Scientific Linux Distribution

Find the information you need for your favorite open source distribution .

Scientific Large Esm H200

SciLinux: SLSA-2022-4891-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 91.10.0. * Mozilla: Braille space character caused incorrect sender email to be shown for a digitally signed email (CVE-2022-1834) * Mozilla: Cross-Origin resource's length leaked (CVE-2022-31736) * Mozilla: Heap buffer overflow in WebGL (CVE-2022-31737) * Mozilla: Browser window spoof using fullscreen mode (CVE-2022-31738) * Mozilla: Register all [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-4870-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 91.10.0 ESR. * Mozilla: Cross-Origin resource's length leaked (CVE-2022-31736) * Mozilla: Heap buffer overflow in WebGL (CVE-2022-31737) * Mozilla: Browser window spoof using fullscreen mode (CVE-2022-31738) * Mozilla: Register allocation problem in WASM on arm64 (CVE-2022-31740) * Mozilla: Uninitialized variable leads to invalid memory read (CVE-2022 [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-4803-1 Important: rsyslog on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

rsyslog: Heap-based overflow in TCP syslog server (CVE-2022-24903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 rsyslog-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-debuginfo-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-gnutls-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-gssapi-8.24.0-5 [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-4729-1 Critical: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 91.9.1 ESR. * Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution (CVE-2022-1529) * Mozilla: Prototype pollution in Top-Level Await implementation (CVE-2022-1802) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-4730-1 Critical: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 91.9.1. * Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution (CVE-2022-1529) * Mozilla: Prototype pollution in Top-Level Await implementation (CVE-2022-1802) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-4642-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * kernel panic in mlx5_ib driver SL/CentOS 7.9 VM * [SL-7.9] Get Call Trace about "kernel/timer.c:1270 requeue_timers+0x15e/0x170" on specified [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-2213-1 Important: zlib on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 zlib-1.2.7-20.el7_9.i686.rpm zlib-1.2.7-20.el7_9.x86_64.rpm zlib-debuginfo-1.2.7-20.el7_9.i686.rpm zlib-debuginfo-1.2.7-20 [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-2191-1 Important: gzip on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 gzip-1.5-11.el7_9.x86_64.rpm gzip-debuginfo-1.5-11.el7_9.x86_64.rpm - Scientific Linux Development Team

Scientific Large Esm H200

SciLinux: SLSA-2022-1725-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 91.9.0. * Mozilla: Bypassing permission prompt in nested browsing contexts (CVE-2022-29909) * Mozilla: iframe Sandbox bypass (CVE-2022-29911) * Mozilla: Fullscreen notification bypass using popups (CVE-2022-29914) * Mozilla: Leaking browser history with CSS variables (CVE-2022-29916) * Mozilla: Memory safety bugs fixed in Firefox 100 and Firefox E [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-1703-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 91.9.0 ESR. * Mozilla: Bypassing permission prompt in nested browsing contexts (CVE-2022-29909) * Mozilla: iframe Sandbox bypass (CVE-2022-29911) * Mozilla: Fullscreen notification bypass using popups (CVE-2022-29914) * Mozilla: Leaking browser history with CSS variables (CVE-2022-29916) * Mozilla: Memory safety bugs fixed in Firefox 100 and Firefox E [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-1487-1 Important: java-1.8.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) * OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426) * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) * OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8 [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-1440-1 Important: java-11-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) * OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426) * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) * OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8 [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-1302-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 91.8.0. * Mozilla: Use-after-free in NSSToken objects (CVE-2022-1097) * Mozilla: Out of bounds write due to unexpected WebAuthN Extensions (CVE-2022-28281) * Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 (CVE-2022-28289) * Mozilla: Use-after-free after VR Process destruction (CVE-2022-1196) * Mozilla: OpenPGP revocation info [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-1284-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 91.8.0 ESR. * Mozilla: Use-after-free in NSSToken objects (CVE-2022-1097) * Mozilla: Out of bounds write due to unexpected WebAuthN Extensions (CVE-2022-28281) * Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 (CVE-2022-28289) * Mozilla: Use-after-free after VR Process destruction (CVE-2022-1196) * Mozilla: Use-after-free in Docum [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-1198-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: use-after-free in RDMA listen() (CVE-2021-4028) * kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Adding new kernel entry in grub configuration file only after generation of new initr [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-1066-1 Important: openssl on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 openssl-1.0.2k-25.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-25.el7_9.i686.rpm openssl-debuginfo-1.0.2k-25.el7_9.x86_64.rpm ope [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-1069-1 Important: expat on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) * expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-4596 [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-1045-1 Important: httpd on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86 [More...]

Scientific Large Esm H200

SciLinux: SLSA-2022-0850-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 91.7.0. * Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) * Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary [More...]

Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved