xorg-x11-server (SL7)

Synopsis: Important: xorg-x11-server security update Advisory ID: SLSA-2022:8491-1 Issue Date: 2022-11-16 CVE Numbers: CVE-2022-3550 CVE-2022-3551 — Security Fix(es): * xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c (CVE-2022-3550) * xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c (CVE-2022-3551) For more details about … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2022:7337-1 Issue Date: 2022-11-03 CVE Numbers: CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825 CVE-2022-2588 CVE-2022-26373 — Security Fix(es): * a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588) * RetBleed … Read More

pcs (SL7)

Synopsis: Important: pcs security update Advisory ID: SLSA-2022:7343-1 Issue Date: 2022-11-03 CVE Numbers: CVE-2019-11358 CVE-2022-30123 — Security Fix(es): * rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123) * jquery: Prototype pollution in object’s prototype leading to denial of service, … Read More

php-pear (SL7)

Synopsis: Moderate: php-pear security update Advisory ID: SLSA-2022:7340-1 Issue Date: 2022-11-03 CVE Numbers: CVE-2020-28948 CVE-2020-28949 CVE-2020-36193 — Security Fix(es): * Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked (CVE-2020-28948) * Archive_Tar: improper filename sanitization … Read More

device-mapper-multipath (SL7)

Synopsis: Important: device-mapper-multipath security update Advisory ID: SLSA-2022:7186-1 Issue Date: 2022-10-25 CVE Numbers: CVE-2022-41974 — Security Fix(es): * device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket (CVE-2022-41974) For more details about the security issue(s), … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:7184-1 Issue Date: 2022-10-25 CVE Numbers: CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 CVE-2022-39236 CVE-2022-39249 CVE-2022-39250 CVE-2022-39251 — This update upgrades Thunderbird to version 102.4.0. Security Fix(es): * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to … Read More

389-ds-base (SL7)

Synopsis: Moderate: 389-ds-base security and bug fix update Advisory ID: SLSA-2022:7087-1 Issue Date: 2022-10-25 CVE Numbers: CVE-2022-2850 — Security Fix(es): * 389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More

libksba (SL7)

Synopsis: Important: libksba security update Advisory ID: SLSA-2022:7088-1 Issue Date: 2022-10-24 CVE Numbers: CVE-2022-3515 — Security Fix(es): * libksba: integer overflow may lead to remote code execution (CVE-2022-3515) For more details about the security issue(s), including the impact, a CVSS … Read More

pki-core (SL7)

Synopsis: Moderate: pki-core security update Advisory ID: SLSA-2022:7086-1 Issue Date: 2022-10-24 CVE Numbers: CVE-2022-2393 — Security Fix(es): * pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field (CVE-2022-2393) For more … Read More

java-1.8.0-openjdk (SL7)

Synopsis: Moderate: java-1.8.0-openjdk security and bug fix update Advisory ID: SLSA-2022:7002-1 Issue Date: 2022-10-20 CVE Numbers: CVE-2022-21619 CVE-2022-21626 CVE-2022-21624 CVE-2022-21628 — Security Fix(es): * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection … Read More