SciLinux: SLSA-2022-4891-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 91.10.0. * Mozilla: Braille space character caused incorrect sender email to be shown for a digitally signed email (CVE-2022-1834) * Mozilla: Cross-Origin resource's length leaked (CVE-2022-31736) * Mozilla: Heap buffer overflow in WebGL (CVE-2022-31737) * Mozilla: Browser window spoof using fullscreen mode (CVE-2022-31738) * Mozilla: Register all [More...]

SciLinux: SLSA-2022-4870-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 91.10.0 ESR. * Mozilla: Cross-Origin resource's length leaked (CVE-2022-31736) * Mozilla: Heap buffer overflow in WebGL (CVE-2022-31737) * Mozilla: Browser window spoof using fullscreen mode (CVE-2022-31738) * Mozilla: Register allocation problem in WASM on arm64 (CVE-2022-31740) * Mozilla: Uninitialized variable leads to invalid memory read (CVE-2022 [More...]

SciLinux: SLSA-2022-4803-1 Important: rsyslog on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

rsyslog: Heap-based overflow in TCP syslog server (CVE-2022-24903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 rsyslog-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-debuginfo-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-gnutls-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-gssapi-8.24.0-5 [More...]

SciLinux: SLSA-2022-4729-1 Critical: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 91.9.1 ESR. * Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution (CVE-2022-1529) * Mozilla: Prototype pollution in Top-Level Await implementation (CVE-2022-1802) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 [More...]

SciLinux: SLSA-2022-4730-1 Critical: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 91.9.1. * Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution (CVE-2022-1529) * Mozilla: Prototype pollution in Top-Level Await implementation (CVE-2022-1802) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 [More...]

SciLinux: SLSA-2022-4642-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * kernel panic in mlx5_ib driver SL/CentOS 7.9 VM * [SL-7.9] Get Call Trace about "kernel/timer.c:1270 requeue_timers+0x15e/0x170" on specified [More...]

SciLinux: SLSA-2022-2213-1 Important: zlib on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 zlib-1.2.7-20.el7_9.i686.rpm zlib-1.2.7-20.el7_9.x86_64.rpm zlib-debuginfo-1.2.7-20.el7_9.i686.rpm zlib-debuginfo-1.2.7-20 [More...]

SciLinux: SLSA-2022-2191-1 Important: gzip on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 gzip-1.5-11.el7_9.x86_64.rpm gzip-debuginfo-1.5-11.el7_9.x86_64.rpm - Scientific Linux Development Team

SciLinux: SLSA-2022-1725-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 91.9.0. * Mozilla: Bypassing permission prompt in nested browsing contexts (CVE-2022-29909) * Mozilla: iframe Sandbox bypass (CVE-2022-29911) * Mozilla: Fullscreen notification bypass using popups (CVE-2022-29914) * Mozilla: Leaking browser history with CSS variables (CVE-2022-29916) * Mozilla: Memory safety bugs fixed in Firefox 100 and Firefox E [More...]