Find the information you need for your favorite open source distribution .
python: TLS handshake bypass (CVE-2023-40217) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6885 SL7 srpm python-0:2.7.5-94.el7_9.src x86_64 python-0:2.7.5-94.el7_9.x86_64 i386 python-libs-0:2.7.5-94.el7_9.i686 - Scientific Linux Development Team
plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6886 SL7 srpm plexus-archiver-0:2.4.2-6.el7_9.src noarch plexus-archiver-0:2.4.2-6.el7_9.noarch - Scientific Linux Development Team
bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5691 SL7 srpm bind-32:9.11.4-26.P2.el7_9.15.src i386 bind-export-libs-32:9.11.4-26.P2.el7_9.15.i686 x86_64 bind-export-libs-32:9.11.4-26.P2.el7_9.15.x86_64 noarch bind-license-32:9.11.4-26.P2.el7_9.15.noarch - Scie [More...]
libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218) --- This content is derived from https://access.redhat.com/errata/RHSA-2 023:5615 SL7 srpm libssh2-0:1.8.0-4.el7_9.1.src i386 libssh2-0:1.8.0-4.el7_9.1.i686 x86_64 libssh2-0:1.8.0-4.el7_9.1.x86_64 noarch libssh2-docs-0:1.8.0- 4.el7_9.1.noarch - Scientific Linux Development Team
python-reportlab: code injection in paraparser.py allows code execution (CVE-2019-19450) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5616 SL7 srpm python-reportlab-0:2.5-11.el7_9.src x86_64 python-reportlab-0:2.5-11.el7_9.x86_64 - Scientific Linux Development Team
squid: Denial of Service in HTTP Digest Authentication (CVE-2023-46847) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6805 SL7 srpm squid-7:3.5.20-17.el7_9.9.src x86_64 squid-7:3.5.20-17.el7_9.9.x86_64 - Scientific Linux Development Team
python: TLS handshake bypass (CVE-2023-40217) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6823 SL7 srpm python3-0:3.6.8-21.el7_9.src x86_64 python3-0:3.6.8-21.el7_9.x86_64 i386 python3-libs-0:3.6.8-21.el7_9.i686 - Scientific Linux Development Team
xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6802 SL7 srpm xorg-x11-server-0:1.20.4-24.el7_9.src x86_64 xorg-x11-server-Xephyr-0:1.20.4-24.el7_9.x86_64 i386 xorg-x11-server-devel-0:1.20.4-24.el7_9.i686 noarch xorg-x11-server-source-0:1.2 [More...]
This update upgrades Thunderbird to version 115.4.1. --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6193 SL7 srpm thunderbird-0:115.4.1-1.el7_9.src x86_64 thunderbird-0:115.4.1-1.el7_9.x86_64 - Scientific Linux Development Team
OpenJDK: IOR deserialization issue in CORBA (8303384) (CVE-2023-22067) * OpenJDK: certificate path validation issue during client authentication (830996 6) (CVE-2023-22081) Bug Fix(es): * A maximum signature file size property, jdk.jar.maxSignatureFileSize, was introduced in the 11.0.20 release of OpenJD K by JDK-8300596, with a default of 8 MB. This default proved to be too small for some J [More...]
OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081) Bug Fix(es): * Additional validity checks in the hand ling of Zip64 files, JDK-8302483, were introduced in the 11.0.20 release of OpenJDK, causing the use of some valid zip files to now fail with an error. This release, 11.0.20.1, allows for zero-length headers and additional padding produced b [More...]
kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609) * kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233) * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001) Bug Fix(es): * Low memory deadlock with md devices and external (imsm) [More...]
This update upgrades Firefox to version 115.3.1 ESR. * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-20 23-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 1 15.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE- [More...]
This update upgrades Firefox to version 115.3.1 ESR. * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE- [More...]
This update upgrades Thunderbird to version 115.3.1. * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE- [More...]
ImageMagick: Division by zero in ReadEnhMetaFile lead to DoS (CVE-2021-40211) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 ImageMagick-6.9.10.68-7.el7_9.i686.rpm ImageMagick-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-c++-6.9.10.68-7.el7_9.i686.rpm ImageMagick-c++-6 [More...]
This update upgrades Firefox to version 102.15.1 ESR. * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 firefox-102.15.1-1.el7_9.x86_64.rpm firefox-debuginfo-102.15.1-1.el7_9.x86_64.rpm firefox-102.15.1-1.el7_9. [More...]
open-vm-tools: SAML token signature bypass (CVE-2023-20900) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 open-vm-tools-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-debuginfo-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-desktop-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools- [More...]
This update upgrades Thunderbird to version 102.15.1. * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 thunderbird-102.15.1-1.el7_9.x86_64.rpm thunderbird-debuginfo-102.15.1-1.el7_9.x86_64.rpm - Scientific Linux D [More...]
This update upgrades Firefox to version 102.15.0 ESR. * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575) * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577) * Mozilla: Memory safety bugs fixed in Firefo [More...]
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
