389-ds-base (SL6)

Synopsis: Important: 389-ds-base security update Advisory ID: SLSA-2018:1364-1 Issue Date: 2018-05-09 CVE Numbers: CVE-2018-1089 — Security Fix(es): * 389-ds-base: ns-slapd crash via large filter value in ldapsearch (CVE-2018-1089) — SL6 x86_64 389-ds-base-1.2.11.15-95.el6_9.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-95.el6_9.i686.rpm 389-ds-base-debuginfo-1.2.11.15-95.el6_9.x86_64.rpm 389-ds-base-devel-1.2.11.15-95.el6_9.i686.rpm 389-ds-base-devel-1.2.11.15-95.el6_9.x86_64.rpm 389-ds-base-libs-1.2.11.15-95.el6_9.i686.rpm 389-ds-base-libs-1.2.11.15-95.el6_9.x86_64.rpm i386 389-ds-base-1.2.11.15-95.el6_9.i686.rpm … Read More

kernel (SL7)

Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: SLSA-2018:1318-1 Issue Date: 2018-05-08 CVE Numbers: CVE-2017-16939 CVE-2018-1068 CVE-2018-1091 CVE-2018-1087 CVE-2018-8897 CVE-2018-1000199 — Security Fix(es): * Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087) … Read More

kernel (SL6)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2018:1319-1 Issue Date: 2018-05-08 CVE Numbers: CVE-2017-7645 CVE-2017-5754 CVE-2017-8824 CVE-2017-1000410 CVE-2017-18017 CVE-2017-13166 CVE-2018-8897 — Security Fix(es): * hw: cpu: speculative execution permission faults handling (CVE-2017-5754) * Kernel: error in exception … Read More

java-1.7.0-openjdk (SL7)

Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: SLSA-2018:1278-1 Issue Date: 2018-05-02 CVE Numbers: CVE-2018-2814 CVE-2018-2794 CVE-2018-2795 CVE-2018-2815 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2800 CVE-2018-2790 — Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) … Read More

krb5 (SL7)

Synopsis: Moderate: krb5 security, bug fix, and enhancement update Advisory ID: SLSA-2018:0666-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-11368 CVE-2017-7562 — Security Fix(es): * krb5: Authentication bypass by improper validation of certificate EKU and SAN (CVE-2017-7562) * krb5: Invalid S4U2Self or … Read More

java-1.7.0-openjdk (SL6)

Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: SLSA-2018:1270-1 Issue Date: 2018-04-30 CVE Numbers: CVE-2018-2814 CVE-2018-2794 CVE-2018-2795 CVE-2018-2815 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2800 CVE-2018-2790 — Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) … Read More

policycoreutils (SL7)

Synopsis: Low: policycoreutils security, bug fix, and enhancement update Advisory ID: SLSA-2018:0913-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-1063 — Security Fix(es): * policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead (CVE-2018-1063) This … Read More

librelp (SL7)

Synopsis: Critical: librelp security update Advisory ID: SLSA-2018:1223-1 Issue Date: 2018-04-24 CVE Numbers: CVE-2018-1000140 — Security Fix(es): * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c (CVE-2018-1000140) — SL7 x86_64 librelp-1.2.12-1.el7_5.1.i686.rpm librelp-1.2.12-1.el7_5.1.x86_64.rpm librelp-debuginfo-1.2.12-1.el7_5.1.i686.rpm librelp-debuginfo-1.2.12-1.el7_5.1.x86_64.rpm librelp-devel-1.2.12-1.el7_5.1.i686.rpm librelp-devel-1.2.12-1.el7_5.1.x86_64.rpm – Scientific Linux … Read More

PackageKit (SL7)

Synopsis: Moderate: PackageKit security update Advisory ID: SLSA-2018:1224-1 Issue Date: 2018-04-24 CVE Numbers: CVE-2018-1106 — Security Fix(es): * PackageKit: authentication bypass allows to install signed packages without administrator privileges (CVE-2018-1106) — SL7 x86_64 PackageKit-1.1.5-2.sl7_5.x86_64.rpm PackageKit-command-not-found-1.1.5-2.sl7_5.x86_64.rpm PackageKit-debuginfo-1.1.5-2.sl7_5.i686.rpm PackageKit-debuginfo-1.1.5-2.sl7_5.x86_64.rpm PackageKit-glib-1.1.5-2.sl7_5.i686.rpm PackageKit-glib-1.1.5-2.sl7_5.x86_64.rpm PackageKit-gstreamer-plugin-1.1.5-2.sl7_5.x86_64.rpm … Read More

patch (SL7)

Synopsis: Important: patch security update Advisory ID: SLSA-2018:1200-1 Issue Date: 2018-04-23 CVE Numbers: CVE-2018-1000156 — Patch should be installed because it is a common way of upgrading applications. Security Fix(es): * patch: Malicious patch files cause ed to execute arbitrary … Read More