thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:5480-1 Issue Date: 2022-07-01 CVE Numbers: CVE-2022-34479 CVE-2022-34470 CVE-2022-34468 CVE-2022-34481 CVE-2022-31744 CVE-2022-34472 CVE-2022-2200 CVE-2022-34484 CVE-2022-2226 — This update upgrades Thunderbird to version 91.11. Security Fix(es): * Mozilla: CSP sandbox header without `allow-scripts` can … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2022:5479-1 Issue Date: 2022-07-01 CVE Numbers: CVE-2022-34479 CVE-2022-34470 CVE-2022-34468 CVE-2022-34481 CVE-2022-31744 CVE-2022-34472 CVE-2022-2200 CVE-2022-34484 — This update upgrades Firefox to version 91.11 ESR. Security Fix(es): * Mozilla: CSP sandbox header without `allow-scripts` can … Read More

python (SL7)

Synopsis: Moderate: python security update Advisory ID: SLSA-2022:5235-1 Issue Date: 2022-06-28 CVE Numbers: CVE-2020-26116 CVE-2020-26137 CVE-2021-3177 — Security Fix(es): * python: CRLF injection via HTTP request method in httplib/http.client (CVE-2020-26116) * python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137) * … Read More

389-ds-base (SL7)

Synopsis: Moderate: 389-ds-base security, bug fix, and enhancement update Advisory ID: SLSA-2022:5239-1 Issue Date: 2022-06-28 CVE Numbers: CVE-2022-0918 CVE-2022-0996 — Security Fix(es): * 389-ds-base: sending crafted message could result in DoS (CVE-2022-0918) * 389-ds-base: expired password was still allowed to … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2022:5232-1 Issue Date: 2022-06-28 CVE Numbers: CVE-2022-1729 CVE-2022-1966 — Security Fix(es): * kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729) * kernel: a use-after-free write in the netfilter … Read More

python-virtualenv (SL7)

Synopsis: Moderate: python-virtualenv security update Advisory ID: SLSA-2022:5234-1 Issue Date: 2022-06-28 CVE Numbers: CVE-2019-20916 — Security Fix(es): * python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916) For more details about the security issue(s), including the impact, a CVSS score, … Read More

postgresql (SL7)

Synopsis: Important: postgresql security update Advisory ID: SLSA-2022:5162-1 Issue Date: 2022-06-22 CVE Numbers: CVE-2022-1552 — Security Fix(es): * postgresql: Autovacuum, REINDEX, and others omit “security restricted operation” sandbox (CVE-2022-1552) For more details about the security issue(s), including the impact, a … Read More

xz (SL7)

Synopsis: Important: xz security update Advisory ID: SLSA-2022:5052-1 Issue Date: 2022-06-15 CVE Numbers: CVE-2022-1271 — Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, … Read More

python-twisted-web (SL7)

Synopsis: Important: python-twisted-web security update Advisory ID: SLSA-2022:4930-1 Issue Date: 2022-06-08 CVE Numbers: CVE-2022-24801 — Security Fix(es): * python-twisted: possible http request smuggling (CVE-2022-24801) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:4891-1 Issue Date: 2022-06-03 CVE Numbers: CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 CVE-2022-1834 — This update upgrades Thunderbird to version 91.10.0. Security Fix(es): * Mozilla: Braille space character caused incorrect sender email … Read More