SciLinux: SLSA-2022-1703-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 91.9.0 ESR. * Mozilla: Bypassing permission prompt in nested browsing contexts (CVE-2022-29909) * Mozilla: iframe Sandbox bypass (CVE-2022-29911) * Mozilla: Fullscreen notification bypass using popups (CVE-2022-29914) * Mozilla: Leaking browser history with CSS variables (CVE-2022-29916) * Mozilla: Memory safety bugs fixed in Firefox 100 and Firefox E [More...]

SciLinux: SLSA-2022-1487-1 Important: java-1.8.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) * OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426) * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) * OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8 [More...]

SciLinux: SLSA-2022-1440-1 Important: java-11-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) * OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426) * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) * OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8 [More...]

SciLinux: SLSA-2022-1302-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 91.8.0. * Mozilla: Use-after-free in NSSToken objects (CVE-2022-1097) * Mozilla: Out of bounds write due to unexpected WebAuthN Extensions (CVE-2022-28281) * Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 (CVE-2022-28289) * Mozilla: Use-after-free after VR Process destruction (CVE-2022-1196) * Mozilla: OpenPGP revocation info [More...]

SciLinux: SLSA-2022-1284-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 91.8.0 ESR. * Mozilla: Use-after-free in NSSToken objects (CVE-2022-1097) * Mozilla: Out of bounds write due to unexpected WebAuthN Extensions (CVE-2022-28281) * Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 (CVE-2022-28289) * Mozilla: Use-after-free after VR Process destruction (CVE-2022-1196) * Mozilla: Use-after-free in Docum [More...]

SciLinux: SLSA-2022-1198-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: use-after-free in RDMA listen() (CVE-2021-4028) * kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Adding new kernel entry in grub configuration file only after generation of new initr [More...]

SciLinux: SLSA-2022-1066-1 Important: openssl on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 openssl-1.0.2k-25.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-25.el7_9.i686.rpm openssl-debuginfo-1.0.2k-25.el7_9.x86_64.rpm ope [More...]

SciLinux: SLSA-2022-1069-1 Important: expat on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) * expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-4596 [More...]