firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2017:1106-1 Issue Date: 2017-04-20 CVE Numbers: CVE-2017-5442 CVE-2017-5443 CVE-2017-5429 CVE-2017-5464 CVE-2017-5465 CVE-2017-5460 CVE-2017-5448 CVE-2017-5449 CVE-2017-5446 CVE-2017-5447 CVE-2017-5444 CVE-2017-5445 CVE-2017-5469 CVE-2017-5440 CVE-2017-5441 CVE-2017-5439 CVE-2017-5438 CVE-2017-5437 CVE-2017-5436 CVE-2017-5435 CVE-2017-5434 CVE-2017-5433 CVE-2017-5432 CVE-2017-5459 CVE-2017-5456 CVE-2017-5466 CVE-2017-5467 … Read More

nss and nss-util (SL6, SL7)

Synopsis: Critical: nss and nss-util security update Advisory ID: SLSA-2017:1100-1 Issue Date: 2017-04-20 CVE Numbers: CVE-2017-5461 — The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer … Read More

nss-util (SL6, SL7)

Synopsis: Critical: nss-util security update Advisory ID: SLSA-2017:1102-1 Issue Date: 2017-04-20 CVE Numbers: CVE-2017-5461 — Security Fix(es): * An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create … Read More

firefox (SL6)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2017:1104-1 Issue Date: 2017-04-20 CVE Numbers: CVE-2017-5442 CVE-2017-5443 CVE-2017-5429 CVE-2017-5464 CVE-2017-5465 CVE-2017-5460 CVE-2017-5448 CVE-2017-5449 CVE-2017-5446 CVE-2017-5447 CVE-2017-5444 CVE-2017-5445 CVE-2017-5469 CVE-2017-5440 CVE-2017-5441 CVE-2017-5439 CVE-2017-5438 CVE-2017-5437 CVE-2017-5436 CVE-2017-5435 CVE-2017-5434 CVE-2017-5433 CVE-2017-5432 CVE-2017-5459 — This update … Read More

bind (SL6)

Synopsis: Important: bind security update Advisory ID: SLSA-2017:1105-1 Issue Date: 2017-04-20 CVE Numbers: CVE-2017-3136 CVE-2017-3137 — Security Fix(es): * A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records … Read More

libreoffice (SL6)

Synopsis: Moderate: libreoffice security update Advisory ID: SLSA-2017:0979-1 Issue Date: 2017-04-18 CVE Numbers: CVE-2017-3157 — Security Fix(es): * It was found that LibreOffice disclosed contents of a file specified in an embedded object’s preview. An attacker could potentially use this … Read More

bind (SL7)

Synopsis: Important: bind security update Advisory ID: SLSA-2017:1095-1 Issue Date: 2017-04-19 CVE Numbers: CVE-2017-3136 CVE-2017-3137 — Security Fix(es): * A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records … Read More

qemu-kvm (SL7)

Synopsis: Important: qemu-kvm security update Advisory ID: SLSA-2017:0987-1 Issue Date: 2017-04-18 CVE Numbers: CVE-2016-9603 — Security Fix(es): * A heap buffer overflow flaw was found in QEMU’s Cirrus CLGD 54xx VGA emulator’s VNC display driver support; the issue could occur … Read More

tomcat (SL7)

Synopsis: Moderate: tomcat security update Advisory ID: SLSA-2017:0935-1 Issue Date: 2017-04-12 CVE Numbers: CVE-2016-6816 CVE-2016-8745 — Security Fix(es): * It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction … Read More

389-ds-base (SL7)

Synopsis: Important: 389-ds-base security and bug fix update Advisory ID: SLSA-2017:0920-1 Issue Date: 2017-04-12 CVE Numbers: CVE-2017-2668 — Security Fix(es): * An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker … Read More