java-11-openjdk (SL7)

Synopsis: Moderate: java-11-openjdk security and bug fix update Advisory ID: SLSA-2022:7008-1 Issue Date: 2022-10-20 CVE Numbers: CVE-2022-21619 CVE-2022-21626 CVE-2022-21624 CVE-2022-21628 CVE-2022-39399 CVE-2022-21618 — Security Fix(es): * OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618) * OpenJDK: … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2022:6997-1 Issue Date: 2022-10-19 CVE Numbers: CVE-2022-40674 — This update upgrades Firefox to version 102.3.0 ESR. Security Fix(es): * expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674) For more details about … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:6998-1 Issue Date: 2022-10-19 CVE Numbers: CVE-2022-40674 — This update upgrades Thunderbird to version 102.3.0. Security Fix(es): * expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674) For more details about the … Read More

expat (SL7)

Synopsis: Important: expat security update Advisory ID: SLSA-2022:6834-1 Issue Date: 2022-10-06 CVE Numbers: CVE-2022-40674 — Security Fix(es): * expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674) For more details about the security issue(s), including the impact, a CVSS … Read More

squid (SL7)

Synopsis: Important: squid security update Advisory ID: SLSA-2022:6815-1 Issue Date: 2022-10-06 CVE Numbers: CVE-2022-41318 — Security Fix(es): * squid: buffer-over-read in SSPI and SMB authentication (CVE-2022-41318) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More

bind (SL7)

Synopsis: Important: bind security update Advisory ID: SLSA-2022:6765-1 Issue Date: 2022-10-04 CVE Numbers: CVE-2022-38177 CVE-2022-38178 — Security Fix(es): * bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177) * bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178) For more … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:6710-1 Issue Date: 2022-09-26 CVE Numbers: CVE-2022-3032 CVE-2022-3033 CVE-2022-3034 CVE-2022-36059 CVE-2022-40959 CVE-2022-40960 CVE-2022-40958 CVE-2022-40956 CVE-2022-40957 CVE-2022-40962 — This update upgrades Thunderbird to version 102.3.0. Security Fix(es): * Mozilla: Leaking of sensitive information when … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2022:6711-1 Issue Date: 2022-09-26 CVE Numbers: CVE-2022-40959 CVE-2022-40960 CVE-2022-40958 CVE-2022-40956 CVE-2022-40957 CVE-2022-40962 — This update upgrades Firefox to version 102.3.0 ESR. Security Fix(es): * Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959) * … Read More

open-vm-tools (SL7)

Synopsis: Important: open-vm-tools security update Advisory ID: SLSA-2022:6381-1 Issue Date: 2022-09-08 CVE Numbers: CVE-2022-31676 — Security Fix(es): * open-vm-tools: local root privilege escalation in the virtual machine (CVE-2022-31676) For more details about the security issue(s), including the impact, a CVSS … Read More

systemd (SL7)

Synopsis: Important: systemd security update Advisory ID: SLSA-2022:6160-1 Issue Date: 2022-08-25 CVE Numbers: CVE-2022-2526 — Security Fix(es): * systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c (CVE-2022-2526) For more details about the security issue(s), including the impact, a CVSS score, … Read More