ipa (SL7)

Synopsis: Moderate: ipa security and bug fix update Advisory ID: SLSA-2021:5195-1 Issue Date: 2021-12-16 CVE Numbers: CVE-2020-25719 — Security Fix(es): * samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719) For more … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2021:5046-1 Issue Date: 2021-12-09 CVE Numbers: CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVE-2021-43528 — This update upgrades Thunderbird to version 91.4.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2021:5014-1 Issue Date: 2021-12-08 CVE Numbers: CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 — This update upgrades Firefox to version 91.4.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in … Read More

mailman (SL7)

Synopsis: Important: mailman security update Advisory ID: SLSA-2021:4913-1 Issue Date: 2021-12-02 CVE Numbers: CVE-2016-6893 CVE-2021-42097 CVE-2021-44227 — Security Fix(es): * mailman: CSRF token bypass allows to perform CSRF attacks and account takeover (CVE-2021-42097) * mailman: CSRF token bypass allows to … Read More

nss (SL7)

Synopsis: Critical: nss security update Advisory ID: SLSA-2021:4904-1 Issue Date: 2021-12-02 CVE Numbers: CVE-2021-43527 — Security Fix(es): * nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) (CVE-2021-43527) For more details about the security issue(s), including the impact, a … Read More

openssh (SL7)

Synopsis: Moderate: openssh security update Advisory ID: SLSA-2021:4782-1 Issue Date: 2021-11-24 CVE Numbers: CVE-2021-41617 — Security Fix(es): * openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured (CVE-2021-41617) For more details about the security issue(s), including the impact, a CVSS … Read More

krb5 (SL7)

Synopsis: Moderate: krb5 security update Advisory ID: SLSA-2021:4788-1 Issue Date: 2021-11-24 CVE Numbers: CVE-2021-37750 — Security Fix(es): * krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field (CVE-2021-37750) For more details about … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2021:4777-1 Issue Date: 2021-11-24 CVE Numbers: CVE-2020-36385 — Security Fix(es): * kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after- free (CVE-2020-36385) For more details about the security issue(s), including the impact, a … Read More

rpm (SL7)

Synopsis: Moderate: rpm security update Advisory ID: SLSA-2021:4785-1 Issue Date: 2021-11-24 CVE Numbers: CVE-2021-20271 — Security Fix(es): * rpm: Signature checks bypass via corrupted rpm package (CVE-2021-20271) For more details about the security issue(s), including the impact, a CVSS score, … Read More

freerdp (SL7)

Synopsis: Important: freerdp security update Advisory ID: SLSA-2021:4619-1 Issue Date: 2021-11-12 CVE Numbers: CVE-2021-41159 CVE-2021-41160 — Security Fix(es): * freerdp: improper client input validation for gateway connections allows to overwrite memory (CVE-2021-41159) * freerdp: improper region checks in all clients … Read More