thunderbird (SL6)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2020:0123-1 Issue Date: 2020-01-16 CVE Numbers: None — Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2020:0120-1 Issue Date: 2020-01-16 CVE Numbers: None — Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type … Read More

git (SL7)

Synopsis: Important: git security update Advisory ID: SLSA-2020:0124-1 Issue Date: 2020-01-16 CVE Numbers: None — Security Fix(es): * git: Remote code execution in recursive clones with nested submodules (CVE-2019-1387) — SL7 x86_64 git-1.8.3.1-21.el7_7.x86_64.rpm git-daemon-1.8.3.1-21.el7_7.x86_64.rpm git-debuginfo-1.8.3.1-21.el7_7.x86_64.rpm git-gnome-keyring-1.8.3.1-21.el7_7.x86_64.rpm git-svn-1.8.3.1-21.el7_7.x86_64.rpm noarch emacs-git-1.8.3.1-21.el7_7.noarch.rpm emacs-git-el-1.8.3.1-21.el7_7.noarch.rpm … Read More

java-11-openjdk (SL7)

Synopsis: Important: java-11-openjdk security update Advisory ID: SLSA-2020:0122-1 Issue Date: 2020-01-16 CVE Numbers: None — Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, … Read More

firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2020:0085-1 Issue Date: 2020-01-13 CVE Numbers: CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 — This update upgrades Firefox to version 68.4.1 ESR. Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * … Read More

firefox (SL6)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2020:0086-1 Issue Date: 2020-01-13 CVE Numbers: CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 — This update upgrades Firefox to version 68.4.1 ESR. Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * … Read More

fribidi (SL7)

Synopsis: Important: fribidi security update Advisory ID: SLSA-2019:4326-1 Issue Date: 2019-12-19 CVE Numbers: CVE-2019-18397 — Security Fix(es): * fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex() in lib /fribidi-bidi.c leading to denial of service and possible code execution (CVE-2019-18397) — SL7 x86_64 fribidi-debuginfo-1.0.2-1.el7_7.1.i686.rpm … Read More

kernel (SL6)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2019:4256-1 Issue Date: 2019-12-17 CVE Numbers: CVE-2019-14821 — Security Fix(es): * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) Bug Fix(es): * KEYS: prevent creating a different user’s … Read More

freetype (SL6)

Synopsis: Moderate: freetype security update Advisory ID: SLSA-2019:4254-1 Issue Date: 2019-12-17 CVE Numbers: CVE-2015-9381 CVE-2015-9382 — Security Fix(es): * freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to information disclosure (CVE-2015-9381) * freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face … Read More

openslp (SL7)

Synopsis: Critical: openslp security update Advisory ID: SLSA-2019:4240-1 Issue Date: 2019-12-16 CVE Numbers: CVE-2019-5544 — Security Fix(es): * openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution (CVE-2019-5544) — SL7 x86_64 openslp-2.0.0-8.el7_7.i686.rpm openslp-2.0.0-8.el7_7.x86_64.rpm openslp-debuginfo-2.0.0-8.el7_7.i686.rpm openslp-debuginfo-2.0.0-8.el7_7.x86_64.rpm openslp-server-2.0.0-8.el7_7.x86_64.rpm … Read More