libwebp (SL7)

Synopsis: Important: libwebp security update Advisory ID: SLSA-2021:2260-1 Issue Date: 2021-06-07 CVE Numbers: CVE-2020-36328 CVE-2020-36329 CVE-2018-25011 — Security Fix(es): * libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011) * libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328) * libwebp: use-after-free in … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2021:2263-1 Issue Date: 2021-06-07 CVE Numbers: CVE-2021-29967 CVE-2021-29957 CVE-2021-29956 — This update upgrades Thunderbird to version 78.11.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 (CVE-2021-29967) … Read More

firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2021:2206-1 Issue Date: 2021-06-03 CVE Numbers: CVE-2021-29967 — This update upgrades Firefox to version 78.11.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 (CVE-2021-29967) For … Read More

runc (SL7)

Synopsis: Important: runc security update Advisory ID: SLSA-2021:2145-1 Issue Date: 2021-06-02 CVE Numbers: CVE-2021-30465 — Security Fix(es): * runc: vulnerable to symlink exchange attack (CVE-2021-30465) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and … Read More

glib2 (SL7)

Synopsis: Important: glib2 security update Advisory ID: SLSA-2021:2147-1 Issue Date: 2021-06-01 CVE Numbers: CVE-2021-27219 — Security Fix(es): * glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits (CVE-2021-27219) For … Read More

slapi-nis (SL7)

Synopsis: Important: slapi-nis security and bug fix update Advisory ID: SLSA-2021:2032-1 Issue Date: 2021-05-20 CVE Numbers: CVE-2021-3480 — Security Fix(es): * slapi-nis: NULL dereference (DoS) with specially crafted Binding DN (CVE-2021-3480) For more details about the security issue(s), including the … Read More

xorg-x11-server (SL7)

Synopsis: Important: xorg-x11-server security update Advisory ID: SLSA-2021:2033-1 Issue Date: 2021-05-20 CVE Numbers: CVE-2021-3472 — Security Fix(es): * xorg-x11-server: XChangeFeedbackControl integer underflow leads to privilege escalation (CVE-2021-3472) For more details about the security issue(s), including the impact, a CVSS score, … Read More

postgresql (SL7)

Synopsis: Important: postgresql security update Advisory ID: SLSA-2021:1512-1 Issue Date: 2021-05-06 CVE Numbers: CVE-2019-10208 CVE-2020-25694 CVE-2020-25695 — Security Fix(es): * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: Multiple features escape “security restricted operation” sandbox (CVE-2020-25695) * postgresql: … Read More

bind (SL7)

Synopsis: Important: bind security update Advisory ID: SLSA-2021:1469-1 Issue Date: 2021-04-29 CVE Numbers: CVE-2021-25215 — Security Fix(es): * bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself … Read More

nss (SL7)

Synopsis: Moderate: nss security and bug fix update Advisory ID: SLSA-2021:1384-1 Issue Date: 2021-04-27 CVE Numbers: CVE-2020-25648 — Security Fix(es): * nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648) For more details about the security issue(s), including the impact, … Read More