firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2020:2827-1 Issue Date: 2020-07-07 CVE Numbers: None — Security Fix(es): * Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417) * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) … Read More

firefox (SL6)

Synopsis: Important: firefox security update Advisory ID: SLSA-2020:2824-1 Issue Date: 2020-07-07 CVE Numbers: None — Security Fix(es): * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2020:2664-1 Issue Date: 2020-06-23 CVE Numbers: None — Security Fix(es): * Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888) — SL7 x86_64 … Read More

ntp (SL7)

Synopsis: Moderate: ntp security update Advisory ID: SLSA-2020:2663-1 Issue Date: 2020-06-23 CVE Numbers: None — Security Fix(es): * ntp: ntpd using highly predictable transmit timestamps could result in time change or DoS (CVE-2020-13817) * ntp: DoS on client ntpd using … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2020:2615-1 Issue Date: 2020-06-22 CVE Numbers: None — Security Fix(es): * Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage (CVE-2020-12398) * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion … Read More

unbound (SL7)

Synopsis: Important: unbound security update Advisory ID: SLSA-2020:2642-1 Issue Date: 2020-06-22 CVE Numbers: None — Security Fix(es): * unbound: incomplete fix for CVE-2020-12662 in RHEL7 (CVE-2020-10772) — SL7 x86_64 unbound-1.6.6-5.el7_8.x86_64.rpm unbound-debuginfo-1.6.6-5.el7_8.i686.rpm unbound-debuginfo-1.6.6-5.el7_8.x86_64.rpm unbound-libs-1.6.6-5.el7_8.i686.rpm unbound-libs-1.6.6-5.el7_8.x86_64.rpm unbound-devel-1.6.6-5.el7_8.i686.rpm unbound-devel-1.6.6-5.el7_8.x86_64.rpm unbound-python-1.6.6-5.el7_8.x86_64.rpm – Scientific Linux … Read More

unbound (SL6)

Synopsis: Important: unbound security update Advisory ID: SLSA-2020:2640-1 Issue Date: 2020-06-22 CVE Numbers: None — Security Fix(es): * unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662) * unbound: infinite loop via … Read More

thunderbird (SL6)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2020:2613-1 Issue Date: 2020-06-19 CVE Numbers: None — Security Fix(es): * Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage (CVE-2020-12398) * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion … Read More

libexif (SL7)

Synopsis: Moderate: libexif security update Advisory ID: SLSA-2020:2549-1 Issue Date: 2020-06-15 CVE Numbers: None — Security Fix(es): * libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS (CVE-2020-13112) — SL7 x86_64 libexif-0.6.21-7.el7_8.i686.rpm libexif-0.6.21-7.el7_8.x86_64.rpm libexif-debuginfo-0.6.21-7.el7_8.i686.rpm … Read More

tomcat6 (SL6)

Synopsis: Important: tomcat6 security update Advisory ID: SLSA-2020:2529-1 Issue Date: 2020-06-11 CVE Numbers: None — * tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484) — SL6 noarch tomcat6-6.0.24-115.el6_10.noarch.rpm tomcat6-admin-webapps-6.0.24-115.el6_10.noarch.rpm tomcat6-docs-webapp-6.0.24-115.el6_10.noarch.rpm tomcat6-el-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-javadoc-6.0.24-115.el6_10.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-lib-6.0.24-115.el6_10.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-115.el6_10.noarch.rpm tomcat6-webapps-6.0.24-115.el6_10.noarch.rpm – … Read More