Scientific Linux Security Update : kernel on SL7.x x86_64 (2023:1091)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:1091-1 advisory. - kernel: stack overflow in doprocdointvec and procskipspaces CVE-2022-4378 - kernel: use-after-free related to leaf anonvma double reuse...

Scientific Linux Security Update : samba on SL7.x i686/x86_64 (2023:1090)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2023:1090-1 advisory. - samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided CVE-2022-38023 Note that Nessus has not tested for this issue but has instead...

Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2023:0812)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:0812-1 advisory. - Mozilla: Arbitrary memory write via PKCS 12 in NSS CVE-2023-0767 - Mozilla: Content security policy leak in violation reports using iframes...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2023:0600)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2023:0600-1 advisory. - Mozilla: Revocation status of S/Mime signature certificates was not checked CVE-2023-0430 Note that Nessus has not tested for this issue but has instead...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2023:0456)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:0456-1 advisory. - Mozilla: libusrsctp library out of date CVE-2022-46871 - Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 - Mozilla:...

Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x i686/x86_64 (2023:0203)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:0203-1 advisory. - OpenJDK: improper restrictions in CORBA deserialization Serialization, 8285021 CVE-2023-21830 - OpenJDK: soundbank URL remote loading Sound,...

Scientific Linux Security Update : sudo on SL7.x i686/x86_64 (2023:0291)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2023:0291-1 advisory. - sudo: arbitrary file write with privileges of the RunAs user CVE-2023-22809 Note that Nessus has not tested for this issue but has instead relied only o...

Scientific Linux Security Update : tigervnc on SL7.x x86_64 (2023:0045)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:0045-1 advisory. - xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free CVE-2022-4283 - xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow...

Scientific Linux Security Update : bcel on SL7.x (noarch) (2022:8958)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:8958-1 advisory. - Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing CVE-2022-42920 Note that Nessus has not tested for this issue but has instead...

Scientific Linux Security Update : 389-ds-base on SL7.x x86_64 (2022:7087)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:7087-1 advisory. - 389-ds-base: SIGSEGV in syncrepl CVE-2022-2850 Note that Nessus has not tested for this issue but has instead relied only on the application's...

Scientific Linux Security Update : java-11-openjdk on SL7.x i686/x86_64 (2022:7008)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:7008-1 advisory. - OpenJDK: improper MultiByte conversion can lead to buffer overflow JGSS, 8286077 CVE-2022-21618 - OpenJDK: excessive memory allocation in X.509...

Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2022:6997)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:6997-1 advisory. - expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 Note that Nessus has not tested for this issue but has instead relied onl...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2022:6998)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:6998-1 advisory. - expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 Note that Nessus has not tested for this issue but has instead relied onl...

Scientific Linux Security Update : expat on SL7.x i686/x86_64 (2022:6834)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:6834-1 advisory. - expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 Note that Nessus has not tested for this issue but has instead relied onl...

Scientific Linux Security Update : open-vm-tools on SL7.x x86_64 (2022:6381)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:6381-1 advisory. - open-vm-tools: local root privilege escalation in the virtual machine CVE-2022-31676 Note that Nessus has not tested for this issue but has instead reli...

Scientific Linux Security Update : xorg-x11-server on SL7.x i686/x86_64 (2022:5905)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:5905-1 advisory. - xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access CVE-2022-2319 - xorg-x11-server: out-of-bounds access in...

Scientific Linux Security Update : java-11-openjdk on SL7.x i686/x86_64 (2022:5687)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:5687-1 advisory. - OpenJDK: integer truncation issue in Xalan-J JAXP, 8285407 CVE-2022-34169 - OpenJDK: class compilation issue Hotspot, 8281859 CVE-2022-21540 -...

Scientific Linux Security Update : squid on SL7.x x86_64 (2022:5542)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:5542-1 advisory. - squid: DoS when processing gopher server responses CVE-2021-46784 Note that Nessus has not tested for this issue but has instead relied only on the...

Scientific Linux Security Update : python on SL7.x i686/x86_64 (2022:5235)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:5235-1 advisory. - python: CRLF injection via HTTP request method in httplib/http.client CVE-2020-26116 - python-urllib3: CRLF injection via HTTP request method...

Scientific Linux Security Update : 389-ds-base on SL7.x x86_64 (2022:5239)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:5239-1 advisory. - 389-ds-base: sending crafted message could result in DoS CVE-2022-0918 - 389-ds-base: expired password was still allowed to access the database...