thunderbird (SL7)

Synopsis: Moderate: thunderbird security update Advisory ID: SLSA-2021:1192-1 Issue Date: 2021-04-14 CVE Numbers: CVE-2021-23991 CVE-2021-23992 CVE-2021-23993 — This update upgrades Thunderbird to version 78.9.1. Security Fix(es): * Mozilla: An attacker may use Thunderbird’s OpenPGP key refresh mechanism to poison an … Read More

nettle (SL7)

Synopsis: Important: nettle security update Advisory ID: SLSA-2021:1145-1 Issue Date: 2021-04-09 CVE Numbers: CVE-2021-20305 — Security Fix(es): * nettle: Out of bounds memory access in signature verification (CVE-2021-20305) For more details about the security issue(s), including the impact, a CVSS … Read More

squid (SL7)

Synopsis: Important: squid security update Advisory ID: SLSA-2021:1135-1 Issue Date: 2021-04-09 CVE Numbers: CVE-2020-25097 — Security Fix(es): * squid: improper input validation may allow a trusted client to perform HTTP request smuggling (CVE-2020-25097) For more details about the security issue(s), … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2021:1071-1 Issue Date: 2021-04-06 CVE Numbers: CVE-2021-27365 CVE-2021-27363 CVE-2021-27364 — Security Fix(es): * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) … Read More

libldb (SL7)

Synopsis: Important: libldb security update Advisory ID: SLSA-2021:1072-1 Issue Date: 2021-04-06 CVE Numbers: CVE-2021-20277 — Security Fix(es): * samba: Out of bounds read in AD DC LDAP server (CVE-2021-20277) For more details about the security issue(s), including the impact, a … Read More

flatpak (SL7)

Synopsis: Important: flatpak security update Advisory ID: SLSA-2021:1002-1 Issue Date: 2021-03-29 CVE Numbers: CVE-2021-21381 — Security Fix(es): * flatpak: “file forwarding” feature can be used to gain unprivileged access to files (CVE-2021-21381) For more details about the security issue(s), including … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2021:0992-1 Issue Date: 2021-03-25 CVE Numbers: CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 — This update upgrades Firefox to version 78.9.0 ESR. Security Fix(es): * Mozilla: Texture upload into an unbound backing buffer resulted in an … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2021:0996-1 Issue Date: 2021-03-25 CVE Numbers: CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 — This update upgrades Thunderbird to version 78.9.0. Security Fix(es): * Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound … Read More

pki-core (SL7)

Synopsis: Important: pki-core security and bug fix update Advisory ID: SLSA-2021:0851-1 Issue Date: 2021-03-16 CVE Numbers: CVE-2019-10179 CVE-2019-10146 CVE-2019-10221 CVE-2020-1721 CVE-2020-25715 CVE-2021-20179 — Security Fix(es): * pki-core: Unprivileged users can renew any certificate (CVE-2021-20179) * pki-core: XSS in the certificate … Read More

ipa (SL7)

Synopsis: Moderate: ipa security and bug fix update Advisory ID: SLSA-2021:0860-1 Issue Date: 2021-03-16 CVE Numbers: CVE-2020-11023 — Security Fix(es): * jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) For more details about … Read More