java-1.8.0-openjdk (SL6, SL7)

Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: SLSA-2017:1789-1 Issue Date: 2017-07-20 CVE Numbers: CVE-2017-10107 CVE-2017-10089 CVE-2017-10090 CVE-2017-10087 CVE-2017-10110 CVE-2017-10111 CVE-2017-10101 CVE-2017-10096 CVE-2017-10074 CVE-2017-10067 CVE-2017-10109 CVE-2017-10081 CVE-2017-10193 CVE-2017-10116 CVE-2017-10115 CVE-2017-10135 CVE-2017-10108 CVE-2017-10053 CVE-2017-10078 CVE-2017-10198 CVE-2017-10102 — Security Fix(es): * It was … Read More

freeradius (SL6)

Synopsis: Important: freeradius security update Advisory ID: SLSA-2017:1759-1 Issue Date: 2017-07-18 CVE Numbers: CVE-2017-10978 CVE-2017-10979 CVE-2017-10980 CVE-2017-10981 CVE-2017-10982 CVE-2017-10983 — Security Fix(es): * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. … Read More

httpd (SL6)

Synopsis: Moderate: httpd security and bug fix update Advisory ID: SLSA-2017:1721-1 Issue Date: 2017-07-11 CVE Numbers: CVE-2016-8743 — Security Fix(es): * It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol … Read More

kernel (SL6)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2017:1723-1 Issue Date: 2017-07-11 CVE Numbers: CVE-2017-7895 — Security Fix(es): * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of … Read More

bind (SL6)

Synopsis: Important: bind security and bug fix update Advisory ID: SLSA-2017:1679-1 Issue Date: 2017-07-05 CVE Numbers: CVE-2017-3142 CVE-2017-3143 — Security Fix(es): * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able … Read More

bind (SL7)

Synopsis: Important: bind security and bug fix update Advisory ID: SLSA-2017:1680-1 Issue Date: 2017-07-05 CVE Numbers: CVE-2017-3142 CVE-2017-3143 — Security Fix(es): * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able … Read More

qemu-kvm (SL7)

Synopsis: Important: qemu-kvm security update Advisory ID: SLSA-2017:1681-1 Issue Date: 2017-07-05 CVE Numbers: CVE-2017-9524 — Security Fix(es): * Quick Emulator (QEMU) built with Network Block Device (NBD) Server support was vulnerable to a null-pointer dereference issue. The flaw could occur … Read More

Linux at Fermilab June 2017

The quarterly meeting was held June 28, 2017. Meeting Materials: General Updates – Bonnie King General Status updates on Scientific Linux at Fermilab External Repos – Pat Riehecky Which external repos are bundled with Scientific Linux and what can you … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2017:1615-1 Issue Date: 2017-06-28 CVE Numbers: CVE-2017-6214 CVE-2017-2583 CVE-2017-7645 CVE-2017-7477 CVE-2017-7895 — Security Fix(es): * A flaw was found in the way Linux kernel allocates heap memory to build the … Read More

freeradius (SL7)

Synopsis: Important: freeradius security update Advisory ID: SLSA-2017:1581-1 Issue Date: 2017-06-28 CVE Numbers: CVE-2017-9148 — Security Fix(es): * An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker … Read More