kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2021:0856-1 Issue Date: 2021-03-16 CVE Numbers: CVE-2020-28374 CVE-2020-29661 CVE-2019-19532 CVE-2020-7053 CVE-2020-14351 CVE-2020-25211 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2021-20265 CVE-2020-0427 — Security Fix(es): * kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211) … Read More

wpa_supplicant (SL7)

Synopsis: Important: wpa_supplicant security update Advisory ID: SLSA-2021:0808-1 Issue Date: 2021-03-11 CVE Numbers: CVE-2021-27803 — Security Fix(es): * wpa_supplicant: Use-after-free in P2P provision discovery processing (CVE-2021-27803) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More

screen (SL7)

Synopsis: Important: screen security update Advisory ID: SLSA-2021:0742-1 Issue Date: 2021-03-08 CVE Numbers: CVE-2021-26937 — Security Fix(es): * screen: crash when processing combining chars (CVE-2021-26937) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and … Read More

grub2 (SL7)

Synopsis: Moderate: grub2 security update Advisory ID: SLSA-2021:0699-1 Issue Date: 2021-03-03 CVE Numbers: CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 — Security Fix(es): * grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled … Read More

podman (SL7)

Synopsis: Important: podman security update Advisory ID: SLSA-2021:0681-1 Issue Date: 2021-03-02 CVE Numbers: CVE-2021-20188 — Security Fix(es): * podman: container users permissions are not respected in privileged containers (CVE-2021-20188) For more details about the security issue(s), including the impact, a … Read More

bind (SL7)

Synopsis: Important: bind security update Advisory ID: SLSA-2021:0671-1 Issue Date: 2021-03-01 CVE Numbers: CVE-2020-8625 — Security Fix(es): * bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625) For more details about the security issue(s), including the … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2021:0661-1 Issue Date: 2021-02-24 CVE Numbers: CVE-2021-23969 CVE-2021-23968 CVE-2021-23973 CVE-2021-23978 — This update upgrades Thunderbird to version 78.8.0. Security Fix(es): * Mozilla: Content Security Policy violation report could have contained the destination of … Read More

firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2021:0656-1 Issue Date: 2021-02-24 CVE Numbers: CVE-2021-23969 CVE-2021-23968 CVE-2021-23973 CVE-2021-23978 — This update upgrades Firefox to version 78.8.0 ESR. Security Fix(es): * Mozilla: Content Security Policy violation report could have contained the destination … Read More

xterm (SL7)

Synopsis: Important: xterm security update Advisory ID: SLSA-2021:0617-1 Issue Date: 2021-02-22 CVE Numbers: CVE-2021-27135 — Security Fix(es): * xterm: crash when processing combining characters (CVE-2021-27135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and … Read More

flatpak (SL7)

Synopsis: Important: flatpak security update Advisory ID: SLSA-2021:0411-1 Issue Date: 2021-02-05 CVE Numbers: CVE-2021-21261 — Security Fix(es): * flatpak: sandbox escape via spawn portal (CVE-2021-21261) — SL7 x86_64 flatpak-1.0.9-10.el7_9.x86_64.rpm flatpak-debuginfo-1.0.9-10.el7_9.x86_64.rpm flatpak-libs-1.0.9-10.el7_9.x86_64.rpm flatpak-builder-1.0.0-10.el7_9.x86_64.rpm flatpak-devel-1.0.9-10.el7_9.x86_64.rpm – Scientific Linux Development Team