Scientific Linux Linux Distribution - Security Advisories - Results...

Scientific Linux Distribution

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2022-8491-1 Important: xorg-x11-server on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c (CVE-2022-3550) * xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c (CVE-2022-3551) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 xorg-x11-server-Xephyr-1.20.4-19.el7_9.x86_64.rpm xorg- [More...]

SciLinux: SLSA-2022-7337-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588) * RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900) * Branch Type Confusion (non-retbleed) (CVE-2022-23825) * Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373) * Intel: RetBleed Arbitrary Speculative Code Execution wi [More...]

SciLinux: SLSA-2022-7337-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588) * RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900) * Branch Type Confusion (non-retbleed) (CVE-2022-23825) * Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373) * Intel: RetBleed Arbitrary Speculative Code Execution wi [More...]

SciLinux: SLSA-2022-7343-1 Important: pcs on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123) * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 pcs- [More...]

SciLinux: SLSA-2022-7340-1 Moderate: php-pear on SL7.x (noarch)

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked (CVE-2020-28948) * Archive_Tar: improper filename sanitization leads to file overwrites (CVE-2020-28949) * Archive_Tar: directory traversal due to inadequate checking of symbolic links (CVE-2020-36193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgmen [More...]

SciLinux: SLSA-2022-7340-1 Moderate: php-pear on SL7.x (noarch)

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked (CVE-2020-28948) * Archive_Tar: improper filename sanitization leads to file overwrites (CVE-2020-28949) * Archive_Tar: directory traversal due to inadequate checking of symbolic links (CVE-2020-36193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgmen [More...]

SciLinux: SLSA-2022-7186-1 Important: device-mapper-multipath on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket (CVE-2022-41974) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 device-mapper-multipath-0.4.9-136.el7_9.x86_64.rpm device-mapper-multipath-debuginfo-0 [More...]

SciLinux: SLSA-2022-7184-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 102.4.0. * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators (CVE-2022-39249) * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack (CVE-2022-39250) * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack (CVE-2022-392 [More...]

SciLinux: SLSA-2022-7087-1 Moderate: 389-ds-base on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Import may break replication because changelog starting csn may not be created SL7 x86_64 389-ds-base-1.3.10.2-17.el7_9.x86_64.rpm 389-ds-base-debuginfo-1.3.10.2-17.el7_9 [More...]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.