Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2020-2414-1 Important: unbound on SL7.x x86_64

SciLinux: SLSA-2020-2414-1 Important: unbound on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662) * unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663) SL7 x86_64 unbound-1.6.6-4.el7_8.x86_64.rpm unbound-debuginfo-1.6.6-4.el7_8.i686.rpm unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm unbound-libs-1.6.6-4.el7_8.i686.rpm [More...]

SciLinux: SLSA-2020-2405-1 Important: freerdp on SL7.x x86_64

SciLinux: SLSA-2020-2405-1 Important: freerdp on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) SL7 x86_64 freerdp-2.0.0-4.rc4.el7_8.1.x86_64.rpm freerdp-debuginfo-2.0.0-4.rc4.el7_8.1.i686.rpm freerdp-debuginfo-2.0.0-4.rc4.el7_8.1.x86_64.rpm freerdp-libs-2.0.0-4.rc4.el7_8.1.i686.rpm freerdp-libs-2.0.0-4.rc4.el7_8.1.x86_64.rpm libwinpr-2.0.0-4.rc4.el7_8.1.i686.rpm [More...]

SciLinux: SLSA-2020-2383-1 Important: bind on SL6.x i386/x86_64

SciLinux: SLSA-2020-2383-1 Important: bind on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) SL6 x86_64 bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-libs-9.8.2-0.68.rc1.el6_10 [More...]

SciLinux: SLSA-2020-2378-1 Important: firefox on SL6.x i386/x86_64

SciLinux: SLSA-2020-2378-1 Important: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) SL6 x86_64 firefox-68.9.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.9.0-1.el6_10.x86_64.rpm firefox-68.9.0-1.el6_10.i686.rpm firefox-debuginfo-68.9.0-1.e [More...]

SciLinux: SLSA-2020-2381-1 Important: firefox on SL7.x x86_64

SciLinux: SLSA-2020-2381-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) SL7 x86_64 firefox-68.9.0-1.el7_8.x86_64.rpm firefox-debuginfo-68.9.0-1.el7_8.x86_64.rpm firefox-68.9.0-1.el7_8.i686.rpm firefox-debuginfo-68.9.0-1.el7_ [More...]

SciLinux: SLSA-2020-2068-1 Moderate: python-pip on SL7.x (noarch)

SciLinux: SLSA-2020-2068-1 Moderate: python-pip on SL7.x (noarch)

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324) * python-requests: Redirect from HTTPS to HTTP do [More...]

SciLinux: SLSA-2020-2081-1 Moderate: python-virtualenv on SL7.x (noarch)

SciLinux: SLSA-2020-2081-1 Moderate: python-virtualenv on SL7.x (noarch)

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) SL7 noarch python-virtualenv- [More...]

SciLinux: SLSA-2020-2344-1 Important: bind on SL7.x x86_64

SciLinux: SLSA-2020-2344-1 Important: bind on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) SL7 x86_64 bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-export-libs-9.11.4-16.P2.el7_8.6 [More...]

SciLinux: SLSA-2020-2334-1 Important: freerdp on SL7.x x86_64

SciLinux: SLSA-2020-2334-1 Important: freerdp on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

freerdp: Out-of-bounds write in planar.c (CVE-2020-11521) * freerdp: Integer overflow in region.c (CVE-2020-11523) * freerdp: Out-of-bounds write in interleaved.c (CVE-2020-11524) SL7 x86_64 freerdp-2.0.0-4.rc4.el7_8.x86_64.rpm freerdp-debuginfo-2.0.0-4.rc4.el7_8.i686.rpm freerdp-debuginfo-2.0.0-4.rc4.el7_8.x86_64.rpm freerdp-libs-2.0.0-4.rc4.el7_8.i686.rpm freerdp-lib [More...]

SciLinux: SLSA-2020-2337-1 Important: git on SL7.x x86_64

SciLinux: SLSA-2020-2337-1 Important: git on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008) SL7 x86_64 git-1.8.3.1-23.el7_8.x86_64.rpm git-daemon-1.8.3.1-23.el7_8.x86_64.rpm git-debuginfo-1.8.3.1-23.el7_8.x86_64.rpm git-gnome-keyring-1.8.3.1-23.el7_8.x86_64.rpm git-svn-1.8.3.1-23.el7_8.x86_64.rpm noarch emacs-git-1.8.3.1-23.el7_8.noarch.rpm [More...]

SciLinux: SLSA-2020-2082-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2020-2082-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) * kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) SL7 x86_64 bpftool-3.10.0-1127.8.2.el7.x86_6 [More...]

SciLinux: SLSA-2020-2103-1 Important: kernel on SL6.x i386/x86_64

SciLinux: SLSA-2020-2103-1 Important: kernel on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) SL6 x86_64 kernel-2.6.32-754.29.2.el6.x86_64.rpm kernel-debug-2.6.32-754.29.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.29.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.29.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.29.2.el6.i686 [More...]

SciLinux: SLSA-2020-2049-1 Critical: thunderbird on SL6.x i386/x86_64

SciLinux: SLSA-2020-2049-1 Critical: thunderbird on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) * Mozilla: Sender Email Address Spoofing using encoded Unicode characters (CVE-2020-12397) [More...]

SciLinux: SLSA-2020-2050-1 Critical: thunderbird on SL7.x x86_64

SciLinux: SLSA-2020-2050-1 Critical: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) * Mozilla: Sender Email Address Spoofing using encoded Unicode characters (CVE-2020-12397) [More...]

SciLinux: SLSA-2020-2036-1 Critical: firefox on SL6.x i386/x86_64

SciLinux: SLSA-2020-2036-1 Critical: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * Mozilla: Buffer overflow in SCTP chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) SL6 x86_64 firefox-68.8.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.8.0-1.el6_10. [More...]

SciLinux: SLSA-2020-2040-1 Important: squid on SL7.x x86_64

SciLinux: SLSA-2020-2040-1 Important: squid on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow (CVE-2019-12519) * squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution (CVE-2020-11945) * squid: parsing of header Proxy-Authentication leads to memory corruption (CVE-2019-12525) SL7 x86_64 squid-3.5.20-15.el7_8.1.x86_64.rpm s [More...]

SciLinux: SLSA-2020-2037-1 Critical: firefox on SL7.x x86_64

SciLinux: SLSA-2020-2037-1 Critical: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * Mozilla: Buffer overflow in SCTP chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) SL7 x86_64 firefox-68.8.0-1.el7_8.x86_64.rpm firefox-debuginfo-68.8.0-1.el7_8.x8 [More...]

SciLinux: SLSA-2020-1524-1 Important: kernel on SL6.x i386/x86_64

SciLinux: SLSA-2020-1524-1 Important: kernel on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: offset2lib allows for the stack guard page to be jumped over (CVE-2017-1000371) SL6 x86_64 kernel-2.6.32-754.29.1.el6.x86_64.rpm kernel-debug-2.6.32-754.29.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.3 [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved