OpenJDK: IOR deserialization issue in CORBA (8303384) (CVE-2023-22067) * OpenJDK: certificate path validation issue during client authentication (830996
6) (CVE-2023-22081) Bug Fix(es): * A maximum signature file size property, jdk.jar.maxSignatureFileSize, was introduced in the 11.0.20 release of OpenJD
K by JDK-8300596, with a default of 8 MB. This default proved to be too small for some J [More...]
OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081) Bug Fix(es): * Additional validity checks in the hand
ling of Zip64 files, JDK-8302483, were introduced in the 11.0.20 release of OpenJDK, causing the use of some valid zip files to now fail with an error.
This release, 11.0.20.1, allows for zero-length headers and additional padding produced b [More...]
This update upgrades Thunderbird to version 115.3.1. * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE- [More...]
ImageMagick: Division by zero in ReadEnhMetaFile lead to DoS (CVE-2021-40211) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 ImageMagick-6.9.10.68-7.el7_9.i686.rpm ImageMagick-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-c++-6.9.10.68-7.el7_9.i686.rpm ImageMagick-c++-6 [More...]
This update upgrades Firefox to version 102.15.1 ESR. * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 firefox-102.15.1-1.el7_9.x86_64.rpm firefox-debuginfo-102.15.1-1.el7_9.x86_64.rpm firefox-102.15.1-1.el7_9. [More...]
open-vm-tools: SAML token signature bypass (CVE-2023-20900) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 open-vm-tools-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-debuginfo-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-desktop-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools- [More...]
This update upgrades Thunderbird to version 102.15.1. * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 thunderbird-102.15.1-1.el7_9.x86_64.rpm thunderbird-debuginfo-102.15.1-1.el7_9.x86_64.rpm - Scientific Linux D [More...]
kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788) * hw: amd: Cross-Process Information Leak (CVE-2023-20593) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * nf_conntrack causing nfs to stall * Request to backport upstream commit 5e2d2cc2588b, 26a8 [More...]
cups: Information leak through Cups-Get-Document operation (CVE-2023-32360) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 cups-1.6.3-52.el7_9.x86_64.rpm cups-client-1.6.3-52.el7_9.x86_64.rpm cups-debuginfo-1.6.3-52.el7_9.i686.rpm cups-debuginfo-1.6.3-52.el7_9.x86_ [More...]
subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration (CVE-2023-3899) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 python-syspurpose-1.24.52-2.sl7_9.x86_64.rpm rhsm-gtk-1.24.52-2.sl7_9.x86_64.rpm [More...]
This update upgrades Thunderbird to version 102.14.0. * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions (CVE-2023-4045) * Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-4047) * Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048) * Mozilla: Fix pot [More...]
This update upgrades Firefox to version 102.14.0 ESR. * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions (CVE-2023-4045) * Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-4047) * Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048) * Mozilla: Fix pot [More...]
openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 openssh-7.4p1-23.el7_9.x86_64.rpm openssh-askpass-7.4p1-23.el7_9.x86_64.rpm openssh-clients-7.4p1-23.el7_9.x86_64.rpm openssh-debuginfo-7.4p1 [More...]
iperf3: memory allocation hazard and crash (CVE-2023-38403) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 iperf3-3.1.7-3.el7_9.i686.rpm iperf3-3.1.7-3.el7_9.x86_64.rpm iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm iperf3-dev [More...]
OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream releas [More...]
