samba4 (SL6)

Synopsis: Low: samba4 security and bug fix update Advisory ID: SLSA-2018:1883-1 Issue Date: 2018-06-19 CVE Numbers: CVE-2018-1050 — Security Fix(es): * samba: Null pointer indirection in printer server process (CVE-2018-1050) — SL6 x86_64 samba4-4.2.10-15.el6.x86_64.rpm samba4-client-4.2.10-15.el6.x86_64.rpm samba4-common-4.2.10-15.el6.x86_64.rpm samba4-dc-4.2.10-15.el6.x86_64.rpm samba4-dc-libs-4.2.10-15.el6.x86_64.rpm samba4-debuginfo-4.2.10-15.el6.x86_64.rpm samba4-devel-4.2.10-15.el6.x86_64.rpm … Read More

pcs (SL6)

Synopsis: Moderate: pcs security update Advisory ID: SLSA-2018:1927-1 Issue Date: 2018-06-19 CVE Numbers: CVE-2018-1086 — Security Fix(es): * pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086) — SL6 x86_64 pcs-0.9.155-3.el6.x86_64.rpm pcs-debuginfo-0.9.155-3.el6.x86_64.rpm i386 pcs-0.9.155-3.el6.i686.rpm pcs-debuginfo-0.9.155-3.el6.i686.rpm – Scientific Linux Development Team

qemu-kvm (SL7)

Synopsis: Important: qemu-kvm security update Advisory ID: SLSA-2018:2001-1 Issue Date: 2018-06-26 CVE Numbers: CVE-2018-3639 — Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2018:1965-1 Issue Date: 2018-06-26 CVE Numbers: CVE-2018-3639 CVE-2017-11600 — Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load … Read More

pki-core (SL7)

Synopsis: Moderate: pki-core security, bug fix, and enhancement update Advisory ID: SLSA-2018:1979-1 Issue Date: 2018-06-26 CVE Numbers: CVE-2018-1080 — Security Fix(es): * pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access (CVE-2018-1080) This issue was discovered … Read More

libvirt (SL7)

Synopsis: Important: libvirt security and bug fix update Advisory ID: SLSA-2018:1997-1 Issue Date: 2018-06-26 CVE Numbers: CVE-2018-3639 — Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & … Read More

git (SL7)

Synopsis: Important: git security update Advisory ID: SLSA-2018:1957-1 Issue Date: 2018-06-20 CVE Numbers: CVE-2018-11235 — Security Fix(es): * git: arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235) — SL7 x86_64 git-1.8.3.1-14.el7_5.x86_64.rpm git-daemon-1.8.3.1-14.el7_5.x86_64.rpm git-debuginfo-1.8.3.1-14.el7_5.x86_64.rpm git-svn-1.8.3.1-14.el7_5.x86_64.rpm noarch emacs-git-1.8.3.1-14.el7_5.noarch.rpm emacs-git-el-1.8.3.1-14.el7_5.noarch.rpm git-all-1.8.3.1-14.el7_5.noarch.rpm … Read More

kernel (SL7)

Synopsis: Moderate: kernel security update Advisory ID: SLSA-2018:1852-1 Issue Date: 2018-06-14 CVE Numbers: CVE-2018-3665 — Security Fix(es): * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) — SL7 x86_64 kernel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-headers-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-3.10.0-862.3.3.el7.x86_64.rpm … Read More

plexus-archiver (SL7)

Synopsis: Important: plexus-archiver security update Advisory ID: SLSA-2018:1836-1 Issue Date: 2018-06-12 CVE Numbers: CVE-2018-1002200 — Security Fix(es): * plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file (CVE-2018-1002200) — SL7 noarch plexus-archiver-2.4.2-5.el7_5.noarch.rpm plexus-archiver-javadoc-2.4.2-5.el7_5.noarch.rpm – … Read More

xmlrpc (SL7)

Synopsis: Important: xmlrpc security update Advisory ID: SLSA-2018:1780-1 Issue Date: 2018-05-31 CVE Numbers: CVE-2016-5003 — Security Fix(es): * xmlrpc: Deserialization of untrusted Java object through tag (CVE-2016-5003) — SL7 noarch xmlrpc-client-3.1.3-9.el7_5.noarch.rpm xmlrpc-common-3.1.3-9.el7_5.noarch.rpm xmlrpc-javadoc-3.1.3-9.el7_5.noarch.rpm xmlrpc-server-3.1.3-9.el7_5.noarch.rpm – Scientific Linux Development Team