Scientific Essential and Critical Security Patch Updates

SciLinux: SLSA-2020-3233-1 Important: firefox on SL6.x i386/x86_64

chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) SL6 x86_64 firefox-68.11.0-1.el6_10.x86_64.rpm firefox-debuginfo [More...]

• LinuxSecurity.com Team
• Jul 30, 2020

SciLinux: SLSA-2020-2966-1 Important: thunderbird on SL6.x i386/x86_64

Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421) SL6 x86_64 thunderbird-68.10.0-1.el6_10.x86_64 [More...]

• LinuxSecurity.com Team
• Jul 16, 2020

SciLinux: SLSA-2020-2933-1 Moderate: kernel on SL6.x i386/x86_64

kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660) SL6 x86_64 kernel-2.6.32-754.31.1.el6.x86_64.rpm kernel-debug-2.6.32-754.31.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.31.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.31.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.31.1.el6.i686.rpm kernel-debug-devel-2.6.3 [More...]

• LinuxSecurity.com Team
• Jul 15, 2020

SciLinux: SLSA-2020-2906-1 Important: thunderbird on SL7.x x86_64

Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417) * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate tr [More...]

• LinuxSecurity.com Team
• Jul 14, 2020

SciLinux: SLSA-2020-2894-1 Important: dbus on SL7.x x86_64

dbus: denial of service via file descriptor leak (CVE-2020-12049) SL7 x86_64 dbus-1.10.24-14.el7_8.x86_64.rpm dbus-debuginfo-1.10.24-14.el7_8.i686.rpm dbus-debuginfo-1.10.24-14.el7_8.x86_64.rpm dbus-libs-1.10.24-14.el7_8.i686.rpm dbus-libs-1.10.24-14.el7_8.x86_64.rpm dbus-x11-1.10.24-14.el7_8.x86_64.rpm dbus-devel-1.10.24-14.el7_8.i686.rpm dbus-devel-1.10.24- [More...]

• LinuxSecurity.com Team
• Jul 13, 2020

SciLinux: SLSA-2020-2824-1 Important: firefox on SL6.x i386/x86_64

Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421) SL6 x86_64 firefox-68.10.0-1.el6_10.x86_64.rpm [More...]

• LinuxSecurity.com Team
• Jul 07, 2020

SciLinux: SLSA-2020-2827-1 Important: firefox on SL7.x x86_64

Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417) * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate tr [More...]

• LinuxSecurity.com Team
• Jul 07, 2020

SciLinux: SLSA-2020-2664-1 Important: kernel on SL7.x x86_64

Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888) SL7 x86_64 bpftool-3.10.0-1127.13.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1127.13.1.el7.x86_64.rpm kernel-3.10.0-1127.13.1.el7.x86_64.rpm kernel-debug-3.10.0-1127.13.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1127.13.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1 [More...]

• LinuxSecurity.com Team
• Jun 23, 2020

SciLinux: SLSA-2020-2663-1 Moderate: ntp on SL7.x x86_64

ntp: ntpd using highly predictable transmit timestamps could result in time change or DoS (CVE-2020-13817) * ntp: DoS on client ntpd using server mode packet (CVE-2020-11868) SL7 x86_64 ntp-4.2.6p5-29.el7_8.2.x86_64.rpm ntp-debuginfo-4.2.6p5-29.el7_8.2.x86_64.rpm ntpdate-4.2.6p5-29.el7_8.2.x86_64.rpm sntp-4.2.6p5-29.el7_8.2.x86_64.rpm noarch ntp-doc-4.2.6p5-29.el7_8.2 [More...]

• LinuxSecurity.com Team
• Jun 23, 2020

SciLinux: SLSA-2020-2640-1 Important: unbound on SL6.x i386/x86_64

unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662) * unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663) SL6 x86_64 unbound-debuginfo-1.4.20-29.el6_10.1.i686.rpm unbound-debuginfo-1.4.20-29.el6_10.1.x86_64.rpm unbound-libs-1.4.20-29.el6_10.1.i686.rpm unbound-libs-1.4.2 [More...]

• LinuxSecurity.com Team
• Jun 22, 2020

SciLinux: SLSA-2020-2642-1 Important: unbound on SL7.x x86_64

unbound: incomplete fix for CVE-2020-12662 in RHEL7 (CVE-2020-10772) SL7 x86_64 unbound-1.6.6-5.el7_8.x86_64.rpm unbound-debuginfo-1.6.6-5.el7_8.i686.rpm unbound-debuginfo-1.6.6-5.el7_8.x86_64.rpm unbound-libs-1.6.6-5.el7_8.i686.rpm unbound-libs-1.6.6-5.el7_8.x86_64.rpm unbound-devel-1.6.6-5.el7_8.i686.rpm unbound-devel-1.6.6-5.el7_8.x86_64.rpm unbound-python [More...]

• LinuxSecurity.com Team
• Jun 22, 2020

SciLinux: SLSA-2020-2615-1 Important: thunderbird on SL7.x x86_64

Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage (CVE-2020-12398) * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) SL7 x86_64 thunderbird-68.9.0-1.el7_8.x86_64.rpm thunderbird-deb [More...]

• LinuxSecurity.com Team
• Jun 22, 2020

SciLinux: SLSA-2020-2613-1 Important: thunderbird on SL6.x i386/x86_64

Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage (CVE-2020-12398) * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) SL6 x86_64 thunderbird-68.9.0-1.el6_10.x86_64.rpm thunderbird-de [More...]

• LinuxSecurity.com Team
• Jun 19, 2020

SciLinux: SLSA-2020-2549-1 Moderate: libexif on SL7.x x86_64

libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS (CVE-2020-13112) SL7 x86_64 libexif-0.6.21-7.el7_8.i686.rpm libexif-0.6.21-7.el7_8.x86_64.rpm libexif-debuginfo-0.6.21-7.el7_8.i686.rpm libexif-debuginfo-0.6.21-7.el7_8.x86_64.rpm libexif-devel-0.6.21-7.el7_8.i686.rpm libexif-devel-0.6.21-7.el7_8.x86_64.rpm li [More...]

• LinuxSecurity.com Team
• Jun 15, 2020

SciLinux: SLSA-2020-2529-1 Important: tomcat6 on SL6.x (noarch)

• LinuxSecurity.com Team
• Jun 12, 2020

SciLinux: SLSA-2020-2516-1 Moderate: libexif on SL6.x i386/x86_64

libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS (CVE-2020-13112) SL6 x86_64 libexif-0.6.21-6.el6_10.i686.rpm libexif-0.6.21-6.el6_10.x86_64.rpm libexif-debuginfo-0.6.21-6.el6_10.i686.rpm libexif-debuginfo-0.6.21-6.el6_10.x86_64.rpm libexif-devel-0.6.21-6.el6_10.i686.rpm libexif-devel-0.6.21-6.el6_10.x86_64.rpm [More...]

• LinuxSecurity.com Team
• Jun 11, 2020

SciLinux: SLSA-2020-2530-1 Important: tomcat on SL7.x (noarch)

tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484) SL7 noarch tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm [More...]

• LinuxSecurity.com Team
• Jun 11, 2020

SciLinux: SLSA-2020-2433-1 Moderate: microcode_ctl on SL6.x i386/x86_64

hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) * hw: L1D Cache Eviction Sampling (CVE-2020-0549) * hw: Vector Register Data Sampling (CVE-2020-0548) SL6 x86_64 microcode_ctl-1.17-33.26.el6_10.x86_64.rpm microcode_ctl-debuginfo-1.17-33.26.el6_10.x86_64.rpm i386 microcode_ctl-1.17-33.26.el6_10.i686.rpm microcode_ctl-debuginfo-1.17-33.26.el6_10.i686.rpm [More...]

• LinuxSecurity.com Team
• Jun 10, 2020

SciLinux: SLSA-2020-2430-1 Moderate: kernel on SL6.x i386/x86_64

kernel: NULL pointer dereference due to KEYCTL_READ on negative key (CVE-2017-12192) SL6 x86_64 kernel-2.6.32-754.30.2.el6.x86_64.rpm kernel-debug-2.6.32-754.30.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.30.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.30.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.30.2.el6.i686.rpm kernel-debug-devel-2.6.32-754.30.2.el [More...]

• LinuxSecurity.com Team
• Jun 10, 2020

SciLinux: SLSA-2020-2406-1 Important: freerdp on SL6.x i386/x86_64

freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) SL6 x86_64 freerdp-1.0.2-7.el6_10.x86_64.rpm freerdp-debuginfo-1.0.2-7.el6_10.x86_64.rpm freerdp-libs-1.0.2-7.el6_10.x86_64.rpm freerdp-plugins-1.0.2-7.el6_10.x86_64.rpm freerdp-debuginfo-1.0.2-7.el6_10.i686.rpm freerdp-devel-1.0.2-7.el6_10.i686.rpm freerdp-devel-1.0. [More...]

• LinuxSecurity.com Team
• Jun 09, 2020