firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2019:1603-1 Issue Date: 2019-06-26 CVE Numbers: None — Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) — SL7 x86_64 firefox-60.7.2-1.el7_6.x86_64.rpm firefox-debuginfo-60.7.2-1.el7_6.x86_64.rpm firefox-60.7.2-1.el7_6.i686.rpm firefox-debuginfo-60.7.2-1.el7_6.i686.rpm – Scientific … Read More

thunderbird (SL6)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:1624-1 Issue Date: 2019-06-27 CVE Numbers: None — Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open … Read More

firefox (SL6)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2019:1604-1 Issue Date: 2019-06-26 CVE Numbers: None — Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) — SL6 x86_64 firefox-60.7.2-1.el6_10.x86_64.rpm firefox-debuginfo-60.7.2-1.el6_10.x86_64.rpm firefox-60.7.2-1.el6_10.i686.rpm firefox-debuginfo-60.7.2-1.el6_10.i686.rpm i386 firefox-60.7.2-1.el6_10.i686.rpm … Read More

python (SL7)

Synopsis: Important: python security update Advisory ID: SLSA-2019:1587-1 Issue Date: 2019-06-20 CVE Numbers: CVE-2019-10160 — Security Fix(es): * python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160) — SL7 x86_64 python-2.7.5-80.el7_6.x86_64.rpm python-debuginfo-2.7.5-80.el7_6.i686.rpm python-debuginfo-2.7.5-80.el7_6.x86_64.rpm python-libs-2.7.5-80.el7_6.i686.rpm … Read More

libvirt (SL6)

Synopsis: Moderate: libvirt security update Advisory ID: SLSA-2019:1578-1 Issue Date: 2019-06-20 CVE Numbers: CVE-2019-10161 — Security Fix(es): * libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) * libvirt: arbitrary command execution … Read More

libvirt (SL7)

Synopsis: Important: libvirt security and bug fix update Advisory ID: SLSA-2019:1579-1 Issue Date: 2019-06-20 CVE Numbers: CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 CVE-2019-10168 — Security Fix(es): * libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients … Read More

kernel (SL7)

Synopsis: Important: kernel security update Advisory ID: SLSA-2019:1481-1 Issue Date: 2019-06-17 CVE Numbers: CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 — Security Fix(es): * An integer overflow flaw was found in the way the Linux kernel’s networking subsystem processed TCP Selective Acknowledgment (SACK) segments. … Read More

kernel (SL6)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2019:1488-1 Issue Date: 2019-06-17 CVE Numbers: CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-3896 — Security Fix(es): * An integer overflow flaw was found in the way the Linux kernel’s networking subsystem processed TCP … Read More

bind (SL6)

Synopsis: Important: bind security update Advisory ID: SLSA-2019:1492-1 Issue Date: 2019-06-17 CVE Numbers: CVE-2018-5743 — Security Fix(es): * bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) — SL6 x86_64 bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-utils-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm i386 … Read More

python (SL6)

Synopsis: Important: python security update Advisory ID: SLSA-2019:1467-1 Issue Date: 2019-06-13 CVE Numbers: CVE-2019-9636 — Security Fix(es): * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) — SL6 x86_64 python-2.6.6-68.el6_10.x86_64.rpm python-debuginfo-2.6.6-68.el6_10.i686.rpm python-debuginfo-2.6.6-68.el6_10.x86_64.rpm python-libs-2.6.6-68.el6_10.i686.rpm python-libs-2.6.6-68.el6_10.x86_64.rpm tkinter-2.6.6-68.el6_10.x86_64.rpm python-devel-2.6.6-68.el6_10.i686.rpm python-devel-2.6.6-68.el6_10.x86_64.rpm python-test-2.6.6-68.el6_10.x86_64.rpm … Read More