389-ds-base (SL7)

Synopsis: Low: 389-ds-base security and bug fix update Advisory ID: SLSA-2022:0628-1 Issue Date: 2022-02-23 CVE Numbers: CVE-2021-4091 — Security Fix(es): * 389-ds-base: double-free of the virtual attribute context in persistent search (CVE-2021-4091) For more details about the security issue(s), including … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2022:0620-1 Issue Date: 2022-02-23 CVE Numbers: CVE-2020-0465 CVE-2020-0466 CVE-2021-3564 CVE-2021-3573 CVE-2021-3752 CVE-2021-0920 CVE-2021-4155 CVE-2022-0330 CVE-2022-22942 — Security Fix(es): * kernel: use after free in eventpoll.c may lead to escalation of … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:0538-1 Issue Date: 2022-02-15 CVE Numbers: CVE-2022-22754 CVE-2022-22756 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22759 CVE-2022-22764 — This update upgrades Thunderbird to version 91.6.0. Security Fix(es): * Mozilla: Extensions could have bypassed permission confirmation during update … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2022:0514-1 Issue Date: 2022-02-14 CVE Numbers: CVE-2022-22754 CVE-2022-22756 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22759 CVE-2022-22764 — This update upgrades Firefox to version 91.6.0 ESR. Security Fix(es): * Mozilla: Extensions could have bypassed permission confirmation during … Read More

aide (SL7)

Synopsis: Important: aide security update Advisory ID: SLSA-2022:0473-1 Issue Date: 2022-02-08 CVE Numbers: CVE-2021-45417 — Security Fix(es): * aide: heap-based buffer overflow on outputs larger than B64_BUF (CVE-2021-45417) For more details about the security issue(s), including the impact, a CVSS … Read More

samba (SL7)

Synopsis: Critical: samba security and bug fix update Advisory ID: SLSA-2022:0328-1 Issue Date: 2022-01-31 CVE Numbers: CVE-2021-44142 — Security Fix(es): * samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142) For more details about the security … Read More

java-1.8.0-openjdk (SL7)

Synopsis: Moderate: java-1.8.0-openjdk security update Advisory ID: SLSA-2022:0306-1 Issue Date: 2022-01-27 CVE Numbers: CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21282 CVE-2022-21296 CVE-2022-21299 CVE-2022-21360 CVE-2022-21365 CVE-2022-21248 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 — Security Fix(es): * OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) (CVE-2022-21248) * … Read More

polkit (SL7)

Synopsis: Important: polkit security update Advisory ID: SLSA-2022:0274-1 Issue Date: 2022-01-26 CVE Numbers: CVE-2021-4034 — Security Fix(es): * polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034) For more details about the security issue(s), including … Read More

java-11-openjdk (SL7)

Synopsis: Moderate: java-11-openjdk security update Advisory ID: SLSA-2022:0204-1 Issue Date: 2022-01-24 CVE Numbers: CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21282 CVE-2022-21296 CVE-2022-21299 CVE-2022-21277 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 CVE-2022-21248 CVE-2022-21291 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 — Security Fix(es): * OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, … Read More

gegl (SL7)

Synopsis: Important: gegl security update Advisory ID: SLSA-2022:0162-1 Issue Date: 2022-01-18 CVE Numbers: CVE-2021-45463 — Security Fix(es): * gegl: shell expansion via a crafted pathname (CVE-2021-45463) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More