xdg-user-dirs (SL7)

Synopsis: Low: xdg-user-dirs security and bug fix update Advisory ID: SLSA-2018:0842-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-15131 — Security Fix(es): * xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131) Additional Changes: — SL7 … Read More

pcs (SL7)

Synopsis: Important: pcs security update Advisory ID: SLSA-2018:1060-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-1000119 CVE-2018-1079 CVE-2018-1086 — Security Fix(es): * pcs: Privilege escalation via authorized user malicious REST call (CVE-2018-1079) * pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086) … Read More

libvncserver (SL7)

Synopsis: Moderate: libvncserver security update Advisory ID: SLSA-2018:1055-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-7225 — Security Fix(es): * libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225) — SL7 x86_64 libvncserver-0.9.9-12.el7_5.i686.rpm libvncserver-0.9.9-12.el7_5.x86_64.rpm libvncserver-debuginfo-0.9.9-12.el7_5.i686.rpm libvncserver-debuginfo-0.9.9-12.el7_5.x86_64.rpm libvncserver-devel-0.9.9-12.el7_5.i686.rpm libvncserver-devel-0.9.9-12.el7_5.x86_64.rpm – Scientific Linux Development … Read More

libvorbis (SL7)

Synopsis: Important: libvorbis security update Advisory ID: SLSA-2018:1058-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-5146 — Security Fix(es): * Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146) — SL7 x86_64 libvorbis-1.3.3-8.el7.1.i686.rpm libvorbis-1.3.3-8.el7.1.x86_64.rpm libvorbis-debuginfo-1.3.3-8.el7.1.i686.rpm libvorbis-debuginfo-1.3.3-8.el7.1.x86_64.rpm libvorbis-devel-1.3.3-8.el7.1.i686.rpm libvorbis-devel-1.3.3-8.el7.1.x86_64.rpm noarch libvorbis-devel-docs-1.3.3-8.el7.1.noarch.rpm … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2018:1099-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-5148 — This update upgrades Firefox to version 52.7.3 ESR. Security Fix(es): * firefox: Use-after-free in compositor potentially allows code execution (CVE-2018-5148) — SL7 x86_64 firefox-52.7.3-1.el7_5.x86_64.rpm firefox-debuginfo-52.7.3-1.el7_5.x86_64.rpm … Read More

librelp (SL6)

Synopsis: Critical: librelp security update Advisory ID: SLSA-2018:1225-1 Issue Date: 2018-04-24 CVE Numbers: CVE-2018-1000140 — Security Fix(es): * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c (CVE-2018-1000140) — SL6 x86_64 librelp-1.2.7-3.el6_9.1.x86_64.rpm librelp-debuginfo-1.2.7-3.el6_9.1.x86_64.rpm librelp-1.2.7-3.el6_9.1.i686.rpm librelp-debuginfo-1.2.7-3.el6_9.1.i686.rpm librelp-devel-1.2.7-3.el6_9.1.i686.rpm librelp-devel-1.2.7-3.el6_9.1.x86_64.rpm i386 librelp-1.2.7-3.el6_9.1.i686.rpm librelp-debuginfo-1.2.7-3.el6_9.1.i686.rpm … Read More

patch (SL6)

Synopsis: Important: patch security update Advisory ID: SLSA-2018:1199-1 Issue Date: 2018-04-23 CVE Numbers: CVE-2018-1000156 — Patch should be installed because it is a common way of upgrading applications. Security Fix(es): * patch: Malicious patch files cause ed to execute arbitrary … Read More

java-1.8.0-openjdk (SL6)

Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: SLSA-2018:1188-1 Issue Date: 2018-04-19 CVE Numbers: CVE-2018-2814 CVE-2018-2794 CVE-2018-2795 CVE-2018-2815 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2800 CVE-2018-2790 — Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) … Read More

python-paramiko (SL6)

Synopsis: Critical: python-paramiko security update Advisory ID: SLSA-2018:1124-1 Issue Date: 2018-04-12 CVE Numbers: CVE-2018-7750 — Security Fix(es): * python-paramiko: Authentication bypass in transport.py (CVE-2018-7750) — SL6 noarch python-paramiko-1.7.5-4.el6_9.noarch.rpm – Scientific Linux Development Team

firefox (SL6)

Synopsis: Important: firefox security update Advisory ID: SLSA-2018:1098-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-5148 — This update upgrades Firefox to version 52.7.3 ESR. Security Fix(es): * firefox: Use-after-free in compositor potentially allows code execution (CVE-2018-5148) — SL6 x86_64 firefox-52.7.3-1.el6_9.x86_64.rpm firefox-debuginfo-52.7.3-1.el6_9.x86_64.rpm … Read More