libexif (SL6)

Synopsis: Moderate: libexif security update Advisory ID: SLSA-2020:2516-1 Issue Date: 2020-06-11 CVE Numbers: None — Security Fix(es): * libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS (CVE-2020-13112) — SL6 x86_64 libexif-0.6.21-6.el6_10.i686.rpm libexif-0.6.21-6.el6_10.x86_64.rpm libexif-debuginfo-0.6.21-6.el6_10.i686.rpm … Read More

tomcat (SL7)

Synopsis: Important: tomcat security update Advisory ID: SLSA-2020:2530-1 Issue Date: 2020-06-11 CVE Numbers: None — Security Fix(es): * tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484) — SL7 noarch tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm … Read More

kernel (SL6)

Synopsis: Moderate: kernel security and bug fix update Advisory ID: SLSA-2020:2430-1 Issue Date: 2020-06-10 CVE Numbers: None — Security Fix(es): * kernel: NULL pointer dereference due to KEYCTL_READ on negative key (CVE-2017-12192) — SL6 x86_64 kernel-2.6.32-754.30.2.el6.x86_64.rpm kernel-debug-2.6.32-754.30.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.30.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.30.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.30.2.el6.i686.rpm … Read More

microcode_ctl (SL6)

Synopsis: Moderate: microcode_ctl security, bug fix and enhancement update Advisory ID: SLSA-2020:2433-1 Issue Date: 2020-06-10 CVE Numbers: None — Security Fix(es): * hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) * hw: L1D Cache Eviction Sampling (CVE-2020-0549) * hw: Vector … Read More

freerdp (SL7)

Synopsis: Important: freerdp security update Advisory ID: SLSA-2020:2405-1 Issue Date: 2020-06-09 CVE Numbers: None — Security Fix(es): * freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) — SL7 x86_64 freerdp-2.0.0-4.rc4.el7_8.1.x86_64.rpm freerdp-debuginfo-2.0.0-4.rc4.el7_8.1.i686.rpm freerdp-debuginfo-2.0.0-4.rc4.el7_8.1.x86_64.rpm freerdp-libs-2.0.0-4.rc4.el7_8.1.i686.rpm freerdp-libs-2.0.0-4.rc4.el7_8.1.x86_64.rpm libwinpr-2.0.0-4.rc4.el7_8.1.i686.rpm libwinpr-2.0.0-4.rc4.el7_8.1.x86_64.rpm freerdp-devel-2.0.0-4.rc4.el7_8.1.i686.rpm freerdp-devel-2.0.0-4.rc4.el7_8.1.x86_64.rpm libwinpr-devel-2.0.0-4.rc4.el7_8.1.i686.rpm libwinpr-devel-2.0.0-4.rc4.el7_8.1.x86_64.rpm … Read More

freerdp (SL6)

Synopsis: Important: freerdp security update Advisory ID: SLSA-2020:2406-1 Issue Date: 2020-06-09 CVE Numbers: None — Security Fix(es): * freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) — SL6 x86_64 freerdp-1.0.2-7.el6_10.x86_64.rpm freerdp-debuginfo-1.0.2-7.el6_10.x86_64.rpm freerdp-libs-1.0.2-7.el6_10.x86_64.rpm freerdp-plugins-1.0.2-7.el6_10.x86_64.rpm freerdp-debuginfo-1.0.2-7.el6_10.i686.rpm freerdp-devel-1.0.2-7.el6_10.i686.rpm freerdp-devel-1.0.2-7.el6_10.x86_64.rpm freerdp-libs-1.0.2-7.el6_10.i686.rpm i386 freerdp-1.0.2-7.el6_10.i686.rpm freerdp-debuginfo-1.0.2-7.el6_10.i686.rpm … Read More

unbound (SL7)

Synopsis: Important: unbound security update Advisory ID: SLSA-2020:2414-1 Issue Date: 2020-06-09 CVE Numbers: None — Security Fix(es): * unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662) * unbound: infinite loop via … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2020:2381-1 Issue Date: 2020-06-03 CVE Numbers: None — Security Fix(es): * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 … Read More

bind (SL6)

Synopsis: Important: bind security update Advisory ID: SLSA-2020:2383-1 Issue Date: 2020-06-03 CVE Numbers: None — Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code … Read More

firefox (SL6)

Synopsis: Important: firefox security update Advisory ID: SLSA-2020:2378-1 Issue Date: 2020-06-03 CVE Numbers: None — Security Fix(es): * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 … Read More