samba (SL7)

Synopsis: Moderate: samba security and bug fix update Advisory ID: SLSA-2020:5439-1 Issue Date: 2020-12-15 CVE Numbers: CVE-2020-1472 CVE-2020-14318 CVE-2020-14323 — Security Fix(es): * samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472) * samba: Missing handle permissions check in SMB1/2/3 ChangeNotify … Read More

gd (SL7)

Synopsis: Moderate: gd security update Advisory ID: SLSA-2020:5443-1 Issue Date: 2020-12-15 CVE Numbers: CVE-2016-5766 — Security Fix(es): * gd: Integer overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766) — SL7 x86_64 gd-2.0.35-27.el7_9.i686.rpm gd-2.0.35-27.el7_9.x86_64.rpm gd-debuginfo-2.0.35-27.el7_9.i686.rpm gd-debuginfo-2.0.35-27.el7_9.x86_64.rpm gd-devel-2.0.35-27.el7_9.i686.rpm gd-devel-2.0.35-27.el7_9.x86_64.rpm gd-progs-2.0.35-27.el7_9.x86_64.rpm – Scientific … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2020:5437-1 Issue Date: 2020-12-15 CVE Numbers: CVE-2019-18282 CVE-2020-10769 CVE-2020-14314 CVE-2020-14385 CVE-2020-24394 CVE-2020-25212 CVE-2020-25643 — Security Fix(es): * kernel: metadata validator in XFS may cause an inode with a valid, user-creatable … Read More

python-rtslib (SL7)

Synopsis: Moderate: python-rtslib security update Advisory ID: SLSA-2020:5435-1 Issue Date: 2020-12-15 CVE Numbers: CVE-2020-14019 — Security Fix(es): * python-rtslib: weak permissions for /etc/target/saveconfig.json (CVE-2020-14019) — SL7 noarch python-rtslib-2.1.74-1.el7_9.noarch.rpm python-rtslib-doc-2.1.74-1.el7_9.noarch.rpm – Scientific Linux Development Team

targetcli (SL7)

Synopsis: Moderate: targetcli security update Advisory ID: SLSA-2020:5434-1 Issue Date: 2020-12-15 CVE Numbers: CVE-2020-13867 — Security Fix(es): * targetcli: weak permissions for /etc/target and backup files (CVE-2020-13867) — SL7 noarch targetcli-2.1.53-1.el7_9.noarch.rpm – Scientific Linux Development Team

pacemaker (SL7)

Synopsis: Moderate: pacemaker security update Advisory ID: SLSA-2020:5453-1 Issue Date: 2020-12-15 CVE Numbers: CVE-2020-25654 — Security Fix(es): * pacemaker: ACL restrictions bypass (CVE-2020-25654) — SL7 x86_64 pacemaker-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-cli-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-cluster-libs-1.1.23-1.el7_9.1.i686.rpm pacemaker-cluster-libs-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-cts-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-debuginfo-1.1.23-1.el7_9.1.i686.rpm pacemaker-debuginfo-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-doc-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-libs-1.1.23-1.el7_9.1.i686.rpm pacemaker-libs-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-libs-devel-1.1.23-1.el7_9.1.i686.rpm pacemaker-libs-devel-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-nagios-plugins-metadata-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-remote-1.1.23-1.el7_9.1.x86_64.rpm … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2020:5400-1 Issue Date: 2020-12-14 CVE Numbers: CVE-2020-26970 — Security Fix(es): * Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) — SL7 x86_64 thunderbird-78.5.1-1.el7_9.x86_64.rpm thunderbird-debuginfo-78.5.1-1.el7_9.x86_64.rpm – Scientific Linux Development … Read More

xorg-x11-server (SL7)

Synopsis: Important: xorg-x11-server security update Advisory ID: SLSA-2020:5408-1 Issue Date: 2020-12-14 CVE Numbers: CVE-2020-14347 CVE-2020-14360 CVE-2020-25712 — Security Fix(es): * xorg-x11-server: Out-of-bounds access in XkbSetMap function (CVE-2020-14360) * xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow privilege escalation vulnerability (CVE-2020-25712) * xorg-x11-server: Leak … Read More

libexif (SL7)

Synopsis: Important: libexif security update Advisory ID: SLSA-2020:5402-1 Issue Date: 2020-12-14 CVE Numbers: CVE-2020-0452 — Security Fix(es): * libexif: out of bounds write due to an integer overflow in exif-entry.c (CVE-2020-0452) — SL7 x86_64 libexif-0.6.22-2.el7_9.i686.rpm libexif-0.6.22-2.el7_9.x86_64.rpm libexif-debuginfo-0.6.22-2.el7_9.i686.rpm libexif-debuginfo-0.6.22-2.el7_9.x86_64.rpm libexif-devel-0.6.22-2.el7_9.i686.rpm libexif-devel-0.6.22-2.el7_9.x86_64.rpm … Read More

net-snmp (SL7)

Synopsis: Important: net-snmp security update Advisory ID: SLSA-2020:5350-1 Issue Date: 2020-12-07 CVE Numbers: CVE-2020-15862 — Security Fix(es): * net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution (CVE-2020-15862) — SL7 x86_64 net-snmp-5.7.2-49.el7_9.1.x86_64.rpm net-snmp-agent-libs-5.7.2-49.el7_9.1.i686.rpm net-snmp-agent-libs-5.7.2-49.el7_9.1.x86_64.rpm net-snmp-debuginfo-5.7.2-49.el7_9.1.i686.rpm net-snmp-debuginfo-5.7.2-49.el7_9.1.x86_64.rpm … Read More