kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2022:5232-1 Issue Date: 2022-06-28 CVE Numbers: CVE-2022-1729 CVE-2022-1966 — Security Fix(es): * kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729) * kernel: a use-after-free write in the netfilter … Read More

python-virtualenv (SL7)

Synopsis: Moderate: python-virtualenv security update Advisory ID: SLSA-2022:5234-1 Issue Date: 2022-06-28 CVE Numbers: CVE-2019-20916 — Security Fix(es): * python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916) For more details about the security issue(s), including the impact, a CVSS score, … Read More

postgresql (SL7)

Synopsis: Important: postgresql security update Advisory ID: SLSA-2022:5162-1 Issue Date: 2022-06-22 CVE Numbers: CVE-2022-1552 — Security Fix(es): * postgresql: Autovacuum, REINDEX, and others omit “security restricted operation” sandbox (CVE-2022-1552) For more details about the security issue(s), including the impact, a … Read More

xz (SL7)

Synopsis: Important: xz security update Advisory ID: SLSA-2022:5052-1 Issue Date: 2022-06-15 CVE Numbers: CVE-2022-1271 — Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, … Read More

python-twisted-web (SL7)

Synopsis: Important: python-twisted-web security update Advisory ID: SLSA-2022:4930-1 Issue Date: 2022-06-08 CVE Numbers: CVE-2022-24801 — Security Fix(es): * python-twisted: possible http request smuggling (CVE-2022-24801) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:4891-1 Issue Date: 2022-06-03 CVE Numbers: CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 CVE-2022-1834 — This update upgrades Thunderbird to version 91.10.0. Security Fix(es): * Mozilla: Braille space character caused incorrect sender email … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2022:4870-1 Issue Date: 2022-06-02 CVE Numbers: CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 — This update upgrades Firefox to version 91.10.0 ESR. Security Fix(es): * Mozilla: Cross-Origin resource’s length leaked (CVE-2022-31736) * Mozilla: … Read More

rsyslog (SL7)

Synopsis: Important: rsyslog security update Advisory ID: SLSA-2022:4803-1 Issue Date: 2022-06-01 CVE Numbers: CVE-2022-24903 — Security Fix(es): * rsyslog: Heap-based overflow in TCP syslog server (CVE-2022-24903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More

firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2022:4729-1 Issue Date: 2022-05-25 CVE Numbers: CVE-2022-1802 CVE-2022-1529 — This update upgrades Firefox to version 91.9.1 ESR. Security Fix(es): * Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution (CVE-2022-1529) … Read More

thunderbird (SL7)

Synopsis: Critical: thunderbird security update Advisory ID: SLSA-2022:4730-1 Issue Date: 2022-05-25 CVE Numbers: CVE-2022-1802 CVE-2022-1529 — This update upgrades Thunderbird to version 91.9.1. Security Fix(es): * Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution (CVE-2022-1529) * … Read More