kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2022:4642-1 Issue Date: 2022-05-19 CVE Numbers: CVE-2022-0492 — Security Fix(es): * kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492) For more details about the security issue(s), including the … Read More

zlib (SL7)

Synopsis: Important: zlib security update Advisory ID: SLSA-2022:2213-1 Issue Date: 2022-05-17 CVE Numbers: CVE-2018-25032 — Security Fix(es): * zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032) For more details about the security issue(s), including the … Read More

gzip (SL7)

Synopsis: Important: gzip security update Advisory ID: SLSA-2022:2191-1 Issue Date: 2022-05-11 CVE Numbers: CVE-2022-1271 — Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:1725-1 Issue Date: 2022-05-05 CVE Numbers: CVE-2022-29914 CVE-2022-29909 CVE-2022-29916 CVE-2022-29911 CVE-2022-29912 CVE-2022-29917 CVE-2022-1520 CVE-2022-29913 — This update upgrades Thunderbird to version 91.9.0. Security Fix(es): * Mozilla: Bypassing permission prompt in nested browsing contexts … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2022:1703-1 Issue Date: 2022-05-04 CVE Numbers: CVE-2022-29914 CVE-2022-29909 CVE-2022-29916 CVE-2022-29911 CVE-2022-29912 CVE-2022-29917 — This update upgrades Firefox to version 91.9.0 ESR. Security Fix(es): * Mozilla: Bypassing permission prompt in nested browsing contexts (CVE-2022-29909) … Read More

maven-shared-utils (SL7)

Synopsis: Important: maven-shared-utils security update Advisory ID: SLSA-2022:1541-1 Issue Date: 2022-04-27 CVE Numbers: CVE-2022-29599 — Security Fix(es): * maven-shared-utils: Command injection via Commandline class (CVE-2022-29599) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and … Read More

java-11-openjdk (SL7)

Synopsis: Important: java-11-openjdk security, bug fix, and enhancement update Advisory ID: SLSA-2022:1440-1 Issue Date: 2022-04-20 CVE Numbers: CVE-2022-21426 CVE-2022-21443 CVE-2022-21434 CVE-2022-21476 CVE-2022-21496 — The following packages have been upgraded to a later upstream version: java-11-openjdk (11.0.15.0.9). Security Fix(es): * OpenJDK: … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:1302-1 Issue Date: 2022-04-11 CVE Numbers: CVE-2022-1097 CVE-2022-28281 CVE-2022-1196 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-24713 CVE-2022-28289 CVE-2022-1197 — This update upgrades Thunderbird to version 91.8.0. Security Fix(es): * Mozilla: Use-after-free in NSSToken objects (CVE-2022-1097) * … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2022:1284-1 Issue Date: 2022-04-08 CVE Numbers: CVE-2022-1097 CVE-2022-28281 CVE-2022-1196 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-24713 CVE-2022-28289 — This update upgrades Firefox to version 91.8.0 ESR. Security Fix(es): * Mozilla: Use-after-free in NSSToken objects (CVE-2022-1097) * … Read More

kernel (SL7)

Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: SLSA-2022:1198-1 Issue Date: 2022-04-06 CVE Numbers: CVE-2021-4028 CVE-2021-4083 — Security Fix(es): * kernel: use-after-free in RDMA listen() (CVE-2021-4028) * kernel: fget: check that the fd still exists after getting … Read More