device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket (CVE-2022-41974) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 device-mapper-multipath-0.4.9-136.el7_9.x86_64.rpm device-mapper-multipath-debuginfo-0 [More...]
This update upgrades Thunderbird to version 102.4.0. * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators (CVE-2022-39249) * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack (CVE-2022-39250) * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack (CVE-2022-392 [More...]
389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Import may break replication because changelog starting csn may not be created SL7 x86_64 389-ds-base-1.3.10.2-17.el7_9.x86_64.rpm 389-ds-base-debuginfo-1.3.10.2-17.el7_9 [More...]
libksba: integer overflow may lead to remote code execution (CVE-2022-3515) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 libksba-1.3.0-6.el7_9.i686.rpm libksba-1.3.0-6.el7_9.x86_64.rpm libksba-debuginfo-1.3.0-6.el7_9.i686.rpm libksba-debuginfo-1.3.0-6.el7_9.x86_6 [More...]
pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field (CVE-2022-2393) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 pki-core-debuginfo-10.5.18-23.el7_9.x86_64.rpm pki-symkey-10.5.18-23.el7_ [More...]
This update upgrades Firefox to version 102.4.0 ESR. * Mozilla: Same-origin policy violation could have leaked cross-origin URLs (CVE-2022-42927) * Mozilla: Memory Corruption in JS Engine (CVE-2022-42928) * Mozilla: Denial of Service via window.print (CVE-2022-42929) * Mozilla: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4 (CVE-2022-42932) For more details about the securit [More...]
This update upgrades Firefox to version 102.3.0 ESR. * expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 firefox-102.3.0-7.el7_9.x86_64.rpm firefox-debuginfo-102.3.0-7.el7_9.x86_64.rpm firefox [More...]
This update upgrades Thunderbird to version 102.3.0. * expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 thunderbird-102.3.0-4.el7_9.x86_64.rpm thunderbird-debuginfo-102.3.0-4.el7_9.x86_64.rpm - [More...]
expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 expat-2.1.0-15.el7_9.i686.rpm expat-2.1.0-15.el7_9.x86_64.rpm expat-debuginfo-2.1.0-15.el7_9.i686.rpm expat-debuginfo-2.1.0-15.el7_9.x86_ [More...]
squid: buffer-over-read in SSPI and SMB authentication (CVE-2022-41318) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 squid-3.5.20-17.el7_9.8.x86_64.rpm squid-debuginfo-3.5.20-17.el7_9.8.x86_64.rpm squid-migration-script-3.5.20-17.el7_9.8.x86_64.rpm squid-sysvinit [More...]
bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177) * bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 bind-debuginfo-9.11.4-26.P2.el7_9.10.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.10.x [More...]
This update upgrades Thunderbird to version 102.3.0. * Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag (CVE-2022-3033) * Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959) * Mozilla: Data-race when parsing non-UTF-8 URLs in threads (CVE-2022-40960) * Mozilla: Memory safety bugs fixed in Firefox 105 a [More...]
This update upgrades Firefox to version 102.3.0 ESR. * Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959) * Mozilla: Data-race when parsing non-UTF-8 URLs in threads (CVE-2022-40960) * Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 (CVE-2022-40962) * Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure pref [More...]
open-vm-tools: local root privilege escalation in the virtual machine (CVE-2022-31676) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 open-vm-tools-11.0.5-3.el7_9.4.x86_64.rpm open-vm-tools-debuginfo-11.0.5-3.el7_9.4.x86_64.rpm open-vm-tools-desktop-11.0.5-3.el7_9.4.x8 [More...]
systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c (CVE-2022-2526) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 libgudev1-219-78.el7_9.7.i686.rpm libgudev1-219-78.el7_9.7.x86_64.rpm systemd-219-78.el7_9.7.x86_64.rpm systemd-debu [More...]
This update upgrades Firefox to version 91.13.0 ESR. * Mozilla: Address bar spoofing via XSLT error handling (CVE-2022-38472) * Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions (CVE-2022-38473) * Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 (CVE-2022-38477) * Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and F [More...]
This update upgrades Thunderbird to version 91.13.0. * Mozilla: Address bar spoofing via XSLT error handling (CVE-2022-38472) * Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions (CVE-2022-38473) * Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 (CVE-2022-38477) * Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and F [More...]
rsync: remote arbitrary files write inside the directories of connecting peers (CVE-2022-29154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 rsync-3.1.2-11.el7_9.x86_64.rpm rsync-debuginfo-3.1.2-11.el7_9.x86_64.rpm - Scientific Linux Development Team
