firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2023:0296-1 Issue Date: 2023-01-23 CVE Numbers: CVE-2022-46871 CVE-2023-23598 CVE-2023-23599 CVE-2023-23601 CVE-2023-23602 CVE-2022-46877 CVE-2023-23603 CVE-2023-23605 — This update upgrades Firefox to version 102.7.0 ESR. Security Fix(es): * Mozilla: libusrsctp library out of date (CVE-2022-46871) … Read More

sudo (SL7)

Synopsis: Important: sudo security update Advisory ID: SLSA-2023:0291-1 Issue Date: 2023-01-23 CVE Numbers: CVE-2023-22809 — Security Fix(es): * sudo: arbitrary file write with privileges of the RunAs user (CVE-2023-22809) For more details about the security issue(s), including the impact, a … Read More

java-11-openjdk (SL7)

Synopsis: Moderate: java-11-openjdk security and bug fix update Advisory ID: SLSA-2023:0195-1 Issue Date: 2023-01-23 CVE Numbers: CVE-2023-21835 CVE-2023-21843 — Security Fix(es): * OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (Sound, 8293742) … Read More

xorg-x11-server (SL7)

Synopsis: Important: xorg-x11-server security update Advisory ID: SLSA-2023:0046-1 Issue Date: 2023-01-09 CVE Numbers: CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVE-2022-4283 — Security Fix(es): * xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free (CVE-2022-4283) * xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow (CVE-2022-46340) * xorg-x11-server: X.Org … Read More

tigervnc (SL7)

Synopsis: Important: tigervnc security update Advisory ID: SLSA-2023:0045-1 Issue Date: 2023-01-09 CVE Numbers: CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVE-2022-4283 — Security Fix(es): * xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free (CVE-2022-4283) * xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow (CVE-2022-46340) * xorg-x11-server: X.Org … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:9079-1 Issue Date: 2022-12-16 CVE Numbers: CVE-2022-46872 CVE-2022-46874 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 CVE-2022-45414 — This update upgrades Thunderbird to version 102.6.0. Security Fix(es): * Mozilla: Arbitrary file read from a compromised content process … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2022:9072-1 Issue Date: 2022-12-16 CVE Numbers: CVE-2022-46872 CVE-2022-46874 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 — This update upgrades Firefox to version 102.6.0 ESR. Security Fix(es): * Mozilla: Arbitrary file read from a compromised content process … Read More

bcel (SL7)

Synopsis: Important: bcel security update Advisory ID: SLSA-2022:8958-1 Issue Date: 2022-12-13 CVE Numbers: CVE-2022-42920 — Security Fix(es): * Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More

grub2 (SL7)

Synopsis: Important: grub2 security update Advisory ID: SLSA-2022:8900-1 Issue Date: 2022-12-09 CVE Numbers: CVE-2022-28733 — Security Fix(es): * grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other … Read More

pki-core (SL7)

Synopsis: Important: pki-core security update Advisory ID: SLSA-2022:8799-1 Issue Date: 2022-12-06 CVE Numbers: CVE-2022-2414 — Security Fix(es): * pki-core: access to external entities when parsing XML can lead to XXE (CVE-2022-2414) For more details about the security issue(s), including the … Read More