thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:0538-1 Issue Date: 2022-02-15 CVE Numbers: CVE-2022-22754 CVE-2022-22756 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22759 CVE-2022-22764 — This update upgrades Thunderbird to version 91.6.0. Security Fix(es): * Mozilla: Extensions could have bypassed permission confirmation during update … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2022:0514-1 Issue Date: 2022-02-14 CVE Numbers: CVE-2022-22754 CVE-2022-22756 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22759 CVE-2022-22764 — This update upgrades Firefox to version 91.6.0 ESR. Security Fix(es): * Mozilla: Extensions could have bypassed permission confirmation during … Read More

aide (SL7)

Synopsis: Important: aide security update Advisory ID: SLSA-2022:0473-1 Issue Date: 2022-02-08 CVE Numbers: CVE-2021-45417 — Security Fix(es): * aide: heap-based buffer overflow on outputs larger than B64_BUF (CVE-2021-45417) For more details about the security issue(s), including the impact, a CVSS … Read More

samba (SL7)

Synopsis: Critical: samba security and bug fix update Advisory ID: SLSA-2022:0328-1 Issue Date: 2022-01-31 CVE Numbers: CVE-2021-44142 — Security Fix(es): * samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142) For more details about the security … Read More

java-1.8.0-openjdk (SL7)

Synopsis: Moderate: java-1.8.0-openjdk security update Advisory ID: SLSA-2022:0306-1 Issue Date: 2022-01-27 CVE Numbers: CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21282 CVE-2022-21296 CVE-2022-21299 CVE-2022-21360 CVE-2022-21365 CVE-2022-21248 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 — Security Fix(es): * OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) (CVE-2022-21248) * … Read More

polkit (SL7)

Synopsis: Important: polkit security update Advisory ID: SLSA-2022:0274-1 Issue Date: 2022-01-26 CVE Numbers: CVE-2021-4034 — Security Fix(es): * polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034) For more details about the security issue(s), including … Read More

java-11-openjdk (SL7)

Synopsis: Moderate: java-11-openjdk security update Advisory ID: SLSA-2022:0204-1 Issue Date: 2022-01-24 CVE Numbers: CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21282 CVE-2022-21296 CVE-2022-21299 CVE-2022-21277 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 CVE-2022-21248 CVE-2022-21291 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 — Security Fix(es): * OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, … Read More

gegl (SL7)

Synopsis: Important: gegl security update Advisory ID: SLSA-2022:0162-1 Issue Date: 2022-01-18 CVE Numbers: CVE-2021-45463 — Security Fix(es): * gegl: shell expansion via a crafted pathname (CVE-2021-45463) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More

httpd (SL7)

Synopsis: Important: httpd security update Advisory ID: SLSA-2022:0143-1 Issue Date: 2022-01-18 CVE Numbers: CVE-2021-26691 CVE-2021-39275 CVE-2021-34798 CVE-2021-44790 — Security Fix(es): * httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790) * httpd: mod_session: Heap overflow via a crafted SessionHeader … Read More

kernel (SL7)

Synopsis: Moderate: kernel security and bug fix update Advisory ID: SLSA-2022:0063-1 Issue Date: 2022-01-14 CVE Numbers: CVE-2020-25704 CVE-2020-36322 CVE-2021-42739 — Security Fix(es): * kernel: perf_event_parse_addr_filter memory (CVE-2020-25704) * kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322) * kernel: Heap … Read More