ghostscript (SL7)

Synopsis: Important: ghostscript security update Advisory ID: SLSA-2019:2586-1 Issue Date: 2019-09-03 CVE Numbers: CVE-2019-14813 CVE-2019-14812 CVE-2019-14811 CVE-2019-14817 — Security Fix(es): * ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445) (CVE-2019-14811) * ghostscript: Safer mode bypass by .forceput exposure … Read More

pango (SL7)

Synopsis: Important: pango security update Advisory ID: SLSA-2019:2571-1 Issue Date: 2019-08-28 CVE Numbers: CVE-2019-1010238 — Security Fix(es): * pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow (CVE-2019-1010238) — SL7 x86_64 pango-1.42.4-4.el7_7.i686.rpm pango-1.42.4-4.el7_7.x86_64.rpm pango-debuginfo-1.42.4-4.el7_7.i686.rpm pango-debuginfo-1.42.4-4.el7_7.x86_64.rpm pango-devel-1.42.4-4.el7_7.i686.rpm pango-devel-1.42.4-4.el7_7.x86_64.rpm pango-tests-1.42.4-4.el7_7.x86_64.rpm – Scientific Linux Development Team

ghostscript (SL7)

Synopsis: Important: ghostscript security update Advisory ID: SLSA-2019:2462-1 Issue Date: 2019-08-12 CVE Numbers: CVE-2019-10216 — Security Fix(es): * ghostscript: -dSAFER escape via .buildfont1 (701394) (CVE-2019-10216) — SL7 x86_64 ghostscript-9.25-2.el7_7.1.i686.rpm ghostscript-9.25-2.el7_7.1.x86_64.rpm ghostscript-cups-9.25-2.el7_7.1.x86_64.rpm ghostscript-debuginfo-9.25-2.el7_7.1.i686.rpm ghostscript-debuginfo-9.25-2.el7_7.1.x86_64.rpm libgs-9.25-2.el7_7.1.i686.rpm libgs-9.25-2.el7_7.1.x86_64.rpm ghostscript-gtk-9.25-2.el7_7.1.x86_64.rpm libgs-devel-9.25-2.el7_7.1.i686.rpm libgs-devel-9.25-2.el7_7.1.x86_64.rpm noarch ghostscript-doc-9.25-2.el7_7.1.noarch.rpm … Read More

uriparser (SL7)

Synopsis: Moderate: uriparser security update Advisory ID: SLSA-2019:2280-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-19198 CVE-2018-19199 — * uriparser: Out-of-bounds write via uriComposeQuery* or uriComposeQueryEx* function (CVE-2018-19198) * uriparser: Integer overflow via uriComposeQuery* or uriComposeQueryEx* function (CVE-2018-19199) — SL7 x86_64 uriparser-0.7.5-10.el7.x86_64.rpm … Read More

advancecomp (SL7)

Synopsis: Low: advancecomp security update Advisory ID: SLSA-2019:2332-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2019-8379 CVE-2019-8383 — Security Fix(es): * advancecomp: null pointer dereference in function be_uint32_read() in endianrw.h (CVE-2019-8379) * advancecomp: denial of service in function adv_png_unfilter_8 in lib/png.c (CVE-2019-8383) … Read More

zsh (SL7)

Synopsis: Moderate: zsh security and bug fix update Advisory ID: SLSA-2019:2017-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-13259 — Security Fix(es): * zsh: Improper handling of shebang line longer than 64 (CVE-2018-13259) — SL7 x86_64 zsh-5.0.2-33.el7.x86_64.rpm zsh-html-5.0.2-33.el7.x86_64.rpm zsh-debuginfo-5.0.2-33.el7.x86_64.rpm – Scientific Linux … Read More

unixODBC (SL7)

Synopsis: Moderate: unixODBC security update Advisory ID: SLSA-2019:2336-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-7409 CVE-2018-7485 — Security Fix(es): * unixODBC: Buffer overflow in unicode_to_ansi_copy() can lead to crash or other unspecified impact (CVE-2018-7409) * unixODBC: Insecure buffer copy in SQLWriteFileDSN … Read More

mercurial (SL7)

Synopsis: Moderate: mercurial security update Advisory ID: SLSA-2019:2276-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-1000132 CVE-2018-13347 CVE-2018-13346 — Security Fix(es): * mercurial: Buffer underflow in mpatch.c:mpatch_apply() (CVE-2018-13347) * mercurial: HTTP server permissions bypass (CVE-2018-1000132) * mercurial: Missing check for fragment start … Read More

blktrace (SL7)

Synopsis: Low: blktrace security update Advisory ID: SLSA-2019:2162-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-10689 — Security Fix(es): * blktrace: buffer overflow in the dev_map_read function in btt/devmap.c (CVE-2018-10689) — SL7 x86_64 blktrace-1.0.5-9.el7.x86_64.rpm blktrace-debuginfo-1.0.5-9.el7.x86_64.rpm – Scientific Linux Development Team

polkit (SL7)

Synopsis: Moderate: polkit security and bug fix update Advisory ID: SLSA-2019:2046-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-19788 — Security Fix(es): * polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass (CVE-2018-19788) — SL7 x86_64 polkit-devel-0.112-22.el7.x86_64.rpm polkit-docs-0.112-22.el7.noarch.rpm … Read More