Synopsis: Important: flatpak security update Advisory ID: SLSA-2021:4044-1 Issue Date: 2021-11-02 CVE Numbers: CVE-2021-41133 — Security Fix(es): * flatpak: Sandbox bypass via recent VFS-manipulating syscalls (CVE-2021-41133) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More
Synopsis: Moderate: binutils security update Advisory ID: SLSA-2021:4033-1 Issue Date: 2021-11-02 CVE Numbers: CVE-2021-42574 — Security Fix(es): * Developer environment: Unicode’s bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in binutils in order … Read More
Synopsis: Important: xstream security update Advisory ID: SLSA-2021:3956-1 Issue Date: 2021-10-25 CVE Numbers: CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154 — Security Fix(es): * xstream: Arbitrary code execution via unsafe deserialization of Xalan … Read More
Synopsis: Important: java-1.8.0-openjdk security and bug fix update Advisory ID: SLSA-2021:3889-1 Issue Date: 2021-10-20 CVE Numbers: CVE-2021-35565 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35586 CVE-2021-35603 CVE-2021-35550 CVE-2021-35578 CVE-2021-35567 CVE-2021-35588 — Security Fix(es): * OpenJDK: Loop in HttpsServer triggered during TLS session close … Read More
Synopsis: Important: java-11-openjdk security and bug fix update Advisory ID: SLSA-2021:3892-1 Issue Date: 2021-10-20 CVE Numbers: CVE-2021-35565 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35586 CVE-2021-35603 CVE-2021-35550 CVE-2021-35578 CVE-2021-35567 — Security Fix(es): * OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, … Read More
Synopsis: Important: thunderbird security update Advisory ID: SLSA-2021:3841-1 Issue Date: 2021-10-18 CVE Numbers: CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 CVE-2021-38502 — This update upgrades Thunderbird to version 91.2.0. Security Fix(es): * Mozilla: Use-after-free in MessageTask (CVE-2021-38496) * Mozilla: Memory safety … Read More
Synopsis: Important: firefox security update Advisory ID: SLSA-2021:3791-1 Issue Date: 2021-10-12 CVE Numbers: CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 — This update upgrades Firefox to version 91.2.0 ESR. Security Fix(es): * Mozilla: Use-after-free in MessageTask (CVE-2021-38496) * Mozilla: Memory safety … Read More
Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2021:3801-1 Issue Date: 2021-10-12 CVE Numbers: CVE-2021-22543 CVE-2021-3653 CVE-2021-3656 CVE-2021-37576 — Security Fix(es): * kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: powerpc: … Read More
Synopsis: Moderate: libxml2 security update Advisory ID: SLSA-2021:3810-1 Issue Date: 2021-10-12 CVE Numbers: CVE-2016-4658 — Security Fix(es): * libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) For more details about the security issue(s), including the impact, a … Read More
Synopsis: Moderate: openssl security update Advisory ID: SLSA-2021:3798-1 Issue Date: 2021-10-12 CVE Numbers: CVE-2021-23841 CVE-2021-23840 — Security Fix(es): * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) For more details about the security issue(s), … Read More
