Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2023:1401)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:1401-1 advisory. - Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 - Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102...

Scientific Linux Security Update : pesign on SL7.x x86_64 (2023:1093)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2023:1093-1 advisory. - pesign: Local privilege escalation on pesign systemd service CVE-2022-3560 Note that Nessus has not tested for this issue but has instead relied only on...

Scientific Linux Security Update : kernel on SL7.x x86_64 (2023:1091)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:1091-1 advisory. - kernel: stack overflow in doprocdointvec and procskipspaces CVE-2022-4378 - kernel: use-after-free related to leaf anonvma double reuse...

Scientific Linux Security Update : zlib on SL7.x i686/x86_64 (2023:1095)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2023:1095-1 advisory. - zlib: heap-based buffer over-read and overflow in inflate in inflate.c via a large gzip header extra field CVE-2022-37434 Note that Nessus has not teste...

Scientific Linux Security Update : samba on SL7.x i686/x86_64 (2023:1090)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2023:1090-1 advisory. - samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided CVE-2022-38023 Note that Nessus has not tested for this issue but has instead...

Scientific Linux Security Update : git on SL7.x x86_64 (2023:0978)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:0978-1 advisory. - git: gitattributes parsing integer overflow CVE-2022-23521 - git: Heap overflow in git archive, git log format leading to RCE CVE-2022-41903 No...

Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2023:0812)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:0812-1 advisory. - Mozilla: Arbitrary memory write via PKCS 12 in NSS CVE-2023-0767 - Mozilla: Content security policy leak in violation reports using iframes...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2023:0817)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:0817-1 advisory. - Mozilla: Arbitrary memory write via PKCS 12 in NSS CVE-2023-0767 - Mozilla: Content security policy leak in violation reports using iframes...

Scientific Linux Security Update : tigervnc on SL7.x i686/x86_64 (2023:0675)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2023:0675-1 advisory. - xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation CVE-2023-0494 Note that Nessus has not tested for this issue but has...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2023:0600)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2023:0600-1 advisory. - Mozilla: Revocation status of S/Mime signature certificates was not checked CVE-2023-0430 Note that Nessus has not tested for this issue but has instead...

Scientific Linux Security Update : libksba on SL7.x i686/x86_64 (2023:0530)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2023:0530-1 advisory. - libksba: integer overflow to code executiona CVE-2022-47629 Note that Nessus has not tested for this issue but has instead relied only on the...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2023:0456)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:0456-1 advisory. - Mozilla: libusrsctp library out of date CVE-2022-46871 - Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 - Mozilla:...

Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x i686/x86_64 (2023:0203)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:0203-1 advisory. - OpenJDK: improper restrictions in CORBA deserialization Serialization, 8285021 CVE-2023-21830 - OpenJDK: soundbank URL remote loading Sound,...

Scientific Linux Security Update : kernel on SL7.x x86_64 (2023:0399)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:0399-1 advisory. - kernel: memory corruption in AX88179178A based USB ethernet device. CVE-2022-2964 - hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715...

Scientific Linux Security Update : sssd on SL7.x i686/x86_64 (2023:0403)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2023:0403-1 advisory. - sssd: libssscertmap fails to sanitise certificate data used in LDAP filters CVE-2022-4254 Note that Nessus has not tested for this issue but has instead...

Scientific Linux Security Update : bind on SL7.x i686/x86_64 (2023:0402)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:0402-1 advisory. - bind: DNS forwarders cache poisoning vulnerability CVE-2021-25220 - bind: processing large delegations may severely degrade resolver performanc...

Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2023:0296)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:0296-1 advisory. - Mozilla: libusrsctp library out of date CVE-2022-46871 - Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 - Mozilla:...

Scientific Linux Security Update : java-11-openjdk on SL7.x i686/x86_64 (2023:0195)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:0195-1 advisory. - OpenJDK: handshake DoS attack against DTLS connections JSSE, 8287411 CVE-2023-21835 - OpenJDK: soundbank URL remote loading Sound, 8293742...

Scientific Linux Security Update : sudo on SL7.x i686/x86_64 (2023:0291)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2023:0291-1 advisory. - sudo: arbitrary file write with privileges of the RunAs user CVE-2023-22809 Note that Nessus has not tested for this issue but has instead relied only o...

Scientific Linux Security Update : xorg-x11-server on SL7.x i686/x86_64 (2023:0046)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:0046-1 advisory. - xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free CVE-2022-4283 - xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow...