Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: SLSA-2020:1507-1 Issue Date: 2020-04-21 CVE Numbers: None — Security Fix(es): * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: … Read More
Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: SLSA-2020:1506-1 Issue Date: 2020-04-21 CVE Numbers: None — Security Fix(es): * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: … Read More
Synopsis: Important: git security update Advisory ID: SLSA-2020:1511-1 Issue Date: 2020-04-21 CVE Numbers: None — Security Fix(es): * git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260) — SL7 x86_64 git-1.8.3.1-22.el7_8.x86_64.rpm git-daemon-1.8.3.1-22.el7_8.x86_64.rpm git-debuginfo-1.8.3.1-22.el7_8.x86_64.rpm git-gnome-keyring-1.8.3.1-22.el7_8.x86_64.rpm git-svn-1.8.3.1-22.el7_8.x86_64.rpm noarch emacs-git-1.8.3.1-22.el7_8.noarch.rpm emacs-git-el-1.8.3.1-22.el7_8.noarch.rpm … Read More
Synopsis: Important: thunderbird security update Advisory ID: SLSA-2020:1489-1 Issue Date: 2020-04-16 CVE Numbers: None — Security Fix(es): * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) * Mozilla: Uninitialized memory could be … Read More
Synopsis: Important: firefox security update Advisory ID: SLSA-2020:1420-1 Issue Date: 2020-04-09 CVE Numbers: CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 — This update upgrades Firefox to version 68.7.0 ESR. Security Fix(es): * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method … Read More
Synopsis: Critical: firefox security update Advisory ID: SLSA-2020:1338-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2020-6819 CVE-2020-6820 — * Mozilla: Use-after-free while running the nsDocShell destructor * Mozilla: Use-after-free when handling a ReadableStream — SL7 x86_64 firefox-68.6.1-1.el7_8.x86_64.rpm firefox-debuginfo-68.6.1-1.el7_8.x86_64.rpm firefox-68.6.1-1.el7_8.i686.rpm firefox-debuginfo-68.6.1-1.el7_8.i686.rpm – Scientific … Read More
Synopsis: Important: telnet security update Advisory ID: SLSA-2020:1334-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2020-10188 — telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code — SL7 x86_64 telnet-server-0.17-65.el7_8.x86_64.rpm telnet-0.17-65.el7_8.x86_64.rpm telnet-debuginfo-0.17-65.el7_8.x86_64.rpm – Scientific Linux Development Team
Synopsis: Moderate: skopeo security and bug fix update Advisory ID: SLSA-2020:1230-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2020-8945 — * proglottis/gpgme: Use-after-free in GPGME bindings during container image pull — SL7 x86_64 containers-common-0.1.40-7.el7_8.x86_64.rpm skopeo-0.1.40-7.el7_8.x86_64.rpm – Scientific Linux Development Team
Synopsis: Moderate: dpdk security, bug fix, and enhancement update Advisory ID: SLSA-2020:1226-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-14818 — * dpdk: possible memory leak leads to denial of service — SL7 x86_64 dpdk-18.11.5-1.el7_8.x86_64.rpm dpdk-tools-18.11.5-1.el7_8.x86_64.rpm dpdk-devel-18.11.5-1.el7_8.x86_64.rpm dpdk-doc-18.11.5-1.el7_8.noarch.rpm – Scientific Linux Development … Read More
Synopsis: Moderate: podman security, bug fix, and enhancement update Advisory ID: SLSA-2020:1227-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-18466 CVE-2020-1702 — * podman: resolving symlink in host filesystem leads to unexpected results of copy operation * containers/image: Container images read entire … Read More
