firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2021:2741-1 Issue Date: 2021-07-15 CVE Numbers: CVE-2021-30547 CVE-2021-29970 CVE-2021-29976 — This update upgrades Firefox to version 78.12.0 ESR. Security Fix(es): * Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970) * Mozilla: Memory … Read More

xstream (SL7)

Synopsis: Important: xstream security update Advisory ID: SLSA-2021:2683-1 Issue Date: 2021-07-12 CVE Numbers: CVE-2021-29505 — Security Fix(es): * XStream: remote command execution attack by manipulating the processed input stream (CVE-2021-29505) For more details about the security issue(s), including the impact, … Read More

linuxptp (SL7)

Synopsis: Important: linuxptp security update Advisory ID: SLSA-2021:2658-1 Issue Date: 2021-07-07 CVE Numbers: CVE-2021-3570 — Security Fix(es): * linuxptp: missing length check of forwarded messages (CVE-2021-3570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2021:2314-1 Issue Date: 2021-06-09 CVE Numbers: CVE-2020-8648 CVE-2021-3347 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-27170 — Security Fix(es): * kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) * kernel: Use after free via … Read More

gupnp (SL7)

Synopsis: Important: gupnp security update Advisory ID: SLSA-2021:2417-1 Issue Date: 2021-06-15 CVE Numbers: CVE-2021-33516 — Security Fix(es): * gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services (CVE-2021-33516) For more details about … Read More

postgresql (SL7)

Synopsis: Important: postgresql security update Advisory ID: SLSA-2021:2397-1 Issue Date: 2021-06-14 CVE Numbers: CVE-2021-32027 — Security Fix(es): * postgresql: Buffer overrun from integer overflow in array subscripting calculations (CVE-2021-32027) For more details about the security issue(s), including the impact, a … Read More

dhcp (SL7)

Synopsis: Important: dhcp security update Advisory ID: SLSA-2021:2357-1 Issue Date: 2021-06-09 CVE Numbers: CVE-2021-25217 — Security Fix(es): * dhcp: stack-based buffer overflow when parsing statements with colon- separated hex digits in config or lease files in dhcpd and dhclient (CVE-2021-25217) … Read More

microcode_ctl (SL7)

Synopsis: Important: microcode_ctl security, bug fix and enhancement update Advisory ID: SLSA-2021:2305-1 Issue Date: 2021-06-14 CVE Numbers: CVE-2020-24489 CVE-2020-24513 CVE-2020-24511 CVE-2020-24512 — Security Fix(es): * hw: vt-d related privilege escalation (CVE-2020-24489) * hw: improper isolation of shared resources in some … Read More

qt5-qtimageformats (SL7)

Synopsis: Important: qt5-qtimageformats security update Advisory ID: SLSA-2021:2328-1 Issue Date: 2021-06-09 CVE Numbers: CVE-2020-36328 CVE-2020-36329 CVE-2018-25011 CVE-2018-25014 — Security Fix(es): * libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011) * libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014) * libwebp: heap-based … Read More

samba (SL7)

Synopsis: Moderate: samba security and bug fix update Advisory ID: SLSA-2021:2313-1 Issue Date: 2021-06-09 CVE Numbers: CVE-2021-20254 — Security Fix(es): * samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token (CVE-2021-20254) For … Read More