Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2020-5453-1 Moderate: pacemaker on SL7.x x86_64

SciLinux: SLSA-2020-5453-1 Moderate: pacemaker on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

pacemaker: ACL restrictions bypass (CVE-2020-25654) SL7 x86_64 pacemaker-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-cli-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-cluster-libs-1.1.23-1.el7_9.1.i686.rpm pacemaker-cluster-libs-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-cts-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-debuginfo-1.1.23-1.el7_9.1.i686.rpm pacemaker-debuginfo-1.1.23-1.el7_9 [More...]

SciLinux: SLSA-2020-5408-1 Important: xorg-x11-server on SL7.x x86_64

SciLinux: SLSA-2020-5408-1 Important: xorg-x11-server on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

xorg-x11-server: Out-of-bounds access in XkbSetMap function (CVE-2020-14360) * xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow privilege escalation vulnerability (CVE-2020-25712) * xorg-x11-server: Leak of uninitialized heap memory from the X server to clients in AllocatePixmap of dix/pixmap.c (CVE-2020-14347) SL7 x86_64 xorg-x11-server-Xephyr-1.20.4-15.el7_9.x86_64.rpm [More...]

SciLinux: SLSA-2020-5402-1 Important: libexif on SL7.x x86_64

SciLinux: SLSA-2020-5402-1 Important: libexif on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libexif: out of bounds write due to an integer overflow in exif-entry.c (CVE-2020-0452) SL7 x86_64 libexif-0.6.22-2.el7_9.i686.rpm libexif-0.6.22-2.el7_9.x86_64.rpm libexif-debuginfo-0.6.22-2.el7_9.i686.rpm libexif-debuginfo-0.6.22-2.el7_9.x86_64.rpm libexif-devel-0.6.22-2.el7_9.i686.rpm libexif-devel-0.6.22-2.el7_9.x86_64.rpm libexif-doc-0.6.22-2.el7_9.x86_64.r [More...]

SciLinux: SLSA-2020-5350-1 Important: net-snmp on SL7.x x86_64

SciLinux: SLSA-2020-5350-1 Important: net-snmp on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution (CVE-2020-15862) SL7 x86_64 net-snmp-5.7.2-49.el7_9.1.x86_64.rpm net-snmp-agent-libs-5.7.2-49.el7_9.1.i686.rpm net-snmp-agent-libs-5.7.2-49.el7_9.1.x86_64.rpm net-snmp-debuginfo-5.7.2-49.el7_9.1.i686.rpm net-snmp-debuginfo-5.7.2-49.el7_9.1.x86_64.rpm net-snmp-libs-5.7.2-49 [More...]

SciLinux: SLSA-2020-5235-1 Important: thunderbird on SL7.x i386/x86_64

SciLinux: SLSA-2020-5235-1 Important: thunderbird on SL7.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 78.5.0. * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968) * Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Mozilla: Fullscreen could be enable [More...]

SciLinux: SLSA-2020-5129-1 Important: net-snmp on SL6.x i386/x86_64

SciLinux: SLSA-2020-5129-1 Important: net-snmp on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution (CVE-2020-15862) SL6 x86_64 net-snmp-5.5-60.el6_10.2.x86_64.rpm net-snmp-debuginfo-5.5-60.el6_10.2.i686.rpm net-snmp-debuginfo-5.5-60.el6_10.2.x86_64.rpm net-snmp-libs-5.5-60.el6_10.2.i686.rpm net-snmp-libs-5.5-60.el6_10.2.x86_64.rpm net-snmp-devel-5.5-60.el6_10.2.i686.rpm [More...]

SciLinux: SLSA-2020-4350-1 Moderate: java-1.8.0-openjdk on SL7.x x86_64

SciLinux: SLSA-2020-4350-1 Moderate: java-1.8.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781) * OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782) * OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792) * OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 82 [More...]

SciLinux: SLSA-2020-3617-1 Important: dovecot on SL7.x x86_64

SciLinux: SLSA-2020-3617-1 Important: dovecot on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

dovecot: Resource exhaustion via deeply nested MIME parts (CVE-2020-12100) * dovecot: Out of bound reads in dovecot NTLM implementation (CVE-2020-12673) * dovecot: Crash due to assert in RPA implementation (CVE-2020-12674) SL7 x86_64 dovecot-2.2.36-6.el7_8.1.i686.rpm dovecot-2.2.36-6.el7_8.1.x86_64.rpm dovecot-debuginfo-2.2.36-6.el7_8.1.i686.rpm dovecot-debuginfo-2.2.36-6. [More...]

SciLinux: SLSA-2020-3558-1 Important: firefox on SL6.x i386/x86_64

SciLinux: SLSA-2020-3558-1 Important: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Attacker-induced prompt for extension installation (CVE-2020-15664) * Mozilla: Use-After-Free when aborting an operation (CVE-2020-15669) SL6 x86_64 firefox-68.12.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.12.0-1.el6_10.x86_64.rpm firefox-68.12.0-1.el6_10.i686.rpm firefox-debuginfo-68.12.0-1.el6_10.i686.rpm i386 firefox-68.12.0-1.el6_10.i686.rpm firefox-d [More...]

SciLinux: SLSA-2020-3345-1 Important: thunderbird on SL6.x i386/x86_64

SciLinux: SLSA-2020-3345-1 Important: thunderbird on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) SL6 x86_64 thunderbird-68.11.0-1.el6_10.x86_64.rpm thunderbird-d [More...]

SciLinux: SLSA-2020-3344-1 Important: thunderbird on SL7.x x86_64

SciLinux: SLSA-2020-3344-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) SL7 x86_64 thunderbird-68.11.0-1.el7_8.x86_64.rpm thunderbird-de [More...]

SciLinux: SLSA-2020-3281-1 Important: libvncserver on SL7.x x86_64

SciLinux: SLSA-2020-3281-1 Important: libvncserver on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libvncserver: websocket decoding buffer overflow (CVE-2017-18922) SL7 x86_64 libvncserver-0.9.9-14.el7_8.1.i686.rpm libvncserver-0.9.9-14.el7_8.1.x86_64.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm libvncserver-devel-0.9.9-14.el7_8.1.i686.rpm libvncserver-devel-0.9.9-14.el7_8.1.x86_64.rpm - Scientific Linux [More...]

SciLinux: SLSA-2020-3253-1 Important: firefox on SL7.x x86_64

SciLinux: SLSA-2020-3253-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) SL7 x86_64 firefox-68.11.0-1.el7_8.x86_64.rpm firefox-debuginfo- [More...]

SciLinux: SLSA-2020-3220-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2020-3220-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757) * kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653) * kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654) * kernel: use-after-free caused by a malicious U [More...]

SciLinux: SLSA-2020-3217-1 Moderate: grub2 on SL7.x x86_64

SciLinux: SLSA-2020-3217-1 Moderate: grub2 on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713) * grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308) * grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309) * grub2: Integer overflow read_se [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved