postgresql (SL7)

Synopsis: Important: postgresql security update Advisory ID: SLSA-2021:1512-1 Issue Date: 2021-05-06 CVE Numbers: CVE-2019-10208 CVE-2020-25694 CVE-2020-25695 — Security Fix(es): * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: Multiple features escape “security restricted operation” sandbox (CVE-2020-25695) * postgresql: … Read More

bind (SL7)

Synopsis: Important: bind security update Advisory ID: SLSA-2021:1469-1 Issue Date: 2021-04-29 CVE Numbers: CVE-2021-25215 — Security Fix(es): * bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself … Read More

nss (SL7)

Synopsis: Moderate: nss security and bug fix update Advisory ID: SLSA-2021:1384-1 Issue Date: 2021-04-27 CVE Numbers: CVE-2020-25648 — Security Fix(es): * nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648) For more details about the security issue(s), including the impact, … Read More

openldap (SL7)

Synopsis: Moderate: openldap security update Advisory ID: SLSA-2021:1389-1 Issue Date: 2021-04-27 CVE Numbers: CVE-2020-25692 — Security Fix(es): * openldap: NULL pointer dereference for unauthenticated packet in slapd (CVE-2020-25692) For more details about the security issue(s), including the impact, a CVSS … Read More

etcd (SL7)

Synopsis: Moderate: etcd security update Advisory ID: SLSA-2021:1407-1 Issue Date: 2021-04-27 CVE Numbers: CVE-2020-15112 CVE-2020-15106 — Security Fix(es): * etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106) * etcd: DoS in wal/wal.go (CVE-2020-15112) For more details about the security … Read More

xstream (SL7)

Synopsis: Important: xstream security update Advisory ID: SLSA-2021:1354-1 Issue Date: 2021-04-26 CVE Numbers: CVE-2021-21344 CVE-2021-21345 CVE-2021-21346 CVE-2021-21347 CVE-2021-21350 — Security Fix(es): * XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344) * XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345) * XStream: Unsafe deserizaliation of … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2021:1350-1 Issue Date: 2021-04-26 CVE Numbers: CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23961 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29948 — This update upgrades Thunderbird to version 78.10.0. Security Fix(es): * Mozilla: Out of bound write due to … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2021:1363-1 Issue Date: 2021-04-26 CVE Numbers: CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23961 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 — This update upgrades Firefox to version 78.10.0 ESR. Security Fix(es): * Mozilla: Out of bound write due to … Read More

java-1.8.0-openjdk (SL7)

Synopsis: Moderate: java-1.8.0-openjdk security update Advisory ID: SLSA-2021:1298-1 Issue Date: 2021-04-21 CVE Numbers: CVE-2021-2163 — Security Fix(es): * OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (8249906) (CVE-2021-2163) For more details about the security issue(s), including the impact, a CVSS … Read More

java-11-openjdk (SL7)

Synopsis: Moderate: java-11-openjdk security and bug fix update Advisory ID: SLSA-2021:1297-1 Issue Date: 2021-04-21 CVE Numbers: CVE-2021-2163 — Security Fix(es): * OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (8249906) (CVE-2021-2163) For more details about the security issue(s), including the … Read More