apache-commons-beanutils (SL7)

Synopsis: Important: apache-commons-beanutils security update Advisory ID: SLSA-2020:0194-1 Issue Date: 2020-01-21 CVE Numbers: CVE-2019-10086 — Security Fix(es): * apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086) — SL7 noarch apache-commons-beanutils-1.8.3-15.el7_7.noarch.rpm apache-commons-beanutils-javadoc-1.8.3-15.el7_7.noarch.rpm – Scientific Linux Development Team

python-reportlab (SL6)

Synopsis: Important: python-reportlab security update Advisory ID: SLSA-2020:0197-1 Issue Date: 2020-01-21 CVE Numbers: CVE-2019-17626 — Security Fix(es): * python-reportlab: code injection in colors.py allows attacker to execute code (CVE-2019-17626) — SL6 x86_64 python-reportlab-2.3-3.el6_10.1.x86_64.rpm python-reportlab-debuginfo-2.3-3.el6_10.1.x86_64.rpm i386 python-reportlab-2.3-3.el6_10.1.i686.rpm python-reportlab-debuginfo-2.3-3.el6_10.1.i686.rpm noarch python-reportlab-docs-2.3-3.el6_10.1.noarch.rpm – … Read More

python-reportlab (SL7)

Synopsis: Important: python-reportlab security update Advisory ID: SLSA-2020:0195-1 Issue Date: 2020-01-22 CVE Numbers: None — Security Fix(es): * python-reportlab: code injection in colors.py allows attacker to execute code (CVE-2019-17626) — SL7 x86_64 python-reportlab-2.5-9.el7_7.1.x86_64.rpm python-reportlab-debuginfo-2.5-9.el7_7.1.x86_64.rpm python-reportlab-docs-2.5-9.el7_7.1.x86_64.rpm – Scientific Linux Development Team

java-1.8.0-openjdk (SL7)

Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: SLSA-2020:0196-1 Issue Date: 2020-01-22 CVE Numbers: None — Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, … Read More

java-1.8.0-openjdk (SL6)

Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: SLSA-2020:0157-1 Issue Date: 2020-01-21 CVE Numbers: None — Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, … Read More

thunderbird (SL6)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2020:0123-1 Issue Date: 2020-01-16 CVE Numbers: None — Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2020:0120-1 Issue Date: 2020-01-16 CVE Numbers: None — Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type … Read More

git (SL7)

Synopsis: Important: git security update Advisory ID: SLSA-2020:0124-1 Issue Date: 2020-01-16 CVE Numbers: None — Security Fix(es): * git: Remote code execution in recursive clones with nested submodules (CVE-2019-1387) — SL7 x86_64 git-1.8.3.1-21.el7_7.x86_64.rpm git-daemon-1.8.3.1-21.el7_7.x86_64.rpm git-debuginfo-1.8.3.1-21.el7_7.x86_64.rpm git-gnome-keyring-1.8.3.1-21.el7_7.x86_64.rpm git-svn-1.8.3.1-21.el7_7.x86_64.rpm noarch emacs-git-1.8.3.1-21.el7_7.noarch.rpm emacs-git-el-1.8.3.1-21.el7_7.noarch.rpm … Read More

java-11-openjdk (SL7)

Synopsis: Important: java-11-openjdk security update Advisory ID: SLSA-2020:0122-1 Issue Date: 2020-01-16 CVE Numbers: None — Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, … Read More

firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2020:0085-1 Issue Date: 2020-01-13 CVE Numbers: CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 — This update upgrades Firefox to version 68.4.1 ESR. Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * … Read More