openldap (SL7)

Synopsis: Moderate: openldap security update Advisory ID: SLSA-2021:1389-1 Issue Date: 2021-04-27 CVE Numbers: CVE-2020-25692 — Security Fix(es): * openldap: NULL pointer dereference for unauthenticated packet in slapd (CVE-2020-25692) For more details about the security issue(s), including the impact, a CVSS … Read More

etcd (SL7)

Synopsis: Moderate: etcd security update Advisory ID: SLSA-2021:1407-1 Issue Date: 2021-04-27 CVE Numbers: CVE-2020-15112 CVE-2020-15106 — Security Fix(es): * etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106) * etcd: DoS in wal/wal.go (CVE-2020-15112) For more details about the security … Read More

xstream (SL7)

Synopsis: Important: xstream security update Advisory ID: SLSA-2021:1354-1 Issue Date: 2021-04-26 CVE Numbers: CVE-2021-21344 CVE-2021-21345 CVE-2021-21346 CVE-2021-21347 CVE-2021-21350 — Security Fix(es): * XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344) * XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345) * XStream: Unsafe deserizaliation of … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2021:1350-1 Issue Date: 2021-04-26 CVE Numbers: CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23961 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29948 — This update upgrades Thunderbird to version 78.10.0. Security Fix(es): * Mozilla: Out of bound write due to … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2021:1363-1 Issue Date: 2021-04-26 CVE Numbers: CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23961 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 — This update upgrades Firefox to version 78.10.0 ESR. Security Fix(es): * Mozilla: Out of bound write due to … Read More

java-1.8.0-openjdk (SL7)

Synopsis: Moderate: java-1.8.0-openjdk security update Advisory ID: SLSA-2021:1298-1 Issue Date: 2021-04-21 CVE Numbers: CVE-2021-2163 — Security Fix(es): * OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (8249906) (CVE-2021-2163) For more details about the security issue(s), including the impact, a CVSS … Read More

java-11-openjdk (SL7)

Synopsis: Moderate: java-11-openjdk security and bug fix update Advisory ID: SLSA-2021:1297-1 Issue Date: 2021-04-21 CVE Numbers: CVE-2021-2163 — Security Fix(es): * OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (8249906) (CVE-2021-2163) For more details about the security issue(s), including the … Read More

thunderbird (SL7)

Synopsis: Moderate: thunderbird security update Advisory ID: SLSA-2021:1192-1 Issue Date: 2021-04-14 CVE Numbers: CVE-2021-23991 CVE-2021-23992 CVE-2021-23993 — This update upgrades Thunderbird to version 78.9.1. Security Fix(es): * Mozilla: An attacker may use Thunderbird’s OpenPGP key refresh mechanism to poison an … Read More

nettle (SL7)

Synopsis: Important: nettle security update Advisory ID: SLSA-2021:1145-1 Issue Date: 2021-04-09 CVE Numbers: CVE-2021-20305 — Security Fix(es): * nettle: Out of bounds memory access in signature verification (CVE-2021-20305) For more details about the security issue(s), including the impact, a CVSS … Read More

squid (SL7)

Synopsis: Important: squid security update Advisory ID: SLSA-2021:1135-1 Issue Date: 2021-04-09 CVE Numbers: CVE-2020-25097 — Security Fix(es): * squid: improper input validation may allow a trusted client to perform HTTP request smuggling (CVE-2020-25097) For more details about the security issue(s), … Read More