yum-utils (SL7)

Synopsis: Important: yum-utils security update Advisory ID: SLSA-2018:2285-1 Issue Date: 2018-07-30 CVE Numbers: CVE-2018-10897 — Security Fix(es): * yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) — SL7 noarch yum-plugin-aliases-1.1.31-46.el7_5.noarch.rpm yum-plugin-changelog-1.1.31-46.el7_5.noarch.rpm yum-plugin-ovl-1.1.31-46.el7_5.noarch.rpm yum-plugin-tmprepo-1.1.31-46.el7_5.noarch.rpm yum-plugin-verify-1.1.31-46.el7_5.noarch.rpm yum-plugin-versionlock-1.1.31-46.el7_5.noarch.rpm yum-utils-1.1.31-46.el7_5.noarch.rpm yum-NetworkManager-dispatcher-1.1.31-46.el7_5.noarch.rpm … Read More

java-1.7.0-openjdk (SL7)

Synopsis: Moderate: java-1.7.0-openjdk security update Advisory ID: SLSA-2018:2286-1 Issue Date: 2018-07-30 CVE Numbers: CVE-2018-2952 — Security Fix(es): * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) — SL7 x86_64 java-1.7.0-openjdk-1.7.0.191-2.6.15.4.el7_5.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.191-2.6.15.4.el7_5.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.191-2.6.15.4.el7_5.x86_64.rpm java-1.7.0-openjdk-accessibility-1.7.0.191-2.6.15.4.el7_5.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.191-2.6.15.4.el7_5.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.191-2.6.15.4.el7_5.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.191-2.6.15.4.el7_5.x86_64.rpm java-1.7.0-openjdk-1.7.0.191-2.6.15.4.el7_5.src.rpm noarch … Read More

thunderbird (SL6)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2018:2251-1 Issue Date: 2018-07-25 CVE Numbers: CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-5188 CVE-2018-12373 CVE-2018-12372 CVE-2018-12374 — This update upgrades Thunderbird to version 52.9.1. Security Fix(es): * Mozilla: Memory safety bugs fixed … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2018:2252-1 Issue Date: 2018-07-25 CVE Numbers: CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-5188 CVE-2018-12373 CVE-2018-12372 CVE-2018-12374 — This update upgrades Thunderbird to version 52.9.1. Security Fix(es): * Mozilla: Memory safety bugs fixed … Read More

java-1.8.0-openjdk (SL6)

Synopsis: Moderate: java-1.8.0-openjdk security update Advisory ID: SLSA-2018:2241-1 Issue Date: 2018-07-23 CVE Numbers: CVE-2018-2952 — Security Fix(es): * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) — SL6 x86_64 java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.181-3.b13.el6_10.x86_64.rpm … Read More

openslp (SL7)

Synopsis: Important: openslp security update Advisory ID: SLSA-2018:2240-1 Issue Date: 2018-07-23 CVE Numbers: CVE-2017-17833 — Security Fix(es): * openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution (CVE-2017-17833) — SL7 x86_64 openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm … Read More

java-1.8.0-openjdk (SL7)

Synopsis: Moderate: java-1.8.0-openjdk security and bug fix update Advisory ID: SLSA-2018:2242-1 Issue Date: 2018-07-23 CVE Numbers: CVE-2018-2952 — Security Fix(es): * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) Note: If the web browser plug-in provided by the … Read More

gnupg2 (SL7)

Synopsis: Important: gnupg2 security update Advisory ID: SLSA-2018:2181-1 Issue Date: 2018-07-12 CVE Numbers: CVE-2018-12020 — Security Fix(es): * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) — SL7 … Read More

gnupg2 (SL6)

Synopsis: Important: gnupg2 security update Advisory ID: SLSA-2018:2180-1 Issue Date: 2018-07-12 CVE Numbers: CVE-2018-12020 — Security Fix(es): * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) — SL6 … Read More

qemu-kvm (SL6)

Synopsis: Important: qemu-kvm security update Advisory ID: SLSA-2018:2162-1 Issue Date: 2018-07-10 CVE Numbers: CVE-2017-13672 CVE-2018-5683 CVE-2018-7858 CVE-2018-3639 — Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & … Read More