java-1.8.0-openjdk (SL7)

Synopsis: Important: java-1.8.0-openjdk security and bug fix update Advisory ID: SLSA-2021:2845-1 Issue Date: 2021-07-21 CVE Numbers: CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 — Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can … Read More

java-11-openjdk (SL7)

Synopsis: Important: java-11-openjdk security update Advisory ID: SLSA-2021:2784-1 Issue Date: 2021-07-21 CVE Numbers: CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 — Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2021:2725-1 Issue Date: 2021-07-21 CVE Numbers: CVE-2020-11668 CVE-2019-20934 CVE-2021-33033 CVE-2021-33034 CVE-2021-33909 — Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: use-after-free in net/bluetooth/hci_event.c when … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2021:2741-1 Issue Date: 2021-07-15 CVE Numbers: CVE-2021-30547 CVE-2021-29970 CVE-2021-29976 — This update upgrades Firefox to version 78.12.0 ESR. Security Fix(es): * Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970) * Mozilla: Memory … Read More

xstream (SL7)

Synopsis: Important: xstream security update Advisory ID: SLSA-2021:2683-1 Issue Date: 2021-07-12 CVE Numbers: CVE-2021-29505 — Security Fix(es): * XStream: remote command execution attack by manipulating the processed input stream (CVE-2021-29505) For more details about the security issue(s), including the impact, … Read More

linuxptp (SL7)

Synopsis: Important: linuxptp security update Advisory ID: SLSA-2021:2658-1 Issue Date: 2021-07-07 CVE Numbers: CVE-2021-3570 — Security Fix(es): * linuxptp: missing length check of forwarded messages (CVE-2021-3570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2021:2314-1 Issue Date: 2021-06-09 CVE Numbers: CVE-2020-8648 CVE-2021-3347 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-27170 — Security Fix(es): * kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) * kernel: Use after free via … Read More

gupnp (SL7)

Synopsis: Important: gupnp security update Advisory ID: SLSA-2021:2417-1 Issue Date: 2021-06-15 CVE Numbers: CVE-2021-33516 — Security Fix(es): * gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services (CVE-2021-33516) For more details about … Read More

postgresql (SL7)

Synopsis: Important: postgresql security update Advisory ID: SLSA-2021:2397-1 Issue Date: 2021-06-14 CVE Numbers: CVE-2021-32027 — Security Fix(es): * postgresql: Buffer overrun from integer overflow in array subscripting calculations (CVE-2021-32027) For more details about the security issue(s), including the impact, a … Read More

dhcp (SL7)

Synopsis: Important: dhcp security update Advisory ID: SLSA-2021:2357-1 Issue Date: 2021-06-09 CVE Numbers: CVE-2021-25217 — Security Fix(es): * dhcp: stack-based buffer overflow when parsing statements with colon- separated hex digits in config or lease files in dhcpd and dhclient (CVE-2021-25217) … Read More