SciLinux: SLSA-2020-2824-1 Important: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421) SL6 x86_64 firefox-68.10.0-1.el6_10.x86_64.rpm [More...]

SciLinux: SLSA-2020-2827-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417) * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate tr [More...]

SciLinux: SLSA-2020-2664-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888) SL7 x86_64 bpftool-3.10.0-1127.13.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1127.13.1.el7.x86_64.rpm kernel-3.10.0-1127.13.1.el7.x86_64.rpm kernel-debug-3.10.0-1127.13.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1127.13.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1 [More...]

SciLinux: SLSA-2020-2663-1 Moderate: ntp on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ntp: ntpd using highly predictable transmit timestamps could result in time change or DoS (CVE-2020-13817) * ntp: DoS on client ntpd using server mode packet (CVE-2020-11868) SL7 x86_64 ntp-4.2.6p5-29.el7_8.2.x86_64.rpm ntp-debuginfo-4.2.6p5-29.el7_8.2.x86_64.rpm ntpdate-4.2.6p5-29.el7_8.2.x86_64.rpm sntp-4.2.6p5-29.el7_8.2.x86_64.rpm noarch ntp-doc-4.2.6p5-29.el7_8.2 [More...]

SciLinux: SLSA-2020-2640-1 Important: unbound on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662) * unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663) SL6 x86_64 unbound-debuginfo-1.4.20-29.el6_10.1.i686.rpm unbound-debuginfo-1.4.20-29.el6_10.1.x86_64.rpm unbound-libs-1.4.20-29.el6_10.1.i686.rpm unbound-libs-1.4.2 [More...]

SciLinux: SLSA-2020-2642-1 Important: unbound on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

unbound: incomplete fix for CVE-2020-12662 in RHEL7 (CVE-2020-10772) SL7 x86_64 unbound-1.6.6-5.el7_8.x86_64.rpm unbound-debuginfo-1.6.6-5.el7_8.i686.rpm unbound-debuginfo-1.6.6-5.el7_8.x86_64.rpm unbound-libs-1.6.6-5.el7_8.i686.rpm unbound-libs-1.6.6-5.el7_8.x86_64.rpm unbound-devel-1.6.6-5.el7_8.i686.rpm unbound-devel-1.6.6-5.el7_8.x86_64.rpm unbound-python [More...]