Synopsis: Important: thunderbird security update Advisory ID: SLSA-2020:5164-1 Issue Date: 2020-11-24 CVE Numbers: CVE-2020-26950 — This update upgrades Thunderbird to version 78.4.3. Security Fix(es): * Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950) — SL6 x86_64 thunderbird-78.4.3-1.el6_10.x86_64.rpm … Read More
Synopsis: Moderate: microcode_ctl security, bug fix, and enhancement update Advisory ID: SLSA-2020:5084-1 Issue Date: 2020-11-11 CVE Numbers: None — Security Fix(es): * hw: Vector Register Leakage-Active (CVE-2020-8696) * hw: Fast forward store predictor (CVE-2020-8698) — SL6 x86_64 microcode_ctl-1.17-33.31.el6_10.x86_64.rpm microcode_ctl-debuginfo-1.17-33.31.el6_10.x86_64.rpm i386 … Read More
Synopsis: Critical: firefox security update Advisory ID: SLSA-2020:5104-1 Issue Date: 2020-11-12 CVE Numbers: None — Security Fix(es): * Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950) — SL6 x86_64 firefox-78.4.1-1.el6_10.x86_64.rpm firefox-debuginfo-78.4.1-1.el6_10.x86_64.rpm i386 firefox-78.4.1-1.el6_10.i686.rpm – Scientific Linux Development … Read More
Synopsis: Critical: firefox security update Advisory ID: SLSA-2020:5099-1 Issue Date: 2020-11-12 CVE Numbers: None — Security Fix(es): * Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950) — SL7 x86_64 firefox-78.4.1-1.el7_9.x86_64.rpm firefox-debuginfo-78.4.1-1.el7_9.x86_64.rpm firefox-78.4.1-1.el7_9.i686.rpm – Scientific Linux Development Team
Synopsis: Moderate: microcode_ctl security, bug fix, and enhancement update Advisory ID: SLSA-2020:5083-1 Issue Date: 2020-11-11 CVE Numbers: None — Security Fix(es): * hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695) * hw: Vector Register Leakage-Active (CVE-2020-8696) * … Read More
Synopsis: Moderate: python security update Advisory ID: SLSA-2020:5009-1 Issue Date: 2020-11-10 CVE Numbers: None — Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) — SL7 x86_64 python-debuginfo-2.7.5-90.el7.x86_64.rpm python-2.7.5-90.el7.x86_64.rpm python-debuginfo-2.7.5-90.el7.i686.rpm python-devel-2.7.5-90.el7.x86_64.rpm python-libs-2.7.5-90.el7.i686.rpm python-libs-2.7.5-90.el7.x86_64.rpm python-debug-2.7.5-90.el7.x86_64.rpm … Read More
Synopsis: Moderate: libvirt security and bug fix update Advisory ID: SLSA-2020:5040-1 Issue Date: 2020-11-10 CVE Numbers: None — Security Fix(es): * libvirt: double free in qemuAgentGetInterfaces() in qemu_agent.c (CVE-2020-25637) — SL7 x86_64 libvirt-4.5.0-36.el7_9.3.x86_64.rpm libvirt-bash-completion-4.5.0-36.el7_9.3.x86_64.rpm libvirt-client-4.5.0-36.el7_9.3.i686.rpm libvirt-client-4.5.0-36.el7_9.3.x86_64.rpm libvirt-daemon-4.5.0-36.el7_9.3.x86_64.rpm libvirt-daemon-config-network-4.5.0-36.el7_9.3.x86_64.rpm libvirt-daemon-config-nwfilter-4.5.0-36.el7_9.3.x86_64.rpm libvirt-daemon-driver-interface-4.5.0-36.el7_9.3.x86_64.rpm … Read More
Synopsis: Low: tomcat security update Advisory ID: SLSA-2020:5020-1 Issue Date: 2020-11-10 CVE Numbers: None — Security Fix(es): * tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2020-1935) — SL7 noarch tomcat-servlet-3.0-api-7.0.76-16.el7_9.noarch.rpm tomcat-7.0.76-16.el7_9.noarch.rpm tomcat-admin-webapps-7.0.76-16.el7_9.noarch.rpm tomcat-docs-webapp-7.0.76-16.el7_9.noarch.rpm tomcat-el-2.2-api-7.0.76-16.el7_9.noarch.rpm tomcat-javadoc-7.0.76-16.el7_9.noarch.rpm tomcat-jsp-2.2-api-7.0.76-16.el7_9.noarch.rpm tomcat-jsvc-7.0.76-16.el7_9.noarch.rpm … Read More
Synopsis: Moderate: kernel security and bug fix update Advisory ID: SLSA-2020:5023-1 Issue Date: 2020-11-10 CVE Numbers: None — Security Fix(es): * kernel: buffer over write in vgacon_scroll (CVE-2020-14331) * kernel: net-sysfs: *_queue_add_kobject refcount issue (CVE-2019-20811) Bug Fix(es): * [OSP13,mlx5] SRIOV … Read More
Synopsis: Moderate: python3 security update Advisory ID: SLSA-2020:5010-1 Issue Date: 2020-11-10 CVE Numbers: None — Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) * python: DoS via inefficiency in IPv{4,6}Interface classes (CVE-2020-14422) — … Read More
