gegl (SL7)

Synopsis: Important: gegl security update Advisory ID: SLSA-2022:0162-1 Issue Date: 2022-01-18 CVE Numbers: CVE-2021-45463 — Security Fix(es): * gegl: shell expansion via a crafted pathname (CVE-2021-45463) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More

httpd (SL7)

Synopsis: Important: httpd security update Advisory ID: SLSA-2022:0143-1 Issue Date: 2022-01-18 CVE Numbers: CVE-2021-26691 CVE-2021-39275 CVE-2021-34798 CVE-2021-44790 — Security Fix(es): * httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790) * httpd: mod_session: Heap overflow via a crafted SessionHeader … Read More

kernel (SL7)

Synopsis: Moderate: kernel security and bug fix update Advisory ID: SLSA-2022:0063-1 Issue Date: 2022-01-14 CVE Numbers: CVE-2020-25704 CVE-2020-36322 CVE-2021-42739 — Security Fix(es): * kernel: perf_event_parse_addr_filter memory (CVE-2020-25704) * kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322) * kernel: Heap … Read More

thunderbird (SL7)

Synopsis:          Important: thunderbird security update Advisory ID:       SLSA-2022:0127-1 Issue Date:        2022-01-13 CVE Numbers:       CVE-2022-22743 CVE-2022-22742 CVE-2022-22741 CVE-2022-22740 CVE-2022-22738 CVE-2022-22737 CVE-2021-4140 CVE-2022-22748 CVE-2022-22745 CVE-2022-22747 CVE-2022-22739 CVE-2022-22751 — This update upgrades Thunderbird to version 91.5.0. Security Fix(es): * Mozilla: Iframe sandbox bypass … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2022:0124-1 Issue Date: 2022-01-13 CVE Numbers: CVE-2022-22743 CVE-2022-22742 CVE-2022-22741 CVE-2022-22740 CVE-2022-22738 CVE-2022-22737 CVE-2021-4140 CVE-2022-22748 CVE-2022-22745 CVE-2022-22747 CVE-2022-22739 CVE-2022-22751 — This update upgrades Firefox to version 91.5.0 ESR. Security Fix(es): * Mozilla: Iframe sandbox … Read More

openssl (SL7)

Synopsis: Moderate: openssl security update Advisory ID: SLSA-2022:0064-1 Issue Date: 2022-01-12 CVE Numbers: CVE-2021-3712 — Security Fix(es): * openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More

webkitgtk4 (SL7)

Synopsis: Moderate: webkitgtk4 security update Advisory ID: SLSA-2022:0059-1 Issue Date: 2022-01-12 CVE Numbers: CVE-2021-30858 — Security Fix(es): * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30858) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More

xorg-x11-server (SL7)

Synopsis: Important: xorg-x11-server security update Advisory ID: SLSA-2022:0003-1 Issue Date: 2022-01-04 CVE Numbers: CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011 — Security Fix(es): * xorg-x11-server: SProcRenderCompositeGlyphs out-of-bounds access (CVE-2021-4008) * xorg-x11-server: SProcXFixesCreatePointerBarrier out-of-bounds access (CVE-2021-4009) * xorg-x11-server: SProcScreenSaverSuspend out-of-bounds access (CVE-2021-4010) * xorg-x11-server: … Read More

log4j (SL7)

Synopsis: Moderate: log4j security update Advisory ID: SLSA-2021:5206-1 Issue Date: 2021-12-20 CVE Numbers: CVE-2021-4104 — Security Fix(es): * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104) For more details about the security issue(s), … Read More

samba (SL7)

Synopsis: Important: samba security and bug fix update Advisory ID: SLSA-2021:5192-1 Issue Date: 2021-12-16 CVE Numbers: CVE-2016-2124 CVE-2020-25717 — Security Fix(es): * samba: Active Directory (AD) domain user could become root on domain members (CVE-2020-25717) * samba: SMB1 client connections … Read More