Advisory: Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

Scientific Large Esm H200

SciLinux: SLSA-2021-0671-1 Important: bind on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 bind-debuginfo-9.11.4-26.P2.el7_9.4.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.4.x86_64.rpm bind-export-libs-9 [More...]

Scientific Large Esm H200

SciLinux: SLSA-2021-0661-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 78.8.0. * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) * Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) * Mozilla: Med [More...]

Scientific Large Esm H200

SciLinux: SLSA-2021-0656-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 78.8.0 ESR. * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) * Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) * Mozilla: Med [More...]

Scientific Large Esm H200

SciLinux: SLSA-2021-0617-1 Important: xterm on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

xterm: crash when processing combining characters (CVE-2021-27135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 xterm-295-3.el7_9.1.x86_64.rpm xterm-debuginfo-295-3.el7_9.1.x86_64.rpm - Scientific Linux Development Team

Scientific Large Esm H200

SciLinux: SLSA-2021-0336-1 Moderate: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: use-after-free in fs/block_dev.c (CVE-2020-15436) * kernel: Nfsd failure to clear umask after processing an open or create (CVE-2020-35513) Bug Fix(es): * double free issue in filelayout_alloc_commit_info * Regression: Plantronics Device SHS2355-11 PTT button does not work after update to 7.7 * Openstack network node reports unregister_netdevice: waiting for qr- 3cec0c92-9a to bec [More...]

Scientific Large Esm H200

SciLinux: SLSA-2021-0297-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 78.7.0. * Mozilla: Cross-origin information leakage via redirected PDF requests (CVE-2021-23953) * Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements (CVE-2021-23954) * Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 (CVE-2021-23964) * Mozilla: IMAP Response Injection when using STAR [More...]

Scientific Large Esm H200

SciLinux: SLSA-2021-0290-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 78.7.0 ESR. * Mozilla: Cross-origin information leakage via redirected PDF requests (CVE-2021-23953) * Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements (CVE-2021-23954) * Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 (CVE-2021-23964) * Mozilla: HTTPS pages could have been intercepted [More...]

Scientific Large Esm H200

SciLinux: SLSA-2021-0024-1 Important: ImageMagick on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ImageMagick: Shell injection via PDF password could result in arbitrary code execution (CVE-2020-29599) SL7 x86_64 ImageMagick-6.9.10.68-5.el7_9.i686.rpm ImageMagick-6.9.10.68-5.el7_9.x86_64.rpm ImageMagick-c++-6.9.10.68-5.el7_9.i686.rpm ImageMagick-c++-6.9.10.68-5.el7_9.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-5.el7_9.i686.rpm ImageMagick-debuginfo-6.9.10.68-5.el7 [More...]

Scientific Large Esm H200

SciLinux: SLSA-2020-5618-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 78.6.0. * chromium-browser: Uninitialized Use in V8 (CVE-2020-16042) * Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971) * Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973) * Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use- after-free (CVE-2020-26974) * Mozilla: Memory safety bugs fixed in Firef [More...]

Scientific Large Esm H200

SciLinux: SLSA-2020-5566-1 Important: openssl on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) SL7 x86_64 openssl-1.0.2k-21.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-libs-1.0.2k-21.el7_9.i686.rpm openssl-libs-1.0.2k-21.el7_9.x86_64.rpm openssl-devel-1.0.2k-21.el7_9.i686.rpm openssl-devel-1.0.2k-21.el7_9.x86_64.rpm opens [More...]

Scientific Large Esm H200

SciLinux: SLSA-2020-5439-1 Moderate: samba on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472) * samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318) * samba: Unprivileged user can crash winbind (CVE-2020-14323) SL7 x86_64 libsmbclient-4.10.16-9.el7_9.i686.rpm libsmbclient-4.10.16-9.el7_9.x86_64.rpm libwbclient-4.10.16-9.el7_9.i686.rpm libwbclient-4.10.16-9. [More...]

Scientific Large Esm H200

SciLinux: SLSA-2020-5443-1 Moderate: gd on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

gd: Integer overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766) SL7 x86_64 gd-2.0.35-27.el7_9.i686.rpm gd-2.0.35-27.el7_9.x86_64.rpm gd-debuginfo-2.0.35-27.el7_9.i686.rpm gd-debuginfo-2.0.35-27.el7_9.x86_64.rpm gd-devel-2.0.35-27.el7_9.i686.rpm gd-devel-2.0.35-27.el7_9.x86_64.rpm gd-progs-2.0.35-27.el7_9.x86_64.rpm - Scientific Linux Developme [More...]

Scientific Large Esm H200

SciLinux: SLSA-2020-5437-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385) * kernel: The flow_dissector feature allows device tracking (CVE-2019-18282) * kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned. (CVE-2020-10769) * kernel: buffer uses out of index in ext3/4 f [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved