Synopsis: Important: slapi-nis security and bug fix update Advisory ID: SLSA-2021:2032-1 Issue Date: 2021-05-20 CVE Numbers: CVE-2021-3480 — Security Fix(es): * slapi-nis: NULL dereference (DoS) with specially crafted Binding DN (CVE-2021-3480) For more details about the security issue(s), including the … Read More
Synopsis: Important: xorg-x11-server security update Advisory ID: SLSA-2021:2033-1 Issue Date: 2021-05-20 CVE Numbers: CVE-2021-3472 — Security Fix(es): * xorg-x11-server: XChangeFeedbackControl integer underflow leads to privilege escalation (CVE-2021-3472) For more details about the security issue(s), including the impact, a CVSS score, … Read More
Synopsis: Important: postgresql security update Advisory ID: SLSA-2021:1512-1 Issue Date: 2021-05-06 CVE Numbers: CVE-2019-10208 CVE-2020-25694 CVE-2020-25695 — Security Fix(es): * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: Multiple features escape “security restricted operation” sandbox (CVE-2020-25695) * postgresql: … Read More
Synopsis: Important: bind security update Advisory ID: SLSA-2021:1469-1 Issue Date: 2021-04-29 CVE Numbers: CVE-2021-25215 — Security Fix(es): * bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself … Read More
Synopsis: Moderate: nss security and bug fix update Advisory ID: SLSA-2021:1384-1 Issue Date: 2021-04-27 CVE Numbers: CVE-2020-25648 — Security Fix(es): * nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648) For more details about the security issue(s), including the impact, … Read More
Synopsis: Moderate: openldap security update Advisory ID: SLSA-2021:1389-1 Issue Date: 2021-04-27 CVE Numbers: CVE-2020-25692 — Security Fix(es): * openldap: NULL pointer dereference for unauthenticated packet in slapd (CVE-2020-25692) For more details about the security issue(s), including the impact, a CVSS … Read More
Synopsis: Moderate: etcd security update Advisory ID: SLSA-2021:1407-1 Issue Date: 2021-04-27 CVE Numbers: CVE-2020-15112 CVE-2020-15106 — Security Fix(es): * etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106) * etcd: DoS in wal/wal.go (CVE-2020-15112) For more details about the security … Read More
Synopsis: Important: xstream security update Advisory ID: SLSA-2021:1354-1 Issue Date: 2021-04-26 CVE Numbers: CVE-2021-21344 CVE-2021-21345 CVE-2021-21346 CVE-2021-21347 CVE-2021-21350 — Security Fix(es): * XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344) * XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345) * XStream: Unsafe deserizaliation of … Read More
Synopsis: Important: thunderbird security update Advisory ID: SLSA-2021:1350-1 Issue Date: 2021-04-26 CVE Numbers: CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23961 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29948 — This update upgrades Thunderbird to version 78.10.0. Security Fix(es): * Mozilla: Out of bound write due to … Read More
Synopsis: Important: firefox security update Advisory ID: SLSA-2021:1363-1 Issue Date: 2021-04-26 CVE Numbers: CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23961 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 — This update upgrades Firefox to version 78.10.0 ESR. Security Fix(es): * Mozilla: Out of bound write due to … Read More
