Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2020-0775-1 Important: qemu-kvm on SL6.x i386/x86_64

SciLinux: SLSA-2020-0775-1 Important: qemu-kvm on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039) * QEMU: Slirp: use-after-free during packet reassembly (CVE-2019-15890) SL6 x86_64 qemu-guest-agent-0.12.1.2-2.506.el6_10.6.x86_64.rpm qemu-img-0.12.1.2-2.506.el6_10.6.x86_64.rpm qemu-kvm-0.12.1.2-2.506.el6_10.6 [More...]

SciLinux: SLSA-2020-0726-1 Important: sudo on SL6.x i386/x86_64

SciLinux: SLSA-2020-0726-1 Important: sudo on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

sudo: Stack based buffer overflow when pwfeedback is enabled (CVE-2019-18634) SL6 x86_64 sudo-1.8.6p3-29.el6_10.3.x86_64.rpm sudo-debuginfo-1.8.6p3-29.el6_10.3.x86_64.rpm sudo-debuginfo-1.8.6p3-29.el6_10.3.i686.rpm sudo-devel-1.8.6p3-29.el6_10.3.i686.rpm sudo-devel-1.8.6p3-29.el6_10.3.x86_64.rpm i386 sudo-1.8.6p3-29.el6_10.3.i686.rpm sudo-debuginfo-1.8.6p3-29.e [More...]

SciLinux: SLSA-2020-0702-1 Important: xerces-c on SL6.x i386/x86_64

SciLinux: SLSA-2020-0702-1 Important: xerces-c on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311) SL6 x86_64 xerces-c-3.0.1-21.el6_10.i686.rpm xerces-c-3.0.1-21.el6_10.x86_64.rpm xerces-c-debuginfo-3.0.1-21.el6_10.i686.rpm xerces-c-debuginfo-3.0.1-21.el6_10.x86_64.rpm xerces-c-devel-3.0.1-21.el6_10.i686.rpm xerces-c-devel-3.0.1-21.el6_10.x86_64.rpm [More...]

SciLinux: SLSA-2020-0704-1 Important: xerces-c on SL7.x x86_64

SciLinux: SLSA-2020-0704-1 Important: xerces-c on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311) SL7 x86_64 xerces-c-3.1.1-10.el7_7.i686.rpm xerces-c-3.1.1-10.el7_7.x86_64.rpm xerces-c-debuginfo-3.1.1-10.el7_7.i686.rpm xerces-c-debuginfo-3.1.1-10.el7_7.x86_64.rpm xerces-c-devel-3.1.1-10.el7_7.i686.rpm xerces-c-devel-3.1.1-10.el7_7.x86_64.rpm noar [More...]

SciLinux: SLSA-2020-0703-1 Important: http-parser on SL7.x x86_64

SciLinux: SLSA-2020-0703-1 Important: http-parser on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) SL7 x86_64 http-parser-2.7.1-8.el7_7.2.i686.rpm http-parser-2.7.1-8.el7_7.2.x86_64.rpm http-parser-debuginfo-2.7.1-8.el7_7.2.i686.rpm http-parser-debuginfo-2.7.1-8.el7_7.2.x86_64.rpm http-parser-devel-2.7.1-8.el7_7.2.i686.rpm http-parser-devel-2.7.1-8.el7_7.2.x86_64.rpm - Scient [More...]

SciLinux: SLSA-2020-0632-1 Important: java-1.7.0-openjdk on SL6.x i386/x86_64

SciLinux: SLSA-2020-0632-1 Important: java-1.7.0-openjdk on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalizat [More...]

SciLinux: SLSA-2020-0631-1 Important: ppp on SL6.x i386/x86_64

SciLinux: SLSA-2020-0631-1 Important: ppp on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) SL6 x86_64 ppp-2.4.5-11.el6_10.x86_64.rpm ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm ppp-debuginfo-2.4.5-11.el6_10.i686.rpm ppp-devel-2.4.5-11.el6_10.i686.rpm ppp-devel-2.4.5-11.el6_10.x86_64.rpm i386 ppp-2.4.5-11.el6_10.i686.rpm ppp-debuginfo-2.4.5-11.el6_10.i686.rpm [More...]

SciLinux: SLSA-2020-0630-1 Important: ppp on SL7.x x86_64

SciLinux: SLSA-2020-0630-1 Important: ppp on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) SL7 x86_64 ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm - Scientific Linux Development Team

SciLinux: SLSA-2020-0574-1 Important: thunderbird on SL6.x i386/x86_64

SciLinux: SLSA-2020-0574-1 Important: thunderbird on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) Mozilla: Out-of-bounds read when processing certain email messages (CVE-2020-6793) Mozilla: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords (CVE-2020-6794) Mozilla: Crash processing S/MIME messages with multiple signatures (CVE-2020-6795) Mozilla: Incorrect p [More...]

SciLinux: SLSA-2020-0578-1 Important: python-pillow on SL7.x x86_64

SciLinux: SLSA-2020-0578-1 Important: python-pillow on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312) python-pillow: reading specially crafted image files leads to allocation of large amounts of memory and denial of service (CVE-2019-16865) SL7 x86_64 python-pillow-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm python-pillow-debuginfo-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm python-pillow- [More...]

SciLinux: SLSA-2020-0576-1 Important: thunderbird on SL7.x x86_64

SciLinux: SLSA-2020-0576-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) Mozilla: Out-of-bounds read when processing certain email messages (CVE-2020-6793) Mozilla: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords (CVE-2020-6794) Mozilla: Crash processing S/MIME messages with multiple signatures (CVE-2020-6795) Mozilla: Incorrect p [More...]

SciLinux: SLSA-2020-0550-1 Important: openjpeg2 on SL7.x x86_64

SciLinux: SLSA-2020-0550-1 Important: openjpeg2 on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c (CVE-2020-8112) SL7 x86_64 openjpeg2-2.3.1-3.el7_7.i686.rpm openjpeg2-2.3.1-3.el7_7.x86_64.rpm openjpeg2-debuginfo-2.3.1-3.el7_7.i686.rpm openjpeg2-debuginfo-2.3.1-3.el7_7.x86_64.rpm openjpeg2-devel-2.3.1-3.el7_7.i686.rpm openjpeg2-devel-2.3.1-3.el7_7.x86_64.rpm openjpeg2-tools-2. [More...]

SciLinux: SLSA-2020-0541-1 Important: java-1.7.0-openjdk on SL7.x x86_64

SciLinux: SLSA-2020-0541-1 Important: java-1.7.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalizat [More...]

SciLinux: SLSA-2020-0521-1 Important: firefox on SL6.x i386/x86_64

SciLinux: SLSA-2020-0521-1 Important: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796) * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) SL6 x86_64 firefox-68.5.0-2.el6_10.x86_64.rpm firefox-debuginfo-68.5.0-2.el6_10.x86_64.rpm firefox-68.5.0-2.el6_10.i686.rpm firefox-debuginfo-68.5.0-2.el6_10.i686.rpm i386 firefox-68.5.0-2.el6_ [More...]

SciLinux: SLSA-2020-0520-1 Important: firefox on SL7.x x86_64

SciLinux: SLSA-2020-0520-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796) * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) * Mozilla: Incorrect parsing of template tag could result in JavaScript injection (CVE-2020-6798) SL7 x86_64 firefox-68.5.0-2.el7_7.x86_64.rpm firefox-debuginfo-68.5.0-2.el7_7.x86_64.rpm firefox-68.5.0- [More...]

SciLinux: SLSA-2020-0471-1 Moderate: spice-gtk on SL6.x i386/x86_64

SciLinux: SLSA-2020-0471-1 Moderate: spice-gtk on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows (CVE-2018-10893) SL6 x86_64 spice-glib-0.26-8.el6_10.2.i686.rpm spice-glib-0.26-8.el6_10.2.x86_64.rpm spice-gtk-0.26-8.el6_10.2.i686.rpm spice-gtk-0.26-8.el6_10.2.x86_64.rpm spice-gtk-debuginfo-0.26-8.el6_10.2.i686.rpm spice-gtk-debuginfo-0.26-8.el6_10.2.x86_64.rpm spic [More...]

SciLinux: SLSA-2020-0374-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2020-0374-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved