Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2023-4945-1 Important: thunderbird on SL7.x x86_64

SciLinux: SLSA-2023-4945-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 102.15.0. * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575) * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577) * Mozilla: Memory safety bugs fixed in Firefo [More...]

SciLinux: SLSA-2023-4819-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2023-4819-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788) * hw: amd: Cross-Process Information Leak (CVE-2023-20593) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * nf_conntrack causing nfs to stall * Request to backport upstream commit 5e2d2cc2588b, 26a8 [More...]

SciLinux: SLSA-2023-4766-1 Important: cups on SL7.x x86_64

SciLinux: SLSA-2023-4766-1 Important: cups on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

cups: Information leak through Cups-Get-Document operation (CVE-2023-32360) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 cups-1.6.3-52.el7_9.x86_64.rpm cups-client-1.6.3-52.el7_9.x86_64.rpm cups-debuginfo-1.6.3-52.el7_9.i686.rpm cups-debuginfo-1.6.3-52.el7_9.x86_ [More...]

SciLinux: SLSA-2023-4701-1 Moderate: subscription-manager on SL7.x x86_64

SciLinux: SLSA-2023-4701-1 Moderate: subscription-manager on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration (CVE-2023-3899) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 python-syspurpose-1.24.52-2.sl7_9.x86_64.rpm rhsm-gtk-1.24.52-2.sl7_9.x86_64.rpm [More...]

SciLinux: SLSA-2023-4495-1 Important: thunderbird on SL7.x x86_64

SciLinux: SLSA-2023-4495-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 102.14.0. * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions (CVE-2023-4045) * Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-4047) * Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048) * Mozilla: Fix pot [More...]

SciLinux: SLSA-2023-4461-1 Important: firefox on SL7.x x86_64

SciLinux: SLSA-2023-4461-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 102.14.0 ESR. * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions (CVE-2023-4045) * Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-4047) * Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048) * Mozilla: Fix pot [More...]

SciLinux: SLSA-2023-4382-1 Important: openssh on SL7.x x86_64

SciLinux: SLSA-2023-4382-1 Important: openssh on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 openssh-7.4p1-23.el7_9.x86_64.rpm openssh-askpass-7.4p1-23.el7_9.x86_64.rpm openssh-clients-7.4p1-23.el7_9.x86_64.rpm openssh-debuginfo-7.4p1 [More...]

SciLinux: SLSA-2023-4326-1 Important: iperf3 on SL7.x x86_64

SciLinux: SLSA-2023-4326-1 Important: iperf3 on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

iperf3: memory allocation hazard and crash (CVE-2023-38403) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 iperf3-3.1.7-3.el7_9.i686.rpm iperf3-3.1.7-3.el7_9.x86_64.rpm iperf3-debuginfo-3.1.7-3.el7_9.i686.rpm iperf3-debuginfo-3.1.7-3.el7_9.x86_64.rpm iperf3-dev [More...]

SciLinux: SLSA-2023-4166-1 Moderate: java-1.8.0-openjdk on SL7.x x86_64

SciLinux: SLSA-2023-4166-1 Moderate: java-1.8.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream releas [More...]

SciLinux: SLSA-2023-4233-1 Moderate: java-11-openjdk on SL7.x x86_64

SciLinux: SLSA-2023-4233-1 Moderate: java-11-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036) * OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041) * OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193) * OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-220 [More...]

SciLinux: SLSA-2023-4151-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2023-4151-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * perf record -ag does not capture user space stack frames on s390x * SL7.9 - kernel: handle new reply code FILTERED_BY_HYPERVISOR [More...]

SciLinux: SLSA-2023-4152-1 Important: bind on SL7.x x86_64

SciLinux: SLSA-2023-4152-1 Important: bind on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

bind: named's configured cache size limit can be significantly exceeded (CVE-2023-2828) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.14.i [More...]

SciLinux: SLSA-2023-4062-1 Important: thunderbird on SL7.x x86_64

SciLinux: SLSA-2023-4062-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 102.13.0. * Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201) * Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202) * Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211) * Mozilla: Fullscreen notification obscured (CVE-2023-37 [More...]

SciLinux: SLSA-2023-4079-1 Important: firefox on SL7.x x86_64

SciLinux: SLSA-2023-4079-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 102.13.0 ESR. * Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201) * Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202) * Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211) * Mozilla: Fullscreen notification obscured (CVE-2023-37 [More...]

SciLinux: SLSA-2023-3944-1 Low: open-vm-tools on SL7.x x86_64

SciLinux: SLSA-2023-3944-1 Low: open-vm-tools on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

open-vm-tools: authentication bypass vulnerability in the vgauth module (CVE-2023-20867) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * [ESXi] [SL7] vmtoolsd task is blocked in the uninterruptible state while attempting to delete (unlink) the file 'quiesce_manifest.xml' * [ESX [More...]

SciLinux: SLSA-2023-3741-1 Important: c-ares on SL7.x x86_64

SciLinux: SLSA-2023-3741-1 Important: c-ares on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 c-ares-1.10.0-3.el7_9.1.i686.rpm c-ares-1.10.0-3.el7_9.1.x86_64.rpm c-ares-debuginfo-1.10.0-3.el7_9.1.i686.rpm c-ares-debuginfo-1.10.0-3.el7_9.1.x86_64.rpm [More...]

SciLinux: SLSA-2023-3579-1 Important: firefox on SL7.x x86_64

SciLinux: SLSA-2023-3579-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 102.12.0 ESR. * Mozilla: Click-jacking certificate exceptions through rendering lag (CVE-2023-34414) * Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 (CVE-2023-34416) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 [More...]

SciLinux: SLSA-2023-3563-1 Important: thunderbird on SL7.x x86_64

SciLinux: SLSA-2023-3563-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 102.12.0. * Mozilla: Click-jacking certificate exceptions through rendering lag (CVE-2023-34414) * Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 (CVE-2023-34416) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 [More...]

SciLinux: SLSA-2023-3556-1 Important: python3 on SL7.x x86_64

SciLinux: SLSA-2023-3556-1 Important: python3 on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

python: urllib.parse url blocklisting bypass (CVE-2023-24329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 python3-3.6.8-19.el7_9.x86_64.rpm python3-debuginfo-3.6.8-19.el7_9.i686.rpm python3-debuginfo-3.6.8-19.el7_9.x86_64.rpm python3-libs-3.6.8-19.el7_9.i686.rpm [More...]

SciLinux: SLSA-2023-3555-1 Important: python on SL7.x x86_64

SciLinux: SLSA-2023-3555-1 Important: python on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

python: urllib.parse url blocklisting bypass (CVE-2023-24329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 python-2.7.5-93.el7_9.x86_64.rpm python-debuginfo-2.7.5-93.el7_9.i686.rpm python-debuginfo-2.7.5-93.el7_9.x86_64.rpm python-libs-2.7.5-93.el7_9.i686.rpm [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved