fribidi (SL7)

Synopsis: Important: fribidi security update Advisory ID: SLSA-2019:4326-1 Issue Date: 2019-12-19 CVE Numbers: CVE-2019-18397 — Security Fix(es): * fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex() in lib /fribidi-bidi.c leading to denial of service and possible code execution (CVE-2019-18397) — SL7 x86_64 fribidi-debuginfo-1.0.2-1.el7_7.1.i686.rpm … Read More

kernel (SL6)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2019:4256-1 Issue Date: 2019-12-17 CVE Numbers: CVE-2019-14821 — Security Fix(es): * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) Bug Fix(es): * KEYS: prevent creating a different user’s … Read More

freetype (SL6)

Synopsis: Moderate: freetype security update Advisory ID: SLSA-2019:4254-1 Issue Date: 2019-12-17 CVE Numbers: CVE-2015-9381 CVE-2015-9382 — Security Fix(es): * freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to information disclosure (CVE-2015-9381) * freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face … Read More

openslp (SL7)

Synopsis: Critical: openslp security update Advisory ID: SLSA-2019:4240-1 Issue Date: 2019-12-16 CVE Numbers: CVE-2019-5544 — Security Fix(es): * openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution (CVE-2019-5544) — SL7 x86_64 openslp-2.0.0-8.el7_7.i686.rpm openslp-2.0.0-8.el7_7.x86_64.rpm openslp-debuginfo-2.0.0-8.el7_7.i686.rpm openslp-debuginfo-2.0.0-8.el7_7.x86_64.rpm openslp-server-2.0.0-8.el7_7.x86_64.rpm … Read More

thunderbird (SL6)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:4205-1 Issue Date: 2019-12-11 CVE Numbers: CVE-2019-17008 CVE-2019-17010 CVE-2019-17005 CVE-2019-17011 CVE-2019-17012 — This update upgrades Thunderbird to version 68.3.0. Security Fix(es): * Mozilla: Use-after-free in worker destruction (CVE-2019-17008) * Mozilla: Memory safety bugs … Read More

nss-softokn (SL6)

Synopsis: Important: nss-softokn security update Advisory ID: SLSA-2019:4152-1 Issue Date: 2019-12-10 CVE Numbers: CVE-2019-11745 — Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) — SL6 x86_64 nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm … Read More

nss, nss-softokn, nss-util (SL7)

Synopsis: Important: nss, nss-softokn, nss-util security update Advisory ID: SLSA-2019:4190-1 Issue Date: 2019-12-10 CVE Numbers: None — Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) * nss: Empty or … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:4148-1 Issue Date: 2019-12-10 CVE Numbers: CVE-2019-17008 CVE-2019-17010 CVE-2019-17005 CVE-2019-17011 CVE-2019-17012 — This update upgrades Thunderbird to version 68.3.0. Security Fix(es): * Mozilla: Use-after-free in worker destruction (CVE-2019-17008) * Mozilla: Memory safety bugs … Read More

firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2019:4107-1 Issue Date: 2019-12-05 CVE Numbers: CVE-2019-17008 CVE-2019-17010 CVE-2019-17005 CVE-2019-17011 CVE-2019-17012 — Security Fix(es): * Mozilla: Use-after-free in worker destruction (CVE-2019-17008) * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2019:3979-1 Issue Date: 2019-12-05 CVE Numbers: CVE-2019-14821 CVE-2019-15239 — Security Fix(es): * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: local attacker can trigger multiple use-after-free … Read More