kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2023:1091-1 Issue Date: 2023-03-07 CVE Numbers: CVE-2022-42703 CVE-2022-4378 — Security Fix(es): * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * kernel: use-after-free related to leaf anon_vma double reuse (CVE-2022-42703) … Read More

zlib (SL7)

Synopsis: Moderate: zlib security update Advisory ID: SLSA-2023:1095-1 Issue Date: 2023-03-07 CVE Numbers: CVE-2022-37434 — Security Fix(es): * zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field (CVE-2022-37434) For more details about … Read More

samba (SL7)

Synopsis: Important: samba security update Advisory ID: SLSA-2023:1090-1 Issue Date: 2023-03-07 CVE Numbers: CVE-2022-38023 — Security Fix(es): * samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (CVE-2022-38023) For more details about the security issue(s), including the impact, … Read More

pesign (SL7)

Synopsis: Important: pesign security update Advisory ID: SLSA-2023:1093-1 Issue Date: 2023-03-07 CVE Numbers: CVE-2022-3560 — Security Fix(es): * pesign: Local privilege escalation on pesign systemd service (CVE-2022-3560) For more details about the security issue(s), including the impact, a CVSS score, … Read More

git (SL7)

Synopsis: Important: git security update Advisory ID: SLSA-2023:0978-1 Issue Date: 2023-02-28 CVE Numbers: CVE-2022-23521 CVE-2022-41903 — Security Fix(es): * git: gitattributes parsing integer overflow (CVE-2022-23521) * git: Heap overflow in `git archive`, `git log –format` leading to RCE (CVE-2022-41903) For … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2023:0817-1 Issue Date: 2023-02-20 CVE Numbers: CVE-2023-25728 CVE-2023-25730 CVE-2023-25743 CVE-2023-0767 CVE-2023-25735 CVE-2023-25737 CVE-2023-25739 CVE-2023-25729 CVE-2023-25732 CVE-2023-25742 CVE-2023-25744 CVE-2023-25746 CVE-2023-0616 — This update upgrades Thunderbird to version 102.8.0. Security Fix(es): * Mozilla: Arbitrary memory … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2023:0812-1 Issue Date: 2023-02-20 CVE Numbers: CVE-2023-25728 CVE-2023-25730 CVE-2023-25743 CVE-2023-0767 CVE-2023-25735 CVE-2023-25737 CVE-2023-25739 CVE-2023-25729 CVE-2023-25732 CVE-2023-25742 CVE-2023-25744 CVE-2023-25746 — This update upgrades Firefox to version 102.8.0 ESR. Security Fix(es): * Mozilla: Arbitrary memory … Read More

tigervnc and xorg-x11-server (SL7)

Synopsis: Important: tigervnc and xorg-x11-server security update Advisory ID: SLSA-2023:0675-1 Issue Date: 2023-02-09 CVE Numbers: CVE-2023-0494 — X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2023:0600-1 Issue Date: 2023-02-07 CVE Numbers: CVE-2023-0430 — This update upgrades Thunderbird to version 102.7.1. Security Fix(es): * Mozilla: Revocation status of S/Mime signature certificates was not checked (CVE-2023-0430) For more details about … Read More

libksba (SL7)

Synopsis: Important: libksba security update Advisory ID: SLSA-2023:0530-1 Issue Date: 2023-01-30 CVE Numbers: CVE-2022-47629 — Security Fix(es): * libksba: integer overflow to code executiona (CVE-2022-47629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and … Read More