162763) * Client not able to connect to rhel server: SYN is answered by chalange ACK and RST is ignored (BZ#2165587) * Rocky Linux8.4: s390/kexec: fix ipl report address for kdump (BZ#2166296) * kvm-unit-test reports unhandled exception on AMD (BZ#2166362) * Windows Server 2019 guest randomly pauses with "KVM: entry failed, hardware error 0x80000021" (BZ#2166368) * Unable to get QinQ working with ConnectX-4 Lx in SR-IOV scenario (BZ#2166665) * panic in fib6_rule_suppress+0x22 with custom xdp prog involved in (BZ#2167602) * net/mlx5e: Fix use-after-free when reverting termination table (BZ#2167640) * Rocky Linux 8.7: EEH injection failed to recover on Mellanox adapter. (BZ#2167645) * mlx5: lag and sriov fixes (BZ#2167647) * Rocky Linux8.4: dasd: fix no record found for raw_track_access (BZ#2167776) * GSS: Set of fixes in ceph kernel module to prevent OCS node kernel crash - blocklist the kclient when receiving corrupted snap trace (BZ#2168896) * Azure Rocky Linux8 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170228) * fast_isolate_freepages scans out of target zone (BZ#2170576) * Backport Request for locking/rwsem commits (BZ#2170939) * ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172550) * Hyper-V Rocky Linux8.8: Update MANA driver (BZ#2173103) Enhancement(s): * Intel 8.8 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168384) rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-425.19.2.el8_7.x86_64.rpm 607da7a3dc2a158a707e298603fc68c28037159bcaf1ada4d70f6fbd0a1c16c4 RLBA-2023:1567 Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Bug Fix(es) and Enhancement(s): * Samba shares not accessible from MacOS Ventura after upgrade to Samba 4.16.4-2.el8 (BZ#2170394) * ctdb should have dependency for package samba-winbind-clients (BZ#2170467) * Samba with Winbind can not retrieve user groups from Active Directory (BZ#2170468) * samba-tool reports an uncaught exception (BZ#2170469) * Ship new samba subpackages (BZ#2173975) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for samba. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Bug Fix(es) and Enhancement(s): * Samba shares not accessible from MacOS Ventura after upgrade to Samba 4.16.4-2.el8 (BZ#2170394) * ctdb should have dependency for package samba-winbind-clients (BZ#2170467) * Samba with Winbind can not retrieve user groups from Active Directory (BZ#2170468) * samba-tool reports an uncaught exception (BZ#2170469) * Ship new samba subpackages (BZ#2173975) rocky-linux-8-x86-64-powertools-rpms libsmbclient-devel-4.16.4-6.el8_7.x86_64.rpm f1a75049f46fa3a99f739def7f05e09a15ac9bf5aa6d415b71883907933e773b libwbclient-devel-4.16.4-6.el8_7.x86_64.rpm 48ae0fa76db742bad1d4df30a8548ebcb4a5495419090c2becfd6d7028a06082 samba-devel-4.16.4-6.el8_7.x86_64.rpm 109ee3d7813acf711c3190bffcb59a33fdd4fe89227c2afaf47e2fcf06bda1d3 RLBA-2023:1570 NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es) and Enhancement(s): * NetworkManager hostname lookup fails with IPv6 (BZ#2174362) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es) and Enhancement(s): * NetworkManager hostname lookup fails with IPv6 (BZ#2174362) rocky-linux-8-x86-64-powertools-rpms NetworkManager-libnm-devel-1.40.0-6.el8_7.x86_64.rpm 2ba6fac28ff3786effea27d4a7410741c87b33cf2f47a60aaca17e12344b2c55 RLEA-2023:1574 Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Bug Fix(es) and Enhancement(s): * SR-IOV VF not disabled as desired, gets IPv4 and default route via DHCP (BZ#2169642) * Dual stack profiles do not set may-fail correctly (BZ#2170078) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nmstate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Bug Fix(es) and Enhancement(s): * SR-IOV VF not disabled as desired, gets IPv4 and default route via DHCP (BZ#2169642) * Dual stack profiles do not set may-fail correctly (BZ#2170078) rocky-linux-8-x86-64-powertools-rpms nmstate-devel-1.3.3-8.el8_7.x86_64.rpm 4522561ad63d34bc1464d5b955790b08bf384ae26aede1b60b2e5f8e80d29eb4 RLBA-2023:1579 UPower is a DBus daemon and a client library that provides an interface for other programs to enumerate power sources on the system and control system-wide power management. Bug Fix(es) and Enhancement(s): * Rocky Linux 8.7 Missing battery icon while the battery is charging. (BZ#2170088) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for upower. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

UPower is a DBus daemon and a client library that provides an interface for other programs to enumerate power sources on the system and control system-wide power management. Bug Fix(es) and Enhancement(s): * Rocky Linux 8.7 Missing battery icon while the battery is charging. (BZ#2170088) rocky-linux-8-x86-64-powertools-rpms upower-devel-0.99.7-4.el8_7.x86_64.rpm 97fcac3ece1ecec3b7bbce85f05aecfa8e796a1038b400638f8d4b448a39c488 upower-devel-docs-0.99.7-4.el8_7.noarch.rpm 1c90886eb71223a62206ed760389e25ed8a20f292f2a15f8c466044da1b3a26b RLBA-2023:1755 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es): * Update .NET 6.0 to SDK 6.0.116 and Runtime 6.0.16 [rhel-8.7.0.z] (BZ#2183581) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es): * Update .NET 6.0 to SDK 6.0.116 and Runtime 6.0.16 [rhel-8.7.0.z] (BZ#2183581) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.116-1.el8_7.x86_64.rpm 2e8ff4cbbabf7d9793dd996a49054edde2c3357f73c8f585be49670e1319f88d RLSA-2023:1898 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930) * OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939) * OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954) * OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967) * OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937) * OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938) * OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * In FIPS mode, the list of cryptographic services and algorithms available is limited to those that are FIPS compliant. It was found that this filtering was too strict and was also excluding service attributes. These attributes are now made available in FIPS mode, as they are in non-FIPS mode. (RHBZ#2186835) * Previously, the XML signature provider was unable to operate in FIPS mode. Following recent enhancements to FIPS mode support, the XML signature provider can now be supported. It is now enabled in FIPS mode. (RHBZ#2186827) * The PKCS#11 provider used by FIPS mode can be supported by different PKCS#11 tokens. It was found that some PKCS#11 tokens may not be initialised fully before use, leading to an exception being thrown by the provider. With this release, this exception is now expected and handled by the FIPS support code. (RHBZ#2186831) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930) * OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939) * OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954) * OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967) * OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937) * OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938) * OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * In FIPS mode, the list of cryptographic services and algorithms available is limited to those that are FIPS compliant. It was found that this filtering was too strict and was also excluding service attributes. These attributes are now made available in FIPS mode, as they are in non-FIPS mode. (RHBZ#2186835) * Previously, the XML signature provider was unable to operate in FIPS mode. Following recent enhancements to FIPS mode support, the XML signature provider can now be supported. It is now enabled in FIPS mode. (RHBZ#2186827) * The PKCS#11 provider used by FIPS mode can be supported by different PKCS#11 tokens. It was found that some PKCS#11 tokens may not be initialised fully before use, leading to an exception being thrown by the provider. With this release, this exception is now expected and handled by the FIPS support code. (RHBZ#2186831) rocky-linux-8-x86-64-powertools-rpms java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el8_7.x86_64.rpm 80a5ddc181f645d9bf5088c6674a3fbc245f88ccaaa1c04c3fe6663f762520e7 java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_7.x86_64.rpm 2a10ca50398c71acec8d352b5869ab11125b7d3fb8a8b0ff60269057e7596e18 java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el8_7.x86_64.rpm cc0668d83c72a0ac2a9b76584e630b78f7da0925b06649697160f9ffb5921ede java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_7.x86_64.rpm 22eecc64f8ef8183d766e1d419626bcfd9a92b8b455f4d7f673f2741b6b79f89 java-17-openjdk-fastdebug-17.0.7.0.7-1.el8_7.x86_64.rpm 624b3909217722f2de5481f25ca3e0084a1e18034e95f66c765291a7c6d24a3d java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el8_7.x86_64.rpm 30e2994949b08fe0352aee0441c7c37d991bd009fb9a492ac3419dda518333fe java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_7.x86_64.rpm cdb62d365e39170412d6fc799e0ac76638be38669957937d2d9b63b6b7cd0258 java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el8_7.x86_64.rpm c19b3d03c5a5f96fc6329c15f9b92291263438e290f446e5735f540bb352550c java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_7.x86_64.rpm 8a09fb78d6a02062d962fcc75d34cdd85bd323aa38e0e745c92a2a9a3cf80255 java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_7.x86_64.rpm 0d28981857ca0ddaceaccdb775c12b7b2520e9c808167a7fcf3105aeca6a5a4d java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el8_7.x86_64.rpm be6a31526a734e63ac2e95ead6e3fa4b9e5a79b8f66cbe4f34780ce5dd66e3b5 java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_7.x86_64.rpm 9ee913b87b5e5296bcfbac3d13b8ddb2d58bdc478ac5d796536f5173e3307d5a java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el8_7.x86_64.rpm 51b5b0ff50b514e4f6cac652d4f4ca3572bdae9995a6c75dd871e43ab12a84f0 java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_7.x86_64.rpm 3ee0af68db6a60c979869df8333d17e20c956b25659878219adc4fc7471450a3 RLBA-2023:2978 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms opencryptoki-devel-3.19.0-2.el8.x86_64.rpm 0b200916bbfa584ae2c0d4e8edeaae658950a606bf36903f77febb72499c848a RLBA-2023:2979 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libdnf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libdnf-devel-0.63.0-14.el8_8.x86_64.rpm 40e14f15492726aa9bbc69801dd7b868baecf56b4c5b65583f620e850537b5d8 RLBA-2023:2991 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libtalloc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms python3-talloc-devel-2.3.4-1.el8.x86_64.rpm b8609d288e3c07426368bb463dbb63eaa19dbed9a0b46eb4abd31612bfa6e0bd RLBA-2023:3007 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libtraceevent. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libtraceevent-devel-1.5.3-1.el8.x86_64.rpm 5e4eb2085052051db02067c8fcdfa4e8651711274e1d2ae52f7214292733ef41 RLBA-2023:3010 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libtracefs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libtracefs-devel-1.3.1-2.el8.x86_64.rpm 5d82382cf54f461f3ac3aa50918704a62c86ebba86d90f5c1bef713d97df0a27 RLBA-2023:3036 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for librhsm. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms librhsm-devel-0.0.3-5.el8.x86_64.rpm 5173656dd42b51c741355a38e65703249552b0b2b1552389f6f22d1f6172db71 RLBA-2023:3048 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for lvm2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms device-mapper-devel-1.02.181-9.el8.x86_64.rpm 6c4b38e19bf34800e5bab5923847fcd0dafbba7308e836a4c70e3ecac6eaa720 device-mapper-event-devel-1.02.181-9.el8.x86_64.rpm 760fd95724c1d65e3e727525d5c0308fbe2a0ce135d18e2c74c8ab5122f66fa0 lvm2-devel-2.03.14-9.el8.x86_64.rpm e58a70503092c902a4c98e920006b6323d2384a28c943f0245e395a79a2208e5 RLBA-2023:3063 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for file. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms file-devel-5.33-24.el8.x86_64.rpm 5fe9411d52dc60d380ad66ea8bff209ddc83089f242e21330aac0533158d4c59 RLBA-2023:2783 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for wpebackend-fdo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms wpebackend-fdo-devel-1.10.0-3.el8.x86_64.rpm 14fda3bf34aa6798fd0b080bed346ff285de139c581280ab016f8e25fee20f2f RLSA-2023:2810 Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * poppler: integer overflow in JBIG2 decoder using malformed files (CVE-2022-38784) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for poppler. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * poppler: integer overflow in JBIG2 decoder using malformed files (CVE-2022-38784) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms poppler-cpp-20.11.0-6.el8.x86_64.rpm 32d7eaa8df2b1d31e44ad6cea3284984f6e2ed2f8c67399ee0d1291eff58b0fa poppler-cpp-devel-20.11.0-6.el8.x86_64.rpm 53c4b786c3a5de17d3acfaad217963bab817eef17e57a61d361cdee409462169 poppler-devel-20.11.0-6.el8.x86_64.rpm fb7276a320965ec617b7782949dfe322dca5f9cc78884a5ce651e89c6d6d3e10 poppler-glib-devel-20.11.0-6.el8.x86_64.rpm eccfca912c38fb072d4016955ed618ca00894570fd50b4f33d439226dc75d243 poppler-qt5-devel-20.11.0-6.el8.x86_64.rpm d611af6e84407a930ae5bd25a868825225d3d18b0ed1024a21b7d328fded1c10 RLBA-2023:3102 The util-linux packages contain a large variety of low-level system utilities necessary for a Linux system to function. Among others, these include the libuuid and uuidd daemon. Bug Fix(es) and Enhancement(s): * Backport hint about systemd daemon-reload. (BZ#2180442) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for util-linux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The util-linux packages contain a large variety of low-level system utilities necessary for a Linux system to function. Among others, these include the libuuid and uuidd daemon. Bug Fix(es) and Enhancement(s): * Backport hint about systemd daemon-reload. (BZ#2180442) rocky-linux-8-x86-64-powertools-rpms libmount-devel-2.32.1-42.el8_8.x86_64.rpm ebdd882f8a0619ba0a95a61bca7dc877614d3213dd59d6e6ffa31e90ddf57e4b RLBA-2023:2765 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gnome-software. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms gnome-software-devel-3.36.1-11.el8.x86_64.rpm 13f93bab2dfa887899c79ed78fd35f5dd0479c16c1e5297151d094763c19c24b RLBA-2023:2812 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qt5-qttools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms qt5-qttools-static-5.15.3-4.el8.x86_64.rpm 32889d9d3a4f9e1f1110306621043c4fd1bb3c55d6a28e60cb2719221927e9b8 RLBA-2023:2922 For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for python3.11-psycopg2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms python3.11-psycopg2-debug-2.9.3-1.el8.x86_64.rpm 77f3671ef1651428e7712caf52d10a3fc21ae5c7e76169fb9886e3e650fd3f16 python3.11-psycopg2-tests-2.9.3-1.el8.x86_64.rpm 6d5a7d57f699435125f205a6eaafa91de8069e353f5d013e373beadfe33fe73e RLBA-2023:3092 Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Bug Fix(es) and Enhancement(s): * Rebase nmstate to latest 1.x branch. (BZ#2181166) * Failures when DNS is set to auto with DHCP and there is a static DNS search string defined. (BZ#2186178) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nmstate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Bug Fix(es) and Enhancement(s): * Rebase nmstate to latest 1.x branch. (BZ#2181166) * Failures when DNS is set to auto with DHCP and there is a static DNS search string defined. (BZ#2186178) rocky-linux-8-x86-64-powertools-rpms nmstate-devel-1.4.4-1.el8_8.x86_64.rpm 781b7b8a27a7a46113567307754120996ace883230f805ff3b84e30b48babc7c RLBA-2023:3093 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.116-2.el8_8.x86_64.rpm 8d53e71fad8b6dc5767960edc0d0d5358a3b63e97b810b31d2ae78d840571617 RLBA-2023:3094 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.105 and Runtime 7.0.5 [rhel-8.8.0.z] (BZ#2183589) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.105 and Runtime 7.0.5 [rhel-8.8.0.z] (BZ#2183589) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.105-2.el8_8.x86_64.rpm 89c6250a275a59b4bfda9504cdb1c2471355895841b105cf434626cb1dd67ba6 RLBA-2023:3099 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Bug Fix(es): * All Rocky Linux versions now share a single OpenJDK build (RHBZ#2189330) * In FIPS mode, the list of cryptographic services and algorithms available is limited to those that are FIPS compliant. It was found that this filtering was too strict and was also excluding service attributes. These attributes are now made available in FIPS mode, as they are in non-FIPS mode. (RHBZ#2186834) * Previously, the XML signature provider was unable to operate in FIPS mode. Following recent enhancements to FIPS mode support, the XML signature provider can now be supported. It is now enabled in FIPS mode. (RHBZ#2186826) * The PKCS#11 provider used by FIPS mode can be supported by different PKCS#11 tokens. It was found that some PKCS#11 tokens may not be initialised fully before use, leading to an exception being thrown by the provider. With this release, this exception is now expected and handled by the FIPS support code. (RHBZ#2186830) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Bug Fix(es): * All Rocky Linux versions now share a single OpenJDK build (RHBZ#2189330) * In FIPS mode, the list of cryptographic services and algorithms available is limited to those that are FIPS compliant. It was found that this filtering was too strict and was also excluding service attributes. These attributes are now made available in FIPS mode, as they are in non-FIPS mode. (RHBZ#2186834) * Previously, the XML signature provider was unable to operate in FIPS mode. Following recent enhancements to FIPS mode support, the XML signature provider can now be supported. It is now enabled in FIPS mode. (RHBZ#2186826) * The PKCS#11 provider used by FIPS mode can be supported by different PKCS#11 tokens. It was found that some PKCS#11 tokens may not be initialised fully before use, leading to an exception being thrown by the provider. With this release, this exception is now expected and handled by the FIPS support code. (RHBZ#2186830) rocky-linux-8-x86-64-powertools-rpms java-17-openjdk-demo-fastdebug-17.0.7.0.7-3.el8.x86_64.rpm f834f8929e04148bf3aa0c3da575339c3aa58837f1ab000f6715c6cc199be728 java-17-openjdk-demo-slowdebug-17.0.7.0.7-3.el8.x86_64.rpm 8686a2c265abf63826b22a7d78e12d9fa2d175bdb55b048bf873d96a2d171c5b java-17-openjdk-devel-fastdebug-17.0.7.0.7-3.el8.x86_64.rpm d7422db2d6bb969308c5caa3aa24bc2783ad0ecf83bf306e984b9dc4eac17f4c java-17-openjdk-devel-slowdebug-17.0.7.0.7-3.el8.x86_64.rpm 652556c0cfea08653f4d2b1c697c3c20d0a310eab6f82c2e294eb2c36fc3dfd0 java-17-openjdk-fastdebug-17.0.7.0.7-3.el8.x86_64.rpm c9235f16a0cffdaca6e2e218801c611fd729e464155d4d067fb7effb81de91d7 java-17-openjdk-headless-fastdebug-17.0.7.0.7-3.el8.x86_64.rpm c347c88c3a47789f7ce5dcd85e015d5c78371f17184147418a20b04989395cd3 java-17-openjdk-headless-slowdebug-17.0.7.0.7-3.el8.x86_64.rpm a80dc7754029211b44254055bbe6fc87c3a8ccc2be67f7d4a7dc1d53b52d6832 java-17-openjdk-jmods-fastdebug-17.0.7.0.7-3.el8.x86_64.rpm c10109aad0ff5d2d7ce444359f12e8763f46568a7550d3970e00525926b7c302 java-17-openjdk-jmods-slowdebug-17.0.7.0.7-3.el8.x86_64.rpm 9cf6448257bcd383c189ec8c4f07b8267c3353bce8d92a9b8ef33e56427f3c04 java-17-openjdk-slowdebug-17.0.7.0.7-3.el8.x86_64.rpm c300dd1b6ebc5cffa041f909138a0e62e86d63b62d44d12817184489874e460d java-17-openjdk-src-fastdebug-17.0.7.0.7-3.el8.x86_64.rpm b4ebbca394d234b7b37f829abc9b7cb1526bc30960a899f068f278b2969a06a2 java-17-openjdk-src-slowdebug-17.0.7.0.7-3.el8.x86_64.rpm 02df48fe1d8c00a44eba3204ca34b1de95b338cd77436e6362b81f1c4644942c java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-3.el8.x86_64.rpm 30693638d321dbbf1bb96f633e3fb1c8a29143b991ce9fba529bc1834f47cd11 java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-3.el8.x86_64.rpm 86c9cbc8b58705a71bacb9a35ff3e1e55428ed744c9f962a96c9fba51b1ef270 RLBA-2023:3100 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Bug Fix(es): * All Rocky Linux versions now share a single OpenJDK build (RHBZ#2189327) * Attempting to obtain a HMac key generation using the Sun PKCS11 provider, as in FIPS mode, caused an error to be thrown. This is because the PKCS#11 provider did not offer the corresponding key generation algorithms. The Sun PKCS11 provider has been updated to support these algorithms. (RHBZ#2190091) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Bug Fix(es): * All Rocky Linux versions now share a single OpenJDK build (RHBZ#2189327) * Attempting to obtain a HMac key generation using the Sun PKCS11 provider, as in FIPS mode, caused an error to be thrown. This is because the PKCS#11 provider did not offer the corresponding key generation algorithms. The Sun PKCS11 provider has been updated to support these algorithms. (RHBZ#2190091) rocky-linux-8-x86-64-powertools-rpms java-11-openjdk-demo-fastdebug-11.0.19.0.7-4.el8.x86_64.rpm 9108f5097f8ebfb88889ed1ab9b10edbe749c0d305b1052d875ee3fe8b347ca0 java-11-openjdk-demo-slowdebug-11.0.19.0.7-4.el8.x86_64.rpm 35d52f07c723b69fc0242869681c410664ab2918e6c64164457e49d3825383b6 java-11-openjdk-devel-fastdebug-11.0.19.0.7-4.el8.x86_64.rpm 451e735cc136b9c8a851669306480f7d98b62eb281fe7531b8b00b3485f282a4 java-11-openjdk-devel-slowdebug-11.0.19.0.7-4.el8.x86_64.rpm 3089be29ab5b6017b4dcfb4852d684f832ce12d7b08e885fe73490a05c13bc2e java-11-openjdk-fastdebug-11.0.19.0.7-4.el8.x86_64.rpm dcea53f7040d763f8c49757f16a695d7c1d21537d3a101b50be9ef116fc1d5e1 java-11-openjdk-headless-fastdebug-11.0.19.0.7-4.el8.x86_64.rpm 96742a548c3056e037c6f903939226a55144ed8365d2c908c57d48fd0e6e48ef java-11-openjdk-headless-slowdebug-11.0.19.0.7-4.el8.x86_64.rpm 5a9c6cc870cde33b00d0f4487c8743c8db3641dc6bdfd34b4b23a716c8846ec5 java-11-openjdk-jmods-fastdebug-11.0.19.0.7-4.el8.x86_64.rpm 9086461e54b4e3c5e09e2b27ed29aeb610d50af6723e26ec5f5e6cae46586c98 java-11-openjdk-jmods-slowdebug-11.0.19.0.7-4.el8.x86_64.rpm 9932046549d5f9b7707130ac181abebe2d17d068569ab179135c82c276f2b247 java-11-openjdk-slowdebug-11.0.19.0.7-4.el8.x86_64.rpm bcbb36a94c58fcaac41aa25a495080678ff1611dde4e41d9cfe150561a7a0cad java-11-openjdk-src-fastdebug-11.0.19.0.7-4.el8.x86_64.rpm adfc5b002321a4e43d2c47a04734740367b64b221a67a438c74fa596b5deedf0 java-11-openjdk-src-slowdebug-11.0.19.0.7-4.el8.x86_64.rpm 87113504942e943273ecd82eaefca0e32b54946b71949b330b563854012dd3c7 java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-4.el8.x86_64.rpm 6561e146ea7c605d8f091798857651fc3e13880350b7d5e90d2d1127be0e1227 java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-4.el8.x86_64.rpm a1d15ca5f0d20d12b18abbad4dd7028d664c9b5c27bab16f1dcf33c686304a74 RLBA-2023:3101 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Bug Fix(es): * All Rocky Linux versions now share a single OpenJDK build (RHBZ#2189328) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for java-1.8.0-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Bug Fix(es): * All Rocky Linux versions now share a single OpenJDK build (RHBZ#2189328) rocky-linux-8-x86-64-powertools-rpms java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-4.el8.x86_64.rpm d210ef997522044bcf455c1d9aef1620a162a07f4fd673ce168568f608c9e835 java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-4.el8.x86_64.rpm 55dd86ddd9261d2d31bea1ce7c85fae83629bd6c8bf1a88667a861471a1f3bc3 java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-4.el8.x86_64.rpm 7b3393886fa53d9faa64236c59758633c38b018b55babf8850644f8f9e5039a6 java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-4.el8.x86_64.rpm 9f7d611d27c60c2bb5e87c142fcc840ec0980d1be3efbb3119f769ed59418a83 java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-4.el8.x86_64.rpm c311221ea3d10b97c74a690693f14d5cd9a11c4d4fbb66f24015bfaeaaa89443 java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-4.el8.x86_64.rpm 04a57e510533781529421f2b89cbf740e186621cdfa6484bfdf457fa1318a1ee java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-4.el8.x86_64.rpm df457c2669ba5d33f00e6487f4464e7dc096b18cb9fb2bcd79d3d70e2a7da8c1 java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-4.el8.x86_64.rpm 21dc44ea566a88e3ababe2394140fce364f5cc441c9d92f643ad02d94f32a001 java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-4.el8.x86_64.rpm 7a42383408e6b2bf436ff9b0c5114df400acbbe64b30bbf7285e3ab26d5b7d80 java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-4.el8.x86_64.rpm 63e0370530a3591bf69a8289bb93d90cbfe683945841c72a634bf2b36689aa9a java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-4.el8.x86_64.rpm 4ed4b9d358e629576647020d1d758858cf4bd881c2354ba83f1bab830eb131f8 java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-4.el8.x86_64.rpm 7d4a3f83c8e4f4814189e5556db6e61c63212df9d90f16044e82926a7d5421bb RLSA-2023:3661 The texlive packages contain TeXLive, an implementation of TeX for Linux or UNIX systems. Security Fix(es): * texlive: arbitrary code execution allows document complied with older version (CVE-2023-32700) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for texlive. This update affects Rocky Linux 9, Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The texlive packages contain TeXLive, an implementation of TeX for Linux or UNIX systems. Security Fix(es): * texlive: arbitrary code execution allows document complied with older version (CVE-2023-32700) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms texlive-lib-devel-20180414-29.el8_8.x86_64.rpm 8dc3d9bd48684d2c5b20e156c3cf0313a7e79c2b1ad5b917ad148c64813c146c RLBA-2023:3845 NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es): * NetworkManager brings down connection when the IPv6 link-local address is removed (BZ#2209355) * ifcfg: Mask the high bit in InfiniBand P-Key IDs again (BZ#2209975) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es): * NetworkManager brings down connection when the IPv6 link-local address is removed (BZ#2209355) * ifcfg: Mask the high bit in InfiniBand P-Key IDs again (BZ#2209975) rocky-linux-8-x86-64-powertools-rpms NetworkManager-libnm-devel-1.40.16-3.el8_8.x86_64.rpm 46601dc115cdbe4c795ff339d924f98867d38e0f69f0b708fdef37881b46daf6 RLSA-2023:4100 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: named's configured cache size limit can be significantly exceeded (CVE-2023-2828) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for bind9.16. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: named's configured cache size limit can be significantly exceeded (CVE-2023-2828) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms bind9.16-devel-9.16.23-0.14.el8_8.1.x86_64.rpm 1674101536701b5c31a133fcd705c4526104c6fa8b7417e336066bc5844b7bf6 bind9.16-doc-9.16.23-0.14.el8_8.1.noarch.rpm 9e0afbfc91960e8fcdebe49b409519c4fa1243f58b39e1102f8a3c244a6a5a10 RLSA-2023:4176 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) [rhel-8] (BZ#2219727) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-1.8.0-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) [rhel-8] (BZ#2219727) rocky-linux-8-x86-64-powertools-rpms java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm 607f003bafd49e889ae7a7d9256feede2cd85c6735668f2999554c2ebeacf7cf java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm c892ba0f8d2f4df34f45c525270ffb1aeb9ff12560736cca3c87b31b25549b60 java-1.8.0-openjdk-demo-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm a130dd7765e4d6ed5326af47842cf9e6eb20741e64b93aaf2f359ddced62f632 java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm f59ae227028c2d5e7016ecdb15bb43bd18eb184528c131b72b1b40974bee1269 java-1.8.0-openjdk-devel-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm 4c046eb8c819a7c259e321846075f77eef7b1c6409f53631eecc0ef2c0ba0fc2 java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm 9690ae090c8702558dbd7a748bc05091222da50e05249547248d9274f6e135a7 java-1.8.0-openjdk-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm 4a93aea7964d676f54da3b44e3ea4e740546feee5e1364fbfe0c800447dc8541 java-1.8.0-openjdk-headless-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm bf1344bfa7db63ec249c1bc9e692f897ad5df6d0cb50dd21fb57fa3521897c86 java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm d8b285a740cdcc557466daeafeeeff83e2404cc1846c9ed98829107e267de9aa java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm 74bd7315b97661d9ce1e712d69a45636a663b1b59c1c18692c95f99adba5342d java-1.8.0-openjdk-src-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm 579203da4e58040b29ea25db0c125b2589086410f5d50c39c6bb1175e2f29f87 java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm 9944073d4cc41683313c342169927efc21c5ea2362d8af53e19b07f28b750190 RLSA-2023:3847 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (CVE-2023-28466) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RPL-P IOTG/RPL-S IOTG: cpu frequency issues (BZ#2179332) * iscsi target deadlocks when the same host acts as an initiator to itself (i.e. connects via 127.0.0.1) (BZ#2182092) * HPEMC Rocky Linux 8 REGRESSION: acpi-cpufreq: Skip initialization if a cpufreq driver exists (BZ#2186305) * kernel[-rt]: task deadline_test:2526 blocked for more than 600 seconds. (BZ#2188623) * Dying percpu kworkers cause issues on isolated CPUs [rhel-8] (BZ#2189595) * block layer: cherry pick recent upstream fixes (up to v6.3-rc1) for 8.9 (BZ#2193236) * xfs: deadlock in xfs_btree_split_worker (BZ#2196390) * Rocky Linux 8.9 hwpoison: data loss when memory error occurs on hugetlb pagecache (BZ#2196665) * Intel E810 card unable to create a MACVLAN on interface already configured as SRIOV (BZ#2203214) * mlxsw: kselftest case -usr-libexec-kselftests-drivers-net-mlxsw-devlink-trap-policer-sh trigger call trace (BZ#2207564) * Invalid character detected by rpminspect in Documentation/translations/zh_CN/process/magic-number.rst (BZ#2208284) Enhancement(s): * Intel 8.9 FEAT SPR power: Intel SST SNC4 support (BZ#2185604) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (CVE-2023-28466) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RPL-P IOTG/RPL-S IOTG: cpu frequency issues (BZ#2179332) * iscsi target deadlocks when the same host acts as an initiator to itself (i.e. connects via 127.0.0.1) (BZ#2182092) * HPEMC Rocky Linux 8 REGRESSION: acpi-cpufreq: Skip initialization if a cpufreq driver exists (BZ#2186305) * kernel[-rt]: task deadline_test:2526 blocked for more than 600 seconds. (BZ#2188623) * Dying percpu kworkers cause issues on isolated CPUs [rhel-8] (BZ#2189595) * block layer: cherry pick recent upstream fixes (up to v6.3-rc1) for 8.9 (BZ#2193236) * xfs: deadlock in xfs_btree_split_worker (BZ#2196390) * Rocky Linux 8.9 hwpoison: data loss when memory error occurs on hugetlb pagecache (BZ#2196665) * Intel E810 card unable to create a MACVLAN on interface already configured as SRIOV (BZ#2203214) * mlxsw: kselftest case -usr-libexec-kselftests-drivers-net-mlxsw-devlink-trap-policer-sh trigger call trace (BZ#2207564) * Invalid character detected by rpminspect in Documentation/translations/zh_CN/process/magic-number.rst (BZ#2208284) Enhancement(s): * Intel 8.9 FEAT SPR power: Intel SST SNC4 support (BZ#2185604) rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-477.15.1.el8_8.x86_64.rpm 21b2624aa8ac3b518c30bd1c0565339349b4e21ce4512d0928bdac72bf7dd8b2 RLEA-2023:3849 The iproute packages contain networking utilities, such as ip and rtmon, designed to use the advanced networking capabilities of the Linux kernel. Bug Fix(es): * macvlan: Add bclim parameter (BZ#2209687) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for iproute. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The iproute packages contain networking utilities, such as ip and rtmon, designed to use the advanced networking capabilities of the Linux kernel. Bug Fix(es): * macvlan: Add bclim parameter (BZ#2209687) rocky-linux-8-x86-64-powertools-rpms iproute-devel-5.18.0-1.1.el8_8.x86_64.rpm 5861dcc0f4de7aa7c57a8b2fa51f2a785162f31952e08bb6dc3310058246cb32 RLSA-2023:3425 The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. Security Fix(es): * cups-filters: remote code execution in cups-filters, beh CUPS backend (CVE-2023-24805) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for cups-filters. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. Security Fix(es): * cups-filters: remote code execution in cups-filters, beh CUPS backend (CVE-2023-24805) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms cups-filters-devel-1.20.0-29.el8_8.2.x86_64.rpm fed8a7e20c3d23fb304c197839f9f588a96bf9e22768a215076a5ca45aef6b8d RLSA-2023:3582 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. The following packages have been upgraded to a later upstream version: dotnet6.0 (6.0.118). (BZ#2212378) Security Fix(es): * dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331) * dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337) * dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128) * dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. The following packages have been upgraded to a later upstream version: dotnet6.0 (6.0.118). (BZ#2212378) Security Fix(es): * dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331) * dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337) * dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128) * dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.118-1.el8_8.x86_64.rpm 8e41d83616fcb6026eb71146fcf66758133fb496188bbd5b0d49cbaa09fd4aef RLSA-2023:3593 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.107 and .NET Runtime 7.0.7. The following packages have been upgraded to a later upstream version: dotnet7.0 (7.0.107). (BZ#2211876) Security Fix(es): * dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331) * dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337) * dotnet: Elevation of privilege - TarFile.ExtractToDirectory ignores extraction directory argument (CVE-2023-32032) * dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128) * dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.107 and .NET Runtime 7.0.7. The following packages have been upgraded to a later upstream version: dotnet7.0 (7.0.107). (BZ#2211876) Security Fix(es): * dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331) * dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337) * dotnet: Elevation of privilege - TarFile.ExtractToDirectory ignores extraction directory argument (CVE-2023-32032) * dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128) * dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.107-1.el8_8.x86_64.rpm 0a086b1ad71683de862e912fc53d383a7615461b0a791b5e40a58f3d349924f3 RLSA-2023:3594 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix(es): * python: urllib.parse url blocklisting bypass (CVE-2023-24329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for python3.11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix(es): * python: urllib.parse url blocklisting bypass (CVE-2023-24329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms python3.11-debug-3.11.2-2.el8_8.1.x86_64.rpm 0523f76d3f5a713d6dc715fae1e487af95556552b912e73856394fd439fe05a7 python3.11-idle-3.11.2-2.el8_8.1.x86_64.rpm a8031bb387d289f3ce0a5b3ef507a1faeec5dbad1c1117c34a37a1b155de8116 python3.11-test-3.11.2-2.el8_8.1.x86_64.rpm 5462ef7f1a89276feb7bb27d327549d88597736ff0417bf8ae2b3288f53fcd3d RLBA-2023:3823 Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es): * [DELL 8.6 BUG]System hang after plug-in 4K monitor to Atomic dock (BZ#2209025) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mutter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es): * [DELL 8.6 BUG]System hang after plug-in 4K monitor to Atomic dock (BZ#2209025) rocky-linux-8-x86-64-powertools-rpms mutter-devel-3.32.2-69.el8_8.x86_64.rpm 28ad4e6c2506717cf2ce4f8ef06840f914502e36f1fd02bf3ff641e210ec8a6e RLSA-2023:3827 The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c (CVE-2022-48281) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c (CVE-2022-48281) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libtiff-tools-4.0.9-28.el8_8.x86_64.rpm 234da4ca6af1faa0d1eca8d2e3512d74cd87cf26af1c21ff61b96557a7230c2e RLBA-2023:3832 Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Enhancement(s): * [Backport to 8.X] DHCP based installation shall allow creation network bonding and allowing custom/specifying routes with nmstate. (BZ#2213554) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nmstate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Enhancement(s): * [Backport to 8.X] DHCP based installation shall allow creation network bonding and allowing custom/specifying routes with nmstate. (BZ#2213554) rocky-linux-8-x86-64-powertools-rpms nmstate-devel-1.4.4-2.el8_8.x86_64.rpm 4746d5f7c5af77b7004f6d3a1f5fd9aed65fbbeec9419dba65d933a0607795b9 RLBA-2023:3834 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.119 and Runtime 6.0.19 [rhel-8.8.0.z] (BZ#2216221) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.119 and Runtime 6.0.19 [rhel-8.8.0.z] (BZ#2216221) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.119-1.el8_8.x86_64.rpm 28b7512bf2139756f3e4c5c8d63030a394ca7cf756032b8eb7e6ead7bf4ef9f8 RLBA-2023:3835 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.108 and Runtime 7.0.8 [rhel-8.8.0.z] (BZ#2216225) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.108 and Runtime 7.0.8 [rhel-8.8.0.z] (BZ#2216225) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.108-1.el8_8.x86_64.rpm 6dc0e16c46344672f7a8b9a8e67ac7dac89823678ea6030aca06a9e4502860ff RLSA-2023:4058 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The following packages have been upgraded to a later upstream version: dotnet7.0 (SDK 7.0.109, Runtime 7.0.9). (BZ#2219633) Security Fix(es): * dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method (CVE-2023-33170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The following packages have been upgraded to a later upstream version: dotnet7.0 (SDK 7.0.109, Runtime 7.0.9). (BZ#2219633) Security Fix(es): * dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method (CVE-2023-33170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.109-1.el8_8.x86_64.rpm 838c25c45f733df2093ab4c8acc9a9ee5e1bd144c4988ca600787df4d7846ab1 RLSA-2023:4059 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The following packages have been upgraded to a later upstream version: dotnet6.0 (SDK 6.0.120, Runtime 6.0.20). (BZ#2219639) Security Fix(es): * dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method (CVE-2023-33170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The following packages have been upgraded to a later upstream version: dotnet6.0 (SDK 6.0.120, Runtime 6.0.20). (BZ#2219639) Security Fix(es): * dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method (CVE-2023-33170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el8_8.x86_64.rpm 697395fa85e66b824b57748ec23d98c3257974d445b540de539f6b62afdfa843 RLSA-2023:5144 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22. Security Fix(es): * dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22. Security Fix(es): * dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.122-1.el8_8.x86_64.rpm fc9ffad32ca04a28c881697029105a0bde1120fc166ccb65231142cccd0aad78 RLSA-2023:5353 The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0800) * libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c (CVE-2023-0801) * libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c (CVE-2023-0802) * libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0803) * libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c (CVE-2023-0804) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0800) * libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c (CVE-2023-0801) * libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c (CVE-2023-0802) * libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0803) * libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c (CVE-2023-0804) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libtiff-tools-4.0.9-29.el8_8.x86_64.rpm 062f7bb7df5aa8c295930afa2029930dc69651fef47e8d35b11715e67ecf71ff RLSA-2023:5455 The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911) * glibc: Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) * glibc: potential use-after-free in getaddrinfo() (CVE-2023-4806) * glibc: potential use-after-free in gaih_inet() (CVE-2023-4813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911) * glibc: Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) * glibc: potential use-after-free in getaddrinfo() (CVE-2023-4806) * glibc: potential use-after-free in gaih_inet() (CVE-2023-4813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms glibc-benchtests-2.28-225.el8_8.6.x86_64.rpm 3f478eeedb3ce6729c1d39639dc4e6c664e31803c51b2fb2d48659b1d8d10360 glibc-nss-devel-2.28-225.el8_8.6.x86_64.rpm 52d389951440133dc40a49cd7e24e17bf33cb8026d0da8f20a120b84c42f40a6 glibc-static-2.28-225.el8_8.6.x86_64.rpm e6729e36911e2f9bf189648e3b5cac09338b8aefaebc3a9e69ae54ad450b967a nss_hesiod-2.28-225.el8_8.6.x86_64.rpm 3774d4b21539273bb838e5491ede4c00560f0b8337a0c453ccc9e3cdc15cc6a9 RLSA-2023:4517 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896) * kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281) * kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829) * kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235) * kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124) * kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * simultaneous writes to a page on xfs can result in zero-byte data (BZ#2184101) * Rocky Linux 8.4 - kernel: fix __clear_user() inline assembly constraints (BZ#2192602) * LPAR is crashed by Phyp when doing DLPAR CPU operations (BZ#2193375) * ice: ptp4l cpu usage spikes (BZ#2203285) * Kernel - Significant performance drop for getrandom system call when FIPS is enabled (compared to Rocky Linux 8.x for all x < 6.z) (BZ#2208127) * macvlan: backports from upstream (BZ#2209686) * Intel 8.9 BUG VROC: Pull VMD secondary bus reset patch (BZ#2211198) * Incorrect target abort handling causes iscsi deadlock (BZ#2211494) * swap deadlock when attempt to charge a page to a cgroup stalls waiting on I/O plugged on another task in swap code (BZ#2211513) * BUG_ON "kernel BUG at mm/rmap.c:1041!" in __page_set_anon_rmap() when vma->anon_vma==NULL (BZ#2211658) * Rocky Linux 8.9: IPMI updates and bug fixes (BZ#2211667) * Rocky Linux 8.6 opening console with mkvterm on novalink terminal fails due to drmgr reporting failure (L3:) (BZ#2212373) * Rocky Linux 8.8 - P10 DD2.0: Wrong numa_node is assigned to vpmem device (BZ#2212451) * Rocky Linux 8.8 beta: Occasional stall during initialization of ipmi_msghandler (BZ#2213189) * ESXi Rocky Linux 8: Haswell generation CPU are impacted with performance due to IBRS (BZ#2213366) * xen: fix section mismatch error with xen_callback_vector() and alloc_intr_gate() (BZ#2214281) * jitter: Fix RCT/APT health test during initialization (BZ#2215079) * aacraid misses interrupts when a CPU is disabled resulting in scsi timeouts and the adapter being unusable until reboot. (BZ#2216498) * Hyper-V Rocky Linux 8: Fix VM crash/hang Issues due to fast VF add/remove events (BZ#2216543) * rbd: avoid fast-diff corruption in snapshot-based mirroring [8.9] (BZ#2216769) * Regression of 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()") (BZ#2220810) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896) * kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281) * kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829) * kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235) * kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124) * kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * simultaneous writes to a page on xfs can result in zero-byte data (BZ#2184101) * Rocky Linux 8.4 - kernel: fix __clear_user() inline assembly constraints (BZ#2192602) * LPAR is crashed by Phyp when doing DLPAR CPU operations (BZ#2193375) * ice: ptp4l cpu usage spikes (BZ#2203285) * Kernel - Significant performance drop for getrandom system call when FIPS is enabled (compared to Rocky Linux 8.x for all x < 6.z) (BZ#2208127) * macvlan: backports from upstream (BZ#2209686) * Intel 8.9 BUG VROC: Pull VMD secondary bus reset patch (BZ#2211198) * Incorrect target abort handling causes iscsi deadlock (BZ#2211494) * swap deadlock when attempt to charge a page to a cgroup stalls waiting on I/O plugged on another task in swap code (BZ#2211513) * BUG_ON "kernel BUG at mm/rmap.c:1041!" in __page_set_anon_rmap() when vma->anon_vma==NULL (BZ#2211658) * Rocky Linux 8.9: IPMI updates and bug fixes (BZ#2211667) * Rocky Linux 8.6 opening console with mkvterm on novalink terminal fails due to drmgr reporting failure (L3:) (BZ#2212373) * Rocky Linux 8.8 - P10 DD2.0: Wrong numa_node is assigned to vpmem device (BZ#2212451) * Rocky Linux 8.8 beta: Occasional stall during initialization of ipmi_msghandler (BZ#2213189) * ESXi Rocky Linux 8: Haswell generation CPU are impacted with performance due to IBRS (BZ#2213366) * xen: fix section mismatch error with xen_callback_vector() and alloc_intr_gate() (BZ#2214281) * jitter: Fix RCT/APT health test during initialization (BZ#2215079) * aacraid misses interrupts when a CPU is disabled resulting in scsi timeouts and the adapter being unusable until reboot. (BZ#2216498) * Hyper-V Rocky Linux 8: Fix VM crash/hang Issues due to fast VF add/remove events (BZ#2216543) * rbd: avoid fast-diff corruption in snapshot-based mirroring [8.9] (BZ#2216769) * Regression of 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()") (BZ#2220810) rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-477.21.1.el8_8.x86_64.rpm 04d92077f9e483ab589186c1da8d761805f57ad607bf24a66e0fe74f795d8970 RLBA-2023:4518 The iscsi-initiator-utils packages provide the server daemon for the Internet Small Computer System Interface (iSCSI) protocol, as well as the utility programs used to manage it. The iSCSI protocol is a protocol for distributed disk access using SCSI commands sent over Internet Protocol (IP) networks. Bug Fix(es): * Patch3 reverts a patch merged upstream (BZ#2215111) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for iscsi-initiator-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The iscsi-initiator-utils packages provide the server daemon for the Internet Small Computer System Interface (iSCSI) protocol, as well as the utility programs used to manage it. The iSCSI protocol is a protocol for distributed disk access using SCSI commands sent over Internet Protocol (IP) networks. Bug Fix(es): * Patch3 reverts a patch merged upstream (BZ#2215111) rocky-linux-8-x86-64-powertools-rpms iscsi-initiator-utils-devel-6.2.1.4-8.git095f59c.el8_8.x86_64.rpm d2191cb50b3ee237c5048d0936b92b0a3bc048845d5c5e1bff764587c26ec50a RLBA-2023:4521 NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es): * VLAN of bond will not get autoconnect when bond port link revived. (BZ#2217899) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es): * VLAN of bond will not get autoconnect when bond port link revived. (BZ#2217899) rocky-linux-8-x86-64-powertools-rpms NetworkManager-libnm-devel-1.40.16-4.el8_8.x86_64.rpm e002bb2dbca7846bc5464bbdba91d4f9d3b7c699ce4ea69fc28a214258af82ec RLBA-2023:4525 The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es): * [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed'. (BZ#2196838) * SSSD enters failed state after heavy load in the system. (BZ#2219351) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es): * [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed'. (BZ#2196838) * SSSD enters failed state after heavy load in the system. (BZ#2219351) rocky-linux-8-x86-64-powertools-rpms libsss_nss_idmap-devel-2.8.2-3.el8_8.x86_64.rpm 22e7a65a41bf56a0e3b8086df044e959f7c9d46115cf417abc08f5992466f9f9 RLBA-2023:4528 The crash packages provide the core analysis suite, which is a self-contained tool that can be used to investigate live systems, as well as kernel core dumps created by the kexec-tools packages or the Rocky Linux kernel. Bug Fix(es): * The crash utility results in segmentation fault when non-panicking CPUs fail to get stopped at panic. (BZ#2213678) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for crash. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The crash packages provide the core analysis suite, which is a self-contained tool that can be used to investigate live systems, as well as kernel core dumps created by the kexec-tools packages or the Rocky Linux kernel. Bug Fix(es): * The crash utility results in segmentation fault when non-panicking CPUs fail to get stopped at panic. (BZ#2213678) rocky-linux-8-x86-64-powertools-rpms crash-devel-7.3.2-4.el8_8.1.x86_64.rpm 9c1e9d6715ce3df7a833885ae0c82b6b792c6fbabd6cdd97f176878f21cf7c79 RLBA-2023:4533 Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es): * Barcode scanner result is not shown correctly on gnome-terminal. (BZ#2218521) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mutter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es): * Barcode scanner result is not shown correctly on gnome-terminal. (BZ#2218521) rocky-linux-8-x86-64-powertools-rpms mutter-devel-3.32.2-70.el8_8.x86_64.rpm b64c0df6ad0b393a6d6ee710ab3052f03dfa48290829e4f03d9cf95756df8c95 RLBA-2023:4538 For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms java-11-openjdk-demo-fastdebug-11.0.20.0.8-3.el8_8.x86_64.rpm e81eb7947d7709454a5c01946e5631a43b3d16c93042a9672ae0760cabfa899d java-11-openjdk-demo-slowdebug-11.0.20.0.8-3.el8_8.x86_64.rpm 7f8ce40ddaa1303939a2c1e131196bdc0cfcc906cd4a2f688ef6401de09a6dad java-11-openjdk-devel-fastdebug-11.0.20.0.8-3.el8_8.x86_64.rpm 02a8ca36ebd23f9f6c3a96aeb12eb578bbd4f4c911b8618d556f742c229ed4ab java-11-openjdk-devel-slowdebug-11.0.20.0.8-3.el8_8.x86_64.rpm ee04ac319ef33e07fa497077c8f596fd04757873f8219d02ad9b763bbfa926cf java-11-openjdk-fastdebug-11.0.20.0.8-3.el8_8.x86_64.rpm 41c5ee08ded99402949e8c04dee12c1190451d8cb385ebdfe1c1082f3ac2e012 java-11-openjdk-headless-fastdebug-11.0.20.0.8-3.el8_8.x86_64.rpm 81cd3763fd819b3b972609c7019eb8364874b63c07a2f118a304d26711abd22a java-11-openjdk-headless-slowdebug-11.0.20.0.8-3.el8_8.x86_64.rpm 1dffb013ef8d8f543d5c6efff8cf33088f645ccef3bd05ba387d8aab905b1be3 java-11-openjdk-jmods-fastdebug-11.0.20.0.8-3.el8_8.x86_64.rpm 03b062455aabfffa185d16dadfb76aa9eedd924462d16669c7a0a1e253d0574d java-11-openjdk-jmods-slowdebug-11.0.20.0.8-3.el8_8.x86_64.rpm 58db616f76258ede8b8d81316426dd85a05954dce0f35c04313d3f0749be2861 java-11-openjdk-slowdebug-11.0.20.0.8-3.el8_8.x86_64.rpm 9e69b71f1a327cd287f2834403d501f9d157889f4e4cc874eba98ccad7660b6f java-11-openjdk-src-fastdebug-11.0.20.0.8-3.el8_8.x86_64.rpm ad29085f2103b5a6a5075685405301e0b54671abbe276ccdc59a49faf3ce83fa java-11-openjdk-src-slowdebug-11.0.20.0.8-3.el8_8.x86_64.rpm c47918ca6c3da51f3bf919a02f617a8f30c025770b05740bfa4c2fdb75cdd681 java-11-openjdk-static-libs-fastdebug-11.0.20.0.8-3.el8_8.x86_64.rpm 8003739e8e6fd9f5bf2d0a82324aacf9395c466eb71ce0ec4600d8256e6c8e89 java-11-openjdk-static-libs-slowdebug-11.0.20.0.8-3.el8_8.x86_64.rpm b3bdd5708afa907df44bba69ce9f67beb3ae5683dfec44b4c39b42f86cbe794d RLSA-2023:4643 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10. Security Fix(es): * dotnet: RCE under dotnet commands (CVE-2023-35390) * dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10. Security Fix(es): * dotnet: RCE under dotnet commands (CVE-2023-35390) * dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.110-1.el8_8.x86_64.rpm b2d81021ddccf1227459f3195a9a5376fa86e2af10d0e59d71f219d43d6ddbc0 RLSA-2023:4645 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Security Fix(es): * dotnet: RCE under dotnet commands (CVE-2023-35390) * dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Security Fix(es): * dotnet: RCE under dotnet commands (CVE-2023-35390) * dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_8.x86_64.rpm 2af9f05cd8682a6015e9f9d4335d82f2a8ae5e308cbb7d1841ed5b9333c49a29 RLSA-2023:6245 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.124 and .NET Runtime 6.0.24. Security Fix(es): * dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.124 and .NET Runtime 6.0.24. Security Fix(es): * dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.124-1.el8_8.x86_64.rpm 8c2e38f40e097e6be6fdf9210685fbd3ffbeba55d352edb4437b7635786c3c81 RLBA-2023:7185 For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nftables. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms nftables-devel-1.0.4-3.el8_9.x86_64.rpm 7a82b7f1c64b2ed529cb381c3def0574cf96b67f0e7e18093e60ecb1988fb9b0 RLBA-2023:7186 For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for util-linux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libmount-devel-2.32.1-43.el8.x86_64.rpm a29c93888d397a8e065849e028488b443041e1650a2453f8415bc654d028ddcb RLSA-2023:7187 The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix(es): * procps: ps buffer overflow (CVE-2023-4016) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for procps-ng. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix(es): * procps: ps buffer overflow (CVE-2023-4016) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms procps-ng-devel-3.3.15-14.el8.x86_64.rpm a6a52362c7ee4d5001d0773f41794688b0405fdb053455ae77ae9b0c98b53500 RLSA-2023:7189 The fwupd packages provide a service that allows session software to update device firmware. Security Fix(es): * fwupd: world readable password in /etc/fwupd/redfish.conf (CVE-2022-3287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for fwupd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The fwupd packages provide a service that allows session software to update device firmware. Security Fix(es): * fwupd: world readable password in /etc/fwupd/redfish.conf (CVE-2022-3287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms fwupd-devel-1.7.8-2.el8.rocky.0.1.x86_64.rpm 2923674cff68296dfcbf30c133b7753039adf3bc502ceaec6220c565565ea94b RLSA-2023:7190 Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers. Security Fix(es): * avahi: avahi-daemon can be crashed via DBus (CVE-2023-1981) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for avahi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers. Security Fix(es): * avahi: avahi-daemon can be crashed via DBus (CVE-2023-1981) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms avahi-compat-howl-0.7-21.el8.x86_64.rpm 9a243764522470b9d726a60e74c9837d249fc968af64007d91f495e5a5fa608e avahi-compat-howl-devel-0.7-21.el8.x86_64.rpm 144d95ffb6d1d4fdbe289094fe18e18aff0ea35a00a62708279c18adbfc7fcff avahi-compat-libdns_sd-0.7-21.el8.x86_64.rpm c9f82f6603bc7737d7657c28614b084411d4d00282890d851dcfae12b0503e75 avahi-compat-libdns_sd-devel-0.7-21.el8.x86_64.rpm 50c084b5ff4389fd70443c83eaffa4986e7176854588ef96557e18680786934e avahi-devel-0.7-21.el8.x86_64.rpm b9599b296eaf67308a529da784c5ea948d31a7734366c5efa98f7dc522367d9a avahi-glib-devel-0.7-21.el8.x86_64.rpm 26f14b15568ccdb2451fed27e16a87b0879b5540d09b220e98aacc9ca2c1fbd7 avahi-gobject-devel-0.7-21.el8.x86_64.rpm b86abcf7f32deafd568c6735de5e9793de692199db53ed11392c95837b4f3166 avahi-ui-0.7-21.el8.x86_64.rpm 87f3be4b37b6376b28564d0703a9e5ba5168664d4243d664539da7699d7d2d3a avahi-ui-devel-0.7-21.el8.x86_64.rpm feda7f22333cd14973d8ca77c39f1ea3ad42a3e848e502212eafa08f3b7ea657 RLBA-2023:7191 For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for lvm2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms device-mapper-devel-1.02.181-13.el8_9.x86_64.rpm 26d78e6065af5689132e63b05e55c681afff972b7866413c6a756b29731001ba device-mapper-event-devel-1.02.181-13.el8_9.x86_64.rpm 662902b69dbabd675675072b039de064e4c5e38960d8a0a9ee9fa66b480b3adf lvm2-devel-2.03.14-13.el8_9.x86_64.rpm 63ed7a335cf0d4161d2b04809a72046ae3ca4262674adb9e6df3246c6e728ac3 RLBA-2023:7210 The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es): * dbus and crond getting terminated with SIGBUS in sss_client code (BZ#2236414) * SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7) (BZ#2237302) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es): * dbus and crond getting terminated with SIGBUS in sss_client code (BZ#2236414) * SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7) (BZ#2237302) rocky-linux-8-x86-64-powertools-rpms libsss_nss_idmap-devel-2.9.1-4.el8_9.x86_64.rpm 546c6e7bd2edbdf1c95be7443ab048c9360dbade67cfb83933d9aa531fbf996a RLSA-2023:7057 Yet Another JSON Library (YAJL) is a small event-driven (SAX-style) JSON parser written in ANSI C, and a small validating JSON generator. Security Fix(es): * yajl: Memory leak in yajl_tree_parse function (CVE-2023-33460) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for yajl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Yet Another JSON Library (YAJL) is a small event-driven (SAX-style) JSON parser written in ANSI C, and a small validating JSON generator. Security Fix(es): * yajl: Memory leak in yajl_tree_parse function (CVE-2023-33460) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms yajl-devel-2.1.0-12.el8.x86_64.rpm 98c1d696f817bd8a3562aeed78052052f22813be4629c984632b6a750ba45161 RLBA-2023:7204 Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es): * Do not use DMA-BUFs for screensharing when the other side doesn't support it (JIRA:Rocky Linux-11227) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mutter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es): * Do not use DMA-BUFs for screensharing when the other side doesn't support it (JIRA:Rocky Linux-11227) rocky-linux-8-x86-64-powertools-rpms mutter-devel-3.32.2-71.el8_9.1.x86_64.rpm 63e0f4f18d4a46ba74ed169a68ed07c70a342bbc64bc4224ed90787872244aab RLSA-2023:7841 GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_9.x86_64.rpm 4a24a86ebc7218fdb8b432f76d0457d8eb7d525c22f68425b7ff35b70ea9ca2a RLSA-2024:0827 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.102 and .NET Runtime 8.0.2. Security Fix(es): * dotnet: Denial of Service in SignalR server (CVE-2024-21386) * dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.102 and .NET Runtime 8.0.2. Security Fix(es): * dotnet: Denial of Service in SignalR server (CVE-2024-21386) * dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.102-2.el8_9.x86_64.rpm db90a2f9ec63ce2be3de3406cf10a7f4b9cb92eeaa067ce57919807d33b0c018 RLBA-2024:1298 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK SDK_VERSION and .NET Runtime RUNTIME_VERSION. Bug Fix(es): * Update .NET 6.0 to SDK 6.0.128 and Runtime 6.0.28 [rhel-8.9.0.z] (Rocky Linux-27538) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK SDK_VERSION and .NET Runtime RUNTIME_VERSION. Bug Fix(es): * Update .NET 6.0 to SDK 6.0.128 and Runtime 6.0.28 [rhel-8.9.0.z] (Rocky Linux-27538) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.128-1.el8_9.x86_64.rpm 8ff99d869297d125067192592ff52a56a11f65cbbc568c96e39bb61134078514 RLSA-2024:1308 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.117 and .NET Runtime 7.0.17. Security Fix(es): * dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.117 and .NET Runtime 7.0.17. Security Fix(es): * dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.117-1.el8_9.x86_64.rpm 6eef0cd46e7e4764cbb87b44423b9f3c17a65ff2fcb4bc1fdeabd23f8cd35e16 RLSA-2024:1311 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3. Security Fix(es): * dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3. Security Fix(es): * dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.103-1.el8_9.x86_64.rpm 6b9a958e72e806473c8cbb718bc928e0ddb807590bb3b03b45ffd8dcfb760238 RLSA-2024:1514 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185) * libreoffice: Insufficient macro permission validation leading to macro execution (CVE-2023-6186) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185) * libreoffice: Insufficient macro permission validation leading to macro execution (CVE-2023-6186) rocky-linux-8-x86-64-powertools-rpms libreoffice-sdk-6.4.7.2-16.el8_9.x86_64.rpm eeb8e7b2df1edf17c97f974598bfc6f46a93222668b9a5aa842cb9dab1207838 libreoffice-sdk-doc-6.4.7.2-16.el8_9.x86_64.rpm 3e10746298ec33b145fe483094b447134ab7a107b2203eb04448b4082ecd88cb RLBA-2024:1604 NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es): * Reapply of device network update DNS changes retrieved from DHCPv4 to /etc/resolv.conf (JIRA:Rocky Linux-20600) * [FJ8.7 Bug]: Suppress NetworkManager's harmless warning when IPv6 is disabled at kernel level (JIRA:Rocky Linux-24968) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Bug Fix(es): * Reapply of device network update DNS changes retrieved from DHCPv4 to /etc/resolv.conf (JIRA:Rocky Linux-20600) * [FJ8.7 Bug]: Suppress NetworkManager's harmless warning when IPv6 is disabled at kernel level (JIRA:Rocky Linux-24968) rocky-linux-8-x86-64-powertools-rpms NetworkManager-libnm-devel-1.40.16-15.el8_9.x86_64.rpm 63456e96cbf24e09d4c2d384dc8947a73f53d7337a473f6cb69107997dc98db7 RLBA-2024:1606 The util-linux packages contain a large variety of low-level system utilities necessary for a Linux system to function. Among others, these include the libuuid and uuidd daemon. Bug Fix(es): * lscpu throws EBUSY error if cpu is offline [rhel-8.9.0.z] (JIRA:Rocky Linux-21562) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for util-linux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The util-linux packages contain a large variety of low-level system utilities necessary for a Linux system to function. Among others, these include the libuuid and uuidd daemon. Bug Fix(es): * lscpu throws EBUSY error if cpu is offline [rhel-8.9.0.z] (JIRA:Rocky Linux-21562) rocky-linux-8-x86-64-powertools-rpms libmount-devel-2.32.1-44.el8_9.1.x86_64.rpm 1ca8113caf2ccb99bdeea9f1ba4468e73cfe45b3ac0431e26b6b527ceece6906 RLSA-2024:1607 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096) * kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931) * kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527) * kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565) * kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042) * kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631) * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) Bug Fix(es): * OCP 4.12 crashed due to use-after-free in libceph in rhel8 (JIRA:Rocky Linux-21394) * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:Rocky Linux-24010) * Screen floods with random colour suggesting something not initialised (JIRA:Rocky Linux-21055) * kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:Rocky Linux-22766) * tx-checksumming required for accessing port in OpenShift for Rocky Linux 8.6 (JIRA:Rocky Linux-20822) * kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:Rocky Linux-22077) * kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:Rocky Linux-22930) * rbd: don't move requests to the running list on errors [8.x] (JIRA:Rocky Linux-24204) * kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (JIRA:Rocky Linux-24479) * ceph: several cap and snap fixes (JIRA:Rocky Linux-20909) * [RHVH] Migration hangs between RHVH release bellow 4.5.1 and RHVH over or equal 4.5.2 release (JIRA:Rocky Linux-23063) * unable to access smsc95xx based interface unless you start outgoing traffic. (JIRA:Rocky Linux-25719) * [Rocky Linux8] ] BUG bio-696 (Not tainted): Poison overwritten (JIRA:Rocky Linux-26101) * kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:Rocky Linux-19954) * backport smartpqi: fix disable_managed_interrupts (JIRA:Rocky Linux-26139) * kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:Rocky Linux-26331) * ceph: always check dir caps asynchronously (JIRA:Rocky Linux-27496) Enhancement(s): * [IBM 8.10 FEAT] Upgrade the qeth driver to latest from upstream, e.g. kernel 6.4 (JIRA:Rocky Linux-25811) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096) * kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931) * kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527) * kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565) * kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042) * kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631) * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) Bug Fix(es): * OCP 4.12 crashed due to use-after-free in libceph in rhel8 (JIRA:Rocky Linux-21394) * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:Rocky Linux-24010) * Screen floods with random colour suggesting something not initialised (JIRA:Rocky Linux-21055) * kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:Rocky Linux-22766) * tx-checksumming required for accessing port in OpenShift for Rocky Linux 8.6 (JIRA:Rocky Linux-20822) * kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:Rocky Linux-22077) * kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:Rocky Linux-22930) * rbd: don't move requests to the running list on errors [8.x] (JIRA:Rocky Linux-24204) * kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (JIRA:Rocky Linux-24479) * ceph: several cap and snap fixes (JIRA:Rocky Linux-20909) * [RHVH] Migration hangs between RHVH release bellow 4.5.1 and RHVH over or equal 4.5.2 release (JIRA:Rocky Linux-23063) * unable to access smsc95xx based interface unless you start outgoing traffic. (JIRA:Rocky Linux-25719) * [Rocky Linux8] ] BUG bio-696 (Not tainted): Poison overwritten (JIRA:Rocky Linux-26101) * kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:Rocky Linux-19954) * backport smartpqi: fix disable_managed_interrupts (JIRA:Rocky Linux-26139) * kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:Rocky Linux-26331) * ceph: always check dir caps asynchronously (JIRA:Rocky Linux-27496) Enhancement(s): * [IBM 8.10 FEAT] Upgrade the qeth driver to latest from upstream, e.g. kernel 6.4 (JIRA:Rocky Linux-25811) rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-513.24.1.el8_9.x86_64.rpm b82404a46c1228515fd62c1cab255423f5c3a7cbf29a4204d14d8aef36df51fb RLSA-2024:1608 The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities. Security Fix(es): * opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) (CVE-2024-0914) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities. Security Fix(es): * opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) (CVE-2024-0914) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms opencryptoki-devel-3.21.0-10.el8_9.x86_64.rpm 50c10b959ee10b4a92f21d70bcc217a277ab27485e2b610098c308c77d01c312 RLBA-2024:1600 Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. Bug Fix(es): * Evolution - Composer: Cursor jumps to the starting line when "return" key is pressed at the end of the line. (JIRA:Rocky Linux-29199) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for evolution. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. Bug Fix(es): * Evolution - Composer: Cursor jumps to the starting line when "return" key is pressed at the end of the line. (JIRA:Rocky Linux-29199) rocky-linux-8-x86-64-powertools-rpms evolution-devel-3.28.5-25.el8_9.x86_64.rpm ee3d466f1e4bdf38b361550e2caf3083e7df4e4dbf0def7afe89a33bc7e68752 RLBA-2024:1732 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.129 and Runtime 6.0.29 [rhel-8.9.0.z] (Rocky Linux-31196) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.129 and Runtime 6.0.29 [rhel-8.9.0.z] (Rocky Linux-31196) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.129-1.el8_9.x86_64.rpm 203aab86e528d336fd802324bf6e01ab1d97c425bff0d4c6c8e410270b694187 RLBA-2024:1733 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 8.0 to SDK 8.0.104 and Runtime 8.0.4 [rhel-8.9.0.z] (Rocky Linux-31206) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 8.0 to SDK 8.0.104 and Runtime 8.0.4 [rhel-8.9.0.z] (Rocky Linux-31206) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.104-1.el8_9.x86_64.rpm 4671ca368e26bd15aa48060fa0a91bf421f0380af5f1417865e872b9b39ae046 RLBA-2024:1735 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.118 and Runtime 7.0.18 [rhel-8.9.0.z] (Rocky Linux-31201) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 7.0 to SDK 7.0.118 and Runtime 7.0.18 [rhel-8.9.0.z] (Rocky Linux-31201) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.118-1.el8_9.x86_64.rpm e73e0c273e54bb4b21beeda91b6403846d5bacb6cb6a5e72b998cf4091c10cd1 RLSA-2024:1781 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408) * bind9: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled (CVE-2023-5517) * bind9: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution (CVE-2023-5679) * bind9: Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516) * bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387) * bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for bind9.16. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408) * bind9: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled (CVE-2023-5517) * bind9: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution (CVE-2023-5679) * bind9: Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516) * bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387) * bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms bind9.16-devel-9.16.23-0.16.el8_9.2.x86_64.rpm e50199ba644a48c4b4674d75fd15ba7c73835c29ec7f7892ca02599313f23ebf bind9.16-doc-9.16.23-0.16.el8_9.2.noarch.rpm fdf475d9a7194a0f0cdd62be2525f5de6c5bc07c479703021b816dc63c52e047 RLSA-2024:1818 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) * OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068) * OpenJDK: Pack200 excessive memory allocation (8322114) (CVE-2024-21085) * OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507) (CVE-2024-21094) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-1.8.0-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) * OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068) * OpenJDK: Pack200 excessive memory allocation (8322114) (CVE-2024-21085) * OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507) (CVE-2024-21094) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.412.b08-2.el8.x86_64.rpm 27e5907e05854883759a4059383a0bfd99093db13a5de88c5735dc6ff820023f java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.412.b08-2.el8.x86_64.rpm 39ab8d286484e87a5cd1b514501458d2d1d4877a0949582f7dbca5890ca3805f java-1.8.0-openjdk-demo-fastdebug-1.8.0.412.b08-2.el8.x86_64.rpm 51ad3be49cdee55707819ed66e2d1fef36e78b5408f5e2c219ee5eb720c31d8b java-1.8.0-openjdk-demo-slowdebug-1.8.0.412.b08-2.el8.x86_64.rpm d50b7de677af9765c0a742d0efe87258f12e0f56096959e69213582e8daec459 java-1.8.0-openjdk-devel-fastdebug-1.8.0.412.b08-2.el8.x86_64.rpm 440f7b492abb61f07be1eab3abdc032b5ae90eaeb488548b9ab8d454f9d55864 java-1.8.0-openjdk-devel-slowdebug-1.8.0.412.b08-2.el8.x86_64.rpm fa473e7c09a2deec6ac07bab725b7e4934bae386e6a7ed389de8e679876f49ea java-1.8.0-openjdk-fastdebug-1.8.0.412.b08-2.el8.x86_64.rpm 8de84183c058ecfffb0b45fb6625766c934cbaeadbff20af686ce68677019aa1 java-1.8.0-openjdk-headless-fastdebug-1.8.0.412.b08-2.el8.x86_64.rpm f253e298a4b5aa1fa1b81dd504ec3e6a76bee67acc09a47e7b9d793a5be047a6 java-1.8.0-openjdk-headless-slowdebug-1.8.0.412.b08-2.el8.x86_64.rpm 95bc342b18906a659a6511deb7dc9c2903d2623f8a969bce5560c2484b90eab7 java-1.8.0-openjdk-slowdebug-1.8.0.412.b08-2.el8.x86_64.rpm 30868b02684b1014c4aacf8c78a5ec4d6fc5a1eabad36b9cffcc0b04d4daee45 java-1.8.0-openjdk-src-fastdebug-1.8.0.412.b08-2.el8.x86_64.rpm 9f13d8b4e12fe5ebee1d59f10aff00ec944fbd02f7faf6472ed75ed5f95bf807 java-1.8.0-openjdk-src-slowdebug-1.8.0.412.b08-2.el8.x86_64.rpm a8fe89ab4a6adaa943c22e2cf4f6c59e913d3fc3ecc8a0d0915d7f5993821bf6 RLSA-2024:1828 The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) * OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068) * OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708) (CVE-2024-21012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-21-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) * OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068) * OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708) (CVE-2024-21012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms java-21-openjdk-demo-fastdebug-21.0.3.0.9-1.el8.x86_64.rpm 30f655c562fc1157b33d88154742a6b923eff14caad3c430d76821d709094df8 java-21-openjdk-demo-slowdebug-21.0.3.0.9-1.el8.x86_64.rpm fdbb1a388d0fc653e6e92543b906277a22fe1cfd31c8614be9cc4b38b1b16358 java-21-openjdk-devel-fastdebug-21.0.3.0.9-1.el8.x86_64.rpm 9434ef4c38c11516ab241e9b6a9cb2b31c61d0fadf8ba7deafcf5e2e3cae5e81 java-21-openjdk-devel-slowdebug-21.0.3.0.9-1.el8.x86_64.rpm be0d5c6eb13cdabbc3cf6d7523ea69424f970802830bd8d8f61b122362afceba java-21-openjdk-fastdebug-21.0.3.0.9-1.el8.x86_64.rpm dfe25fb07b493da5f91b2598cc0eb6f21b12bbc473c577cfcd3b41853cf2da08 java-21-openjdk-headless-fastdebug-21.0.3.0.9-1.el8.x86_64.rpm 75e0338b524d53989e5c44584a129ce2462177b0d4ecc5f6bb58a63797837823 java-21-openjdk-headless-slowdebug-21.0.3.0.9-1.el8.x86_64.rpm 07677966f6ce53af5e9c37a149cf5b7e8160f4469f1bf88fc4f01d223b6f36e0 java-21-openjdk-jmods-fastdebug-21.0.3.0.9-1.el8.x86_64.rpm 467de884a7303a6af65f35e10e07418921ee87558e671ccfbb27f2b90617df7a java-21-openjdk-jmods-slowdebug-21.0.3.0.9-1.el8.x86_64.rpm 2737a76180df0b46a35bb2058f181fa8c6205c308ca54f6434e6a055a50a97f6 java-21-openjdk-slowdebug-21.0.3.0.9-1.el8.x86_64.rpm f715ecd4221b3133af719efa8ed1d82584069a2d1a6a566678f16d9e1bcf010e java-21-openjdk-src-fastdebug-21.0.3.0.9-1.el8.x86_64.rpm d31f9199fa642dc92f1e36597c3b0165731524853ce88ec6ad442c667b4c667e java-21-openjdk-src-slowdebug-21.0.3.0.9-1.el8.x86_64.rpm afeabec924838bec68d05d73d89fd661c197e46c197b1e6b17a7dce2b867031f java-21-openjdk-static-libs-fastdebug-21.0.3.0.9-1.el8.x86_64.rpm 760ab2b1fa5856f0ac530139c1d09fb3c0acbaa567d871dc70ec78b5cf9befe1 java-21-openjdk-static-libs-slowdebug-21.0.3.0.9-1.el8.x86_64.rpm 7acb82d283e8bf6efa5ae2d80b7962be74ec3548e36cfd73135063d36446a6bf RLSA-2024:1822 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) * OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068) * OpenJDK: Pack200 excessive memory allocation (8322114) (CVE-2024-21085) * OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507) (CVE-2024-21094) * OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708) (CVE-2024-21012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) * OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068) * OpenJDK: Pack200 excessive memory allocation (8322114) (CVE-2024-21085) * OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507) (CVE-2024-21094) * OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708) (CVE-2024-21012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms java-11-openjdk-demo-fastdebug-11.0.23.0.9-3.el8.x86_64.rpm 2f307f51f8f02a94e17fdf43eb88699b6d14f4d3b411897992b3cd82b3d4bc96 java-11-openjdk-demo-slowdebug-11.0.23.0.9-3.el8.x86_64.rpm a0d95746bad5e156fb078ab236f469029f94d3d1ffb1854af426f78ca9102842 java-11-openjdk-devel-fastdebug-11.0.23.0.9-3.el8.x86_64.rpm 5b149692801216a188ca6ada7a6938844d6ef9c8fe5280dd5ac0bf43d3d0133b java-11-openjdk-devel-slowdebug-11.0.23.0.9-3.el8.x86_64.rpm fb46ed91f38a5b56e17b89b4e05410c385e98e3d1ac403178f0198c02770437c java-11-openjdk-fastdebug-11.0.23.0.9-3.el8.x86_64.rpm 3c8f9d78bee0a8bd8d05cac87d91714893e8c8dac00b3a55cf3f78ed4e3a584c java-11-openjdk-headless-fastdebug-11.0.23.0.9-3.el8.x86_64.rpm 3dc51c2c7b4e627e2ef822be026cbc26675c9a9ae9b4079b16792e12c9e9555f java-11-openjdk-headless-slowdebug-11.0.23.0.9-3.el8.x86_64.rpm b82d536bc087d1d2aa62d01643db5aba80693a0464d12b97818617829e405498 java-11-openjdk-jmods-fastdebug-11.0.23.0.9-3.el8.x86_64.rpm b529ae9b4973aef0c4bc04ac3e68545ac7721d6808d93009c4ae652aa5307936 java-11-openjdk-jmods-slowdebug-11.0.23.0.9-3.el8.x86_64.rpm ad6ee5987e86f217232a89f85d33e1f5ad529629a2742b84d0871fae79552b10 java-11-openjdk-slowdebug-11.0.23.0.9-3.el8.x86_64.rpm bb50491a620e08e5b3efd0e09c5de2eb8bf692b3d417fa89e8f18038494fbf1f java-11-openjdk-src-fastdebug-11.0.23.0.9-3.el8.x86_64.rpm 68a0535f31ef3e3d4601e93c354859473882422c0a2bc194dc9e603f9dc11ed5 java-11-openjdk-src-slowdebug-11.0.23.0.9-3.el8.x86_64.rpm a8dbfa0b997e0a0b06e67a1423962332ef199ebc71d4fd6cc8a33ef795c1087e java-11-openjdk-static-libs-fastdebug-11.0.23.0.9-3.el8.x86_64.rpm 2a21f703c5b837b571aaa559f383fd36eeba4332981c0e9f57a35de287d0dd0b java-11-openjdk-static-libs-slowdebug-11.0.23.0.9-3.el8.x86_64.rpm b6338557066fcf7d28069e52c5eadf35ba0cee70318651001d5f5800020fa552 RLSA-2024:2722 The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Out of bounds write in iconv may lead to remote code execution (CVE-2024-2961) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Out of bounds write in iconv may lead to remote code execution (CVE-2024-2961) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms glibc-benchtests-2.28-236.el8_9.13.x86_64.rpm 34b3deb35c7df8e7a453edffd56a1ce2263ef73c720dd39474498af183ee8262 glibc-nss-devel-2.28-236.el8_9.13.x86_64.rpm 45113e0175e008501e175553e2d130c54271e245ab9bdda5191105a284bdfd9d glibc-static-2.28-236.el8_9.13.x86_64.rpm 02eac28a7fda9f3541b880ae896582765f875a8293165ca351b7b24b6d385e9e nss_hesiod-2.28-236.el8_9.13.x86_64.rpm 61dd44cafc22e4b6f467afa76c8b4e33b536352d13ee5d6269e55cf880a4727f RLBA-2024:1602 nftables provides a packet-filtering tool, with numerous improvements in convenience, features, and performance. It is the designated successor to iptables, ip6tables, arptables and ebtables. Bug Fix(es): * nftables counter (JIRA:Rocky Linux-2596) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nftables. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

nftables provides a packet-filtering tool, with numerous improvements in convenience, features, and performance. It is the designated successor to iptables, ip6tables, arptables and ebtables. Bug Fix(es): * nftables counter (JIRA:Rocky Linux-2596) rocky-linux-8-x86-64-powertools-rpms nftables-devel-1.0.4-4.el8.x86_64.rpm 5aa97293c319798efcb26015e7ee5a3bb0977b8e80a334f4db18d5ba6c740fd4 RLBA-2024:3137 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libtracefs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libtracefs-devel-1.3.1-3.el8.x86_64.rpm c74e96f123c850038e7fa8fc55be4f30a68cfb6667edd38bee15772f8dc1e1a5 RLSA-2024:3138 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-553.el8_10.x86_64.rpm bf7f59b8e8c7ee5d47831dab3ec9d8179230a173628be2d7fd4c4e23acdfdc4a RLBA-2024:3152 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms glibc-benchtests-2.28-251.el8_10.2.x86_64.rpm 818cf1fc52bda5bca6886ada55b657bea44662a53cc30db3f197a0c255dc39db glibc-nss-devel-2.28-251.el8_10.2.x86_64.rpm d5032fbcec5b5fd1f9024d75ee473d8e7e691cd632e7eb44b9927b941d94b008 glibc-static-2.28-251.el8_10.2.x86_64.rpm f78250d9cb61844e1ffcb77281c473c75ebd9675b49613dbba60a3b8b85665bc nss_hesiod-2.28-251.el8_10.2.x86_64.rpm cf14bb3abeaf0ada49dbb06c01bd6dfac56ce3fc2003925a70604dff887f15ac RLBA-2024:3179 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for avahi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms avahi-compat-howl-0.7-27.el8.x86_64.rpm 245c813b493d9d3f17ef04f211aa241e27feb5e8f81b5464fecfa9fddf8f28b9 avahi-compat-howl-devel-0.7-27.el8.x86_64.rpm e08596cd79a6bbb6eb8303d7e6f76cfb332b2508ca0eb975a73fc49f9f6519b4 avahi-compat-libdns_sd-0.7-27.el8.x86_64.rpm 6baf197678730b8af25133a73d29b56a934e025560bd906b8d2b7eba15c09b3c avahi-compat-libdns_sd-devel-0.7-27.el8.x86_64.rpm e853ce704222390b834182047ee5c1b9b5aefbd20fe731fb60f6b2df4a495db8 avahi-devel-0.7-27.el8.x86_64.rpm c6dd30d67053be941c659ee7284724cc3fbc3a795698dfc57901070220223991 avahi-glib-devel-0.7-27.el8.x86_64.rpm fec2f804ad530349348b7b9b4c5a50e08982329c53bbff066baabcde9ecf8aaa avahi-gobject-devel-0.7-27.el8.x86_64.rpm 5b8937c4498936262c6b49257822bd567aa4bd3c689ee81510b041a33bf46b24 avahi-ui-0.7-27.el8.x86_64.rpm caf1937c1f4571e05fe4ce8b1616feeff3633722058be5e4411f99824c042bbb avahi-ui-devel-0.7-27.el8.x86_64.rpm 654a979aff8ea1edd8e42d072a53b691eb4c9232b4d56b621262624d6f9d0d46 RLBA-2024:3186 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libldb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms python3-ldb-devel-2.8.0-0.el8.x86_64.rpm ca6531f1e400b1d303350b72c6d238eabe059ca8b5ca32b1a138aaaba2c72b60 python-ldb-devel-common-2.8.0-0.el8.x86_64.rpm 437e9b64dcdb33df47062d9fc2951df3462b010dce5cc1bf2373e6591f5eb280 RLBA-2024:3190 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for trousers. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms trousers-devel-0.3.15-2.el8.x86_64.rpm 41adb7a7207e6861b106bbcdde6746d6e46bc2fecf3f77ff1b38b9c3f610963d RLBA-2024:3197 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for librepo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms librepo-devel-1.14.2-5.el8.x86_64.rpm ca671f129cdda5e0807172d6c8032063254dabfeff065a5ced7a781a2121cf74 RLBA-2024:3199 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms opencryptoki-devel-3.22.0-3.el8.x86_64.rpm 70c9624c3c0f54dc9897df22de66c809f2d762b4649552024c4c97e7d4189393 RLEA-2024:3227 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for intel-cmt-cat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms intel-cmt-cat-devel-23.11-1.el8.x86_64.rpm 15c2de2e447d2ae231e6961e3eb3af10fc67b1c22a743a5e8329c624d1d5cb0c RLBA-2024:3230 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for file. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms file-devel-5.33-26.el8.x86_64.rpm d31ada501500fd05c502238235014e0d6ecc65bb4de31dd4b284dd9bb0d3c265 RLBA-2024:3237 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for bash. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms bash-devel-4.4.20-5.el8.x86_64.rpm badcb52f348f8782ae0ddf74eb12efecb355fa578be4755b3cb3ec546c36796d RLBA-2024:3232 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for freeipmi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms freeipmi-devel-1.6.14-2.el8.x86_64.rpm d114dd4bc785cc992e41933f402d4a302deec5a226da6abcac7c240d97e580fd RLEA-2024:3235 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for iproute. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms iproute-devel-6.2.0-6.el8_10.x86_64.rpm fca8a4b8923340c605e1c71d75bea96d54095cb213bc3885685b285ebef0a46e RLSA-2024:3270 The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: Race condition during authorization leads to GPO policies functioning inconsistently (CVE-2023-3758) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: Race condition during authorization leads to GPO policies functioning inconsistently (CVE-2023-3758) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libsss_nss_idmap-devel-2.9.4-3.el8_10.x86_64.rpm ccc70e3c3f004268fb60cc17fad1d30210a9d0b9d4e7f681af27e90eff72ebf2 RLBA-2024:3272 The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Bug Fix(es): * Rocky Linux8.9 - Internal compiler error compiling small testcase [rhel-8.10.z] (JIRA:Rocky Linux-33426) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Bug Fix(es): * Rocky Linux8.9 - Internal compiler error compiling small testcase [rhel-8.10.z] (JIRA:Rocky Linux-33426) rocky-linux-8-x86-64-powertools-rpms gcc-plugin-devel-8.5.0-22.el8_10.x86_64.rpm e3f56972fbf601c2006df237ff5ce3f9c0909ed52d575565965ca2fb9f6cc187 libstdc++-static-8.5.0-22.el8_10.x86_64.rpm 8649ddc34646f8b1aac3fa939f4ec08ba60680fdbbf9c91409053a2bef1d1d48 RLSA-2024:3341 The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): * gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for gdk-pixbuf2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): * gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms gdk-pixbuf2-xlib-2.36.12-6.el8_10.x86_64.rpm ef6d718b21c9fd53d9a4aa3f49d7b141d0aee9347642b2ad2880e9a769493b83 gdk-pixbuf2-xlib-devel-2.36.12-6.el8_10.x86_64.rpm 813f150c589edeb2e064ec9b652ac6a706a734d7dbc4b50eafcf6559e0d5d7f3 RLSA-2024:3344 The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599) * glibc: null pointer dereferences after failed netgroup cache insertion (CVE-2024-33600) * glibc: netgroup cache may terminate daemon on memory allocation failure (CVE-2024-33601) * glibc: netgroup cache assumes NSS callback uses in-buffer strings (CVE-2024-33602) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599) * glibc: null pointer dereferences after failed netgroup cache insertion (CVE-2024-33600) * glibc: netgroup cache may terminate daemon on memory allocation failure (CVE-2024-33601) * glibc: netgroup cache assumes NSS callback uses in-buffer strings (CVE-2024-33602) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms glibc-benchtests-2.28-251.el8_10.2.x86_64.rpm 818cf1fc52bda5bca6886ada55b657bea44662a53cc30db3f197a0c255dc39db glibc-nss-devel-2.28-251.el8_10.2.x86_64.rpm d5032fbcec5b5fd1f9024d75ee473d8e7e691cd632e7eb44b9927b941d94b008 glibc-static-2.28-251.el8_10.2.x86_64.rpm f78250d9cb61844e1ffcb77281c473c75ebd9675b49613dbba60a3b8b85665bc nss_hesiod-2.28-251.el8_10.2.x86_64.rpm cf14bb3abeaf0ada49dbb06c01bd6dfac56ce3fc2003925a70604dff887f15ac RLSA-2024:3618 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) * kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744) * kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593) * kernel: pvrusb2: fix use after free on context disconnection (CVE-2023-52445) * kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer that cause loop forever (CVE-2024-26603) * kernel: use after free in i2c (CVE-2019-25162) * kernel: i2c: validate user data in compat ioctl (CVE-2021-46934) * kernel: media: dvbdev: Fix memory leak in dvb_media_device_free() (CVE-2020-36777) * kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors (CVE-2023-52477) * kernel: mtd: require write permissions for locking and badblock ioctls (CVE-2021-47055) * kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump (CVE-2024-26615) * kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627) * kernel: Integer Overflow in raid5_cache_count (CVE-2024-23307) * kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu() (CVE-2023-52565) * kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578) * kernel: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (CVE-2023-52528) * kernel: platform/x86: think-lmi: Fix reference leak (CVE-2023-52520) * kernel: RDMA/siw: Fix connection failure handling (CVE-2023-52513) * kernel: pid: take a reference when initializing `cad_pid` (CVE-2021-47118) * kernel: net/sched: act_ct: fix skb leak and crash on ooo frags (CVE-2023-52610) * kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643) * kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642) * kernel: i2c: i801: Don&#39;t generate an interrupt on bus reset (CVE-2021-47153) * kernel: xhci: handle isoc Babble and Buffer Overrun events properly (CVE-2024-26659) * kernel: hwmon: (coretemp) Fix out-of-bounds memory access (CVE-2024-26664) * kernel: wifi: mac80211: fix race condition on enabling fast-xmit (CVE-2024-26779) * kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter (CVE-2024-26744) * kernel: RDMA/qedr: Fix qedr_create_user_qp error flow (CVE-2024-26743) * kernel: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (CVE-2021-47185) * kernel: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (CVE-2024-26901) * kernel: RDMA/srpt: Do not register event handler until srpt device is fully setup (CVE-2024-26872) * kernel: usb: ulpi: Fix debugfs directory leak (CVE-2024-26919) * kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma (CVE-2024-26964) * kernel: USB: core: Fix deadlock in usb_deauthorize_interface() (CVE-2024-26934) * kernel: USB: core: Fix deadlock in port &#34;disable&#34; sysfs attribute (CVE-2024-26933) * kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993) * kernel: fat: fix uninitialized field in nostale filehandles (CVE-2024-26973) * kernel: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (CVE-2024-27059) * kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013) * kernel: net: usb: fix memory leak in smsc75xx_bind (CVE-2021-47171) * kernel: powerpc/pseries: Fix potential memleak in papr_get_attr() (CVE-2022-48669) * kernel: uio: Fix use-after-free in uio_open (CVE-2023-52439) * kernel: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (CVE-2023-52594) * kernel: wifi: rt2x00: restart beacon queue when hardware reset (CVE-2023-52595) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) * kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744) * kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593) * kernel: pvrusb2: fix use after free on context disconnection (CVE-2023-52445) * kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer that cause loop forever (CVE-2024-26603) * kernel: use after free in i2c (CVE-2019-25162) * kernel: i2c: validate user data in compat ioctl (CVE-2021-46934) * kernel: media: dvbdev: Fix memory leak in dvb_media_device_free() (CVE-2020-36777) * kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors (CVE-2023-52477) * kernel: mtd: require write permissions for locking and badblock ioctls (CVE-2021-47055) * kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump (CVE-2024-26615) * kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627) * kernel: Integer Overflow in raid5_cache_count (CVE-2024-23307) * kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu() (CVE-2023-52565) * kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578) * kernel: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (CVE-2023-52528) * kernel: platform/x86: think-lmi: Fix reference leak (CVE-2023-52520) * kernel: RDMA/siw: Fix connection failure handling (CVE-2023-52513) * kernel: pid: take a reference when initializing `cad_pid` (CVE-2021-47118) * kernel: net/sched: act_ct: fix skb leak and crash on ooo frags (CVE-2023-52610) * kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643) * kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642) * kernel: i2c: i801: Don&#39;t generate an interrupt on bus reset (CVE-2021-47153) * kernel: xhci: handle isoc Babble and Buffer Overrun events properly (CVE-2024-26659) * kernel: hwmon: (coretemp) Fix out-of-bounds memory access (CVE-2024-26664) * kernel: wifi: mac80211: fix race condition on enabling fast-xmit (CVE-2024-26779) * kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter (CVE-2024-26744) * kernel: RDMA/qedr: Fix qedr_create_user_qp error flow (CVE-2024-26743) * kernel: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (CVE-2021-47185) * kernel: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (CVE-2024-26901) * kernel: RDMA/srpt: Do not register event handler until srpt device is fully setup (CVE-2024-26872) * kernel: usb: ulpi: Fix debugfs directory leak (CVE-2024-26919) * kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma (CVE-2024-26964) * kernel: USB: core: Fix deadlock in usb_deauthorize_interface() (CVE-2024-26934) * kernel: USB: core: Fix deadlock in port &#34;disable&#34; sysfs attribute (CVE-2024-26933) * kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993) * kernel: fat: fix uninitialized field in nostale filehandles (CVE-2024-26973) * kernel: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (CVE-2024-27059) * kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013) * kernel: net: usb: fix memory leak in smsc75xx_bind (CVE-2021-47171) * kernel: powerpc/pseries: Fix potential memleak in papr_get_attr() (CVE-2022-48669) * kernel: uio: Fix use-after-free in uio_open (CVE-2023-52439) * kernel: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (CVE-2023-52594) * kernel: wifi: rt2x00: restart beacon queue when hardware reset (CVE-2023-52595) rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-553.5.1.el8_10.x86_64.rpm b9382750b77c9a7a775a5efcf2b535498ea2cb9db6b9de87f160b735e50d92fa RLBA-2024:2959 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for evolution, evolution-data-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms evolution-data-server-doc-3.28.5-24.el8.noarch.rpm 5e96a029757ac6f5ee8f04b22c9d730dcd2a71cbbef1ac09ef365c385cbe37db evolution-data-server-perl-3.28.5-24.el8.x86_64.rpm 0911325b69c5179e655559dad173cf4abea1762be986ac012f838f836acb6b61 evolution-data-server-tests-3.28.5-24.el8.x86_64.rpm 94e6eb5821f3a581127941bad221867de1f677d7b32ec097a4e1592d408bdb82 evolution-devel-3.28.5-26.el8_10.x86_64.rpm 573a09c0172ef310ebfe0c910768ff96ff3af0ec59f85ee5fb5c187cbd1e8dab RLBA-2024:2969 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mutter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms mutter-devel-3.32.2-72.el8.x86_64.rpm 35f3f79ee028be2732f4096bf909ec0ffc5a1bd2bf3589a9051e55041f561208 RLSA-2024:2966 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: Divide by zero in eps_print_page in gdevepsn.c (CVE-2020-21710) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: Divide by zero in eps_print_page in gdevepsn.c (CVE-2020-21710) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms ghostscript-doc-9.27-12.el8.noarch.rpm 37446c6c6232b76f6e92db9eebddb1214c018c039131fbea630204ed0ff0fa0c ghostscript-tools-dvipdf-9.27-12.el8.x86_64.rpm bf87915bcb3cd3c1171269169ea0d5da5a5489b666a9a8cfeceba8fc236f4ce7 ghostscript-tools-fonts-9.27-12.el8.x86_64.rpm 391734c9e92d34a7d10c7a5dd8548ae476962746f9583f8ccd17e1136a8619bf ghostscript-tools-printing-9.27-12.el8.x86_64.rpm 8b870d4641bca6843f3d6a70b33b8a480ac82e885d5c211369d70ff8c1e9d7fe libgs-devel-9.27-12.el8.x86_64.rpm d16d4e00834b2cc9e2dfa338195342a152785427204cb7e70efc891449782922 RLBA-2024:2972 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ibus-typing-booster. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms ibus-typing-booster-tests-2.1.0-7.el8.noarch.rpm a9b0783e9bb4286f31f3a4a6dedd84dd088d02770dbabbc99c5fd22ee15a5617 RLBA-2024:2971 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nmstate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms nmstate-devel-1.4.5-2.el8_9.x86_64.rpm 8e7c5eb8a98b57b8a1b6ec31e070530717b98d3edbf1eb38971145d693f254c9 RLBA-2024:2976 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ibus-table. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms ibus-table-devel-1.9.18-8.el8.noarch.rpm 204233f915531efa708342d228322967b983fb2c226a4c2adf062db51c8884ac ibus-table-tests-1.9.18-8.el8.noarch.rpm 7fe4d15119c9f2711b7507d87bf06a7afd062f469a3576e1a6508f8652f9067e RLBA-2024:2978 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for poppler-data. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms poppler-data-devel-0.4.9-2.el8.noarch.rpm 1a5299c129ce88967efcd7998f0e97ce919a89a0958842d6cf18ba11cae85ec9 RLBA-2024:2983 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for gtk-vnc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms gtk-vnc2-devel-0.9.0-3.el8.x86_64.rpm 33514df912b8d1bdd452f3c4ad95abef7607681ba294c798ae694e74887d78eb gvnc-devel-0.9.0-3.el8.x86_64.rpm 31865a974c079c454c557c1069072344c038f32b5805685a0bc1af634656e294 RLBA-2024:2993 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for jq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms jq-devel-1.6-8.el8.x86_64.rpm 7fbeb567eede5e38c5f063fa924f34fe1b89d22014f4377550e5610fcfc4c3c4 RLSA-2024:2994 LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). Security Fix(es): * LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp (CVE-2021-32142) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for LibRaw. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). Security Fix(es): * LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp (CVE-2021-32142) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms LibRaw-devel-0.19.5-4.el8.x86_64.rpm 14c9e3d43e8fac77d5aba4b44963b899750eb0b20620f8b0121af3363351e775 RLBA-2024:2998 For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libblockdev. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libblockdev-crypto-devel-2.28-6.el8.x86_64.rpm d9c09a41f1cb84b7d7b51f3b55cfc9d842e2ae99e371cd6886071d290440c965 libblockdev-devel-2.28-6.el8.x86_64.rpm 3ef9e689fde0ce9c80405997712436b3c4c48ac3ffbfeb2cdc76de6d2812e128 libblockdev-fs-devel-2.28-6.el8.x86_64.rpm 99f9c74803769b7d5e52c99503f7785d3f46e49708f4df0ddfda90f4402ae50e libblockdev-loop-devel-2.28-6.el8.x86_64.rpm 5a9cf8dac490003dabb0f8aad1c3a4be9ca23dfaa5f92d7d41620cbdc4f53c50 libblockdev-lvm-devel-2.28-6.el8.x86_64.rpm c561528732255b244a9f5e76c3e5511043e30d48a9fbd2b7701a7439747f287c libblockdev-mdraid-devel-2.28-6.el8.x86_64.rpm 7e63a3bc841781e6466c38574f242f4ef2cc87a216a1fdc7b5e6a237d0b38edb libblockdev-part-devel-2.28-6.el8.x86_64.rpm 6ab8421dba835dbdcc337452237eddedc4705e1a5c2455e53cc76accfc5be61b libblockdev-swap-devel-2.28-6.el8.x86_64.rpm 9d407427c5549bd7fed8faaabd9d284bf9f7be38749c263fc94cb7d1e93dd5ca libblockdev-utils-devel-2.28-6.el8.x86_64.rpm b3d06e8719a1336807e26299f35c417953c1d63a9d8b8976f32937415fc372a5 libblockdev-vdo-devel-2.28-6.el8.x86_64.rpm 14e5aa76aababbe43e27d67ce8238fc1e84906e7a1f32b114162519a5f0ef105 RLSA-2024:3005 The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (CVE-2023-44271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-pillow. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (CVE-2023-44271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms python3-pillow-devel-5.1.1-20.el8.x86_64.rpm 9987d73df7c08dc7d30fcbe1887b5f795aa09db339f280abed8df5267f4b9eb9 python3-pillow-doc-5.1.1-20.el8.noarch.rpm 0e36a5739e4cfa5af102a208aeafc752218dd46a8d0f87b57801e42aca7b8b3d python3-pillow-tk-5.1.1-20.el8.x86_64.rpm 3a746db80fcd0bce65bef9ab7f0d217133882b9aaf1128bc227d9bd549892185 RLSA-2024:3008 The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes. Security Fix(es): * pmix: race condition allows attackers to obtain ownership of arbitrary files (CVE-2023-41915) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for pmix. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes. Security Fix(es): * pmix: race condition allows attackers to obtain ownership of arbitrary files (CVE-2023-41915) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms pmix-devel-2.2.5-3.el8.x86_64.rpm 92a15674fdaa33cf5ad65bd18646c201167ce8fa3e666daadbe5e2d3b27ae1f4 RLBA-2024:3034 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for papi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms papi-testsuite-5.6.0-20.el8.x86_64.rpm b0752ef2e14acf9df5864cb50b6778179e6659303b7ba2684aefac1573211a61 RLBA-2024:3038 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qatzip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms qatzip-devel-1.1.2-2.el8.x86_64.rpm bd6c548971da14782a5318f40a68f9953b957237b1b826f43153793fbee40f4c RLBA-2024:3039 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for qatlib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms qatlib-devel-23.11.0-1.el8.x86_64.rpm 23b3a410a3f9dac6ec313ee399ace49d674d0f8528bf3651c53ef2d5a9bdb097 qatlib-tests-23.11.0-1.el8.x86_64.rpm 79bc7ee111f335263d3ae38d2f70d6fb6b86b1b76872d9e92328906ea8d55128 RLBA-2024:3048 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for anaconda. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms anaconda-widgets-devel-33.16.10.5-1.el8.rocky.0.1.x86_64.rpm a68ed206e0908e26d1bc2f4633f651a85d8f249c893d7ddf33cfb8cb88046504 RLBA-2024:3052 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for oniguruma. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms oniguruma-devel-6.8.2-3.el8.x86_64.rpm dc51a3824ee2a0649422717368ee9932ce6f6ceb2bf56e1b57d9e573e6efb61d RLSA-2024:3060 GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video (CVE-2023-40474) * gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with AES3 audio (CVE-2023-40475) * gstreamer-plugins-bad: Integer overflow in H.265 video parser leading to stack overwrite (CVE-2023-40476) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video (CVE-2023-40474) * gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with AES3 audio (CVE-2023-40475) * gstreamer-plugins-bad: Integer overflow in H.265 video parser leading to stack overwrite (CVE-2023-40476) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms gstreamer1-plugins-bad-free-devel-1.16.1-4.el8.x86_64.rpm 402f0bfa9708d40e843c68592d475b037bbca1bdf2d0198155b59308cc4f5640 RLSA-2024:3059 The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libtiff-tools-4.0.9-31.el8.x86_64.rpm 5034f40450737baeaacd8e4a4ade1a088163d6e0b37ee288e11e74f80a151f71 RLSA-2024:3066 Exempi provides a library for easy parsing of XMP metadata. Security Fix(es): * exempi: denial of service via opening of crafted audio file with ID3V2 frame (CVE-2020-18651) * exempi: denial of service via opening of crafted webp file (CVE-2020-18652) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for exempi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Exempi provides a library for easy parsing of XMP metadata. Security Fix(es): * exempi: denial of service via opening of crafted audio file with ID3V2 frame (CVE-2020-18651) * exempi: denial of service via opening of crafted webp file (CVE-2020-18652) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms exempi-devel-2.4.5-4.el8.x86_64.rpm dcb7fbd9520a857aa62ca7fb5746bb3c3b795a5ef94aedd18709226bdb964f73 RLBA-2024:3064 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libtimezonemap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libtimezonemap-devel-0.4.5.1-5.el8.x86_64.rpm fb8f8a042f88065df90b8e46825dbff9b51843c0d3d36b6f4d4d47d0b91e81ea RLBA-2024:3078 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for python3.12-wheel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms python3.12-wheel-wheel-0.41.2-3.el8.noarch.rpm efda60741544e46a72c25fd8a8f84c1747a82422e3a981e535677783768b49e5 RLBA-2024:3123 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dovecot. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms dovecot-devel-2.3.16-5.el8.x86_64.rpm 0524b5680bd71b6bdd64597e9821fab74b5a7a5c18078e543d83aa7b21b4eeb8 RLBA-2024:3134 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dpdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms dpdk-devel-23.11-1.el8.x86_64.rpm 3793eb7260d3645eb4efecdc95c5f9e0dcd761dae1da00ee204a3efd2a013464 RLSA-2024:3258 X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) * xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081) * xorg-x11-server: Use-after-free in ProcRenderAddGlyphs (CVE-2024-31083) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for xorg-x11-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) * xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081) * xorg-x11-server: Use-after-free in ProcRenderAddGlyphs (CVE-2024-31083) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms xorg-x11-server-devel-1.20.11-23.el8_10.x86_64.rpm c5c4f44c2691b7f3777fb010e9096ffcde751e1d3cda8e2e2a56ac7c19661901 xorg-x11-server-source-1.20.11-23.el8_10.noarch.rpm 76cebb28a2c2f8fb457b2008277bfeb14b064915f0fe00459167770e2359c56a RLBA-2024:3273 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.130 and Runtime 6.0.30 (Rocky Linux-35309) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.130 and Runtime 6.0.30 (Rocky Linux-35309) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.130-1.el8_10.x86_64.rpm 3b67aafde0c1cbd13f44e5fad2d56108550260fb06b76f224f718da50f4be2c7 RLSA-2024:3340 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19. Security Fix(es): * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19. Security Fix(es): * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-7.0-source-built-artifacts-7.0.119-1.el8_10.x86_64.rpm 8b5f3890d24e8903b3a2c16d3d74faa603714ba1536a0329f6d8842b12544e55 RLSA-2024:3345 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5. Security Fix(es): * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5. Security Fix(es): * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.105-1.el8_10.x86_64.rpm d148f316fc1ee7faeae330ef06f0199b144545f7bca1154b8dc7a3a51edf67da RLBA-2024:3239 For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for kronosnet. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-powertools-rpms libknet1-1.28-1.el8.x86_64.rpm cc263d1bf1c5a7c5fca400120a36ca1b84d081174f1edd3ad126e5a8bd5bf416 libknet1-devel-1.28-1.el8.x86_64.rpm cb5dae2868227870a6566cc7ff3f8e89bdccba54eda7f8e7eaf3382cd6c5c83f RLSA-2024:3961 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for flatpak. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms flatpak-devel-1.12.9-1.el8_10.x86_64.rpm 014cca540717c5023f99b0a73b237f026ad2c0f30c7f31e933c6399f7033235d RLSA-2024:4000 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms ghostscript-doc-9.27-13.el8_10.noarch.rpm 3fb55532e743ac2ab2cb52239b3238686dbcf4e15136d325437c97520bf9ab62 ghostscript-tools-dvipdf-9.27-13.el8_10.x86_64.rpm 94c01cfc116fb8916a395a9b7b80c59642de0f12b0dcc9978379dc4d563d3f28 ghostscript-tools-fonts-9.27-13.el8_10.x86_64.rpm e51b6d89c9f91e58c30c0f909ffc39b19eec0467f4fadbf6d3528e8f29406915 ghostscript-tools-printing-9.27-13.el8_10.x86_64.rpm 9f0001cbaa3aa527886dc19ea7c67f54c023add846de016f65391cc0b3dc0b92 libgs-devel-9.27-13.el8_10.x86_64.rpm 909a6456241cc542f76c87bc3c50766a4eababdd0fcb143937c622c3f987b584 RLSA-2024:4211 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555) * kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number (CVE-2023-52881,RHV-2024-1001) * kernel: ovl: fix leaked entry (CVE-2021-46972) * kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073) * kernel: gro: fix ownership transfer (CVE-2024-35890) * kernel: tls: (CVE-2024-26584, CVE-2024-26583, CVE-2024-26585) * kernel: wifi: (CVE-2024-35789, CVE-2024-27410, CVE-2024-35838, CVE-2024-35845) * kernel: mlxsw: (CVE-2024-35855, CVE-2024-35854, CVE-2024-35853, CVE-2024-35852, CVE-2024-36007) * kernel: PCI interrupt mapping cause oops [rhel-8] (CVE-2021-46909) * kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069) * kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng [rhel-8] (CVE-2023-52615) * kernel: net/mlx5e: (CVE-2023-52626, CVE-2024-35835, CVE-2023-52667, CVE-2024-35959) * kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656) * kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset [rhel-8] (CVE-2024-26801) * kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982) * kernel: netfilter: nf_tables: use timestamp to check for set element timeout [rhel-8.10] (CVE-2024-27397) * kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560) * kernel: ppp_async: limit MRU to 64K (CVE-2024-26675) * kernel: x86/mm/swap: (CVE-2024-26759, CVE-2024-26906) * kernel: tipc: fix kernel warning when sending SYN message [rhel-8] (CVE-2023-52700) * kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907) * kernel: erspan: make sure erspan_base_hdr is present in skb-&gt;head (CVE-2024-35888) * kernel: powerpc/imc-pmu/powernv: (CVE-2023-52675, CVE-2023-52686) * kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090) * kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464) * kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) * kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826) * kernel: crypto: (CVE-2024-26974, CVE-2023-52669, CVE-2023-52813) * kernel: net/mlx5/bnx2x/usb: (CVE-2024-35960, CVE-2024-35958, CVE-2021-47310, CVE-2024-26804, CVE-2021-47311, CVE-2024-26859, CVE-2021-47236, CVE-2023-52703) * kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004) * kernel: perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835) * kernel: USB/usbnet: (CVE-2023-52781, CVE-2023-52877, CVE-2021-47495) * kernel: can: (CVE-2023-52878, CVE-2021-47456) * kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356) * kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353) Bug Fix(es): * Kernel panic - kernel BUG at mm/slub.c:376! (JIRA:Rocky Linux-29783) * Temporary values in FIPS integrity test should be zeroized [rhel-8.10.z] (JIRA:Rocky Linux-35361) * Rocky Linux8.6 - kernel: s390/cpum_cf: make crypto counters upward compatible (JIRA:Rocky Linux-36048) * [Rocky Linux8] blktests block/024 failed (JIRA:Rocky Linux-8130) * Rocky Linux8.9: EEH injections results Error: Power fault on Port 0 and other call traces(Everest/1050/Shiner) (JIRA:Rocky Linux-14195) * Latency spikes with Matrox G200 graphic cards (JIRA:Rocky Linux-36172) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555) * kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number (CVE-2023-52881,RHV-2024-1001) * kernel: ovl: fix leaked entry (CVE-2021-46972) * kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073) * kernel: gro: fix ownership transfer (CVE-2024-35890) * kernel: tls: (CVE-2024-26584, CVE-2024-26583, CVE-2024-26585) * kernel: wifi: (CVE-2024-35789, CVE-2024-27410, CVE-2024-35838, CVE-2024-35845) * kernel: mlxsw: (CVE-2024-35855, CVE-2024-35854, CVE-2024-35853, CVE-2024-35852, CVE-2024-36007) * kernel: PCI interrupt mapping cause oops [rhel-8] (CVE-2021-46909) * kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069) * kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng [rhel-8] (CVE-2023-52615) * kernel: net/mlx5e: (CVE-2023-52626, CVE-2024-35835, CVE-2023-52667, CVE-2024-35959) * kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656) * kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset [rhel-8] (CVE-2024-26801) * kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982) * kernel: netfilter: nf_tables: use timestamp to check for set element timeout [rhel-8.10] (CVE-2024-27397) * kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560) * kernel: ppp_async: limit MRU to 64K (CVE-2024-26675) * kernel: x86/mm/swap: (CVE-2024-26759, CVE-2024-26906) * kernel: tipc: fix kernel warning when sending SYN message [rhel-8] (CVE-2023-52700) * kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907) * kernel: erspan: make sure erspan_base_hdr is present in skb-&gt;head (CVE-2024-35888) * kernel: powerpc/imc-pmu/powernv: (CVE-2023-52675, CVE-2023-52686) * kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090) * kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464) * kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) * kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826) * kernel: crypto: (CVE-2024-26974, CVE-2023-52669, CVE-2023-52813) * kernel: net/mlx5/bnx2x/usb: (CVE-2024-35960, CVE-2024-35958, CVE-2021-47310, CVE-2024-26804, CVE-2021-47311, CVE-2024-26859, CVE-2021-47236, CVE-2023-52703) * kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004) * kernel: perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835) * kernel: USB/usbnet: (CVE-2023-52781, CVE-2023-52877, CVE-2021-47495) * kernel: can: (CVE-2023-52878, CVE-2021-47456) * kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356) * kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353) Bug Fix(es): * Kernel panic - kernel BUG at mm/slub.c:376! (JIRA:Rocky Linux-29783) * Temporary values in FIPS integrity test should be zeroized [rhel-8.10.z] (JIRA:Rocky Linux-35361) * Rocky Linux8.6 - kernel: s390/cpum_cf: make crypto counters upward compatible (JIRA:Rocky Linux-36048) * [Rocky Linux8] blktests block/024 failed (JIRA:Rocky Linux-8130) * Rocky Linux8.9: EEH injections results Error: Power fault on Port 0 and other call traces(Everest/1050/Shiner) (JIRA:Rocky Linux-14195) * Latency spikes with Matrox G200 graphic cards (JIRA:Rocky Linux-36172) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-553.8.1.el8_10.x86_64.rpm 91df8288ef00931d588c2e6e451226a46eb71c8978ae439f0e103971337abd8b RLBA-2024:4213 X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Bug Fix(es): * Xorg crashes with malloc(): unaligned tcache chunk detected (Rocky Linux-40471) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for xorg-x11-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Bug Fix(es): * Xorg crashes with malloc(): unaligned tcache chunk detected (Rocky Linux-40471) rocky-linux-8-x86-64-powertools-rpms xorg-x11-server-devel-1.20.11-24.el8_10.x86_64.rpm 3740573011ffc62eb4564c7ec75d1dc1bef41605499606955e18b7eb68ffb748 xorg-x11-server-source-1.20.11-24.el8_10.noarch.rpm b8a019e4a1ad51ad42ffde50e3b1e1ba57804172aff8993ee57cd586a7234ccd RLSA-2024:4227 The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: buffer overflow in _imagingcms.c (CVE-2024-28219) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python-pillow. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: buffer overflow in _imagingcms.c (CVE-2024-28219) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms python3-pillow-devel-5.1.1-21.el8_10.x86_64.rpm 3d0b08867a9a47276be8edb0e25ea81b24e195670915a92cd7a0dedd55d0647c python3-pillow-doc-5.1.1-21.el8_10.noarch.rpm 569116bdbe9340f13baa816214d4ae7ed53d41c3c56c4bf2ebadc150a8e31cc0 python3-pillow-tk-5.1.1-21.el8_10.x86_64.rpm c516fad2cd21b96052e7ba917c6754a46f874d4aa31df052edf5e8aee4608bef RLBA-2024:4232 Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Bug Fix(es): * Applying dns configuration to nodes using NMstate make node unreachable [rhel-8.10.z] (JIRA:Rocky Linux-33059) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nmstate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a northbound declarative API and multi provider support on the southbound. Bug Fix(es): * Applying dns configuration to nodes using NMstate make node unreachable [rhel-8.10.z] (JIRA:Rocky Linux-33059) rocky-linux-8-x86-64-powertools-rpms nmstate-devel-1.4.6-2.el8_10.x86_64.rpm 429e9673682ed2b571fd5279b390c65430f3ad3f45f0b79f8dc7e340338b899c RLBA-2024:4234 Bug Fix(es): * JQ findings from static application security testing (Rocky Linux-37827) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for jq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Bug Fix(es): * JQ findings from static application security testing (Rocky Linux-37827) rocky-linux-8-x86-64-powertools-rpms jq-devel-1.6-9.el8_10.x86_64.rpm 46eba44a83bf40848da3a72c5bbeb3434575369829bd75494249bcd38e948e5e RLSA-2024:4451 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.107 and Runtime 8.0.7. Security Fix(es): * dotnet: DoS in System.Text.Json (CVE-2024-30105) * dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264) * dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.107 and Runtime 8.0.7. Security Fix(es): * dotnet: DoS in System.Text.Json (CVE-2024-30105) * dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264) * dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.107-1.el8_10.x86_64.rpm eb484fc24da410ffc643d853bc5f53ccfdad2fe8fda900d37c52fd66ab3edbd7 RLSA-2024:4573 The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * OpenJDK: RangeCheckElimination array index overflow (8323231) (CVE-2024-21147) * OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131) * OpenJDK: Excessive symbol length can lead to infinite loop (8319859) (CVE-2024-21138) * OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) (CVE-2024-21140) * OpenJDK: Out-of-bounds access in 2D image handling (8324559) (CVE-2024-21145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for java-21-openjdk. This update affects Rocky Linux 8, Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * OpenJDK: RangeCheckElimination array index overflow (8323231) (CVE-2024-21147) * OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131) * OpenJDK: Excessive symbol length can lead to infinite loop (8319859) (CVE-2024-21138) * OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) (CVE-2024-21140) * OpenJDK: Out-of-bounds access in 2D image handling (8324559) (CVE-2024-21145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms java-21-openjdk-demo-fastdebug-21.0.4.0.7-1.el8.x86_64.rpm bc88bdef62f35d6bdddab54ae54d0a04d54a0525fbbb88b0d3bf53e5e32991b3 java-21-openjdk-demo-slowdebug-21.0.4.0.7-1.el8.x86_64.rpm 953d27bfda4f06680d9d47ff6c23439f0ef16e45af1306c40b58de0b0ebf3345 java-21-openjdk-devel-fastdebug-21.0.4.0.7-1.el8.x86_64.rpm 9dd4283747ebdba1d6ad6f859822cd8d7b3a58d9a7fd1b2c7fb8a601c26e9357 java-21-openjdk-devel-slowdebug-21.0.4.0.7-1.el8.x86_64.rpm c260e0b1c8753fffef4a9c9adc768d8acb4aee64a187619bf8db1ca35fd58220 java-21-openjdk-fastdebug-21.0.4.0.7-1.el8.x86_64.rpm fe0d8ad83fc3b148f53ad58da89f32e52b471c8f55c8844757fecd66c8cbd022 java-21-openjdk-headless-fastdebug-21.0.4.0.7-1.el8.x86_64.rpm 0b4b3cdb7206c5a26ec56bee2c1951e4d7060c5549924f5aede28830f7250daa java-21-openjdk-headless-slowdebug-21.0.4.0.7-1.el8.x86_64.rpm 66b3a929af4fd1e84190ad2d7f2eb458103e4b5f2c5d7e1f6f1d1adfc5094356 java-21-openjdk-jmods-fastdebug-21.0.4.0.7-1.el8.x86_64.rpm 8f6477182b77b0947d395f188163c78f5bd18164149d6f8ccb499c9374c498a0 java-21-openjdk-jmods-slowdebug-21.0.4.0.7-1.el8.x86_64.rpm b70617ac6d10d28b22a16d7da576a144966228e537ebf7764fb19f65197303df java-21-openjdk-slowdebug-21.0.4.0.7-1.el8.x86_64.rpm 0463d4cfb40c6a8e2885aec20c2d7247b714ad51f15cec750dbbef3aec2294c8 java-21-openjdk-src-fastdebug-21.0.4.0.7-1.el8.x86_64.rpm 1c2523ee4a9d11898c16e907aba274202e52a2dc32c79188825fd1fcc96b15bd java-21-openjdk-src-slowdebug-21.0.4.0.7-1.el8.x86_64.rpm 185c884f45cf890b50d269c0d7b7c35757fa08809069153dd05a497376fb212c java-21-openjdk-static-libs-fastdebug-21.0.4.0.7-1.el8.x86_64.rpm 596b3a38cf9a0f945cc443f1a31e79c2cf94740969d2cbd8a6cfab9e2176200e java-21-openjdk-static-libs-slowdebug-21.0.4.0.7-1.el8.x86_64.rpm fc24a3cb5d38f5da8b1f46a11ac131f1badda7dcdb94591f495b8ecf83b23294 RLSA-2024:4617 Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es): * qtbase: qtbase: Delay any communication until encrypted() can be responded to (CVE-2024-39936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for qt5-qtbase. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es): * qtbase: qtbase: Delay any communication until encrypted() can be responded to (CVE-2024-39936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms qt5-qtbase-static-5.15.3-8.el8_10.x86_64.rpm 8b9aced44217a57e076a5cc69ea48e72700b07a3df1004f609d311d8fd923782 RLSA-2024:5101 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: powerpc: Fix access beyond end of drmem array (CVE-2023-52451) * kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463) * kernel: tracing: Restructure trace_clock_global() to never block (CVE-2021-46939) * kernel: ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622) * kernel: net/sched: flower: Fix chain template offload (CVE-2024-26669) * kernel: stmmac: Clear variable when destroying workqueue (CVE-2024-26802) * kernel: efi: runtime: Fix potential overflow of soft-reserved region size (CVE-2024-26843) * kernel: quota: Fix potential NULL pointer dereference (CVE-2024-26878) * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886) * kernel: SUNRPC: fix a memleak in gss_import_v2_context (CVE-2023-52653) * kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823) * kernel: Revert &#34;net/mlx5: Block entering switchdev mode with ns inconsistency&#34; (CVE-2023-52658) * kernel: ext4: fix corruption during on-line resize (CVE-2024-35807) * kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801) * kernel: dyndbg: fix old BUG_ON in &gt;control parser (CVE-2024-35947) * kernel: net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893) * kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (CVE-2024-35876) * kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864) * kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (CVE-2023-52845) * (CVE-2023-28746) * (CVE-2023-52847) * (CVE-2021-47548) * (CVE-2024-36921) * (CVE-2024-26921) * (CVE-2021-47579) * (CVE-2024-36927) * (CVE-2024-39276) * (CVE-2024-33621) * (CVE-2024-27010) * (CVE-2024-26960) * (CVE-2024-38596) * (CVE-2022-48743) * (CVE-2024-26733) * (CVE-2024-26586) * (CVE-2024-26698) * (CVE-2023-52619) Bug Fix(es): * Rocky Linux8.6 - Spinlock statistics may show negative elapsed time and incorrectly formatted output (JIRA:Rocky Linux-17678) * [AWS][8.9]There are call traces found when booting debug-kernel for Amazon EC2 r8g.metal-24xl instance (JIRA:Rocky Linux-23841) * [rhel8] gfs2: Fix glock shrinker (JIRA:Rocky Linux-32941) * lan78xx: Microchip LAN7800 never comes up after unplug and replug (JIRA:Rocky Linux-33437) * [Hyper-V][Rocky Linux-8.10.z] Update hv_netvsc driver to TOT (JIRA:Rocky Linux-39074) * Use-after-free on proc inode-i_sb triggered by fsnotify (JIRA:Rocky Linux-40167) * blk-cgroup: Properly propagate the iostat update up the hierarchy [rhel-8.10.z] (JIRA:Rocky Linux-40939) * (JIRA:Rocky Linux-31798) * (JIRA:Rocky Linux-10263) * (JIRA:Rocky Linux-40901) * (JIRA:Rocky Linux-43547) * (JIRA:Rocky Linux-34876) Enhancement(s): * [RFE] Add module parameters 'soft_reboot_cmd' and 'soft_active_on_boot' for customizing softdog configuration (JIRA:Rocky Linux-19723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: powerpc: Fix access beyond end of drmem array (CVE-2023-52451) * kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463) * kernel: tracing: Restructure trace_clock_global() to never block (CVE-2021-46939) * kernel: ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622) * kernel: net/sched: flower: Fix chain template offload (CVE-2024-26669) * kernel: stmmac: Clear variable when destroying workqueue (CVE-2024-26802) * kernel: efi: runtime: Fix potential overflow of soft-reserved region size (CVE-2024-26843) * kernel: quota: Fix potential NULL pointer dereference (CVE-2024-26878) * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886) * kernel: SUNRPC: fix a memleak in gss_import_v2_context (CVE-2023-52653) * kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823) * kernel: Revert &#34;net/mlx5: Block entering switchdev mode with ns inconsistency&#34; (CVE-2023-52658) * kernel: ext4: fix corruption during on-line resize (CVE-2024-35807) * kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801) * kernel: dyndbg: fix old BUG_ON in &gt;control parser (CVE-2024-35947) * kernel: net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893) * kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (CVE-2024-35876) * kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864) * kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (CVE-2023-52845) * (CVE-2023-28746) * (CVE-2023-52847) * (CVE-2021-47548) * (CVE-2024-36921) * (CVE-2024-26921) * (CVE-2021-47579) * (CVE-2024-36927) * (CVE-2024-39276) * (CVE-2024-33621) * (CVE-2024-27010) * (CVE-2024-26960) * (CVE-2024-38596) * (CVE-2022-48743) * (CVE-2024-26733) * (CVE-2024-26586) * (CVE-2024-26698) * (CVE-2023-52619) Bug Fix(es): * Rocky Linux8.6 - Spinlock statistics may show negative elapsed time and incorrectly formatted output (JIRA:Rocky Linux-17678) * [AWS][8.9]There are call traces found when booting debug-kernel for Amazon EC2 r8g.metal-24xl instance (JIRA:Rocky Linux-23841) * [rhel8] gfs2: Fix glock shrinker (JIRA:Rocky Linux-32941) * lan78xx: Microchip LAN7800 never comes up after unplug and replug (JIRA:Rocky Linux-33437) * [Hyper-V][Rocky Linux-8.10.z] Update hv_netvsc driver to TOT (JIRA:Rocky Linux-39074) * Use-after-free on proc inode-i_sb triggered by fsnotify (JIRA:Rocky Linux-40167) * blk-cgroup: Properly propagate the iostat update up the hierarchy [rhel-8.10.z] (JIRA:Rocky Linux-40939) * (JIRA:Rocky Linux-31798) * (JIRA:Rocky Linux-10263) * (JIRA:Rocky Linux-40901) * (JIRA:Rocky Linux-43547) * (JIRA:Rocky Linux-34876) Enhancement(s): * [RFE] Add module parameters 'soft_reboot_cmd' and 'soft_active_on_boot' for customizing softdog configuration (JIRA:Rocky Linux-19723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-553.16.1.el8_10.x86_64.rpm fa09f4b3bb63ea7e03d66ab545f97b3bb1ca6f19eca15edccdb5daaaa1bf0c14 RLSA-2024:5079 The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c (CVE-2018-15209) * libtiff: Buffer Overflow via /libtiff/tools/tiffcrop.c (CVE-2023-25433) * libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c (CVE-2023-6228) * libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service (CVE-2023-52356) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c (CVE-2018-15209) * libtiff: Buffer Overflow via /libtiff/tools/tiffcrop.c (CVE-2023-25433) * libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c (CVE-2023-6228) * libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service (CVE-2023-52356) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libtiff-tools-4.0.9-32.el8_10.x86_64.rpm 432f8abcfd5e3981ded9d271b8b6bed53ec634eac12bf89dd1351c023ff6d449 RLSA-2024:5531 Setuptools is a collection of enhancements to the Python 3 distutils that allow you to more easily build and distribute Python 3 packages, especially ones that have dependencies on other packages. This package also contains the runtime components of setuptools, necessary to execute the software that requires pkg_resources. Security Fix(es): * pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for python3.12-setuptools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Setuptools is a collection of enhancements to the Python 3 distutils that allow you to more easily build and distribute Python 3 packages, especially ones that have dependencies on other packages. This package also contains the runtime components of setuptools, necessary to execute the software that requires pkg_resources. Security Fix(es): * pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms python3.12-setuptools-wheel-68.2.2-4.el8_10.noarch.rpm 9767ddf55bceb78f32a0855b666e5346b0de052fa44e44475a01f29505c929d6 RLSA-2024:6422 Bubblewrap (/usr/bin/bwrap) is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fix(es): * flatpak: Access to files outside sandbox for apps using persistent= (--persist) (CVE-2024-42472) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for flatpak, bubblewrap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Bubblewrap (/usr/bin/bwrap) is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fix(es): * flatpak: Access to files outside sandbox for apps using persistent= (--persist) (CVE-2024-42472) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms flatpak-devel-1.12.9-3.el8_10.x86_64.rpm 9398cfb1a59bbac7bd47a71e4ba21b67e97f2ab0d3b432c78f3cea81895624c4 RLSA-2024:5941 The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix(es): * libvpx: Heap buffer overflow related to VP9 encoding (CVE-2023-6349) * libvpx: Integer overflow in vpx_img_alloc() (CVE-2024-5197) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libvpx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix(es): * libvpx: Heap buffer overflow related to VP9 encoding (CVE-2023-6349) * libvpx: Integer overflow in vpx_img_alloc() (CVE-2024-5197) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libvpx-devel-1.7.0-11.el8_10.x86_64.rpm f237c84b24526768f8d47fe7a90b8f72c3889ead91f0558256fb16e1faab08be RLBA-2024:6981 The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Bug Fix(es): * libldb performance regression with indexes [rhel-8] (JIRA:Rocky Linux-12109) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libldb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Bug Fix(es): * libldb performance regression with indexes [rhel-8] (JIRA:Rocky Linux-12109) rocky-linux-8-x86-64-powertools-rpms python3-ldb-devel-2.8.0-1.el8_10.x86_64.rpm f780ed81410222f5fed81b69655ff876d96f70ebfc3f0872ce3d45a9825cb2d4 python-ldb-devel-common-2.8.0-1.el8_10.x86_64.rpm 91d710af707d70d8b22b93a0689935f0d21e1726acba7481c4cfc8b5ed7b72e5 RLBA-2024:6983 The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. Sample applications modeled after those included with the shadow password suite are included. Bug Fix(es) and Enhancement(s): * [libuser] Rocky Linux 8.9 Tier 0 Localization (JIRA:Rocky Linux-12111) * libuser: Fix findings from static application security testing (SAST) (JIRA:Rocky Linux-35578) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libuser. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. Sample applications modeled after those included with the shadow password suite are included. Bug Fix(es) and Enhancement(s): * [libuser] Rocky Linux 8.9 Tier 0 Localization (JIRA:Rocky Linux-12111) * libuser: Fix findings from static application security testing (SAST) (JIRA:Rocky Linux-35578) rocky-linux-8-x86-64-powertools-rpms libuser-devel-0.62-26.el8_10.x86_64.rpm b75bcd99bec3be4b52d3f49a664e15ab6f662a84f0712d8126d56dc015e4be12 RLSA-2024:6961 Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix. For the unversioned "python" executable, see manual page "unversioned-python". Security Fix(es): * python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032) * cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923) * python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service (CVE-2024-8088) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python3.12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix. For the unversioned "python" executable, see manual page "unversioned-python". Security Fix(es): * python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032) * cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923) * python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service (CVE-2024-8088) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms python3.12-debug-3.12.5-2.el8_10.x86_64.rpm 1eae91a85175eb11a4be4759b6846c256c56bd448cebe87d22dd280759e6535b python3.12-idle-3.12.5-2.el8_10.x86_64.rpm 4ee5ee15d58c79f05221d9cd0ed983d8b97e3d6f5a5264ea555854c6cd5ef7ea python3.12-test-3.12.5-2.el8_10.x86_64.rpm 4ab0ffd74913e0f4e2f9df27edc41c4294a8a8b1b3e7719f93dd70bff084f614 RLSA-2024:6962 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032) * cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923) * python: cpython: From NVD collector (CVE-2024-8088) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python3.11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032) * cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923) * python: cpython: From NVD collector (CVE-2024-8088) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms python3.11-debug-3.11.9-7.el8_10.x86_64.rpm dfbf8756a45acaff56951848df40f8f28aab8a54d84102cd8384a84ccda25d31 python3.11-idle-3.11.9-7.el8_10.x86_64.rpm 4dde8cbc09b9bc447bd3ed421a0d1bbc25ba3bd09eb6c66aa584f9ebeb488fec python3.11-test-3.11.9-7.el8_10.x86_64.rpm ca34cb5e97152db50846189dee9f898da47c526ecd035abb3d4ad91d551ca038 RLSA-2024:6963 The GTK+ library provides a multi-platform toolkit for creating graphical user interfaces. The gtk3 packages contain GTK+ version 3. Security Fix(es): * gtk3: gtk2: Library injection from CWD (CVE-2024-6655) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for gtk3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The GTK+ library provides a multi-platform toolkit for creating graphical user interfaces. The gtk3 packages contain GTK+ version 3. Security Fix(es): * gtk3: gtk2: Library injection from CWD (CVE-2024-6655) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms gtk3-devel-docs-3.22.30-12.el8_10.x86_64.rpm cf380e3e12191d880a1dbb0b3be4f60ec66d1a445a9c3d5af86c11dc593bdb9f RLBA-2024:6967 XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption". Bug Fix(es): * xmlsec1: Fix findings from static application security testing (SAST) (JIRA:Rocky Linux-36185) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for xmlsec1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption". Bug Fix(es): * xmlsec1: Fix findings from static application security testing (SAST) (JIRA:Rocky Linux-36185) rocky-linux-8-x86-64-powertools-rpms xmlsec1-devel-1.2.25-8.el8_10.x86_64.rpm c19e98f8cd2744918fe1b0e7bfc4dc5593db1965aca5aad23235e99b5435ff7a xmlsec1-gcrypt-1.2.25-8.el8_10.x86_64.rpm d26529cb4c3fb4ffc744573ea811fcd4bf79d1dea9089f0921dbf5aff7feff9e xmlsec1-gnutls-1.2.25-8.el8_10.x86_64.rpm c6b43b8406c9921a2de39f12ea3cfc3b7f2205ef3d39c99246ec79e05f52b037 xmlsec1-gnutls-devel-1.2.25-8.el8_10.x86_64.rpm 130664b736e503eadd46ab47ddd7735f57b38ee6e4e334ab279a0b32fb098c64 xmlsec1-openssl-devel-1.2.25-8.el8_10.x86_64.rpm f2f922b83419425a38baa2cdaef16ed747d8d4b5fe7c97fa3cb3f8ec18af54ca RLSA-2024:6973 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: using a large number of address headers may trigger a denial of service (CVE-2024-23184) * dovecot: very large headers can cause resource exhaustion when parsing message (CVE-2024-23185) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for dovecot. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: using a large number of address headers may trigger a denial of service (CVE-2024-23184) * dovecot: very large headers can cause resource exhaustion when parsing message (CVE-2024-23185) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dovecot-devel-2.3.16-6.el8_10.x86_64.rpm 5d0771916e2fea37b9a35d5aa5efe670b68c774f6a0db3f553f18ad1118fc460 RLSA-2024:7463 The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. Security Fix(es): * cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source () * cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076) * cups: libppd: remote command injection via attacker controlled data in PPD file () For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for cups-filters. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. Security Fix(es): * cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source () * cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076) * cups: libppd: remote command injection via attacker controlled data in PPD file () For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms cups-filters-devel-1.20.0-35.el8_10.x86_64.rpm 48a2196be29bd55a356196b43b93eff30de853bd03d716d1fe15c4f4e516edec RLSA-2024:7851 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.135 and .NET Runtime 6.0.35. Security Fix(es): * dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484) * dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483) * dotnet: Denial of Service in System.Text.Json (CVE-2024-43485) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es): * dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484) * dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483) * dotnet: Denial of Service in System.Text.Json (CVE-2024-43485) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.135 and .NET Runtime 6.0.35. Security Fix(es): * dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484) * dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483) * dotnet: Denial of Service in System.Text.Json (CVE-2024-43485) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es): * dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484) * dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483) * dotnet: Denial of Service in System.Text.Json (CVE-2024-43485) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.135-1.el8_10.x86_64.rpm 74603a4a1f79cd2bc5ef92ed328b5f0ce55bc1377cb9db489f65f2addc104d11 RLSA-2024:7868 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.110 and .NET Runtime 8.0.10. Security Fix(es): * dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution (CVE-2024-38229) * dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483) * dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484) * dotnet: Denial of Service in System.Text.Json (CVE-2024-43485) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es): * dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484) * dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483) * dotnet: Denial of Service in System.Text.Json (CVE-2024-43485) * dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution (CVE-2024-38229) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.110 and .NET Runtime 8.0.10. Security Fix(es): * dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution (CVE-2024-38229) * dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483) * dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484) * dotnet: Denial of Service in System.Text.Json (CVE-2024-43485) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es): * dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484) * dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483) * dotnet: Denial of Service in System.Text.Json (CVE-2024-43485) * dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution (CVE-2024-38229) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.110-1.el8_10.x86_64.rpm ad01f17b338ebe352e6f80ec39a7d32c2194ce5fd961fac5f46bb7720ea8c0e6 RLSA-2024:8121 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) * JDK: Array indexing integer overflow (8328544) (CVE-2024-21210) * JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208) * JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217) * JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-11-openjdk. This update affects Rocky Linux 8, Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) * JDK: Array indexing integer overflow (8328544) (CVE-2024-21210) * JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208) * JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217) * JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms java-11-openjdk-demo-fastdebug-11.0.25.0.9-2.el8.x86_64.rpm 66ad8fefe4c73465272a4ccf63b212fdb488677d800b1d6fdd5f4f16ea77fc9e java-11-openjdk-demo-slowdebug-11.0.25.0.9-2.el8.x86_64.rpm e940df08dcd27ef5b0ef3bbb4ca6bd503ec8cbc9116349fbc1a06ae4ef2e7146 java-11-openjdk-devel-fastdebug-11.0.25.0.9-2.el8.x86_64.rpm 3b32cc3c805b64609a99cf3c67414e868e067dad578a7519577e7a0c750f1ed6 java-11-openjdk-devel-slowdebug-11.0.25.0.9-2.el8.x86_64.rpm 661e05f82443cb136db96faaa475cd679364d36a1440512903ebd94f04bdd6fa java-11-openjdk-fastdebug-11.0.25.0.9-2.el8.x86_64.rpm 56873d4f01e91b0216203881d3f34d5a96ca7f379e46190c8ca25335eabdd304 java-11-openjdk-headless-fastdebug-11.0.25.0.9-2.el8.x86_64.rpm 799f280c98ba4cb3f6995a4fb4ef2708e67aed757f015d8053bad93bd90eb497 java-11-openjdk-headless-slowdebug-11.0.25.0.9-2.el8.x86_64.rpm fc2aa15585e7c0307ad99b527215c3a7bd14d0a1c747059b0613d915f25509ac java-11-openjdk-jmods-fastdebug-11.0.25.0.9-2.el8.x86_64.rpm cba4ed4a78e7233ddf83a6a2b2238376bc8eacfc593f6eb3bca7657240ed8400 java-11-openjdk-jmods-slowdebug-11.0.25.0.9-2.el8.x86_64.rpm 886d89f50dca70c7908087834f3792cd3cc5c4e5d464f099077da6a7c0aaf7ea java-11-openjdk-slowdebug-11.0.25.0.9-2.el8.x86_64.rpm 7c88c253e3f148be4fbebb9df0449727e6c3509e1c1fd91a40e342353f33a63e java-11-openjdk-src-fastdebug-11.0.25.0.9-2.el8.x86_64.rpm 29a6642e3805e095db7bab43bfeb66d30abee6a322785a189040b076abc60f0b java-11-openjdk-src-slowdebug-11.0.25.0.9-2.el8.x86_64.rpm 00fc5ba07c09dfd9fc1a7ebf3906c828c3934e4ae4b4940ef6df9cf5683f3b7f java-11-openjdk-static-libs-fastdebug-11.0.25.0.9-2.el8.x86_64.rpm b1047398b79c05008e4aaf273ef22c8c7ee250b43ecc9880fc402a90e95e6d95 java-11-openjdk-static-libs-slowdebug-11.0.25.0.9-2.el8.x86_64.rpm 5986f91ed35884039ebcf43fbf43f5b9f3cdec3529fda6f83efdb35632f2c10b RLSA-2024:8127 The OpenJDK 21 runtime environment. Security Fix(es): * giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) * JDK: Array indexing integer overflow (8328544) (CVE-2024-21210) * JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208) * JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217) * JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-21-openjdk. This update affects Rocky Linux 8, Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The OpenJDK 21 runtime environment. Security Fix(es): * giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) * JDK: Array indexing integer overflow (8328544) (CVE-2024-21210) * JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208) * JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217) * JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms java-21-openjdk-demo-fastdebug-21.0.5.0.10-3.el8.x86_64.rpm be8421248d6715489a7b97090e9852960b2380a6d8604bd4ac461e97e4a599e1 java-21-openjdk-demo-slowdebug-21.0.5.0.10-3.el8.x86_64.rpm db826578e16d2af519c365e393625d45c1ce0aefa32157a8d127bacb1954592e java-21-openjdk-devel-fastdebug-21.0.5.0.10-3.el8.x86_64.rpm aa246ceac162e85e571cc80cefab2bc9f0ffd424bcaf975d2caa2b43d8e66612 java-21-openjdk-devel-slowdebug-21.0.5.0.10-3.el8.x86_64.rpm 144bcadebcdb105f61b2258132f813555202e302082f30877507116a2b0d6199 java-21-openjdk-fastdebug-21.0.5.0.10-3.el8.x86_64.rpm 176cdf992a7a9d00438d3c37c522c1a3e83222c25b10859ded5bf960ff3d2364 java-21-openjdk-headless-fastdebug-21.0.5.0.10-3.el8.x86_64.rpm d74cda68e0f183dd0d635ae7c9922bfb8ed80e85e4766d4508ffca470027c8ac java-21-openjdk-headless-slowdebug-21.0.5.0.10-3.el8.x86_64.rpm 63a24b5c537609aa7e04a4a86527f3fe2402d4392dd3483341f5154df4f9ba98 java-21-openjdk-jmods-fastdebug-21.0.5.0.10-3.el8.x86_64.rpm 8b405801e40687247b34262865d2c57fe1122b15e15099646d4b502b01ebf26b java-21-openjdk-jmods-slowdebug-21.0.5.0.10-3.el8.x86_64.rpm 43d8ec990badecca8a0c17cb5fceb1c10c66164e6ba69117ed273433be05ba9d java-21-openjdk-slowdebug-21.0.5.0.10-3.el8.x86_64.rpm ff6622a605a29b9fb07b404b6df91887e85f03411937932a4c6b1a27688c077c java-21-openjdk-src-fastdebug-21.0.5.0.10-3.el8.x86_64.rpm 23db9da81c20fa3ccf487073835372bc00cb71b12bb7b1377304e563bb94080e java-21-openjdk-src-slowdebug-21.0.5.0.10-3.el8.x86_64.rpm 4bea71ddb1b77c023fbd38667a42918ede1571eeea6879126fc26f62511771fc java-21-openjdk-static-libs-fastdebug-21.0.5.0.10-3.el8.x86_64.rpm e5c48e64a8775b612da2a62082d0c2de48dfb7d8d6d61061b5245c2b2e7877f5 java-21-openjdk-static-libs-slowdebug-21.0.5.0.10-3.el8.x86_64.rpm f90eeab68f2a8cfd2a36de2a6d6f01b1a138870f926f0d15367dc9cf011598c7 RLSA-2024:8124 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) * JDK: Array indexing integer overflow (8328544) (CVE-2024-21210) * JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208) * JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217) * JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-17-openjdk. This update affects Rocky Linux 8, Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) * JDK: Array indexing integer overflow (8328544) (CVE-2024-21210) * JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208) * JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217) * JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms java-17-openjdk-demo-fastdebug-17.0.13.0.11-3.el8.x86_64.rpm 203973b78fb93df41cd037cc1f3cec1e515755fb840068b1b32d3e7f8cbd04e6 java-17-openjdk-demo-slowdebug-17.0.13.0.11-3.el8.x86_64.rpm 32a07788f979302cfffdb0f7698fd59520fe24b448fa69515989ccb323bb986a java-17-openjdk-devel-fastdebug-17.0.13.0.11-3.el8.x86_64.rpm 6d8efd42ebfec360c1473b62bba68961717ec0eab899186dc0d7b4bcfad70620 java-17-openjdk-devel-slowdebug-17.0.13.0.11-3.el8.x86_64.rpm b9480ab8280eb3e2f4d56d67d96d49749fb354dfac27b329a7a1946a3f064549 java-17-openjdk-fastdebug-17.0.13.0.11-3.el8.x86_64.rpm b386555cb66576a95ed97bb3c5d0ff45bace9eab42989b7ad277aec8eb556890 java-17-openjdk-headless-fastdebug-17.0.13.0.11-3.el8.x86_64.rpm 50112c16d8a0157a91c411dc64a12cbd5a66f677ad45022e990c1a53002024b9 java-17-openjdk-headless-slowdebug-17.0.13.0.11-3.el8.x86_64.rpm dcb1821d71fe041bd2d60a015bd0ecc8f8777e035c2f5c50631ccb9afc0b9185 java-17-openjdk-jmods-fastdebug-17.0.13.0.11-3.el8.x86_64.rpm 4ba54d364df1de42c1256ef00dcf12e33366256cd78ed528b73145e9f1f21922 java-17-openjdk-jmods-slowdebug-17.0.13.0.11-3.el8.x86_64.rpm cb4c0ab91000093f7439e11717cbb8c0ac5fb0a4d840f254d187f5adba267474 java-17-openjdk-slowdebug-17.0.13.0.11-3.el8.x86_64.rpm 429215501fea5bf7661e3c83ef6c8cd1efd34cd058e790725cf7c069ed89f27c java-17-openjdk-src-fastdebug-17.0.13.0.11-3.el8.x86_64.rpm 5da425cd9b0405d6d87013a9dbda460287350d16c22a887de29f1e6efd2d6dd1 java-17-openjdk-src-slowdebug-17.0.13.0.11-3.el8.x86_64.rpm 80498e9d8ac79d657f3a7afd823407ceb4992ec0e0c4de0662fb910863a9d72c java-17-openjdk-static-libs-fastdebug-17.0.13.0.11-3.el8.x86_64.rpm 4588b59bc20d366670f6eca9c91e6fb76426bcaba8e51525c66ca406f1817ac8 java-17-openjdk-static-libs-slowdebug-17.0.13.0.11-3.el8.x86_64.rpm 80c3eba605778808241062c7386c6b6c4aec3e288252acbf589f3219f2048b1a RLSA-2024:8117 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) * JDK: Array indexing integer overflow (8328544) (CVE-2024-21210) * JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208) * JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217) * JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-1.8.0-openjdk. This update affects Rocky Linux 8, Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) * JDK: Array indexing integer overflow (8328544) (CVE-2024-21210) * JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208) * JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217) * JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.432.b06-2.el8.x86_64.rpm bffa854f5fe3cdd4aa1425b1bdf8e98872cbccd46f9e6edd3b2a6ff074a6331b java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.432.b06-2.el8.x86_64.rpm c95d9ab165b2e4499b5ba0c784af1ed8529dcaafd06308b65356130ff2dcd7e0 java-1.8.0-openjdk-demo-fastdebug-1.8.0.432.b06-2.el8.x86_64.rpm c6956c2a8f88594a1e9de9b66b59177b75f5c794386ac190113a9e8300a69602 java-1.8.0-openjdk-demo-slowdebug-1.8.0.432.b06-2.el8.x86_64.rpm fdc9047e3672eaf4416eee6639188810ce01c7084e483921b3b4dc314b91c562 java-1.8.0-openjdk-devel-fastdebug-1.8.0.432.b06-2.el8.x86_64.rpm 37b6a70492c9dcf399c2ad6c31685080d9936fccb75da613a6a0e55902de3582 java-1.8.0-openjdk-devel-slowdebug-1.8.0.432.b06-2.el8.x86_64.rpm 5802a286583a442ba30e2f51c46f7eed4cb90eb5c08eec2fa632131be53a4559 java-1.8.0-openjdk-fastdebug-1.8.0.432.b06-2.el8.x86_64.rpm 6ccec97f389b470d4647c3018686a226f13aae3c50edd3a43043db19f5e36af1 java-1.8.0-openjdk-headless-fastdebug-1.8.0.432.b06-2.el8.x86_64.rpm 35908c1d50078a42cbf1f6e3b4eb5df3c2c8b018ed0a8127aa8ec473258d2dcd java-1.8.0-openjdk-headless-slowdebug-1.8.0.432.b06-2.el8.x86_64.rpm 284065999b3d3c1b990c5282939ccbc11ca3db256c6d080a11cc75ceda305c05 java-1.8.0-openjdk-slowdebug-1.8.0.432.b06-2.el8.x86_64.rpm 629d039809fa0c3f62f77d163d2aeac89450ce1a9affa9f9de12262c0e07d32c java-1.8.0-openjdk-src-fastdebug-1.8.0.432.b06-2.el8.x86_64.rpm d4781297247bd39c372cd70a4820b46c7dfc5b33a3ae9aa16ce1b116f7cc5f62 java-1.8.0-openjdk-src-slowdebug-1.8.0.432.b06-2.el8.x86_64.rpm dde76f3346aaf4fd1ffc07ed725f8a3b26fa0af37eeb376337d7ba7b4a7dffb0 RLEA-2024:8852 The libproxy packages provide a library that handles all the details of proxy configuration. The libproxy library provides a stable external API, dynamic adjustment to changing network topology, and small core footprint. It does not use external dependencies within the libproxy core, however libproxy plug-ins may have dependencies. Bug Fix(es) and Enhancement(s): * libproxy: sending more than 102400 bytes in PAC without a Content-Length present could result in buffer overflow [rhel-8.10.0] (JIRA:Rocky Linux-30660) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libproxy. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libproxy packages provide a library that handles all the details of proxy configuration. The libproxy library provides a stable external API, dynamic adjustment to changing network topology, and small core footprint. It does not use external dependencies within the libproxy core, however libproxy plug-ins may have dependencies. Bug Fix(es) and Enhancement(s): * libproxy: sending more than 102400 bytes in PAC without a Content-Length present could result in buffer overflow [rhel-8.10.0] (JIRA:Rocky Linux-30660) rocky-linux-8-x86-64-powertools-rpms libproxy-devel-0.4.15-5.5.el8_10.x86_64.rpm d974e66dc16d43070fd7d505bb5a1c4f449bc990d8ddc9cd4c5dc5704d1c2959 RLSA-2024:8856 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857) * kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492) * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851) * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924) * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017) * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976) * kernel: nouveau: lock the client object tree. (CVE-2024-27062) * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839) * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898) * kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939) * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608) * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586) * kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541) * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540) * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503) * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924) * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961) * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983) * kernel: ACPICA: Revert &#34;ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.&#34; (CVE-2024-40984) * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773) * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009) * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042) * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066) * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092) * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093) * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070) * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079) * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244) * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284) * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292) * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301) * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854) * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880) * kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936) * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889) * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892) * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935) * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989) * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990) * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018) * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826) * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857) * kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492) * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851) * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924) * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017) * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976) * kernel: nouveau: lock the client object tree. (CVE-2024-27062) * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839) * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898) * kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939) * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608) * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586) * kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541) * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540) * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503) * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924) * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961) * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983) * kernel: ACPICA: Revert &#34;ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.&#34; (CVE-2024-40984) * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773) * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009) * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042) * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066) * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092) * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093) * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070) * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079) * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244) * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284) * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292) * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301) * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854) * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880) * kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936) * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889) * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892) * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935) * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989) * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990) * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018) * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826) * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-553.27.1.el8_10.x86_64.rpm 477462271ab01948884e6a43eb122d1d7cad97d7b4dd8c100c0aa2717d627009 RLSA-2024:8859 XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Security Fix(es): * libexpat: Integer Overflow or Wraparound (CVE-2024-45491) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for xmlrpc-c. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Security Fix(es): * libexpat: Integer Overflow or Wraparound (CVE-2024-45491) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms xmlrpc-c-c++-1.51.0-10.el8_10.x86_64.rpm 5529ac4a56300c91e5b54f2e5f86d77b5878699dec973432d9d52d6d8f14db23 xmlrpc-c-client++-1.51.0-10.el8_10.x86_64.rpm eb6ca1a191c061fb946369512de438e787fd94dc30b3bc3113e9728e1f589c6d xmlrpc-c-devel-1.51.0-10.el8_10.x86_64.rpm 6266e83158de6e7c5aeaec857df1b5f3de2f0ed93b034698c60d2bfe190be934 RLBA-2024:8861 OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. Bug Fix(es): * LDAPChannel binding enforced on AD with AD cert using EDCSA-SHA384 ( NOT RSA)- sssd kerberos SASL fails with STARTTLS enabled on AD LDAP Port while it works with AD cert using RSA (JIRA:Rocky Linux-35538) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for openldap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. Bug Fix(es): * LDAPChannel binding enforced on AD with AD cert using EDCSA-SHA384 ( NOT RSA)- sssd kerberos SASL fails with STARTTLS enabled on AD LDAP Port while it works with AD cert using RSA (JIRA:Rocky Linux-35538) rocky-linux-8-x86-64-powertools-rpms openldap-servers-2.4.46-20.el8_10.x86_64.rpm 684575a1e1ec944fdf5c81be8067ab01eee84b8f53495a2d17a8e847a7ec3e0a RLBA-2024:8866 GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Bug Fix(es): * Trashing on system internal mounts is not supported (JIRA:Rocky Linux-46828) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for glib2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Bug Fix(es): * Trashing on system internal mounts is not supported (JIRA:Rocky Linux-46828) rocky-linux-8-x86-64-powertools-rpms glib2-doc-2.56.4-165.el8_10.noarch.rpm 493211e216fd6518e4a21186ecaf7ada2da794767fa9445a064735c70618f531 glib2-static-2.56.4-165.el8_10.x86_64.rpm e5176ed3ee2349ee62af3775f68a0c9c8b60c183d882b554133d06c6fb1137ab RLSA-2024:8798 X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability (CVE-2024-9632) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for xorg-x11-server-Xwayland, xorg-x11-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability (CVE-2024-9632) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms xorg-x11-server-devel-1.20.11-25.el8_10.x86_64.rpm 58f80bc52ec7e48f640ef753fccef3597124945f90a97dcf05ccdc1542bcdf57 xorg-x11-server-source-1.20.11-25.el8_10.noarch.rpm ff868f94f0772f91372739b5b59d1efaabc72a84f7a4888dc34060f97374b924 RLSA-2024:8831 BPF Compiler Collection (BCC) is a toolkit for easier creation of efficient kernel tracing and manipulation programs. BCC uses the extended Berkeley Packet Filter (eBPF) tool. Security Fix(es): * bcc: unprivileged users can force loading of compromised linux headers (CVE-2024-2314) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

An update is available for bcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

BPF Compiler Collection (BCC) is a toolkit for easier creation of efficient kernel tracing and manipulation programs. BCC uses the extended Berkeley Packet Filter (eBPF) tool. Security Fix(es): * bcc: unprivileged users can force loading of compromised linux headers (CVE-2024-2314) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms bcc-devel-0.25.0-9.el8_10.x86_64.rpm 9a18f4ff67c5595ee15efce3cf89af60a31e48ac91d03f97cb6175e775ba1b08 bcc-doc-0.25.0-9.el8_10.noarch.rpm 8f025225175255db60efc9b0d7cd3aa2bb3099b77599bc2a0d3b447559479c60 RLSA-2024:8833 The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: NULL pointer dereference in tif_dirinfo.c (CVE-2024-7006) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: NULL pointer dereference in tif_dirinfo.c (CVE-2024-7006) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms libtiff-tools-4.0.9-33.el8_10.x86_64.rpm 55cb5572d23d5f30bceae72a39b89ea741376148aab85bd445628bcc044819f7 RLEA-2024:8835 Vulkan validation layers Bug Fix(es) and Enhancement(s): * [8.10.z] Vulkan rebase (z-stream): glslang (JIRA:Rocky Linux-54282) * [8.10.z] Vulkan rebase (z-stream): spirv-headers (JIRA:Rocky Linux-54284) * [8.10.z] Vulkan rebase (z-stream): spirv-tools (JIRA:Rocky Linux-54285) * [8.10.z] Vulkan rebase (z-stream): vulkan-headers (JIRA:Rocky Linux-54286) * [8.10.z] Vulkan rebase (z-stream): vulkan-loader (JIRA:Rocky Linux-54287) * [8.10.z] Vulkan rebase (z-stream): vulkan-tools (JIRA:Rocky Linux-54288) * [8.10.z] Vulkan rebase (z-stream): vulkan-validation-layers (JIRA:Rocky Linux-54290) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for vulkan-validation-layers, vulkan-headers, vulkan-tools, spirv-tools, vulkan-loader. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Vulkan validation layers Bug Fix(es) and Enhancement(s): * [8.10.z] Vulkan rebase (z-stream): glslang (JIRA:Rocky Linux-54282) * [8.10.z] Vulkan rebase (z-stream): spirv-headers (JIRA:Rocky Linux-54284) * [8.10.z] Vulkan rebase (z-stream): spirv-tools (JIRA:Rocky Linux-54285) * [8.10.z] Vulkan rebase (z-stream): vulkan-headers (JIRA:Rocky Linux-54286) * [8.10.z] Vulkan rebase (z-stream): vulkan-loader (JIRA:Rocky Linux-54287) * [8.10.z] Vulkan rebase (z-stream): vulkan-tools (JIRA:Rocky Linux-54288) * [8.10.z] Vulkan rebase (z-stream): vulkan-validation-layers (JIRA:Rocky Linux-54290) rocky-linux-8-x86-64-powertools-rpms spirv-tools-devel-2024.2-1.el8_10.x86_64.rpm 5586fc606acb99c085c71bd66d9a15a24c952708925f6769db4430e663eb4960 RLSA-2024:8836 Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix. For the unversioned "python" executable, see manual page "unversioned-python". Security Fix(es): * python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python3.12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix. For the unversioned "python" executable, see manual page "unversioned-python". Security Fix(es): * python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms python3.12-debug-3.12.6-1.el8_10.x86_64.rpm 75aafc37060e617a90afefb29207847cbc0c6622f97dc34a33de4855274b762b python3.12-idle-3.12.6-1.el8_10.x86_64.rpm 68dcca04d28d669b09261e3ec7d33fc2e145e2b65caf67f39a9a78a01fd4d223 python3.12-test-3.12.6-1.el8_10.x86_64.rpm b1afe6701588865dd2c3fffd0887f9cd4d90246da3cf5770e6c014f4b8cf0188 RLSA-2024:8838 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python3.11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms python3.11-debug-3.11.10-1.el8_10.x86_64.rpm 716d25ca85a5d50b67eb57c383c538d12fb04d2e54778bc032cfed08007e2e4b python3.11-idle-3.11.10-1.el8_10.x86_64.rpm ef4ef676b6a1f778e62711581c5403a6cf0b01ed48910101a273accef275162c python3.11-test-3.11.10-1.el8_10.x86_64.rpm 414a6928108fc00026dfd99b521e1760047ea452ae0b23343271fc496a10d470 RLBA-2024:8844 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Bug Fix(es): * Can't connect to Rocky Linux 10 installer (JIRA:Rocky Linux-53081) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Bug Fix(es): * Can't connect to Rocky Linux 10 installer (JIRA:Rocky Linux-53081) rocky-linux-8-x86-64-powertools-rpms freerdp-devel-2.11.7-1.el8_10.x86_64.rpm 698243e01ce8b1aa6f5452b793c49f35162bcc7d7522c1566426f9c4bf196309 RLBA-2024:8845 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Bug Fix(es): * Ghostscript is generating PJL of a significantly larger size (JIRA:Rocky Linux-61729) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Bug Fix(es): * Ghostscript is generating PJL of a significantly larger size (JIRA:Rocky Linux-61729) rocky-linux-8-x86-64-powertools-rpms ghostscript-doc-9.27-15.el8_10.noarch.rpm b5fd1836d5ccb6a811fd8f87a3f99a68b5568950555befa5f8b065ae19a9c536 ghostscript-tools-dvipdf-9.27-15.el8_10.x86_64.rpm d277a9eb4c2711016c48d2332ebd0a961a8c016994b926143a82d6c635447bec ghostscript-tools-fonts-9.27-15.el8_10.x86_64.rpm 59fa64ef35b6a7164a0df905743ca92bcc9372daccfc1a01e4ade1b2eb8c9571 ghostscript-tools-printing-9.27-15.el8_10.x86_64.rpm bc594da8eb7bb11b1e240f375754d853a0b2c0aae02be0ce9f4e4e5973105d5e libgs-devel-9.27-15.el8_10.x86_64.rpm 5bb0d2e3a2faaaa6bbf22f53fe07ac61f5b5251f37ff9845bce365d69a718316 RLEA-2024:9519 .NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. Bug Fix(es): * Update to .NET 9 RC 1 (JIRA:Rocky Linux-59037) * Update to .NET 9 RC 2 (JIRA:Rocky Linux-62768) Enhancement(s): * New Package Request: dotnet9.0: .NET 9 for Rocky Linux 8 (JIRA:Rocky Linux-46701)Bug Fix(es) and Enhancement(s): * New Package Request: dotnet9.0: .NET 9 for Rocky Linux 8 (JIRA:Rocky Linux-46701) * Update to .NET 9 RC 1 (JIRA:Rocky Linux-59037) * Update to .NET 9 RC 2 (JIRA:Rocky Linux-62768) * Update .NET 9.0 to SDK 9.0.100 and Runtime 9.0.0 (JIRA:Rocky Linux-65536) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet9.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. Bug Fix(es): * Update to .NET 9 RC 1 (JIRA:Rocky Linux-59037) * Update to .NET 9 RC 2 (JIRA:Rocky Linux-62768) Enhancement(s): * New Package Request: dotnet9.0: .NET 9 for Rocky Linux 8 (JIRA:Rocky Linux-46701)Bug Fix(es) and Enhancement(s): * New Package Request: dotnet9.0: .NET 9 for Rocky Linux 8 (JIRA:Rocky Linux-46701) * Update to .NET 9 RC 1 (JIRA:Rocky Linux-59037) * Update to .NET 9 RC 2 (JIRA:Rocky Linux-62768) * Update .NET 9.0 to SDK 9.0.100 and Runtime 9.0.0 (JIRA:Rocky Linux-65536) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-9.0-source-built-artifacts-9.0.100-1.el8_10.x86_64.rpm fe88ea33b0c621d7c6c7f94491e52c51d3152342714a0d24529904fe2535e2b4 RLBA-2024:9568 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.136 and Runtime 6.0.36 (Rocky Linux-65364)Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.136 and Runtime 6.0.36 (JIRA:Rocky Linux-65364) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.136 and Runtime 6.0.36 (Rocky Linux-65364)Bug Fix(es) and Enhancement(s): * Update .NET 6.0 to SDK 6.0.136 and Runtime 6.0.36 (JIRA:Rocky Linux-65364) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-6.0-source-built-artifacts-6.0.136-1.el8_10.x86_64.rpm b287bc8076e615a6635c5d4f3c0e3336281e80f8a5e1af629c3c0d4fa2c4a578 RLBA-2024:9569 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 8.0 to SDK 8.0.111 and Runtime 8.0.11 (Rocky Linux-65366)Bug Fix(es) and Enhancement(s): * Update .NET 8.0 to SDK 8.0.111 and Runtime 8.0.11 (JIRA:Rocky Linux-65366) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 8.0 to SDK 8.0.111 and Runtime 8.0.11 (Rocky Linux-65366)Bug Fix(es) and Enhancement(s): * Update .NET 8.0 to SDK 8.0.111 and Runtime 8.0.11 (JIRA:Rocky Linux-65366) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.111-1.el8_10.1.x86_64.rpm a20c990d11370a953f1e109f8358f37d9e20b2a794c0aac658f9b9c2ad1568b0 RLBA-2024:9685 Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. Bug Fix(es): * WebKitGTK 2.46.1: Middle mouse button inserts primary clipboard twice [rhel-8.10.z] (JIRA:Rocky Linux-62681) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for evolution. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. Bug Fix(es): * WebKitGTK 2.46.1: Middle mouse button inserts primary clipboard twice [rhel-8.10.z] (JIRA:Rocky Linux-62681) rocky-linux-8-x86-64-powertools-rpms evolution-devel-3.28.5-27.el8_10.x86_64.rpm b4a02deca521c5a1ce1fec09763194a481a36d3f7e2954ad5e3ead2760ffbc3a RLSA-2024:10281 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: media: edia: dvbdev: fix a use-after-free (CVE-2024-27043) * kernel: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (CVE-2024-27399) * kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CVE-2024-38564) * kernel: mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: media: edia: dvbdev: fix a use-after-free (CVE-2024-27043) * kernel: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (CVE-2024-27399) * kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CVE-2024-38564) * kernel: mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-553.30.1.el8_10.x86_64.rpm 7f6a7c583af339ec3070ac665bd913f86aee4725fe221e0140f761a322bd2fad RLSA-2024:10943 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: selinux,smack: don't bypass permissions check in inode_setsecctx hook (CVE-2024-46695) * kernel: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (CVE-2024-49949) * kernel: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (CVE-2024-50082) * kernel: arm64: probes: Remove broken LDR (literal) uprobe support (CVE-2024-50099) * kernel: xfrm: fix one more kernel-infoleak in algo dumping (CVE-2024-50110) * kernel: xfrm: validate new SA&#39;s prefixlen using SA family when sel.family is unset (CVE-2024-50142) * kernel: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (CVE-2024-50192) * kernel: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (CVE-2024-50256) * kernel: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (CVE-2024-50264) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: selinux,smack: don't bypass permissions check in inode_setsecctx hook (CVE-2024-46695) * kernel: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (CVE-2024-49949) * kernel: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (CVE-2024-50082) * kernel: arm64: probes: Remove broken LDR (literal) uprobe support (CVE-2024-50099) * kernel: xfrm: fix one more kernel-infoleak in algo dumping (CVE-2024-50110) * kernel: xfrm: validate new SA&#39;s prefixlen using SA family when sel.family is unset (CVE-2024-50142) * kernel: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (CVE-2024-50192) * kernel: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (CVE-2024-50256) * kernel: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (CVE-2024-50264) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-553.32.1.el8_10.x86_64.rpm b649e3b3df30ba2affb4cfb6b93caf9c6e06e5a5e795ecf73ac9c22ad7ab4b59 RLBA-2024:11151 The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es): * [RfE] SSSD Failover Enhancements [rhel-8.10.z] (JIRA:Rocky Linux-39085) * SSSD needs an option to indicate if the LDAP server can run the exop with an anonymous bind or not [rhel-8.10.z] (JIRA:Rocky Linux-66267) * sssd is skipping GPO evaluation with auto_private_groups [rhel-8.10.z] (JIRA:Rocky Linux-66272) * possible regression of rhbz#2196521 [rhel-8.10.z] (JIRA:Rocky Linux-66277) * Excessive "Domain not found' messages logged to sssd_nss & sssd_be in multidomain AD forest [rhel-8.10.z] (JIRA:Rocky Linux-67128) * Label DP_OPT_DYNDNS_REFRESH_OFFSET has no corresponding option [rhel-8.10.z] (JIRA:Rocky Linux-67671) * sssd backend process segfaults when krb5.conf is invalid [rhel-8.10.z] (JIRA:Rocky Linux-68507) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es): * [RfE] SSSD Failover Enhancements [rhel-8.10.z] (JIRA:Rocky Linux-39085) * SSSD needs an option to indicate if the LDAP server can run the exop with an anonymous bind or not [rhel-8.10.z] (JIRA:Rocky Linux-66267) * sssd is skipping GPO evaluation with auto_private_groups [rhel-8.10.z] (JIRA:Rocky Linux-66272) * possible regression of rhbz#2196521 [rhel-8.10.z] (JIRA:Rocky Linux-66277) * Excessive "Domain not found' messages logged to sssd_nss & sssd_be in multidomain AD forest [rhel-8.10.z] (JIRA:Rocky Linux-67128) * Label DP_OPT_DYNDNS_REFRESH_OFFSET has no corresponding option [rhel-8.10.z] (JIRA:Rocky Linux-67671) * sssd backend process segfaults when krb5.conf is invalid [rhel-8.10.z] (JIRA:Rocky Linux-68507) rocky-linux-8-x86-64-powertools-rpms libsss_nss_idmap-devel-2.9.4-5.el8_10.1.x86_64.rpm 557ce11805594806b65dce492e8ff50b262a53a6abfeff4678ed12d1d2f6430d RLBA-2024:11152 Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Bug Fix(es): * smbd-notifyd O(n*n) performance issue ( https://bugzilla.samba.org/show_bug.cgi?id=14430 ) [rhel-8.10.z] (JIRA:Rocky Linux-63770) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for samba. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Bug Fix(es): * smbd-notifyd O(n*n) performance issue ( https://bugzilla.samba.org/show_bug.cgi?id=14430 ) [rhel-8.10.z] (JIRA:Rocky Linux-63770) rocky-linux-8-x86-64-powertools-rpms libnetapi-devel-4.19.4-6.el8_10.x86_64.rpm 96600a815a1043e275679f6ac36e3052b955ae8a320d24adb7c7301d41d47d69 libsmbclient-devel-4.19.4-6.el8_10.x86_64.rpm 5bf94be51f3bdee4b8e52b66e446b6ad44cf707eb398592f4bb16b9b5f36697b libwbclient-devel-4.19.4-6.el8_10.x86_64.rpm 6c24730989ebcab5a2b669684239424aa8e3a32f6dca79204959c2316b4f0761 python3-samba-devel-4.19.4-6.el8_10.x86_64.rpm 47e664932da9fe318fabf59ffc9434913b5af3ec42d925688f15736029e2675b samba-devel-4.19.4-6.el8_10.x86_64.rpm 79e81ca14f9ad451d448211bc118bd2b6dd29e93d8b0ab26a85e2d62d651feb1 RLBA-2024:10863 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 9.0 to SDK 9.0.101 and Runtime 9.0.0 (Rocky Linux-69750) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet9.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 9.0 to SDK 9.0.101 and Runtime 9.0.0 (Rocky Linux-69750) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-9.0-source-built-artifacts-9.0.101-2.el8_10.x86_64.rpm f4ce81fc5aa472442cfd8908270b6a7aa6e41ff2b280eacce99fd06a5b54b6af RLSA-2024:10979 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Virtual environment (venv) activation scripts don't quote paths (CVE-2024-9287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for python3.11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Virtual environment (venv) activation scripts don't quote paths (CVE-2024-9287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms python3.11-debug-3.11.11-1.el8_10.x86_64.rpm b8f40dfe6fe8851ad57ab881e7df9f42f25d1a7d57f38e500e73507ddfa6f302 python3.11-idle-3.11.11-1.el8_10.x86_64.rpm 47f80ccdc14b00040fc3f46a61100b85bc137dce60c564eefd56df092aceba6e python3.11-test-3.11.11-1.el8_10.x86_64.rpm 0904ffb1788fa4eef2cbabaf2d1cf914b25c74bb0c57914df0ac76ad22d42059 RLSA-2024:10980 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Virtual environment (venv) activation scripts don't quote paths (CVE-2024-9287) * python: Unbounded memory buffering in SelectorSocketTransport.writelines() (CVE-2024-12254) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for python3.12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Virtual environment (venv) activation scripts don't quote paths (CVE-2024-9287) * python: Unbounded memory buffering in SelectorSocketTransport.writelines() (CVE-2024-12254) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms python3.12-debug-3.12.8-1.el8_10.x86_64.rpm 483cd84e3ba3c3b82210bb5ae626d3d4ee73848e6f04e1961a449fa6dc102031 python3.12-idle-3.12.8-1.el8_10.x86_64.rpm e785afc76e6e360de7b0f4540cc17f42db185bd42916e62fbd270b320aff3a16 python3.12-test-3.12.8-1.el8_10.x86_64.rpm 643dbacfe13eee52e83db5f05e801be81765fd2c3039980c1d3fa24cc9260899 RLSA-2025:0065 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: i40e: fix race condition by adding filter's intermediate sync state (CVE-2024-53088) * kernel: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (CVE-2024-53122) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: i40e: fix race condition by adding filter's intermediate sync state (CVE-2024-53088) * kernel: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (CVE-2024-53122) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-553.34.1.el8_10.x86_64.rpm 4c58d190ace8aa24e47aa4ab92c8ad07bbb5307a885750d84add5021cbfdf962 RLSA-2025:0222 The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Security Fix(es): * dpdk: Denial Of Service from malicious guest on hypervisors using DPDK Vhost library (CVE-2024-11614) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dpdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Security Fix(es): * dpdk: Denial Of Service from malicious guest on hypervisors using DPDK Vhost library (CVE-2024-11614) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dpdk-devel-23.11-2.el8_10.x86_64.rpm a231447fc3fb4205ef054890cea7094f4b70edc00216d6020818ed8db2f45f8b RLSA-2025:0314 Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples. Security Fix(es): * raptor: integer underflow when normalizing a URI with the turtle parser (CVE-2024-57823) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for raptor2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples. Security Fix(es): * raptor: integer underflow when normalizing a URI with the turtle parser (CVE-2024-57823) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms raptor2-devel-2.0.15-17.el8_10.x86_64.rpm 304bd208760bf6c27942bc836172556281d81b8299fc60d7ce4e15a3c3c447b6 RLSA-2024:3269 The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Out of bounds write in iconv may lead to remote code execution (CVE-2024-2961) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Out of bounds write in iconv may lead to remote code execution (CVE-2024-2961) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms glibc-benchtests-2.28-251.el8_10.11.x86_64.rpm 50a3440a7761bba169cc5973f0ee5fd8527ad5b87e08b0221fc42d6e7fbc2adc glibc-nss-devel-2.28-251.el8_10.11.x86_64.rpm aff1ef18d4671a517aa6ae3b55828a5ad002b38c5f5281defd6ebb61ff6ebc26 glibc-static-2.28-251.el8_10.11.x86_64.rpm 9d3ab3667a55e830556fb12876eff3d447a067e1c08f3ac61693be61fa057934 nss_hesiod-2.28-251.el8_10.11.x86_64.rpm 99bf9b84b2e71120f2cdc8c10b34ccd680d964624f85a626e9c16e26ffdb6cad RLBA-2025:0572 (Rocky Linux-56480) (Rocky Linux-71396) (Rocky Linux-28790) (Rocky Linux-59649) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

(Rocky Linux-56480) (Rocky Linux-71396) (Rocky Linux-28790) (Rocky Linux-59649) rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-553.36.1.el8_10.x86_64.rpm 3688aaf31bb8e5650b74e5e3663ecce4c7c8d3fbdb3e144802fc80c8242dea4d RLBA-2025:0730 nftables provides a packet-filtering tool, with numerous improvements in convenience, features, and performance. It is the designated successor to iptables, ip6tables, arptables and ebtables. Bug Fix(es): * Actively reject untranslatable compat expressions (JIRA:Rocky Linux-5806) * Unable to set port range/interval in nftables using nft insert command. (JIRA:Rocky Linux-62895) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for nftables. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

nftables provides a packet-filtering tool, with numerous improvements in convenience, features, and performance. It is the designated successor to iptables, ip6tables, arptables and ebtables. Bug Fix(es): * Actively reject untranslatable compat expressions (JIRA:Rocky Linux-5806) * Unable to set port range/interval in nftables using nft insert command. (JIRA:Rocky Linux-62895) rocky-linux-8-x86-64-powertools-rpms nftables-devel-1.0.4-7.el8_10.x86_64.rpm ae98204d6007b5d132c9393e01016f111bc498daedd3b1141254858c553c47f6 RLBA-2025:0732 A Library providing simplified C and Python API to libsolv. Bug Fix(es): * "dnf history rollback <id>" operates as if it was a "undo" when <id> is not latest [rhel-8.10.z] (JIRA:Rocky Linux-68770) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for libdnf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

A Library providing simplified C and Python API to libsolv. Bug Fix(es): * "dnf history rollback <id>" operates as if it was a "undo" when <id> is not latest [rhel-8.10.z] (JIRA:Rocky Linux-68770) rocky-linux-8-x86-64-powertools-rpms libdnf-devel-0.63.0-21.el8_10.x86_64.rpm 10f9ac0655cf29f3242a15d16386101b0ca938c147d7a7d6cd34d901e82ae16d RLSA-2025:1068 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: scsi: core: Fix unremoved procfs host directory regression (CVE-2024-26935) * kernel: arm64/sve: Discard stale CPU state when handling SVE traps (CVE-2024-50275) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: scsi: core: Fix unremoved procfs host directory regression (CVE-2024-26935) * kernel: arm64/sve: Discard stale CPU state when handling SVE traps (CVE-2024-50275) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-553.37.1.el8_10.x86_64.rpm 7b79f1b99d41edfdd043aec43c5eec6b21c81995147882b88c4ba5a22efcdc3e RLSA-2025:1301 The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix(es): * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix(es): * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms gcc-plugin-devel-8.5.0-23.el8_10.x86_64.rpm 55497ea7b98692aeab9ab8574cc2c5836068fa367205e681182019d41980957d libstdc++-static-8.5.0-23.el8_10.x86_64.rpm 40ba8ff59608f78775fdbbb24955e744bd109c3a4b644fac50216b33004f3f39 RLSA-2025:0381 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.112 and .NET Runtime 8.0.1.12. Security Fix(es): * dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172) * dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173) * dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es): * dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173) * dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176) * dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.112 and .NET Runtime 8.0.1.12. Security Fix(es): * dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172) * dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173) * dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es): * dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173) * dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176) * dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.112-1.el8_10.x86_64.rpm 0fbd17e752ea02f357aab7cfcf28b121390fdc7f7bf3c8e81fa3d33337f00301 RLSA-2025:0382 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.102 and .NET Runtime 9.0.1. Security Fix(es): * dotnet: .NET Remote Code Execution Vulnerability (CVE-2025-21171) * dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172) * dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173) * dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es): * dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173) * dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176) * dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172) * dotnet: .NET Remote Code Execution Vulnerability (CVE-2025-21171) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for dotnet9.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.102 and .NET Runtime 9.0.1. Security Fix(es): * dotnet: .NET Remote Code Execution Vulnerability (CVE-2025-21171) * dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172) * dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173) * dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es): * dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173) * dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176) * dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172) * dotnet: .NET Remote Code Execution Vulnerability (CVE-2025-21171) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-9.0-source-built-artifacts-9.0.102-1.el8_10.x86_64.rpm 3ef10fd5280b7a0bf41e6735399a688dd8514d9783741c68fe7e43c33f332330 RLSA-2025:0426 The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * JDK: Enhance array handling (CVE-2025-21502) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for java-21-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * JDK: Enhance array handling (CVE-2025-21502) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms java-21-openjdk-demo-fastdebug-21.0.6.0.7-1.el8.x86_64.rpm 93cbd3b47ff988265160346992211f91cfa323957f8849249eca200f34e30033 java-21-openjdk-demo-slowdebug-21.0.6.0.7-1.el8.x86_64.rpm 78c3a577ec22b6c920d328dad41c5ea2ee056333b1d033a66ed9dc68240e028d java-21-openjdk-devel-fastdebug-21.0.6.0.7-1.el8.x86_64.rpm da0ed7404d4cd5ca2fcefabda4bb18ec3ead094fb24927706748744cc3a4547f java-21-openjdk-devel-slowdebug-21.0.6.0.7-1.el8.x86_64.rpm 184e509b4bca06fbd287d6e6f5beea26c920d99711f2f76c809808e1b983cf4a java-21-openjdk-fastdebug-21.0.6.0.7-1.el8.x86_64.rpm 0f3dbc7d1039fea304556583053a7d3d37b26effd5bd6a5ed107ee8015d9f8db java-21-openjdk-headless-fastdebug-21.0.6.0.7-1.el8.x86_64.rpm 5afacebdac29290dbb039390d11469b33c276d3016f710b91f5a5b8e886cb134 java-21-openjdk-headless-slowdebug-21.0.6.0.7-1.el8.x86_64.rpm 16ddd67ab5cf9adb8155517b59f1622c09194ef5296e970581f8688d5a9a739a java-21-openjdk-jmods-fastdebug-21.0.6.0.7-1.el8.x86_64.rpm f1fe573e6fe1bf52ea58ee456956579a2b71d4644bb4786a3744773de2e9fa96 java-21-openjdk-jmods-slowdebug-21.0.6.0.7-1.el8.x86_64.rpm e2919ef1a92300dcb3028dd3bbd5de8bada2c7052a2b1b0ad0d72e0bef5f4c95 java-21-openjdk-slowdebug-21.0.6.0.7-1.el8.x86_64.rpm d9b805a22ce862cc58190572174b247cef3f50195ac7d4bcc55f1676bd0cf35c java-21-openjdk-src-fastdebug-21.0.6.0.7-1.el8.x86_64.rpm 406f69bd086419b00d03889d3e6e907dc0c0effabea5fd3d81eb7beed3d2f589 java-21-openjdk-src-slowdebug-21.0.6.0.7-1.el8.x86_64.rpm 1af1e92ca0cc941ff8dea16c95d1c5c8e76fcc8607b0c93ee7f0b3b430194520 java-21-openjdk-static-libs-fastdebug-21.0.6.0.7-1.el8.x86_64.rpm 85b880811d799161fcddec6bfbcc9433cb1260beb56742b2d1cc013ea3e0fbfd java-21-openjdk-static-libs-slowdebug-21.0.6.0.7-1.el8.x86_64.rpm 66c2d4f35a4b911fb3925038625bfa756fee360569e5043714e71306e9801058 RLBA-2025:0742 Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es): * XSetWMHints ignored (JIRA:Rocky Linux-35286) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for mutter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mutter is a compositing window manager that displays and manages desktop through OpenGL. It combines the window-management logic inherited from the Metacity window manager with a display engine that uses the Clutter toolkit. Bug Fix(es): * XSetWMHints ignored (JIRA:Rocky Linux-35286) rocky-linux-8-x86-64-powertools-rpms mutter-devel-3.32.2-73.el8_10.x86_64.rpm 490c7ae1baf68cee4547d930e2d142f1198d7bfed81d08ea7fba40efa5dc8aa4 RLBA-2025:0744 JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Bug Fix(es): * Gimp fails to open JPEG 2000 (.jp2) files, maximum number of samples exceeded (JIRA:Rocky Linux-27923) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for jasper. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Bug Fix(es): * Gimp fails to open JPEG 2000 (.jp2) files, maximum number of samples exceeded (JIRA:Rocky Linux-27923) rocky-linux-8-x86-64-powertools-rpms jasper-devel-2.0.14-6.el8_10.x86_64.rpm 8c5a51b65525558c96d7cbe1b1b2540dc9e4c6fde72796c1aed005fa487debfb RLBA-2025:1336 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.Bug Fix(es) and Enhancement(s): * Update .NET 9.0 to SDK 9.0.103 and Runtime 9.0.2 (JIRA:Rocky Linux-76903) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet9.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.Bug Fix(es) and Enhancement(s): * Update .NET 9.0 to SDK 9.0.103 and Runtime 9.0.2 (JIRA:Rocky Linux-76903) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-9.0-source-built-artifacts-9.0.103-1.el8_10.x86_64.rpm d8ba7cff164fb24109ad65fb02514b64e9178712e9a3665e187c330c8db69f14 RLBA-2025:1344 .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.Bug Fix(es) and Enhancement(s): * Update .NET 8.0 to SDK 8.0.113 and Runtime 8.0.13 (JIRA:Rocky Linux-76901) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.Bug Fix(es) and Enhancement(s): * Update .NET 8.0 to SDK 8.0.113 and Runtime 8.0.13 (JIRA:Rocky Linux-76901) rocky-linux-8-x86-64-powertools-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.113-1.el8_10.x86_64.rpm 6730eb8b336684f8d9d1e3dbd281180c846f43925183bb657c9483898c5d3ef4 RLSA-2025:1314 Doxygen can generate an online class browser (in HTML) and/or a reference manual (in LaTeX) from a set of documented source files. The documentation is extracted directly from the sources. Doxygen can also be configured to extract the code structure from undocumented source files. Security Fix(es): * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for doxygen. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Doxygen can generate an online class browser (in HTML) and/or a reference manual (in LaTeX) from a set of documented source files. The documentation is extracted directly from the sources. Doxygen can also be configured to extract the code structure from undocumented source files. Security Fix(es): * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms doxygen-1.8.14-13.el8_10.x86_64.rpm 3fdf99d06b7521870f01150f6ae21d5e6e341617d09cc432788076bd13585def doxygen-doxywizard-1.8.14-13.el8_10.x86_64.rpm 3535d846f69429ab03ab7c060d691110a50b5af7398e002eb561667d5ab5572d doxygen-latex-1.8.14-13.el8_10.x86_64.rpm 17af08271222f40ee679a93751582d42ec5375680a38c2c11a0ee3ecb9d380b0 RLSA-2025:1266 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CVE-2024-53104) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CVE-2024-53104) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms kernel-tools-libs-devel-4.18.0-553.40.1.el8_10.x86_64.rpm b977c8912f0dc4f882180a45e8a4abd6e2ed4293c256531ae46b04bbd28aa8f5 RLBA-2025:1573 The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Bug Fix(es): * glibc: pthread_cond_wait missed wakeup (swbz#25847) [rhel-8] (JIRA:Rocky Linux-8381) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Bug Fix(es): * glibc: pthread_cond_wait missed wakeup (swbz#25847) [rhel-8] (JIRA:Rocky Linux-8381) rocky-linux-8-x86-64-powertools-rpms glibc-benchtests-2.28-251.el8_10.13.x86_64.rpm 9c6dbe18664e9c0d16a720de725b0d082f6f85242141032176286e8b42d3cc95 glibc-nss-devel-2.28-251.el8_10.13.x86_64.rpm 2940f533a16d61f6fbf9a9b1916930237bf9e0428269ddfda292380832288c3d glibc-static-2.28-251.el8_10.13.x86_64.rpm 38e9201c06361cddba1f8a0dfe41246b581e446c4f4082590f16a7c3e66d40a5 nss_hesiod-2.28-251.el8_10.13.x86_64.rpm 2ee2f1f832773cfdcbf6ac90c62518a63a55fdce5162731af9edf6a53979d7f0 RLSA-2025:1676 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: bind9: Many records in the additional section cause CPU exhaustion (CVE-2024-11187) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

An update is available for bind9.16. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: bind9: Many records in the additional section cause CPU exhaustion (CVE-2024-11187) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-powertools-rpms bind9.16-devel-9.16.23-0.22.el8_10.2.x86_64.rpm b82f3b4acdb1687059e5bc1d5c49a134c0bcf5dd35b07b2b5a5905e105846026 bind9.16-doc-9.16.23-0.22.el8_10.2.noarch.rpm 9375101c8a328a7ac554c67771c4f5522155d96786bb8aabde3727a802f14123