Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2020-1339-1 Critical: firefox on SL6.x i386/x86_64

SciLinux: SLSA-2020-1339-1 Critical: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) SL6 x86_64 firefox-68.6.1-1.el6_10.x86_64.rpm firefox-debuginfo-68.6.1-1.el6_10.x86_64.rpm firefox-68.6.1-1.el6_10.i686.rpm firefox-debuginfo-68.6.1-1.el6_10.i686.rpm i386 firefox-68.6.1-1.el6_10.i686.rpm firefox- [More...]

SciLinux: SLSA-2020-1335-1 Important: telnet on SL6.x i386/x86_64

SciLinux: SLSA-2020-1335-1 Important: telnet on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code (CVE-2020-10188) SL6 x86_64 telnet-0.17-49.el6_10.x86_64.rpm telnet-debuginfo-0.17-49.el6_10.x86_64.rpm telnet-server-0.17-49.el6_10.x86_64.rpm i386 telnet-0.17-49.el6_10.i686.rpm telnet-debuginfo-0.17-49.el6_10.i686.rpm telnet-server-0.17-49.el6_10.i686.rpm - Scientif [More...]

SciLinux: SLSA-2020-0914-1 Important: thunderbird on SL6.x i386/x86_64

SciLinux: SLSA-2020-0914-1 Important: thunderbird on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addre [More...]

SciLinux: SLSA-2020-0912-1 Important: tomcat6 on SL6.x (noarch)

SciLinux: SLSA-2020-0912-1 Important: tomcat6 on SL6.x (noarch)

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) SL6 noarch tomcat6-6.0.24-114.el6_10.noarch.rpm tomcat6-admin-webapps-6.0.24-114.el6_10.noarch.rpm tomcat6-docs-webapp-6.0.24-114.el6_10.noarch.rpm tomcat6-el-2.1-api-6.0.24-114.el6_10.noarch.rpm tomcat6-javadoc-6.0.24-114.el6_10.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-114.el6_10.noarch.rpm [More...]

SciLinux: SLSA-2020-0913-1 Important: libvncserver on SL7.x x86_64

SciLinux: SLSA-2020-0913-1 Important: libvncserver on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libvncserver: HandleCursorShape() integer overflow resulting in heap-based buffer overflow (CVE-2019-15690) SL7 x86_64 libvncserver-0.9.9-14.el7_7.i686.rpm libvncserver-0.9.9-14.el7_7.x86_64.rpm libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm libvncserver-devel-0.9.9-14.el7_7.i686.rpm libvncserver-devel-0.9.9-14.el7_7.x [More...]

SciLinux: SLSA-2020-0905-1 Important: thunderbird on SL7.x x86_64

SciLinux: SLSA-2020-0905-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addre [More...]

SciLinux: SLSA-2020-0896-1 Important: icu on SL6.x i386/x86_64

SciLinux: SLSA-2020-0896-1 Important: icu on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ICU: Integer overflow in UnicodeString::doAppend() (CVE-2020-10531) SL6 x86_64 icu-debuginfo-4.2.1-15.el6_10.i686.rpm icu-debuginfo-4.2.1-15.el6_10.x86_64.rpm libicu-4.2.1-15.el6_10.i686.rpm libicu-4.2.1-15.el6_10.x86_64.rpm icu-4.2.1-15.el6_10.x86_64.rpm libicu-devel-4.2.1-15.el6_10.i686.rpm libicu-devel-4.2.1-15.el6_10.x86_64.rpm i386 icu-debuginfo-4.2.1- [More...]

SciLinux: SLSA-2020-0892-1 Important: zsh on SL6.x i386/x86_64

SciLinux: SLSA-2020-0892-1 Important: zsh on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) SL6 x86_64 zsh-4.3.11-11.el6_10.x86_64.rpm zsh-debuginfo-4.3.11-11.el6_10.x86_64.rpm zsh-html-4.3.11-11.el6_10.x86_64.rpm i386 zsh-4.3.11-11.el6_10.i686.rpm zsh-debuginfo-4.3.11-11.el6_10.i686.rpm zsh-html-4.3.11-11.el6_10.i686.rpm - Scientific Linux Development Team

SciLinux: SLSA-2020-0897-1 Important: icu on SL7.x x86_64

SciLinux: SLSA-2020-0897-1 Important: icu on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ICU: Integer overflow in UnicodeString::doAppend() (CVE-2020-10531) SL7 x86_64 icu-debuginfo-50.2-4.el7_7.i686.rpm icu-debuginfo-50.2-4.el7_7.x86_64.rpm libicu-50.2-4.el7_7.i686.rpm libicu-50.2-4.el7_7.x86_64.rpm icu-50.2-4.el7_7.x86_64.rpm libicu-devel-50.2-4.el7_7.i686.rpm libicu-devel-50.2-4.el7_7.x86_64.rpm noarch libicu-doc-50.2-4.el7_7.noarch.rpm - S [More...]

SciLinux: SLSA-2020-0834-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2020-0834-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) Bug Fix(es): * SL7.7 - [More...]

SciLinux: SLSA-2020-0850-1 Moderate: python-pip on SL7.x (noarch)

SciLinux: SLSA-2020-0850-1 Moderate: python-pip on SL7.x (noarch)

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324) * python-requests: Redirect from HTTPS to HTTP do [More...]

SciLinux: SLSA-2020-0855-1 Important: tomcat on SL7.x (noarch)

SciLinux: SLSA-2020-0855-1 Important: tomcat on SL7.x (noarch)

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) SL7 noarch tomcat-servlet-3.0-api-7.0.76-11.el7_7.noarch.rpm tomcat-7.0.76-11.el7_7.noarch.rpm tomcat-admin-webapps-7.0.76-11.el7_7.noarch.rpm tomcat-docs-webapp-7.0.76-11.el7_7.noarch.rpm tomcat-el-2.2-api-7.0.76-11.el7_7.noarch.rpm tomcat-javadoc-7.0.76-11.el7_7.noarch.rpm tomcat-jsp-2. [More...]

SciLinux: SLSA-2020-0851-1 Moderate: python-virtualenv on SL7.x (noarch)

SciLinux: SLSA-2020-0851-1 Moderate: python-virtualenv on SL7.x (noarch)

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) SL7 noarch python-virtualenv- [More...]

SciLinux: SLSA-2020-0816-1 Important: firefox on SL6.x i386/x86_64

SciLinux: SLSA-2020-0816-1 Important: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 68.6.0 ESR. * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-681 [More...]

SciLinux: SLSA-2020-0815-1 Important: firefox on SL7.x x86_64

SciLinux: SLSA-2020-0815-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 68.6.0 ESR. * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-681 [More...]

SciLinux: SLSA-2020-0790-1 Important: kernel on SL6.x i386/x86_64

SciLinux: SLSA-2020-0790-1 Important: kernel on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless /wext-sme.c (CVE-2019-17133) * kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055) Bug Fix(es): * LACP bond does not function because bonding driver sees slave speed & duplex as Unknown * ixgbevf guess causes excessive interrupts in hypervisor due to get link settings SL6 [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved