SciLinux: SLSA-2020-2530-1 Important: tomcat on SL7.x (noarch)

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484) SL7 noarch tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm [More...]

SciLinux: SLSA-2020-2433-1 Moderate: microcode_ctl on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) * hw: L1D Cache Eviction Sampling (CVE-2020-0549) * hw: Vector Register Data Sampling (CVE-2020-0548) SL6 x86_64 microcode_ctl-1.17-33.26.el6_10.x86_64.rpm microcode_ctl-debuginfo-1.17-33.26.el6_10.x86_64.rpm i386 microcode_ctl-1.17-33.26.el6_10.i686.rpm microcode_ctl-debuginfo-1.17-33.26.el6_10.i686.rpm [More...]

SciLinux: SLSA-2020-2430-1 Moderate: kernel on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: NULL pointer dereference due to KEYCTL_READ on negative key (CVE-2017-12192) SL6 x86_64 kernel-2.6.32-754.30.2.el6.x86_64.rpm kernel-debug-2.6.32-754.30.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.30.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.30.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.30.2.el6.i686.rpm kernel-debug-devel-2.6.32-754.30.2.el [More...]

SciLinux: SLSA-2020-2406-1 Important: freerdp on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) SL6 x86_64 freerdp-1.0.2-7.el6_10.x86_64.rpm freerdp-debuginfo-1.0.2-7.el6_10.x86_64.rpm freerdp-libs-1.0.2-7.el6_10.x86_64.rpm freerdp-plugins-1.0.2-7.el6_10.x86_64.rpm freerdp-debuginfo-1.0.2-7.el6_10.i686.rpm freerdp-devel-1.0.2-7.el6_10.i686.rpm freerdp-devel-1.0. [More...]

SciLinux: SLSA-2020-2414-1 Important: unbound on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662) * unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663) SL7 x86_64 unbound-1.6.6-4.el7_8.x86_64.rpm unbound-debuginfo-1.6.6-4.el7_8.i686.rpm unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm unbound-libs-1.6.6-4.el7_8.i686.rpm [More...]

SciLinux: SLSA-2020-2405-1 Important: freerdp on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) SL7 x86_64 freerdp-2.0.0-4.rc4.el7_8.1.x86_64.rpm freerdp-debuginfo-2.0.0-4.rc4.el7_8.1.i686.rpm freerdp-debuginfo-2.0.0-4.rc4.el7_8.1.x86_64.rpm freerdp-libs-2.0.0-4.rc4.el7_8.1.i686.rpm freerdp-libs-2.0.0-4.rc4.el7_8.1.x86_64.rpm libwinpr-2.0.0-4.rc4.el7_8.1.i686.rpm [More...]

SciLinux: SLSA-2020-2383-1 Important: bind on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) SL6 x86_64 bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-libs-9.8.2-0.68.rc1.el6_10 [More...]

SciLinux: SLSA-2020-2378-1 Important: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) SL6 x86_64 firefox-68.9.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.9.0-1.el6_10.x86_64.rpm firefox-68.9.0-1.el6_10.i686.rpm firefox-debuginfo-68.9.0-1.e [More...]

SciLinux: SLSA-2020-2381-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) SL7 x86_64 firefox-68.9.0-1.el7_8.x86_64.rpm firefox-debuginfo-68.9.0-1.el7_8.x86_64.rpm firefox-68.9.0-1.el7_8.i686.rpm firefox-debuginfo-68.9.0-1.el7_ [More...]