Synopsis: Important: mailman security update Advisory ID: SLSA-2021:4913-1 Issue Date: 2021-12-02 CVE Numbers: CVE-2016-6893 CVE-2021-42097 CVE-2021-44227 — Security Fix(es): * mailman: CSRF token bypass allows to perform CSRF attacks and account takeover (CVE-2021-42097) * mailman: CSRF token bypass allows to … Read More
Synopsis: Critical: nss security update Advisory ID: SLSA-2021:4904-1 Issue Date: 2021-12-02 CVE Numbers: CVE-2021-43527 — Security Fix(es): * nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) (CVE-2021-43527) For more details about the security issue(s), including the impact, a … Read More
Synopsis: Moderate: openssh security update Advisory ID: SLSA-2021:4782-1 Issue Date: 2021-11-24 CVE Numbers: CVE-2021-41617 — Security Fix(es): * openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured (CVE-2021-41617) For more details about the security issue(s), including the impact, a CVSS … Read More
Synopsis: Moderate: krb5 security update Advisory ID: SLSA-2021:4788-1 Issue Date: 2021-11-24 CVE Numbers: CVE-2021-37750 — Security Fix(es): * krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field (CVE-2021-37750) For more details about … Read More
Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2021:4777-1 Issue Date: 2021-11-24 CVE Numbers: CVE-2020-36385 — Security Fix(es): * kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after- free (CVE-2020-36385) For more details about the security issue(s), including the impact, a … Read More
Synopsis: Moderate: rpm security update Advisory ID: SLSA-2021:4785-1 Issue Date: 2021-11-24 CVE Numbers: CVE-2021-20271 — Security Fix(es): * rpm: Signature checks bypass via corrupted rpm package (CVE-2021-20271) For more details about the security issue(s), including the impact, a CVSS score, … Read More
Synopsis: Important: freerdp security update Advisory ID: SLSA-2021:4619-1 Issue Date: 2021-11-12 CVE Numbers: CVE-2021-41159 CVE-2021-41160 — Security Fix(es): * freerdp: improper client input validation for gateway connections allows to overwrite memory (CVE-2021-41159) * freerdp: improper region checks in all clients … Read More
Synopsis: Important: thunderbird security update Advisory ID: SLSA-2021:4134-1 Issue Date: 2021-11-05 CVE Numbers: CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 — This update upgrades Thunderbird to version 91.3.0. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety … Read More
Synopsis: Important: firefox security update Advisory ID: SLSA-2021:4116-1 Issue Date: 2021-11-03 CVE Numbers: CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 — This update upgrades Firefox to version 91.3.0 ESR. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory … Read More
Synopsis: Important: flatpak security update Advisory ID: SLSA-2021:4044-1 Issue Date: 2021-11-02 CVE Numbers: CVE-2021-41133 — Security Fix(es): * flatpak: Sandbox bypass via recent VFS-manipulating syscalls (CVE-2021-41133) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, … Read More
