Find the information you need for your favorite open source distribution .
This update upgrades Thunderbird to version 78.9.0. * Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981) * Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987) * Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982) * Mozilla: Malicious extensions could have spoofed [More...]
kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211) * kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374) * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use- after-free (CVE-2020-29661) * kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532) [More...]
pki-core: Unprivileged users can renew any certificate (CVE-2021-20179) * pki-core: XSS in the certificate search results (CVE-2020-25715) * pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146) * pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179) * pki-core: Reflected XSS in [More...]
wpa_supplicant: Use-after-free in P2P provision discovery processing (CVE-2021-27803) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 wpa_supplicant-2.6-12.el7_9.2.x86_64.rpm wpa_supplicant-debuginfo-2.6-12.el7_9.2.x86_64.rpm - Scientific Linux Development Team
screen: crash when processing combining chars (CVE-2021-26937) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 screen-4.1.0-0.27.20120314git3c2946.el7_9.x86_64.rpm screen-debuginfo-4.1.0-0.27.20120314git3c2946.el7_9.x86_64.rpm - Scientific Linux Development Team
grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372) * grub2: Use-after-free in rmmod command (CVE-2020-25632) * grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647) * grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749) * grub2: cutmem command allows privileged user to remove memo [More...]
bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 bind-debuginfo-9.11.4-26.P2.el7_9.4.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.4.x86_64.rpm bind-export-libs-9 [More...]
This update upgrades Thunderbird to version 78.8.0. * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) * Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) * Mozilla: Med [More...]
