Scientific Linux Distribution - Page 1.5
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081) Bug Fix(es): * Additional validity checks in the hand ling of Zip64 files, JDK-8302483, were introduced in the 11.0.20 release of OpenJDK, causing the use of some valid zip files to now fail with an error. This release, 11.0.20.1, allows for zero-length headers and additional padding produced b [More...]
kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609) * kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233) * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001) Bug Fix(es): * Low memory deadlock with md devices and external (imsm) [More...]
This update upgrades Firefox to version 115.3.1 ESR. * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-20 23-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 1 15.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE- [More...]
This update upgrades Firefox to version 115.3.1 ESR. * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE- [More...]
This update upgrades Thunderbird to version 115.3.1. * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE- [More...]
ImageMagick: Division by zero in ReadEnhMetaFile lead to DoS (CVE-2021-40211) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 ImageMagick-6.9.10.68-7.el7_9.i686.rpm ImageMagick-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-c++-6.9.10.68-7.el7_9.i686.rpm ImageMagick-c++-6 [More...]
This update upgrades Firefox to version 102.15.1 ESR. * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 firefox-102.15.1-1.el7_9.x86_64.rpm firefox-debuginfo-102.15.1-1.el7_9.x86_64.rpm firefox-102.15.1-1.el7_9. [More...]
open-vm-tools: SAML token signature bypass (CVE-2023-20900) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 open-vm-tools-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-debuginfo-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-desktop-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools- [More...]
This update upgrades Thunderbird to version 102.15.1. * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 thunderbird-102.15.1-1.el7_9.x86_64.rpm thunderbird-debuginfo-102.15.1-1.el7_9.x86_64.rpm - Scientific Linux D [More...]
This update upgrades Firefox to version 102.15.0 ESR. * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575) * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577) * Mozilla: Memory safety bugs fixed in Firefo [More...]
This update upgrades Thunderbird to version 102.15.0. * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575) * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577) * Mozilla: Memory safety bugs fixed in Firefo [More...]
kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788) * hw: amd: Cross-Process Information Leak (CVE-2023-20593) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * nf_conntrack causing nfs to stall * Request to backport upstream commit 5e2d2cc2588b, 26a8 [More...]
cups: Information leak through Cups-Get-Document operation (CVE-2023-32360) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 cups-1.6.3-52.el7_9.x86_64.rpm cups-client-1.6.3-52.el7_9.x86_64.rpm cups-debuginfo-1.6.3-52.el7_9.i686.rpm cups-debuginfo-1.6.3-52.el7_9.x86_ [More...]
subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration (CVE-2023-3899) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 python-syspurpose-1.24.52-2.sl7_9.x86_64.rpm rhsm-gtk-1.24.52-2.sl7_9.x86_64.rpm [More...]
This update upgrades Thunderbird to version 102.14.0. * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions (CVE-2023-4045) * Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-4047) * Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048) * Mozilla: Fix pot [More...]
This update upgrades Firefox to version 102.14.0 ESR. * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions (CVE-2023-4045) * Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-4047) * Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048) * Mozilla: Fix pot [More...]
openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 openssh-7.4p1-23.el7_9.x86_64.rpm openssh-askpass-7.4p1-23.el7_9.x86_64.rpm openssh-clients-7.4p1-23.el7_9.x86_64.rpm openssh-debuginfo-7.4p1 [More...]
iperf3: memory allocation hazard and crash (CVE-2023-38403) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 iperf3-3.1.7-3.el7_9.i686.rpm iperf3-3.1.7-3.el7_9.x86_64.rpm iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm iperf3-dev [More...]
OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream releas [More...]
OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036) * OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041) * OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193) * OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-220 [More...]
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.