openssl (SL7)

Synopsis: Important: openssl security update Advisory ID: SLSA-2022:1066-1 Issue Date: 2022-03-28 CVE Numbers: CVE-2022-0778 — Security Fix(es): * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) For more details about the security issue(s), including the impact, a CVSS … Read More

expat (SL7)

Synopsis: Important: expat security update Advisory ID: SLSA-2022:1069-1 Issue Date: 2022-03-28 CVE Numbers: CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-25315 CVE-2022-25235 CVE-2022-25236 — Security Fix(es): * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary … Read More

httpd (SL7)

Synopsis: Important: httpd security update Advisory ID: SLSA-2022:1045-1 Issue Date: 2022-03-24 CVE Numbers: CVE-2022-22720 — Security Fix(es): * httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720) For more details about the security issue(s), … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:0850-1 Issue Date: 2022-03-14 CVE Numbers: CVE-2022-25315 CVE-2022-25235 CVE-2022-25236 CVE-2022-26486 CVE-2022-26485 CVE-2022-26383 CVE-2022-26384 CVE-2022-26387 CVE-2022-26381 CVE-2022-26386 CVE-2022-0566 — This update upgrades Thunderbird to version 91.7.0. Security Fix(es): * Mozilla: Use-after-free in XSLT parameter … Read More

firefox (SL7)

Synopsis: Critical: firefox security and bug fix update Advisory ID: SLSA-2022:0824-1 Issue Date: 2022-03-11 CVE Numbers: CVE-2022-25315 CVE-2022-25235 CVE-2022-25236 CVE-2022-26486 CVE-2022-26485 CVE-2022-26383 CVE-2022-26384 CVE-2022-26387 CVE-2022-26381 CVE-2022-26386 — This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): * Mozilla: Use-after-free … Read More

cyrus-sasl (SL7)

Synopsis: Important: cyrus-sasl security update Advisory ID: SLSA-2022:0666-1 Issue Date: 2022-02-24 CVE Numbers: CVE-2022-24407 — Security Fix(es): * cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands (CVE-2022-24407) For more details about the security … Read More

python-pillow (SL7)

Synopsis: Important: python-pillow security update Advisory ID: SLSA-2022:0609-1 Issue Date: 2022-02-23 CVE Numbers: CVE-2022-22816 CVE-2022-22817 — Security Fix(es): * python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions (CVE-2022-22817) * python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c (CVE-2022-22816) … Read More

openldap (SL7)

Synopsis: Moderate: openldap security update Advisory ID: SLSA-2022:0621-1 Issue Date: 2022-02-23 CVE Numbers: CVE-2020-25709 CVE-2020-25710 — Security Fix(es): * openldap: assertion failure in Certificate List syntax validation (CVE-2020-25709) * openldap: assertion failure in CSN normalization with invalid input (CVE-2020-25710) For … Read More

389-ds-base (SL7)

Synopsis: Low: 389-ds-base security and bug fix update Advisory ID: SLSA-2022:0628-1 Issue Date: 2022-02-23 CVE Numbers: CVE-2021-4091 — Security Fix(es): * 389-ds-base: double-free of the virtual attribute context in persistent search (CVE-2021-4091) For more details about the security issue(s), including … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2022:0620-1 Issue Date: 2022-02-23 CVE Numbers: CVE-2020-0465 CVE-2020-0466 CVE-2021-3564 CVE-2021-3573 CVE-2021-3752 CVE-2021-0920 CVE-2021-4155 CVE-2022-0330 CVE-2022-22942 — Security Fix(es): * kernel: use after free in eventpoll.c may lead to escalation of … Read More