fuse (SL7)

Synopsis: Moderate: fuse security update Advisory ID: SLSA-2018:3324-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10906 — Security Fix(es): * fuse: bypass of the “user_allow_other” restriction when SELinux is active (CVE-2018-10906) — SL7 x86_64 fuse-2.9.2-11.el7.x86_64.rpm fuse-debuginfo-2.9.2-11.el7.i686.rpm fuse-debuginfo-2.9.2-11.el7.x86_64.rpm fuse-libs-2.9.2-11.el7.i686.rpm fuse-libs-2.9.2-11.el7.x86_64.rpm fuse-devel-2.9.2-11.el7.i686.rpm fuse-devel-2.9.2-11.el7.x86_64.rpm – … Read More

python-paramiko (SL7)

Synopsis: Critical: python-paramiko security update Advisory ID: SLSA-2018:3347-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-1000805 — Security Fix(es): * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) — SL7 noarch python-paramiko-2.1.1-9.el7.noarch.rpm python-paramiko-doc-2.1.1-9.el7.noarch.rpm python-paramiko-2.1.1-9.el7.src.rpm – Scientific Linux Development Team

wget (SL7)

Synopsis: Moderate: wget security and bug fix update Advisory ID: SLSA-2018:3052-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-0494 — Security Fix(es): * wget: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar (CVE-2018-0494) — SL7 x86_64 wget-1.14-18.el7.x86_64.rpm … Read More

ovmf (SL7)

Synopsis: Moderate: ovmf security, bug fix, and enhancement update Advisory ID: SLSA-2018:3090-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-0739 — Security Fix(es): * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) … Read More

wpa_supplicant (SL7)

Synopsis: Moderate: wpa_supplicant security and bug fix update Advisory ID: SLSA-2018:3107-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-14526 — Security Fix(es): * wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526) — SL7 x86_64 wpa_supplicant-2.6-12.el7.x86_64.rpm wpa_supplicant-debuginfo-2.6-12.el7.x86_64.rpm – Scientific Linux Development Team

jasper (SL7)

Synopsis: Low: jasper security update Advisory ID: SLSA-2018:3253-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2016-9396 CVE-2017-1000050 — Security Fix(es): * jasper: reachable assertion in JPC_NOMINALGAIN() (CVE-2016-9396) * jasper: NULL pointer exception in jp2_encode() (CVE-2017-1000050) — SL7 x86_64 jasper-debuginfo-1.900.1-33.el7.i686.rpm jasper-debuginfo-1.900.1-33.el7.x86_64.rpm jasper-libs-1.900.1-33.el7.i686.rpm jasper-libs-1.900.1-33.el7.x86_64.rpm … Read More

xerces-c (SL7)

Synopsis: Moderate: xerces-c security update Advisory ID: SLSA-2018:3335-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2016-4463 — Security Fix(es): * xerces-c: Stack overflow when parsing deeply nested DTD (CVE-2016-4463) — SL7 x86_64 xerces-c-3.1.1-9.el7.i686.rpm xerces-c-3.1.1-9.el7.x86_64.rpm xerces-c-debuginfo-3.1.1-9.el7.i686.rpm xerces-c-debuginfo-3.1.1-9.el7.x86_64.rpm xerces-c-devel-3.1.1-9.el7.i686.rpm xerces-c-devel-3.1.1-9.el7.x86_64.rpm noarch xerces-c-doc-3.1.1-9.el7.noarch.rpm – Scientific … Read More

GNOME (SL7)

Synopsis: Moderate: GNOME security, bug fix, and enhancement update Advisory ID: SLSA-2018:3140-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10733 CVE-2018-10768 CVE-2018-10767 CVE-2017-18267 CVE-2018-12910 CVE-2018-13988 — Security Fix(es): * libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910) * poppler: Infinite recursion in … Read More

java-1.7.0-openjdk (SL7)

Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: SLSA-2018:3350-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-3169 CVE-2018-3214 CVE-2018-3139 CVE-2018-3180 CVE-2018-3136 CVE-2018-3149 — Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, … Read More

krb5 (SL7)

Synopsis: Low: krb5 security, bug fix, and enhancement update Advisory ID: SLSA-2018:3071-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-5730 CVE-2018-5729 — Security Fix(es): * krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * … Read More