qemu-kvm (SL7)

Synopsis: Moderate: qemu-kvm security update Advisory ID: SLSA-2017:2445-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-10664 — Security Fix(es): * Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The … Read More

subversion (SL7)

Synopsis: Important: subversion security update Advisory ID: SLSA-2017:2480-1 Issue Date: 2017-08-16 CVE Numbers: CVE-2017-9800 — Security Fix(es): * A shell command injection flaw related to the handling of “svn+ssh” URLs has been discovered in Subversion. An attacker could use this … Read More

groovy (SL7)

Synopsis: Important: groovy security update Advisory ID: SLSA-2017:2486-1 Issue Date: 2017-08-17 CVE Numbers: CVE-2016-6814 — Security Fix(es): * It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is … Read More

mercurial (SL7)

Synopsis: Important: mercurial security update Advisory ID: SLSA-2017:2489-1 Issue Date: 2017-08-17 CVE Numbers: CVE-2017-1000116 CVE-2017-1000115 — Security Fix(es): * A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository … Read More

git (SL7)

Synopsis: Important: git security update Advisory ID: SLSA-2017:2484-1 Issue Date: 2017-08-17 CVE Numbers: CVE-2017-1000117 — Security Fix(es): * A shell command injection flaw related to the handling of “ssh” URLs has been discovered in Git. An attacker could use this … Read More

xmlsec1 (SL7)

Synopsis: Moderate: xmlsec1 security update Advisory ID: SLSA-2017:2492-1 Issue Date: 2017-08-21 CVE Numbers: CVE-2017-1000061 — Security Fix(es): * It was discovered xmlsec1’s use of libxml2 inadvertently enabled external entity expansion (XXE) along with validation. An attacker could craft an XML … Read More

git (SL6)

Synopsis: Important: git security update Advisory ID: SLSA-2017:2485-1 Issue Date: 2017-08-17 CVE Numbers: CVE-2017-1000117 — Security Fix(es): * A shell command injection flaw related to the handling of “ssh” URLs has been discovered in Git. An attacker could use this … Read More

httpd (SL6)

Synopsis: Important: httpd security update Advisory ID: SLSA-2017:2478-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 CVE-2017-9788 — Security Fix(es): * It was discovered that the httpd’s mod_auth_digest module did not properly initialize memory before using it when processing certain … Read More

tomcat (SL7)

Synopsis: Important: tomcat security update Advisory ID: SLSA-2017:1809-1 Issue Date: 2017-07-27 CVE Numbers: CVE-2017-5648 CVE-2017-5664 — Security Fix(es): * A vulnerability was discovered in the error page mechanism in Tomcat’s DefaultServlet implementation. A crafted HTTP request could cause undesired side … Read More

graphite2 (SL7)

Synopsis: Important: graphite2 security update Advisory ID: SLSA-2017:1793-1 Issue Date: 2017-07-21 CVE Numbers: CVE-2017-7778 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 — The following packages have been upgraded to a newer upstream version: graphite2 (1.3.10). Security Fix(es): * Various vulnerabilities … Read More