openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 openssl-1.0.2k-26.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-26.el7_9.i686.rpm openssl-debuginfo-1.0.2k-26.el7_9.x86_64.rpm openssl-libs-1.0.2k- [More...]
nss: Arbitrary memory write via PKCS 12 (CVE-2023-0767) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 nss-3.79.0-5.el7_9.i686.rpm nss-3.79.0-5.el7_9.x86_64.rpm nss-debuginfo-3.79.0-5.el7_9.i686.rpm nss-debuginfo-3.79.0-5.el7_9.x86_64.rpm nss-sysinit-3.79.0-5.e [More...]
kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * kernel: use-after-free related to leaf anon_vma double reuse (CVE-2022-42703) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Regression - SAS3416 card works on SL 7.7 and below, does not work on [More...]
zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field (CVE-2022-37434) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 zlib-1.2.7-21.el7_9.i686.rpm zlib-1.2.7-21.el7_9.x86_64.rpm zlib-debuginfo-1.2.7-21.el7_9.i686.r [More...]
samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (CVE-2022-38023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 libsmbclient-4.10.16-24.el7_9.i686.rpm libsmbclient-4.10.16-24.el7_9.x86_64.rpm libwbclient-4.10.16-24.el7_9.i686.rpm libwbcli [More...]
pesign: Local privilege escalation on pesign systemd service (CVE-2022-3560) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 pesign-0.109-11.el7_9.x86_64.rpm pesign-debuginfo-0.109-11.el7_9.x86_64.rpm - Scientific Linux Development Team
git: gitattributes parsing integer overflow (CVE-2022-23521) * git: Heap overflow in `git archive`, `git log --format` leading to RCE (CVE-2022-41903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 git-1.8.3.1-24.el7_9.x86_64.rpm git-daemon-1.8.3.1-24.el7_9.x86_64.rpm [More...]
xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 tigervnc-1.8.0-24.el7_9.x86_64.rpm tigervnc-debuginfo-1.8.0-24.el7_9.x86_64.rpm tigervnc-server-1.8.0-24.el7_9.x86_64.rpm [More...]
This update upgrades Thunderbird to version 102.7.1. * Mozilla: Revocation status of S/Mime signature certificates was not checked (CVE-2023-0430) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 thunderbird-102.7.1-2.el7_9.x86_64.rpm thunderbird-debuginfo-102.7.1-2.el7_9.x86 [More...]
libksba: integer overflow to code executiona (CVE-2022-47629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 libksba-1.3.0-7.el7_9.i686.rpm libksba-1.3.0-7.el7_9.x86_64.rpm libksba-debuginfo-1.3.0-7.el7_9.i686.rpm libksba-debuginfo-1.3.0-7.el7_9.x86_64.rpm libk [More...]
This update upgrades Thunderbird to version 102.7.1. * Mozilla: libusrsctp library out of date (CVE-2022-46871) * Mozilla: Arbitrary file read from GTK drag and drop on Linux (CVE-2023-23598) * Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7 (CVE-2023-23605) * Mozilla: Malicious command could be hidden in devtools output (CVE-2023-23599) * Mozilla: URL being dragged f [More...]
bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220) * bind: processing large delegations may severely degrade resolver performance (CVE-2022-2795) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo [More...]
kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Prevent unnecessary resets - Avoid leaving shost->last_reset with stal [More...]
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters (CVE-2022-4254) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * smartcards: special characters must be escaped when building search filter SL7 x86_64 libipa_hbac-1.16.5-10.el7_9.15.i686.rpm l [More...]
OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) (CVE-2023-21830) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2 [More...]
This update upgrades Firefox to version 102.7.0 ESR. * Mozilla: libusrsctp library out of date (CVE-2022-46871) * Mozilla: Arbitrary file read from GTK drag and drop on Linux (CVE-2023-23598) * Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7 (CVE-2023-23605) * Mozilla: Malicious command could be hidden in devtools output (CVE-2023-23599) * Mozilla: URL being dragged f [More...]
OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-01, 11 [More...]
