This update upgrades Thunderbird to version 102.15.1. * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 thunderbird-102.15.1-1.el7_9.x86_64.rpm thunderbird-debuginfo-102.15.1-1.el7_9.x86_64.rpm - Scientific Linux D [More...]
kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788) * hw: amd: Cross-Process Information Leak (CVE-2023-20593) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * nf_conntrack causing nfs to stall * Request to backport upstream commit 5e2d2cc2588b, 26a8 [More...]
cups: Information leak through Cups-Get-Document operation (CVE-2023-32360) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 cups-1.6.3-52.el7_9.x86_64.rpm cups-client-1.6.3-52.el7_9.x86_64.rpm cups-debuginfo-1.6.3-52.el7_9.i686.rpm cups-debuginfo-1.6.3-52.el7_9.x86_ [More...]
subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration (CVE-2023-3899) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 python-syspurpose-1.24.52-2.sl7_9.x86_64.rpm rhsm-gtk-1.24.52-2.sl7_9.x86_64.rpm [More...]
This update upgrades Thunderbird to version 102.14.0. * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions (CVE-2023-4045) * Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-4047) * Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048) * Mozilla: Fix pot [More...]
This update upgrades Firefox to version 102.14.0 ESR. * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions (CVE-2023-4045) * Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-4047) * Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048) * Mozilla: Fix pot [More...]
openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 openssh-7.4p1-23.el7_9.x86_64.rpm openssh-askpass-7.4p1-23.el7_9.x86_64.rpm openssh-clients-7.4p1-23.el7_9.x86_64.rpm openssh-debuginfo-7.4p1 [More...]
iperf3: memory allocation hazard and crash (CVE-2023-38403) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 iperf3-3.1.7-3.el7_9.i686.rpm iperf3-3.1.7-3.el7_9.x86_64.rpm iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm iperf3-dev [More...]
OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream releas [More...]
kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * perf record -ag does not capture user space stack frames on s390x * SL7.9 - kernel: handle new reply code FILTERED_BY_HYPERVISOR [More...]
bind: named's configured cache size limit can be significantly exceeded (CVE-2023-2828) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.14.i [More...]
open-vm-tools: authentication bypass vulnerability in the vgauth module (CVE-2023-20867) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * [ESXi] [SL7] vmtoolsd task is blocked in the uninterruptible state while attempting to delete (unlink) the file 'quiesce_manifest.xml' * [ESX [More...]
c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 c-ares-1.10.0-3.el7_9.1.i686.rpm c-ares-1.10.0-3.el7_9.1.x86_64.rpm c-ares-debuginfo-1.10.0-3.el7_9.1.i686.rpm c-ares-debuginfo-1.10.0-3.el7_9.1.x86_64.rpm [More...]
This update upgrades Firefox to version 102.12.0 ESR. * Mozilla: Click-jacking certificate exceptions through rendering lag (CVE-2023-34414) * Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 (CVE-2023-34416) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 [More...]
This update upgrades Thunderbird to version 102.12.0. * Mozilla: Click-jacking certificate exceptions through rendering lag (CVE-2023-34414) * Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 (CVE-2023-34416) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 [More...]
