firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2021:0053-1 Issue Date: 2021-01-11 CVE Numbers: CVE-2020-16044 — This update upgrades Firefox to version 78.6.1 ESR. Security Fix(es): * Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044) — SL7 x86_64 … Read More

ImageMagick (SL7)

Synopsis: Important: ImageMagick security update Advisory ID: SLSA-2021:0024-1 Issue Date: 2021-01-05 CVE Numbers: None — Security Fix(es): * ImageMagick: Shell injection via PDF password could result in arbitrary code execution (CVE-2020-29599) — SL7 x86_64 ImageMagick-6.9.10.68-5.el7_9.i686.rpm ImageMagick-6.9.10.68-5.el7_9.x86_64.rpm ImageMagick-c++-6.9.10.68-5.el7_9.i686.rpm ImageMagick-c++-6.9.10.68-5.el7_9.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-5.el7_9.i686.rpm ImageMagick-debuginfo-6.9.10.68-5.el7_9.x86_64.rpm … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2020:5618-1 Issue Date: 2020-12-17 CVE Numbers: CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113 — This update upgrades Thunderbird to version 78.6.0. Security Fix(es): * chromium-browser: Uninitialized Use in V8 (CVE-2020-16042) * Mozilla: Heap … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2020:5561-1 Issue Date: 2020-12-17 CVE Numbers: None — Security Fix(es): * chromium-browser: Uninitialized Use in V8 (CVE-2020-16042) * Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971) * Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973) … Read More

openssl (SL7)

Synopsis: Important: openssl security update Advisory ID: SLSA-2020:5566-1 Issue Date: 2020-12-17 CVE Numbers: CVE-2020-1971 — Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) — SL7 x86_64 openssl-1.0.2k-21.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-libs-1.0.2k-21.el7_9.i686.rpm openssl-libs-1.0.2k-21.el7_9.x86_64.rpm openssl-devel-1.0.2k-21.el7_9.i686.rpm openssl-devel-1.0.2k-21.el7_9.x86_64.rpm openssl-perl-1.0.2k-21.el7_9.x86_64.rpm openssl-static-1.0.2k-21.el7_9.i686.rpm openssl-static-1.0.2k-21.el7_9.x86_64.rpm – Scientific Linux … Read More

samba (SL7)

Synopsis: Moderate: samba security and bug fix update Advisory ID: SLSA-2020:5439-1 Issue Date: 2020-12-15 CVE Numbers: None — Security Fix(es): * samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472) * samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318) * … Read More

gd (SL7)

Synopsis: Moderate: gd security update Advisory ID: SLSA-2020:5443-1 Issue Date: 2020-12-15 CVE Numbers: None — Security Fix(es): * gd: Integer overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766) — SL7 x86_64 gd-2.0.35-27.el7_9.i686.rpm gd-2.0.35-27.el7_9.x86_64.rpm gd-debuginfo-2.0.35-27.el7_9.i686.rpm gd-debuginfo-2.0.35-27.el7_9.x86_64.rpm gd-devel-2.0.35-27.el7_9.i686.rpm gd-devel-2.0.35-27.el7_9.x86_64.rpm gd-progs-2.0.35-27.el7_9.x86_64.rpm – Scientific … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2020:5437-1 Issue Date: 2020-12-15 CVE Numbers: None — Security Fix(es): * kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as … Read More

python-rtslib (SL7)

Synopsis: Moderate: python-rtslib security update Advisory ID: SLSA-2020:5435-1 Issue Date: 2020-12-15 CVE Numbers: None — Security Fix(es): * python-rtslib: weak permissions for /etc/target/saveconfig.json (CVE-2020-14019) — SL7 noarch python-rtslib-2.1.74-1.el7_9.noarch.rpm python-rtslib-doc-2.1.74-1.el7_9.noarch.rpm – Scientific Linux Development Team

targetcli (SL7)

Synopsis: Moderate: targetcli security update Advisory ID: SLSA-2020:5434-1 Issue Date: 2020-12-15 CVE Numbers: None — Security Fix(es): * targetcli: weak permissions for /etc/target and backup files (CVE-2020-13867) — SL7 noarch targetcli-2.1.53-1.el7_9.noarch.rpm – Scientific Linux Development Team