This update upgrades Firefox to version 102.7.0 ESR. * Mozilla: libusrsctp library out of date (CVE-2022-46871) * Mozilla: Arbitrary file read from GTK drag and drop on Linux (CVE-2023-23598) * Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7 (CVE-2023-23605) * Mozilla: Malicious command could be hidden in devtools output (CVE-2023-23599) * Mozilla: URL being dragged f [More...]
OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-01, 11 [More...]
sudo: arbitrary file write with privileges of the RunAs user (CVE-2023-22809) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 sudo-1.8.23-10.el7_9.3.x86_64.rpm sudo-debuginfo-1.8.23-10.el7_9.3.x86_64.rpm sudo-debuginfo-1.8.23-10.el7_9.3.i686.rpm sudo-devel-1.8.23-10 [More...]
This update upgrades Firefox to version 102.6.0 ESR. * Mozilla: Arbitrary file read from a compromised content process (CVE-2022-46872) * Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 (CVE-2022-46878) * Mozilla: Use-after-free in WebGL (CVE-2022-46880) * Mozilla: Memory corruption in WebGL (CVE-2022-46881) * Mozilla: Drag and Dropped Filenames could have been [More...]
This update upgrades Thunderbird to version 102.6.0. * Mozilla: Arbitrary file read from a compromised content process (CVE-2022-46872) * Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 (CVE-2022-46878) * Mozilla: Use-after-free in WebGL (CVE-2022-46880) * Mozilla: Memory corruption in WebGL (CVE-2022-46881) * Mozilla: Quoting from an HTML email with certain tag [More...]
Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 noarch bcel-5.2-19.el7_9.noarch.rpm bcel-javadoc-5.2-19.el7_9.noarch.rpm - Scientific Linux Development Team
grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 grub2-2.02-0.87.el7_9.11.x86_64.rpm grub2-debuginfo-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-ia32-2.02-0.87.el7_9.11.x86_64.rpm grub2-efi-x64-2.02-0 [More...]
pki-core: access to external entities when parsing XML can lead to XXE (CVE-2022-2414) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 pki-core-debuginfo-10.5.18-24.el7_9.x86_64.rpm pki-symkey-10.5.18-24.el7_9.x86_64.rpm pki-tools-10.5.18-24.el7_9.x86_64.rpm noarch [More...]
krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 krb5-debuginfo-1.15.1-55.el7_9.i686.rpm krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm krb5-libs-1.15.1-55.el7_9.i686.rpm krb5-libs-1.15.1-55.el7_9.x86_ [More...]
This update upgrades Thunderbird to version 102.5.0. * Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403) * Mozilla: Fullscreen notification bypass (CVE-2022-45404) * Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405) * Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406) * Mozilla: Fullscreen notification bypass via w [More...]
This update upgrades Firefox to version 102.5.0 ESR. * Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403) * Mozilla: Fullscreen notification bypass (CVE-2022-45404) * Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405) * Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406) * Mozilla: Fullscreen notification bypass via w [More...]
hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 noarch hsqldb-1.8.1.3-15.el7_9.noarch.rpm hsqldb-demo-1.8.1.3-15.el7_9.noarch.rpm hsqldb-javadoc-1.8.1.3-15.el7_9.noarch.rpm hsqldb-manual-1.8.1.3-15.el7_9.noarc [More...]
xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c (CVE-2022-3550) * xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c (CVE-2022-3551) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 xorg-x11-server-Xephyr-1.20.4-19.el7_9.x86_64.rpm xorg- [More...]
rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123) * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 pcs- [More...]
Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked (CVE-2020-28948) * Archive_Tar: improper filename sanitization leads to file overwrites (CVE-2020-28949) * Archive_Tar: directory traversal due to inadequate checking of symbolic links (CVE-2020-36193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgmen [More...]
device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket (CVE-2022-41974) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 device-mapper-multipath-0.4.9-136.el7_9.x86_64.rpm device-mapper-multipath-debuginfo-0 [More...]
This update upgrades Thunderbird to version 102.4.0. * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators (CVE-2022-39249) * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack (CVE-2022-39250) * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack (CVE-2022-392 [More...]
