Synopsis: Important: bind security update Advisory ID: SLSA-2020:2383-1 Issue Date: 2020-06-03 CVE Numbers: None — Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code … Read More
Synopsis: Important: firefox security update Advisory ID: SLSA-2020:2378-1 Issue Date: 2020-06-03 CVE Numbers: None — Security Fix(es): * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 … Read More
Synopsis: Important: bind security update Advisory ID: SLSA-2020:2344-1 Issue Date: 2020-06-01 CVE Numbers: None — Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code … Read More
Synopsis: Important: freerdp security update Advisory ID: SLSA-2020:2334-1 Issue Date: 2020-05-28 CVE Numbers: None — Security Fix(es): * freerdp: Out-of-bounds write in planar.c (CVE-2020-11521) * freerdp: Integer overflow in region.c (CVE-2020-11523) * freerdp: Out-of-bounds write in interleaved.c (CVE-2020-11524) — SL7 … Read More
Synopsis: Moderate: python-virtualenv security update Advisory ID: SLSA-2020:2081-1 Issue Date: 2020-05-12 CVE Numbers: None — Security Fix(es): * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the … Read More
Synopsis: Moderate: python-pip security update Advisory ID: SLSA-2020:2068-1 Issue Date: 2020-05-12 CVE Numbers: None — Security Fix(es): * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the … Read More
Synopsis: Important: git security update Advisory ID: SLSA-2020:2337-1 Issue Date: 2020-05-29 CVE Numbers: None — Security Fix(es): * git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008) — SL7 x86_64 git-1.8.3.1-23.el7_8.x86_64.rpm git-daemon-1.8.3.1-23.el7_8.x86_64.rpm … Read More
Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2020:2082-1 Issue Date: 2020-05-12 CVE Numbers: None — Security Fix(es): * kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) * kernel: use-after-free in … Read More
Synopsis: Important: podman security update Advisory ID: SLSA-2020:2117-1 Issue Date: 2020-05-12 CVE Numbers: None — * buildah: Crafted input tar file may lead to local file overwrite during image build process * containers/image: Container images read entire image manifest into … Read More
Synopsis: Important: buildah security and bug fix update Advisory ID: SLSA-2020:2116-1 Issue Date: 2020-05-12 CVE Numbers: None — * buildah: Crafted input tar file may lead to local file overwrite during image build process * containers/image: Container images read entire … Read More
