zziplib (SL7)

Synopsis: Low: zziplib security update Advisory ID: SLSA-2018:3229-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-7725 CVE-2018-7726 CVE-2018-7727 — Security Fix(es): * zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash (CVE-2018-7725) * zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted … Read More

glusterfs (SL7)

Synopsis: Moderate: glusterfs security, bug fix, and Advisory ID: SLSA-2018:3242-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10911 — Security Fix(es): * glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory (CVE-2018-10911) — SL7 x86_64 glusterfs-3.12.2-18.el7.x86_64.rpm glusterfs-api-3.12.2-18.el7.x86_64.rpm glusterfs-cli-3.12.2-18.el7.x86_64.rpm glusterfs-client-xlators-3.12.2-18.el7.x86_64.rpm … Read More

libmspack (SL7)

Synopsis: Low: libmspack security update Advisory ID: SLSA-2018:3327-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-14679 CVE-2018-14681 CVE-2018-14680 CVE-2018-14682 — Security Fix(es): * libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) * libmspack: off-by-one error in the CHM … Read More

glibc (SL7)

Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: SLSA-2018:3092-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2017-16997 CVE-2018-6485 CVE-2018-11236 CVE-2018-11237 — Security Fix(es): * glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from … Read More

kernel (SL7)

Synopsis: Important: kernel security, bug fix, and enhancement Advisory ID: SLSA-2018:3083-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2015-8830 CVE-2018-5803 CVE-2018-1130 CVE-2017-0861 CVE-2018-5391 CVE-2016-4913 CVE-2017-10661 CVE-2017-17805 CVE-2018-5344 CVE-2018-1000026 CVE-2017-18208 CVE-2018-7740 CVE-2018-7757 CVE-2017-18232 CVE-2018-1092 CVE-2018-1094 CVE-2018-8781 CVE-2018-10322 CVE-2018-1118 CVE-2018-1120 CVE-2018-10940 CVE-2018-10902 CVE-2018-5848 CVE-2018-10878 … Read More

libvirt (SL7)

Synopsis: Moderate: libvirt security, bug fix, and enhancement Advisory ID: SLSA-2018:3113-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-6764 — Security Fix(es): * libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init (CVE-2018-6764) — SL7 x86_64 libvirt-4.5.0-10.el7.x86_64.rpm libvirt-bash-completion-4.5.0-10.el7.x86_64.rpm … Read More

zsh (SL7)

Synopsis: Moderate: zsh security and bug fix update Advisory ID: SLSA-2018:3073-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2014-10072 CVE-2017-18206 CVE-2018-1083 CVE-2018-1100 CVE-2014-10071 CVE-2018-7549 CVE-2017-18205 CVE-2018-1071 — Security Fix(es): * zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c (CVE-2018-1083) * zsh: buffer … Read More

openssl (SL7)

Synopsis: Moderate: openssl security, bug fix, and enhancement Advisory ID: SLSA-2018:3221-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-0739 CVE-2017-3735 CVE-2018-0737 CVE-2018-0732 CVE-2018-0495 — Security Fix(es): * openssl: ROHNP – Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious … Read More

libreoffice (SL7)

Synopsis: Moderate: libreoffice security and bug fix update Advisory ID: SLSA-2018:3054-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10119 CVE-2018-10120 CVE-2018-10583 — Security Fix(es): * libreoffice: Use-after-free in sdstor/stgstrms.cxx:StgSmallStrm class allows for denial of service with crafted document (CVE-2018-10119) * libreoffice: Out … Read More

libcdio (SL7)

Synopsis: Low: libcdio security update Advisory ID: SLSA-2018:3246-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2017-18198 CVE-2017-18199 CVE-2017-18201 — Security Fix(es): * libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198) * libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199) … Read More