Synopsis: Moderate: java-11-openjdk security update Advisory ID: SLSA-2022:0204-1 Issue Date: 2022-01-24 CVE Numbers: CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21282 CVE-2022-21296 CVE-2022-21299 CVE-2022-21277 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 CVE-2022-21248 CVE-2022-21291 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 — Security Fix(es): * OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, … Read More
Synopsis: Important: gegl security update Advisory ID: SLSA-2022:0162-1 Issue Date: 2022-01-18 CVE Numbers: CVE-2021-45463 — Security Fix(es): * gegl: shell expansion via a crafted pathname (CVE-2021-45463) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More
Synopsis: Important: httpd security update Advisory ID: SLSA-2022:0143-1 Issue Date: 2022-01-18 CVE Numbers: CVE-2021-26691 CVE-2021-39275 CVE-2021-34798 CVE-2021-44790 — Security Fix(es): * httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790) * httpd: mod_session: Heap overflow via a crafted SessionHeader … Read More
Synopsis: Moderate: kernel security and bug fix update Advisory ID: SLSA-2022:0063-1 Issue Date: 2022-01-14 CVE Numbers: CVE-2020-25704 CVE-2020-36322 CVE-2021-42739 — Security Fix(es): * kernel: perf_event_parse_addr_filter memory (CVE-2020-25704) * kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322) * kernel: Heap … Read More
Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:0127-1 Issue Date: 2022-01-13 CVE Numbers: CVE-2022-22743 CVE-2022-22742 CVE-2022-22741 CVE-2022-22740 CVE-2022-22738 CVE-2022-22737 CVE-2021-4140 CVE-2022-22748 CVE-2022-22745 CVE-2022-22747 CVE-2022-22739 CVE-2022-22751 — This update upgrades Thunderbird to version 91.5.0. Security Fix(es): * Mozilla: Iframe sandbox bypass … Read More
Synopsis: Important: firefox security update Advisory ID: SLSA-2022:0124-1 Issue Date: 2022-01-13 CVE Numbers: CVE-2022-22743 CVE-2022-22742 CVE-2022-22741 CVE-2022-22740 CVE-2022-22738 CVE-2022-22737 CVE-2021-4140 CVE-2022-22748 CVE-2022-22745 CVE-2022-22747 CVE-2022-22739 CVE-2022-22751 — This update upgrades Firefox to version 91.5.0 ESR. Security Fix(es): * Mozilla: Iframe sandbox … Read More
Synopsis: Moderate: openssl security update Advisory ID: SLSA-2022:0064-1 Issue Date: 2022-01-12 CVE Numbers: CVE-2021-3712 — Security Fix(es): * openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More
Synopsis: Moderate: webkitgtk4 security update Advisory ID: SLSA-2022:0059-1 Issue Date: 2022-01-12 CVE Numbers: CVE-2021-30858 — Security Fix(es): * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30858) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More
Synopsis: Important: xorg-x11-server security update Advisory ID: SLSA-2022:0003-1 Issue Date: 2022-01-04 CVE Numbers: CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011 — Security Fix(es): * xorg-x11-server: SProcRenderCompositeGlyphs out-of-bounds access (CVE-2021-4008) * xorg-x11-server: SProcXFixesCreatePointerBarrier out-of-bounds access (CVE-2021-4009) * xorg-x11-server: SProcScreenSaverSuspend out-of-bounds access (CVE-2021-4010) * xorg-x11-server: … Read More
Synopsis: Moderate: log4j security update Advisory ID: SLSA-2021:5206-1 Issue Date: 2021-12-20 CVE Numbers: CVE-2021-4104 — Security Fix(es): * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104) For more details about the security issue(s), … Read More
