iperf3 (SL7)

Synopsis: Important: iperf3 security update Advisory ID: SLSA-2023:4326-1 Issue Date: 2023-07-31 CVE Numbers: CVE-2023-38403 — Security Fix(es): * iperf3: memory allocation hazard and crash (CVE-2023-38403) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and … Read More

java-1.8.0-openjdk (SL7)

Synopsis: Moderate: java-1.8.0-openjdk security and bug fix update Advisory ID: SLSA-2023:4166-1 Issue Date: 2023-07-24 CVE Numbers: CVE-2023-22045 CVE-2023-22049 — Security Fix(es): * OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * OpenJDK: array indexing integer overflow issue … Read More

java-11-openjdk (SL7)

Synopsis: Moderate: java-11-openjdk security and bug fix update Advisory ID: SLSA-2023:4233-1 Issue Date: 2023-07-24 CVE Numbers: CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 — Security Fix(es): * OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036) * OpenJDK: weakness in AES implementation … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2023:4151-1 Issue Date: 2023-07-18 CVE Numbers: CVE-2022-3564 — Security Fix(es): * kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564) For more details about the security issue(s), including the impact, a … Read More

bind (SL7)

Synopsis: Important: bind security update Advisory ID: SLSA-2023:4152-1 Issue Date: 2023-07-18 CVE Numbers: CVE-2023-2828 — Security Fix(es): * bind: named’s configured cache size limit can be significantly exceeded (CVE-2023-2828) For more details about the security issue(s), including the impact, a … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2023:4062-1 Issue Date: 2023-07-13 CVE Numbers: CVE-2023-37201 CVE-2023-37202 CVE-2023-37207 CVE-2023-37208 CVE-2023-37211 — This update upgrades Thunderbird to version 102.13.0. Security Fix(es): * Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201) * Mozilla: Potential use-after-free … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2023:4079-1 Issue Date: 2023-07-13 CVE Numbers: CVE-2023-37201 CVE-2023-37202 CVE-2023-37207 CVE-2023-37208 CVE-2023-37211 — This update upgrades Firefox to version 102.13.0 ESR. Security Fix(es): * Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201) * Mozilla: Potential … Read More

open-vm-tools (SL7)

Synopsis: Low: open-vm-tools security and bug fix update Advisory ID: SLSA-2023:3944-1 Issue Date: 2023-06-30 CVE Numbers: CVE-2023-20867 — Security Fix(es): * open-vm-tools: authentication bypass vulnerability in the vgauth module (CVE-2023-20867) For more details about the security issue(s), including the impact, … Read More

c-ares (SL7)

Synopsis: Important: c-ares security update Advisory ID: SLSA-2023:3741-1 Issue Date: 2023-06-22 CVE Numbers: CVE-2023-32067 — Security Fix(es): * c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2023:3579-1 Issue Date: 2023-06-14 CVE Numbers: CVE-2023-34414 CVE-2023-34416 — This update upgrades Firefox to version 102.12.0 ESR. Security Fix(es): * Mozilla: Click-jacking certificate exceptions through rendering lag (CVE-2023-34414) * Mozilla: Memory safety bugs … Read More