java-1.8.0-openjdk (SL7)

Synopsis: Moderate: java-1.8.0-openjdk security update Advisory ID: SLSA-2019:0435-1 Issue Date: 2019-02-28 CVE Numbers: CVE-2019-2422 — Security Fix(es): * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) — SL7 x86_64 java-1.8.0-openjdk-1.8.0.201.b09-0.el7_6.i686.rpm java-1.8.0-openjdk-1.8.0.201.b09-0.el7_6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.201.b09-0.el7_6.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.201.b09-0.el7_6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.201.b09-0.el7_6.i686.rpm java-1.8.0-openjdk-headless-1.8.0.201.b09-0.el7_6.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.201.b09-0.el7_6.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.201.b09-0.el7_6.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.201.b09-0.el7_6.i686.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.201.b09-0.el7_6.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.201.b09-0.el7_6.i686.rpm … Read More

java-11-openjdk (SL7)

Synopsis: Moderate: java-11-openjdk security update Advisory ID: SLSA-2019:0436-1 Issue Date: 2019-02-28 CVE Numbers: CVE-2019-2422 — Security Fix(es): * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) — SL7 x86_64 java-11-openjdk-11.0.2.7-0.el7_6.i686.rpm java-11-openjdk-11.0.2.7-0.el7_6.x86_64.rpm java-11-openjdk-debuginfo-11.0.2.7-0.el7_6.i686.rpm java-11-openjdk-debuginfo-11.0.2.7-0.el7_6.x86_64.rpm java-11-openjdk-headless-11.0.2.7-0.el7_6.i686.rpm java-11-openjdk-headless-11.0.2.7-0.el7_6.x86_64.rpm java-11-openjdk-debug-11.0.2.7-0.el7_6.i686.rpm java-11-openjdk-debug-11.0.2.7-0.el7_6.x86_64.rpm java-11-openjdk-demo-11.0.2.7-0.el7_6.i686.rpm java-11-openjdk-demo-11.0.2.7-0.el7_6.x86_64.rpm java-11-openjdk-demo-debug-11.0.2.7-0.el7_6.i686.rpm … Read More

kernel (SL6)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2019:0415-1 Issue Date: 2019-02-26 CVE Numbers: CVE-2018-10902 — Security Fix(es): * kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) Bug Fix(es): * Previously backported upstream patch caused a … Read More

java-1.8.0-openjdk (SL6)

Synopsis: Moderate: java-1.8.0-openjdk security update Advisory ID: SLSA-2019:0416-1 Issue Date: 2019-02-26 CVE Numbers: CVE-2019-2422 — Security Fix(es): * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) — SL6 x86_64 java-1.8.0-openjdk-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.201.b09-1.el6_10.x86_64.rpm … Read More

polkit (SL6)

Synopsis: Important: polkit security update Advisory ID: SLSA-2019:0420-1 Issue Date: 2019-02-26 CVE Numbers: CVE-2019-6133 — Security Fix(es): * polkit: Temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133) — SL6 x86_64 polkit-0.96-11.el6_10.1.i686.rpm polkit-0.96-11.el6_10.1.x86_64.rpm polkit-debuginfo-0.96-11.el6_10.1.i686.rpm polkit-debuginfo-0.96-11.el6_10.1.x86_64.rpm polkit-devel-0.96-11.el6_10.1.i686.rpm polkit-devel-0.96-11.el6_10.1.x86_64.rpm polkit-docs-0.96-11.el6_10.1.x86_64.rpm i386 … Read More

flatpak (SL7)

Synopsis: Important: flatpak security update Advisory ID: SLSA-2019:0375-1 Issue Date: 2019-02-21 CVE Numbers: CVE-2019-8308 — Security Fix(es): * flatpak: potential /proc based sandbox escape (CVE-2019-8308) — SL7 x86_64 flatpak-1.0.2-4.el7_6.x86_64.rpm flatpak-builder-1.0.0-4.el7_6.x86_64.rpm flatpak-debuginfo-1.0.2-4.el7_6.x86_64.rpm flatpak-devel-1.0.2-4.el7_6.x86_64.rpm flatpak-libs-1.0.2-4.el7_6.x86_64.rpm firefox-60.5.1-1.el7_6.i686.rpm firefox-60.5.1-1.el7_6.x86_64.rpm firefox-debuginfo-60.5.1-1.el7_6.i686.rpm firefox-debuginfo-60.5.1-1.el7_6.x86_64.rpm – Scientific Linux … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2019:0374-1 Issue Date: 2019-02-21 CVE Numbers: None — Security Fix(es): This update upgrades Firefox to version 60.5.1 ESR. Security Fix(es): * chromium-browser, mozilla: Use after free in Skia (CVE-2018-18356) * mozilla: Integer overflow … Read More

firefox (SL6)

Synopsis: Important: firefox security update Advisory ID: SLSA-2019:0373-1 Issue Date: 2019-02-19 CVE Numbers: CVE-2018-18356 CVE-2019-5785 — This update upgrades Firefox to version 60.5.1 ESR. Security Fix(es): * chromium-browser, mozilla: Use after free in Skia (CVE-2018-18356) * mozilla: Integer overflow in … Read More

systemd (SL7)

Synopsis: Important: systemd security update Advisory ID: SLSA-2019:0368-1 Issue Date: 2019-02-21 CVE Numbers: CVE-2019-6454 — Security Fix(es): * systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) — SL7 x86_64 libgudev1-219-62.el7_6.5.i686.rpm libgudev1-219-62.el7_6.5.x86_64.rpm libgudev1-devel-219-62.el7_6.5.i686.rpm libgudev1-devel-219-62.el7_6.5.x86_64.rpm systemd-219-62.el7_6.5.x86_64.rpm systemd-debuginfo-219-62.el7_6.5.i686.rpm systemd-debuginfo-219-62.el7_6.5.x86_64.rpm … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:0270-1 Issue Date: 2019-02-04 CVE Numbers: CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2016-5824 — This update upgrades Thunderbird to version 60.5.0. Security Fix(es): * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed … Read More