kernel (SL7)

Synopsis: Moderate: kernel security and bug fix update Advisory ID: SLSA-2022:5937-1 Issue Date: 2022-08-09 CVE Numbers: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 — Security Fix(es): * Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123) * Incomplete cleanup of microarchitectural fill buffers (aka … Read More

xorg-x11-server (SL7)

Synopsis: Important: xorg-x11-server security update Advisory ID: SLSA-2022:5905-1 Issue Date: 2022-08-04 CVE Numbers: CVE-2022-2319 CVE-2022-2320 — Security Fix(es): * xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access (CVE-2022-2319) * xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension (CVE-2022-2320) For … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:5773-1 Issue Date: 2022-08-03 CVE Numbers: CVE-2022-36319 CVE-2022-36318 CVE-2022-2505 — This update upgrades Thunderbird to version 91.12.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 (CVE-2022-2505) * Mozilla: … Read More

java-11-openjdk (SL7)

Synopsis: Important: java-11-openjdk security, bug fix, and enhancement update Advisory ID: SLSA-2022:5687-1 Issue Date: 2022-08-01 CVE Numbers: CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 — The following packages have been upgraded to a later upstream version: java-11-openjdk (11.0.16.0.8). Security Fix(es): * OpenJDK: integer truncation … Read More

java-1.8.0-openjdk (SL7)

Synopsis: Important: java-1.8.0-openjdk security, bug fix, and enhancement update Advisory ID: SLSA-2022:5698-1 Issue Date: 2022-08-01 CVE Numbers: CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 — The following packages have been upgraded to a later upstream version: java-1.8.0-openjdk (1.8.0.342.b07). Security Fix(es): * OpenJDK: integer truncation … Read More

squid (SL7)

Synopsis: Important: squid security update Advisory ID: SLSA-2022:5542-1 Issue Date: 2022-08-01 CVE Numbers: CVE-2021-46784 — Security Fix(es): * squid: DoS when processing gopher server responses (CVE-2021-46784) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:5480-1 Issue Date: 2022-07-01 CVE Numbers: CVE-2022-34479 CVE-2022-34470 CVE-2022-34468 CVE-2022-34481 CVE-2022-31744 CVE-2022-34472 CVE-2022-2200 CVE-2022-34484 CVE-2022-2226 — This update upgrades Thunderbird to version 91.11. Security Fix(es): * Mozilla: CSP sandbox header without `allow-scripts` can … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2022:5479-1 Issue Date: 2022-07-01 CVE Numbers: CVE-2022-34479 CVE-2022-34470 CVE-2022-34468 CVE-2022-34481 CVE-2022-31744 CVE-2022-34472 CVE-2022-2200 CVE-2022-34484 — This update upgrades Firefox to version 91.11 ESR. Security Fix(es): * Mozilla: CSP sandbox header without `allow-scripts` can … Read More

python (SL7)

Synopsis: Moderate: python security update Advisory ID: SLSA-2022:5235-1 Issue Date: 2022-06-28 CVE Numbers: CVE-2020-26116 CVE-2020-26137 CVE-2021-3177 — Security Fix(es): * python: CRLF injection via HTTP request method in httplib/http.client (CVE-2020-26116) * python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137) * … Read More

389-ds-base (SL7)

Synopsis: Moderate: 389-ds-base security, bug fix, and enhancement update Advisory ID: SLSA-2022:5239-1 Issue Date: 2022-06-28 CVE Numbers: CVE-2022-0918 CVE-2022-0996 — Security Fix(es): * 389-ds-base: sending crafted message could result in DoS (CVE-2022-0918) * 389-ds-base: expired password was still allowed to … Read More