java-1.8.0-openjdk (SL7)

Synopsis: Moderate: java-1.8.0-openjdk security and bug fix update Advisory ID: SLSA-2020:4350-1 Issue Date: 2020-10-27 CVE Numbers: None — Security Fix(es): * OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781) * OpenJDK: Certificate blacklist bypass via alternate certificate encodings … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2020:4310-1 Issue Date: 2020-10-22 CVE Numbers: None — Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) — … Read More

java-11-openjdk (SL7)

Synopsis: Moderate: java-11-openjdk security update Advisory ID: SLSA-2020:4307-1 Issue Date: 2020-10-22 CVE Numbers: None — Security Fix(es): * OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781) * OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782) … Read More

ipa (SL7)

Synopsis: Moderate: ipa security, bug fix, and enhancement update Advisory ID: SLSA-2020:3936-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2018-20676 CVE-2018-14040 CVE-2016-10735 CVE-2020-11022 CVE-2018-14042 CVE-2019-11358 CVE-2020-1722 CVE-2015-9251 CVE-2019-8331 CVE-2018-20677 — Security Fix(es): * js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * … Read More

e2fsprogs (SL7)

Synopsis: Moderate: e2fsprogs security and bug fix update Advisory ID: SLSA-2020:4011-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-5094 CVE-2019-5188 — Security Fix(es): * e2fsprogs: Crafted ext4 partition leads to out-of-bounds write (CVE-2019-5094) * e2fsprogs: Out-of-bounds write in e2fsck/rehash.c (CVE-2019-5188) — SL7 … Read More

squid (SL7)

Synopsis: Important: squid security update Advisory ID: SLSA-2020:4082-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2020-24606 CVE-2019-12528 CVE-2020-8450 CVE-2020-15049 CVE-2020-8449 CVE-2020-15810 CVE-2020-15811 — Security Fix(es): * squid: HTTP Request Smuggling could result in cache poisoning (CVE-2020-15810) * squid: HTTP Request Splitting could … Read More

openwsman (SL7)

Synopsis: Moderate: openwsman security update Advisory ID: SLSA-2020:3940-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-3833 — Security Fix(es): * openwsman: Infinite loop in process_connection() allows denial of service (CVE-2019-3833) — SL7 x86_64 libwsman1-2.6.3-7.git4391e5c.el7.x86_64.rpm openwsman-client-2.6.3-7.git4391e5c.el7.i686.rpm openwsman-client-2.6.3-7.git4391e5c.el7.x86_64.rpm openwsman-server-2.6.3-7.git4391e5c.el7.i686.rpm openwsman-python-2.6.3-7.git4391e5c.el7.x86_64.rpm libwsman1-2.6.3-7.git4391e5c.el7.i686.rpm openwsman-server-2.6.3-7.git4391e5c.el7.x86_64.rpm openwsman-debuginfo-2.6.3-7.git4391e5c.el7.i686.rpm openwsman-debuginfo-2.6.3-7.git4391e5c.el7.x86_64.rpm … Read More

libmspack (SL7)

Synopsis: Low: libmspack security update Advisory ID: SLSA-2020:3848-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-1010305 — Security Fix(es): * libmspack: buffer overflow in function chmd_read_headers() (CVE-2019-1010305) — SL7 x86_64 libmspack-0.5-0.8.alpha.el7.x86_64.rpm libmspack-0.5-0.8.alpha.el7.i686.rpm libmspack-debuginfo-0.5-0.8.alpha.el7.i686.rpm libmspack-debuginfo-0.5-0.8.alpha.el7.x86_64.rpm libmspack-devel-0.5-0.8.alpha.el7.i686.rpm libmspack-devel-0.5-0.8.alpha.el7.x86_64.rpm – Scientific Linux Development Team

libwmf (SL7)

Synopsis: Low: libwmf security and bug fix update Advisory ID: SLSA-2020:3943-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-6978 — Security Fix(es): * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) — SL7 x86_64 libwmf-0.2.8.4-44.el7.x86_64.rpm libwmf-lite-0.2.8.4-44.el7.x86_64.rpm libwmf-0.2.8.4-44.el7.i686.rpm libwmf-lite-0.2.8.4-44.el7.i686.rpm … Read More

libvpx (SL7)

Synopsis: Moderate: libvpx security update Advisory ID: SLSA-2020:3876-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-9433 CVE-2019-9232 CVE-2020-0034 CVE-2017-0393 — Security Fix(es): * libvpx: Denial of service in mediaserver (CVE-2017-0393) * libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232) * libvpx: … Read More