thunderbird (SL6)

By SL Errata on February 25, 2020

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2020:0574-1 Issue Date: 2020-02-24 CVE Numbers: None — Security Fix(es): Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) Mozilla: Out-of-bounds read when processing certain email messages (CVE-2020-6793) Mozilla: … Read More

python-pillow (SL7)

By SL Errata on February 25, 2020

Synopsis: Important: python-pillow security update Advisory ID: SLSA-2020:0578-1 Issue Date: 2020-02-24 CVE Numbers: None — Security Fix(es): python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312) python-pillow: reading specially crafted image files leads to allocation of large amounts of … Read More

ksh (SL7)

By SL Errata on February 25, 2020

Synopsis: Important: ksh security update Advisory ID: SLSA-2020:0568-1 Issue Date: 2020-02-24 CVE Numbers: None — Security Fix(es): ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) — SL7 x86_64 ksh-20120801-140.el7_7.x86_64.rpm ksh-debuginfo-20120801-140.el7_7.x86_64.rpm – Scientific Linux … Read More

thunderbird (SL7)

By SL Errata on February 25, 2020

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2020:0576-1 Issue Date: 2020-02-24 CVE Numbers: None — Security Fix(es): Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) Mozilla: Out-of-bounds read when processing certain email messages (CVE-2020-6793) Mozilla: … Read More

openjpeg2 (SL7)

By SL Errata on February 19, 2020

Synopsis: Important: openjpeg2 security update Advisory ID: SLSA-2020:0550-1 Issue Date: 2020-02-19 CVE Numbers: None — Security Fix(es): * openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c (CVE-2020-8112) — SL7 x86_64 openjpeg2-2.3.1-3.el7_7.i686.rpm openjpeg2-2.3.1-3.el7_7.x86_64.rpm openjpeg2-debuginfo-2.3.1-3.el7_7.i686.rpm openjpeg2-debuginfo-2.3.1-3.el7_7.x86_64.rpm openjpeg2-devel-2.3.1-3.el7_7.i686.rpm openjpeg2-devel-2.3.1-3.el7_7.x86_64.rpm openjpeg2-tools-2.3.1-3.el7_7.i686.rpm openjpeg2-tools-2.3.1-3.el7_7.x86_64.rpm noarch openjpeg2-devel-docs-2.3.1-3.el7_7.noarch.rpm … Read More

sudo (SL7)

By SL Errata on February 18, 2020

Synopsis: Important: sudo security update Advisory ID: SLSA-2020:0540-1 Issue Date: 2020-02-18 CVE Numbers: None — Security Fix(es): * sudo: Stack based buffer overflow when pwfeedback is enabled (CVE-2019-18634) — SL7 x86_64 sudo-1.8.23-4.el7_7.2.x86_64.rpm sudo-debuginfo-1.8.23-4.el7_7.2.x86_64.rpm sudo-debuginfo-1.8.23-4.el7_7.2.i686.rpm sudo-devel-1.8.23-4.el7_7.2.i686.rpm sudo-devel-1.8.23-4.el7_7.2.x86_64.rpm – Scientific Linux Development … Read More

java-1.7.0-openjdk (SL7)

By SL Errata on February 18, 2020

Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: SLSA-2020:0541-1 Issue Date: 2020-02-18 CVE Numbers: None — Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, … Read More

ksh (SL6)

By SL Errata on February 17, 2020

Synopsis: Important: ksh security update Advisory ID: SLSA-2020:0515-1 Issue Date: 2020-02-17 CVE Numbers: None — Security Fix(es): * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) — SL6 x86_64 ksh-20120801-38.el6_10.x86_64.rpm ksh-debuginfo-20120801-38.el6_10.x86_64.rpm i386 ksh-20120801-38.el6_10.i686.rpm … Read More

firefox (SL6)

By SL Errata on February 17, 2020

Synopsis: Important: firefox security update Advisory ID: SLSA-2020:0521-1 Issue Date: 2020-02-17 CVE Numbers: None — Security Fix(es): * Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796) * Mozilla: Memory safety bugs fixed in Firefox 73 … Read More