firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2020:5099-1 Issue Date: 2020-11-12 CVE Numbers: None — Security Fix(es): * Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950) — SL7 x86_64 firefox-78.4.1-1.el7_9.x86_64.rpm firefox-debuginfo-78.4.1-1.el7_9.x86_64.rpm firefox-78.4.1-1.el7_9.i686.rpm – Scientific Linux Development Team

microcode_ctl (SL7)

Synopsis: Moderate: microcode_ctl security, bug fix, and enhancement update Advisory ID: SLSA-2020:5083-1 Issue Date: 2020-11-11 CVE Numbers: None — Security Fix(es): * hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695) * hw: Vector Register Leakage-Active (CVE-2020-8696) * … Read More

python (SL7)

Synopsis: Moderate: python security update Advisory ID: SLSA-2020:5009-1 Issue Date: 2020-11-10 CVE Numbers: None — Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) — SL7 x86_64 python-debuginfo-2.7.5-90.el7.x86_64.rpm python-2.7.5-90.el7.x86_64.rpm python-debuginfo-2.7.5-90.el7.i686.rpm python-devel-2.7.5-90.el7.x86_64.rpm python-libs-2.7.5-90.el7.i686.rpm python-libs-2.7.5-90.el7.x86_64.rpm python-debug-2.7.5-90.el7.x86_64.rpm … Read More

libvirt (SL7)

Synopsis: Moderate: libvirt security and bug fix update Advisory ID: SLSA-2020:5040-1 Issue Date: 2020-11-10 CVE Numbers: None — Security Fix(es): * libvirt: double free in qemuAgentGetInterfaces() in qemu_agent.c (CVE-2020-25637) — SL7 x86_64 libvirt-4.5.0-36.el7_9.3.x86_64.rpm libvirt-bash-completion-4.5.0-36.el7_9.3.x86_64.rpm libvirt-client-4.5.0-36.el7_9.3.i686.rpm libvirt-client-4.5.0-36.el7_9.3.x86_64.rpm libvirt-daemon-4.5.0-36.el7_9.3.x86_64.rpm libvirt-daemon-config-network-4.5.0-36.el7_9.3.x86_64.rpm libvirt-daemon-config-nwfilter-4.5.0-36.el7_9.3.x86_64.rpm libvirt-daemon-driver-interface-4.5.0-36.el7_9.3.x86_64.rpm … Read More

tomcat (SL7)

Synopsis: Low: tomcat security update Advisory ID: SLSA-2020:5020-1 Issue Date: 2020-11-10 CVE Numbers: None — Security Fix(es): * tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2020-1935) — SL7 noarch tomcat-servlet-3.0-api-7.0.76-16.el7_9.noarch.rpm tomcat-7.0.76-16.el7_9.noarch.rpm tomcat-admin-webapps-7.0.76-16.el7_9.noarch.rpm tomcat-docs-webapp-7.0.76-16.el7_9.noarch.rpm tomcat-el-2.2-api-7.0.76-16.el7_9.noarch.rpm tomcat-javadoc-7.0.76-16.el7_9.noarch.rpm tomcat-jsp-2.2-api-7.0.76-16.el7_9.noarch.rpm tomcat-jsvc-7.0.76-16.el7_9.noarch.rpm … Read More

kernel (SL7)

Synopsis: Moderate: kernel security and bug fix update Advisory ID: SLSA-2020:5023-1 Issue Date: 2020-11-10 CVE Numbers: None — Security Fix(es): * kernel: buffer over write in vgacon_scroll (CVE-2020-14331) * kernel: net-sysfs: *_queue_add_kobject refcount issue (CVE-2019-20811) Bug Fix(es): * [OSP13,mlx5] SRIOV … Read More

python3 (SL7)

Synopsis: Moderate: python3 security update Advisory ID: SLSA-2020:5010-1 Issue Date: 2020-11-10 CVE Numbers: None — Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) * python: DoS via inefficiency in IPv{4,6}Interface classes (CVE-2020-14422) — … Read More

qt and qt5-qtbase (SL7)

Synopsis: Moderate: qt and qt5-qtbase security update Advisory ID: SLSA-2020:5021-1 Issue Date: 2020-11-10 CVE Numbers: None — Security Fix(es): * qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp (CVE-2020-17507) — SL7 x86_64 qt-4.8.7-9.el7_9.i686.rpm qt-4.8.7-9.el7_9.x86_64.rpm qt-debuginfo-4.8.7-9.el7_9.i686.rpm qt-debuginfo-4.8.7-9.el7_9.x86_64.rpm qt-mysql-4.8.7-9.el7_9.i686.rpm qt-mysql-4.8.7-9.el7_9.x86_64.rpm qt-x11-4.8.7-9.el7_9.i686.rpm qt-x11-4.8.7-9.el7_9.x86_64.rpm qt5-qtbase-5.9.7-5.el7_9.i686.rpm … Read More

xorg-x11-server (SL6)

Synopsis: Important: xorg-x11-server security update Advisory ID: SLSA-2020:4953-1 Issue Date: 2020-11-05 CVE Numbers: None — Security Fix(es): * xorg-x11-server: Out-of-bounds access in XkbSetNames function (CVE-2020-14345) * xorg-x11-server: Integer underflow in the X input extension protocol (CVE-2020-14346) * xorg-x11-server: XkbSelectEvents integer … Read More

thunderbird (SL6)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2020:4947-1 Issue Date: 2020-11-05 CVE Numbers: None — Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) — … Read More