java-1.7.0-openjdk (SL6)

Synopsis: Moderate: java-1.7.0-openjdk security update Advisory ID: SLSA-2019:3158-1 Issue Date: 2019-10-22 CVE Numbers: None — Security Fix(es): * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses … Read More

java-1.7.0-openjdk (SL7)

Synopsis: Moderate: java-1.7.0-openjdk security update Advisory ID: SLSA-2019:3157-1 Issue Date: 2019-10-22 CVE Numbers: None — Security Fix(es): * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses … Read More

java-1.8.0-openjdk (SL6)

Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: SLSA-2019:3136-1 Issue Date: 2019-10-18 CVE Numbers: CVE-2019-2964 CVE-2019-2975 CVE-2019-2973 CVE-2019-2981 CVE-2019-2999 CVE-2019-2988 CVE-2019-2978 CVE-2019-2992 CVE-2019-2987 CVE-2019-2983 CVE-2019-2962 CVE-2019-2949 CVE-2019-2945 CVE-2019-2989 — Security Fix(es): * OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2019:3055-1 Issue Date: 2019-10-16 CVE Numbers: None — Security Fix(es): * kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856) * kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846) * … Read More

java-11-openjdk (SL7)

Synopsis: Important: java-11-openjdk security update Advisory ID: SLSA-2019:3127-1 Issue Date: 2019-10-16 CVE Numbers: None — Security Fix(es): * OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, … Read More

java-1.8.0-openjdk (SL7)

Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: SLSA-2019:3128-1 Issue Date: 2019-10-16 CVE Numbers: CVE-2019-2945 CVE-2019-2949 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 — Security Fix(es): * OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) … Read More

jss (SL7)

Synopsis: Important: jss security update Advisory ID: SLSA-2019:3067-1 Issue Date: 2019-10-16 CVE Numbers: None — Security Fix(es): * JSS: OCSP policy “Leaf and Chain” implicitly trusts the root certificate (CVE-2019-14823) For more details about the security issue(s), including the impact, … Read More

patch (SL7)

Synopsis: Important: patch security update Advisory ID: SLSA-2019:2964-1 Issue Date: 2019-10-03 CVE Numbers: CVE-2019-13638 CVE-2018-20969 — Security Fix(es): * patch: do_ed_script in pch.c does not block strings beginning with a ! character (CVE-2018-20969) * patch: OS shell command injection when … Read More

qemu-kvm (SL6)

Synopsis: Important: qemu-kvm security update Advisory ID: SLSA-2019:2892-1 Issue Date: 2019-09-24 CVE Numbers: CVE-2018-11806 CVE-2019-6778 CVE-2019-12155 CVE-2018-10839 CVE-2018-17962 — Security Fix(es): * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806) * QEMU: slirp: heap buffer overflow in tcp_emu() … Read More

dovecot (SL6)

Synopsis: Important: dovecot security update Advisory ID: SLSA-2019:2885-1 Issue Date: 2019-09-23 CVE Numbers: CVE-2019-11500 — * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) — SL6 x86_64 dovecot-2.0.9-22.el6_10.1.i686.rpm dovecot-2.0.9-22.el6_10.1.x86_64.rpm dovecot-debuginfo-2.0.9-22.el6_10.1.i686.rpm … Read More