freeradius (SL7)

Synopsis: Important: freeradius security update Advisory ID: SLSA-2017:2389-1 Issue Date: 2017-08-02 CVE Numbers: CVE-2017-10978 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10986 CVE-2017-10987 — Security Fix(es): * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. … Read More

ghostscript (SL7)

Synopsis: Low: ghostscript security and bug fix update Advisory ID: SLSA-2017:2180-1 Issue Date: 2017-08-02 CVE Numbers: CVE-2017-7207 — Security Fix(es): * A NULL pointer dereference flaw was found in ghostscript’s mem_get_bits_rectangle function. A specially crafted postscript document could cause a … Read More

gdm and gnome-session (SL7)

Synopsis: Moderate: gdm and gnome-session security, bug fix, Advisory ID: SLSA-2017:2128-1 Issue Date: 2017-08-02 CVE Numbers: CVE-2015-7496 — The following packages have been upgraded to a later upstream version: gdm (3.22.3), gnome-session (3.22.3). Security Fix(es): * It was found that … Read More

java-1.7.0-openjdk (SL6, SL7)

Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: SLSA-2017:2424-1 Issue Date: 2017-08-07 CVE Numbers: CVE-2017-10107 CVE-2017-10089 CVE-2017-10090 CVE-2017-10087 CVE-2017-10110 CVE-2017-10101 CVE-2017-10096 CVE-2017-10074 CVE-2017-10067 CVE-2017-10109 CVE-2017-10081 CVE-2017-10116 CVE-2017-10115 CVE-2017-10135 CVE-2017-10108 CVE-2017-10053 CVE-2017-10102 CVE-2017-10243 — Security Fix(es): * It was discovered that the … Read More

log4j (SL7)

Synopsis: Important: log4j security update Advisory ID: SLSA-2017:2423-1 Issue Date: 2017-08-07 CVE Numbers: CVE-2017-5645 — Security Fix(es): * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via … Read More

httpd (SL7)

Synopsis: Important: httpd security update Advisory ID: SLSA-2017:2479-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 CVE-2017-9788 CVE-2017-7668 — Security Fix(es): * It was discovered that the httpd’s mod_auth_digest module did not properly initialize memory before using it when processing … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2017:2473-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-7533 — Security Fix(es): * A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads … Read More

libsoup (SL7)

Synopsis: Important: libsoup security update Advisory ID: SLSA-2017:2459-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-2885 — Security Fix(es): * A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause … Read More

spice (SL7)

Synopsis: Important: spice security update Advisory ID: SLSA-2017:2471-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-7506 — Security Fix(es): * A vulnerability was discovered in spice server’s protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing … Read More

firefox (SL6, SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2017:2456-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809 — This update upgrades Firefox to version 52.3.0 ESR. Security Fix(es): * … Read More