java-1.8.0-openjdk (SL6)

Synopsis: Important: java-1.8.0-openjdk security and bug fix update Advisory ID: SLSA-2019:0774-1 Issue Date: 2019-04-17 CVE Numbers: CVE-2019-2602 CVE-2019-2698 CVE-2019-2684 — Security Fix(es): * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of … Read More

java-1.8.0-openjdk (SL7)

Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: SLSA-2019:0775-1 Issue Date: 2019-04-17 CVE Numbers: CVE-2019-2602 CVE-2019-2698 CVE-2019-2684 — Security Fix(es): * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long … Read More

mod_auth_mellon (SL7)

Synopsis: Important: mod_auth_mellon security and bug fix update Advisory ID: SLSA-2019:0766-1 Issue Date: 2019-04-16 CVE Numbers: CVE-2019-3877 CVE-2019-3878 — Security Fix(es): * mod_auth_mellon: authentication bypass in ECP flow (CVE-2019-3878) * mod_auth_mellon: open redirect in logout url when using URLs with … Read More

kernel (SL6)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2019:0717-1 Issue Date: 2019-04-09 CVE Numbers: CVE-2018-13405 — Security Fix(es): * kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) — SL6 x86_64 kernel-2.6.32-754.12.1.el6.x86_64.rpm … Read More

openssh (SL6)

Synopsis: Low: openssh security update Advisory ID: SLSA-2019:0711-1 Issue Date: 2019-04-09 CVE Numbers: CVE-2018-15473 — Security Fix(es): * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) — SL6 x86_64 openssh-5.3p1-124.el6_10.x86_64.rpm openssh-askpass-5.3p1-124.el6_10.x86_64.rpm openssh-clients-5.3p1-124.el6_10.x86_64.rpm openssh-debuginfo-5.3p1-124.el6_10.x86_64.rpm openssh-server-5.3p1-124.el6_10.x86_64.rpm openssh-debuginfo-5.3p1-124.el6_10.i686.rpm openssh-ldap-5.3p1-124.el6_10.x86_64.rpm pam_ssh_agent_auth-0.9.3-124.el6_10.i686.rpm pam_ssh_agent_auth-0.9.3-124.el6_10.x86_64.rpm … Read More

python (SL7)

Synopsis: Important: python security update Advisory ID: SLSA-2019:0710-1 Issue Date: 2019-04-08 CVE Numbers: CVE-2019-9636 — Security Fix(es): * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) — SL7 x86_64 python-2.7.5-77.el7_6.x86_64.rpm python-debuginfo-2.7.5-77.el7_6.i686.rpm python-debuginfo-2.7.5-77.el7_6.x86_64.rpm python-libs-2.7.5-77.el7_6.i686.rpm python-libs-2.7.5-77.el7_6.x86_64.rpm python-debug-2.7.5-77.el7_6.x86_64.rpm python-devel-2.7.5-77.el7_6.x86_64.rpm python-test-2.7.5-77.el7_6.x86_64.rpm python-tools-2.7.5-77.el7_6.x86_64.rpm … Read More

freerdp (SL7)

Synopsis: Important: freerdp security update Advisory ID: SLSA-2019:0697-1 Issue Date: 2019-04-02 CVE Numbers: CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 — Security Fix(es): * freerdp: Integer truncation leading to heap-based buffer overflow in update_read_bitmap_update() function (CVE-2018-8786) * freerdp: Integer overflow leading to heap-based buffer … Read More

thunderbird (SL6)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:0680-1 Issue Date: 2019-03-28 CVE Numbers: CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9810 CVE-2019-9813 — Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:0681-1 Issue Date: 2019-03-28 CVE Numbers: CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9810 CVE-2019-9813 — Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) … Read More

libssh2 (SL7)

Synopsis: Important: libssh2 security update Advisory ID: SLSA-2019:0679-1 Issue Date: 2019-03-28 CVE Numbers: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3863 — Security Fix(es): * libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) * libssh2: Integer overflow in keyboard … Read More