expat (SL7)

Synopsis: Important: expat security update Advisory ID: SLSA-2022:6834-1 Issue Date: 2022-10-06 CVE Numbers: CVE-2022-40674 — Security Fix(es): * expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674) For more details about the security issue(s), including the impact, a CVSS … Read More

squid (SL7)

Synopsis: Important: squid security update Advisory ID: SLSA-2022:6815-1 Issue Date: 2022-10-06 CVE Numbers: CVE-2022-41318 — Security Fix(es): * squid: buffer-over-read in SSPI and SMB authentication (CVE-2022-41318) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More

bind (SL7)

Synopsis: Important: bind security update Advisory ID: SLSA-2022:6765-1 Issue Date: 2022-10-04 CVE Numbers: CVE-2022-38177 CVE-2022-38178 — Security Fix(es): * bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177) * bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178) For more … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:6710-1 Issue Date: 2022-09-26 CVE Numbers: CVE-2022-3032 CVE-2022-3033 CVE-2022-3034 CVE-2022-36059 CVE-2022-40959 CVE-2022-40960 CVE-2022-40958 CVE-2022-40956 CVE-2022-40957 CVE-2022-40962 — This update upgrades Thunderbird to version 102.3.0. Security Fix(es): * Mozilla: Leaking of sensitive information when … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2022:6711-1 Issue Date: 2022-09-26 CVE Numbers: CVE-2022-40959 CVE-2022-40960 CVE-2022-40958 CVE-2022-40956 CVE-2022-40957 CVE-2022-40962 — This update upgrades Firefox to version 102.3.0 ESR. Security Fix(es): * Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959) * … Read More

open-vm-tools (SL7)

Synopsis: Important: open-vm-tools security update Advisory ID: SLSA-2022:6381-1 Issue Date: 2022-09-08 CVE Numbers: CVE-2022-31676 — Security Fix(es): * open-vm-tools: local root privilege escalation in the virtual machine (CVE-2022-31676) For more details about the security issue(s), including the impact, a CVSS … Read More

systemd (SL7)

Synopsis: Important: systemd security update Advisory ID: SLSA-2022:6160-1 Issue Date: 2022-08-25 CVE Numbers: CVE-2022-2526 — Security Fix(es): * systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c (CVE-2022-2526) For more details about the security issue(s), including the impact, a CVSS score, … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2022:6179-1 Issue Date: 2022-08-25 CVE Numbers: CVE-2022-38472 CVE-2022-38473 CVE-2022-38476 CVE-2022-38477 CVE-2022-38478 — This update upgrades Firefox to version 91.13.0 ESR. Security Fix(es): * Mozilla: Address bar spoofing via XSLT error handling (CVE-2022-38472) * … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:6169-1 Issue Date: 2022-08-25 CVE Numbers: CVE-2022-38472 CVE-2022-38473 CVE-2022-38476 CVE-2022-38477 CVE-2022-38478 — This update upgrades Thunderbird to version 91.13.0. Security Fix(es): * Mozilla: Address bar spoofing via XSLT error handling (CVE-2022-38472) * Mozilla: … Read More

rsync (SL7)

Synopsis: Important: rsync security update Advisory ID: SLSA-2022:6170-1 Issue Date: 2022-08-25 CVE Numbers: CVE-2022-29154 — Security Fix(es): * rsync: remote arbitrary files write inside the directories of connecting peers (CVE-2022-29154) For more details about the security issue(s), including the impact, … Read More