firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2022:1284-1 Issue Date: 2022-04-08 CVE Numbers: CVE-2022-1097 CVE-2022-28281 CVE-2022-1196 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-24713 CVE-2022-28289 — This update upgrades Firefox to version 91.8.0 ESR. Security Fix(es): * Mozilla: Use-after-free in NSSToken objects (CVE-2022-1097) * … Read More

kernel (SL7)

Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: SLSA-2022:1198-1 Issue Date: 2022-04-06 CVE Numbers: CVE-2021-4028 CVE-2021-4083 — Security Fix(es): * kernel: use-after-free in RDMA listen() (CVE-2021-4028) * kernel: fget: check that the fd still exists after getting … Read More

openssl (SL7)

Synopsis: Important: openssl security update Advisory ID: SLSA-2022:1066-1 Issue Date: 2022-03-28 CVE Numbers: CVE-2022-0778 — Security Fix(es): * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) For more details about the security issue(s), including the impact, a CVSS … Read More

expat (SL7)

Synopsis: Important: expat security update Advisory ID: SLSA-2022:1069-1 Issue Date: 2022-03-28 CVE Numbers: CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-25315 CVE-2022-25235 CVE-2022-25236 — Security Fix(es): * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary … Read More

httpd (SL7)

Synopsis: Important: httpd security update Advisory ID: SLSA-2022:1045-1 Issue Date: 2022-03-24 CVE Numbers: CVE-2022-22720 — Security Fix(es): * httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720) For more details about the security issue(s), … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:0850-1 Issue Date: 2022-03-14 CVE Numbers: CVE-2022-25315 CVE-2022-25235 CVE-2022-25236 CVE-2022-26486 CVE-2022-26485 CVE-2022-26383 CVE-2022-26384 CVE-2022-26387 CVE-2022-26381 CVE-2022-26386 CVE-2022-0566 — This update upgrades Thunderbird to version 91.7.0. Security Fix(es): * Mozilla: Use-after-free in XSLT parameter … Read More

firefox (SL7)

Synopsis: Critical: firefox security and bug fix update Advisory ID: SLSA-2022:0824-1 Issue Date: 2022-03-11 CVE Numbers: CVE-2022-25315 CVE-2022-25235 CVE-2022-25236 CVE-2022-26486 CVE-2022-26485 CVE-2022-26383 CVE-2022-26384 CVE-2022-26387 CVE-2022-26381 CVE-2022-26386 — This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): * Mozilla: Use-after-free … Read More

cyrus-sasl (SL7)

Synopsis: Important: cyrus-sasl security update Advisory ID: SLSA-2022:0666-1 Issue Date: 2022-02-24 CVE Numbers: CVE-2022-24407 — Security Fix(es): * cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands (CVE-2022-24407) For more details about the security … Read More

python-pillow (SL7)

Synopsis: Important: python-pillow security update Advisory ID: SLSA-2022:0609-1 Issue Date: 2022-02-23 CVE Numbers: CVE-2022-22816 CVE-2022-22817 — Security Fix(es): * python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions (CVE-2022-22817) * python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c (CVE-2022-22816) … Read More

openldap (SL7)

Synopsis: Moderate: openldap security update Advisory ID: SLSA-2022:0621-1 Issue Date: 2022-02-23 CVE Numbers: CVE-2020-25709 CVE-2020-25710 — Security Fix(es): * openldap: assertion failure in Certificate List syntax validation (CVE-2020-25709) * openldap: assertion failure in CSN normalization with invalid input (CVE-2020-25710) For … Read More