Synopsis: Important: python-pillow security update Advisory ID: SLSA-2022:0609-1 Issue Date: 2022-02-23 CVE Numbers: CVE-2022-22816 CVE-2022-22817 — Security Fix(es): * python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions (CVE-2022-22817) * python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c (CVE-2022-22816) … Read More
Synopsis: Moderate: openldap security update Advisory ID: SLSA-2022:0621-1 Issue Date: 2022-02-23 CVE Numbers: CVE-2020-25709 CVE-2020-25710 — Security Fix(es): * openldap: assertion failure in Certificate List syntax validation (CVE-2020-25709) * openldap: assertion failure in CSN normalization with invalid input (CVE-2020-25710) For … Read More
Synopsis: Low: 389-ds-base security and bug fix update Advisory ID: SLSA-2022:0628-1 Issue Date: 2022-02-23 CVE Numbers: CVE-2021-4091 — Security Fix(es): * 389-ds-base: double-free of the virtual attribute context in persistent search (CVE-2021-4091) For more details about the security issue(s), including … Read More
Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2022:0620-1 Issue Date: 2022-02-23 CVE Numbers: CVE-2020-0465 CVE-2020-0466 CVE-2021-3564 CVE-2021-3573 CVE-2021-3752 CVE-2021-0920 CVE-2021-4155 CVE-2022-0330 CVE-2022-22942 — Security Fix(es): * kernel: use after free in eventpoll.c may lead to escalation of … Read More
Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:0538-1 Issue Date: 2022-02-15 CVE Numbers: CVE-2022-22754 CVE-2022-22756 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22759 CVE-2022-22764 — This update upgrades Thunderbird to version 91.6.0. Security Fix(es): * Mozilla: Extensions could have bypassed permission confirmation during update … Read More
Synopsis: Important: firefox security update Advisory ID: SLSA-2022:0514-1 Issue Date: 2022-02-14 CVE Numbers: CVE-2022-22754 CVE-2022-22756 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22759 CVE-2022-22764 — This update upgrades Firefox to version 91.6.0 ESR. Security Fix(es): * Mozilla: Extensions could have bypassed permission confirmation during … Read More
Synopsis: Important: aide security update Advisory ID: SLSA-2022:0473-1 Issue Date: 2022-02-08 CVE Numbers: CVE-2021-45417 — Security Fix(es): * aide: heap-based buffer overflow on outputs larger than B64_BUF (CVE-2021-45417) For more details about the security issue(s), including the impact, a CVSS … Read More
Synopsis: Critical: samba security and bug fix update Advisory ID: SLSA-2022:0328-1 Issue Date: 2022-01-31 CVE Numbers: CVE-2021-44142 — Security Fix(es): * samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142) For more details about the security … Read More
Synopsis: Moderate: java-1.8.0-openjdk security update Advisory ID: SLSA-2022:0306-1 Issue Date: 2022-01-27 CVE Numbers: CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21282 CVE-2022-21296 CVE-2022-21299 CVE-2022-21360 CVE-2022-21365 CVE-2022-21248 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 — Security Fix(es): * OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) (CVE-2022-21248) * … Read More
Synopsis: Important: polkit security update Advisory ID: SLSA-2022:0274-1 Issue Date: 2022-01-26 CVE Numbers: CVE-2021-4034 — Security Fix(es): * polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034) For more details about the security issue(s), including … Read More
