linux-firmware (SL7)

Synopsis: Important: linux-firmware security update Advisory ID: SLSA-2021:0339-1 Issue Date: 2021-02-02 CVE Numbers: CVE-2020-12321 — Security Fix(es): * hardware: buffer overflow in bluetooth firmware (CVE-2020-12321) — SL7 noarch iwl100-firmware-39.31.5.1-80.el7_9.noarch.rpm iwl1000-firmware-39.31.5.1-80.el7_9.noarch.rpm iwl105-firmware-18.168.6.1-80.el7_9.noarch.rpm iwl135-firmware-18.168.6.1-80.el7_9.noarch.rpm iwl2000-firmware-18.168.6.1-80.el7_9.noarch.rpm iwl2030-firmware-18.168.6.1-80.el7_9.noarch.rpm iwl3160-firmware-25.30.13.0-80.el7_9.noarch.rpm iwl3945-firmware-15.32.2.9-80.el7_9.noarch.rpm iwl4965-firmware-228.61.2.24-80.el7_9.noarch.rpm iwl5000-firmware-8.83.5.1_1-80.el7_9.noarch.rpm iwl5150-firmware-8.24.2.2-80.el7_9.noarch.rpm iwl6000-firmware-9.221.4.1-80.el7_9.noarch.rpm … Read More

kernel (SL7)

Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: SLSA-2021:0336-1 Issue Date: 2021-02-02 CVE Numbers: CVE-2020-15436 CVE-2020-35513 — Security Fix(es): * kernel: use-after-free in fs/block_dev.c (CVE-2020-15436) * kernel: Nfsd failure to clear umask after processing an open or … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2021:0297-1 Issue Date: 2021-01-28 CVE Numbers: CVE-2021-23953 CVE-2021-23954 CVE-2020-26976 CVE-2021-23960 CVE-2021-23964 CVE-2020-15685 — This update upgrades Thunderbird to version 78.7.0. Security Fix(es): * Mozilla: Cross-origin information leakage via redirected PDF requests (CVE-2021-23953) * … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2021:0290-1 Issue Date: 2021-01-27 CVE Numbers: CVE-2021-23953 CVE-2021-23954 CVE-2020-26976 CVE-2021-23960 CVE-2021-23964 — This update upgrades Firefox to version 78.7.0 ESR. Security Fix(es): * Mozilla: Cross-origin information leakage via redirected PDF requests (CVE-2021-23953) * … Read More

sudo (SL7)

Synopsis: Important: sudo security update Advisory ID: SLSA-2021:0221-1 Issue Date: 2021-01-26 CVE Numbers: CVE-2021-3156 — Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) — SL7 x86_64 sudo-1.8.23-10.el7_9.1.x86_64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm sudo-devel-1.8.23-10.el7_9.1.i686.rpm sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm – Scientific Linux Development Team

dnsmasq (SL7)

Synopsis: Moderate: dnsmasq security update Advisory ID: SLSA-2021:0153-1 Issue Date: 2021-01-19 CVE Numbers: CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 — Security Fix(es): * dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684) * dnsmasq: loose query name … Read More

xstream (SL7)

Synopsis: Important: xstream security update Advisory ID: SLSA-2021:0162-1 Issue Date: 2021-01-19 CVE Numbers: CVE-2020-26217 — Security Fix(es): * XStream: remote code execution due to insecure XML deserialization when relying on blocklists (CVE-2020-26217) — SL7 noarch xstream-1.3.1-12.el7_9.noarch.rpm xstream-javadoc-1.3.1-12.el7_9.noarch.rpm – Scientific Linux … Read More

thunderbird (SL7)

Synopsis: Critical: thunderbird security update Advisory ID: SLSA-2021:0087-1 Issue Date: 2021-01-14 CVE Numbers: CVE-2020-16044 — This update upgrades Thunderbird to version 78.6.1. Security Fix(es): * Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044) — SL7 x86_64 thunderbird-78.6.1-1.el7_9.x86_64.rpm … Read More

firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2021:0053-1 Issue Date: 2021-01-11 CVE Numbers: CVE-2020-16044 — This update upgrades Firefox to version 78.6.1 ESR. Security Fix(es): * Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044) — SL7 x86_64 … Read More

ImageMagick (SL7)

Synopsis: Important: ImageMagick security update Advisory ID: SLSA-2021:0024-1 Issue Date: 2021-01-05 CVE Numbers: None — Security Fix(es): * ImageMagick: Shell injection via PDF password could result in arbitrary code execution (CVE-2020-29599) — SL7 x86_64 ImageMagick-6.9.10.68-5.el7_9.i686.rpm ImageMagick-6.9.10.68-5.el7_9.x86_64.rpm ImageMagick-c++-6.9.10.68-5.el7_9.i686.rpm ImageMagick-c++-6.9.10.68-5.el7_9.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-5.el7_9.i686.rpm ImageMagick-debuginfo-6.9.10.68-5.el7_9.x86_64.rpm … Read More