Scientific Linux Distribution

Find the information you need for your favorite open source distribution .

SciLinux: Important: plexus-archiver on SL7 srpm

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6886 SL7 srpm plexus-archiver-0:2.4.2-6.el7_9.src noarch plexus-archiver-0:2.4.2-6.el7_9.noarch - Scientific Linux Development Team

SciLinux: Important: bind on SL7 i386/srpm/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5691 SL7 srpm bind-32:9.11.4-26.P2.el7_9.15.src i386 bind-export-libs-32:9.11.4-26.P2.el7_9.15.i686 x86_64 bind-export-libs-32:9.11.4-26.P2.el7_9.15.x86_64 noarch bind-license-32:9.11.4-26.P2.el7_9.15.noarch - Scie [More...]

SciLinux: Moderate: libssh2 on SL7 i386/srpm/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218) --- This content is derived from https://access.redhat.com/errata/RHSA-2 023:5615 SL7 srpm libssh2-0:1.8.0-4.el7_9.1.src i386 libssh2-0:1.8.0-4.el7_9.1.i686 x86_64 libssh2-0:1.8.0-4.el7_9.1.x86_64 noarch libssh2-docs-0:1.8.0- 4.el7_9.1.noarch - Scientific Linux Development Team

SciLinux: Critical: squid on SL7 srpm/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

squid: Denial of Service in HTTP Digest Authentication (CVE-2023-46847) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6805 SL7 srpm squid-7:3.5.20-17.el7_9.9.src x86_64 squid-7:3.5.20-17.el7_9.9.x86_64 - Scientific Linux Development Team

SciLinux: Important: xorg-x11-server on SL7 i386/srpm/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6802 SL7 srpm xorg-x11-server-0:1.20.4-24.el7_9.src x86_64 xorg-x11-server-Xephyr-0:1.20.4-24.el7_9.x86_64 i386 xorg-x11-server-devel-0:1.20.4-24.el7_9.i686 noarch xorg-x11-server-source-0:1.2 [More...]

SciLinux: Moderate: java-1.8.0-openjdk on SL7 i386/srpm/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: IOR deserialization issue in CORBA (8303384) (CVE-2023-22067) * OpenJDK: certificate path validation issue during client authentication (830996 6) (CVE-2023-22081) Bug Fix(es): * A maximum signature file size property, jdk.jar.maxSignatureFileSize, was introduced in the 11.0.20 release of OpenJD K by JDK-8300596, with a default of 8 MB. This default proved to be too small for some J [More...]

SciLinux: Moderate: java-11-openjdk on SL7 i386/srpm/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081) Bug Fix(es): * Additional validity checks in the hand ling of Zip64 files, JDK-8302483, were introduced in the 11.0.20 release of OpenJDK, causing the use of some valid zip files to now fail with an error. This release, 11.0.20.1, allows for zero-length headers and additional padding produced b [More...]

SciLinux: Important: kernel on SL7 srpm/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609) * kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233) * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001) Bug Fix(es): * Low memory deadlock with md devices and external (imsm) [More...]

SciLinux: Important: firefox on SL7 i386/srpm/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 115.3.1 ESR. * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-20 23-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 1 15.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE- [More...]

SciLinux: SLSA-2023-5477-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 115.3.1 ESR. * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE- [More...]

SciLinux: SLSA-2023-5475-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 115.3.1. * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE- [More...]

SciLinux: SLSA-2023-5461-1 Important: ImageMagick on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ImageMagick: Division by zero in ReadEnhMetaFile lead to DoS (CVE-2021-40211) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 ImageMagick-6.9.10.68-7.el7_9.i686.rpm ImageMagick-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-c++-6.9.10.68-7.el7_9.i686.rpm ImageMagick-c++-6 [More...]

SciLinux: SLSA-2023-5197-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 102.15.1 ESR. * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 firefox-102.15.1-1.el7_9.x86_64.rpm firefox-debuginfo-102.15.1-1.el7_9.x86_64.rpm firefox-102.15.1-1.el7_9. [More...]

SciLinux: SLSA-2023-5217-1 Important: open-vm-tools on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

open-vm-tools: SAML token signature bypass (CVE-2023-20900) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 open-vm-tools-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-debuginfo-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-desktop-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools- [More...]

SciLinux: SLSA-2023-5191-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 102.15.1. * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 thunderbird-102.15.1-1.el7_9.x86_64.rpm thunderbird-debuginfo-102.15.1-1.el7_9.x86_64.rpm - Scientific Linux D [More...]

SciLinux: SLSA-2023-5019-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 102.15.0 ESR. * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575) * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577) * Mozilla: Memory safety bugs fixed in Firefo [More...]

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo