Synopsis: Important: thunderbird security update Advisory ID: SLSA-2023:0456-1 Issue Date: 2023-01-27 CVE Numbers: CVE-2022-46871 CVE-2023-23598 CVE-2023-23599 CVE-2023-23601 CVE-2023-23602 CVE-2022-46877 CVE-2023-23603 CVE-2023-23605 — This update upgrades Thunderbird to version 102.7.1. Security Fix(es): * Mozilla: libusrsctp library out of date (CVE-2022-46871) * … Read More
Synopsis: Moderate: bind security update Advisory ID: SLSA-2023:0402-1 Issue Date: 2023-01-24 CVE Numbers: CVE-2021-25220 CVE-2022-2795 — Security Fix(es): * bind: DNS forwarders – cache poisoning vulnerability (CVE-2021-25220) * bind: processing large delegations may severely degrade resolver performance (CVE-2022-2795) For more … Read More
Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2023:0399-1 Issue Date: 2023-01-24 CVE Numbers: CVE-2021-26401 CVE-2022-2964 — Security Fix(es): * kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 … Read More
Synopsis: Important: sssd security and bug fix update Advisory ID: SLSA-2023:0403-1 Issue Date: 2023-01-24 CVE Numbers: CVE-2022-4254 — Security Fix(es): * sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters (CVE-2022-4254) For more details about the security issue(s), … Read More
Synopsis: Moderate: java-1.8.0-openjdk security and bug fix update Advisory ID: SLSA-2023:0203-1 Issue Date: 2023-01-24 CVE Numbers: CVE-2023-21843 CVE-2023-21830 — Security Fix(es): * OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) (CVE-2023-21830) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) … Read More
Synopsis: Important: firefox security update Advisory ID: SLSA-2023:0296-1 Issue Date: 2023-01-23 CVE Numbers: CVE-2022-46871 CVE-2023-23598 CVE-2023-23599 CVE-2023-23601 CVE-2023-23602 CVE-2022-46877 CVE-2023-23603 CVE-2023-23605 — This update upgrades Firefox to version 102.7.0 ESR. Security Fix(es): * Mozilla: libusrsctp library out of date (CVE-2022-46871) … Read More
Synopsis: Important: sudo security update Advisory ID: SLSA-2023:0291-1 Issue Date: 2023-01-23 CVE Numbers: CVE-2023-22809 — Security Fix(es): * sudo: arbitrary file write with privileges of the RunAs user (CVE-2023-22809) For more details about the security issue(s), including the impact, a … Read More
Synopsis: Moderate: java-11-openjdk security and bug fix update Advisory ID: SLSA-2023:0195-1 Issue Date: 2023-01-23 CVE Numbers: CVE-2023-21835 CVE-2023-21843 — Security Fix(es): * OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (Sound, 8293742) … Read More
Synopsis: Important: xorg-x11-server security update Advisory ID: SLSA-2023:0046-1 Issue Date: 2023-01-09 CVE Numbers: CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVE-2022-4283 — Security Fix(es): * xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free (CVE-2022-4283) * xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow (CVE-2022-46340) * xorg-x11-server: X.Org … Read More
Synopsis: Important: tigervnc security update Advisory ID: SLSA-2023:0045-1 Issue Date: 2023-01-09 CVE Numbers: CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVE-2022-4283 — Security Fix(es): * xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free (CVE-2022-4283) * xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow (CVE-2022-46340) * xorg-x11-server: X.Org … Read More
