keepalived (SL7)

Synopsis: Moderate: keepalived security and bug fix update Advisory ID: SLSA-2019:2285-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-19044 — Security Fix(es): * keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks (CVE-2018-19044) — SL7 x86_64 keepalived-1.3.5-16.el7.x86_64.rpm keepalived-debuginfo-1.3.5-16.el7.x86_64.rpm – … Read More

sox (SL7)

Synopsis: Low: sox security update Advisory ID: SLSA-2019:2283-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2017-18189 — Security Fix(es): * sox: NULL pointer dereference in startread function in xa.c (CVE-2017-18189) — SL7 x86_64 sox-14.4.1-7.el7.x86_64.rpm sox-14.4.1-7.el7.i686.rpm sox-devel-14.4.1-7.el7.i686.rpm sox-devel-14.4.1-7.el7.x86_64.rpm sox-debuginfo-14.4.1-7.el7.i686.rpm sox-debuginfo-14.4.1-7.el7.x86_64.rpm – Scientific Linux … Read More

python-requests (SL7)

Synopsis: Low: python-requests security update Advisory ID: SLSA-2019:2035-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-18074 — Security Fix(es): * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) — SL7 x86_64 python-requests-2.6.0-5.el7.noarch.rpm noarch python-requests-2.6.0-5.el7.noarch.rpm – Scientific Linux Development … Read More

python-urllib3 (SL7)

Synopsis: Moderate: python-urllib3 security update Advisory ID: SLSA-2019:2272-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-20060 CVE-2019-11236 — Security Fix(es): * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding … Read More

ntp (SL7)

Synopsis: Low: ntp security, bug fix, and enhancement update Advisory ID: SLSA-2019:2077-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-12327 — Security Fix(es): * ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) — SL7 … Read More

patch (SL7)

Synopsis: Low: patch security and bug fix update Advisory ID: SLSA-2019:2033-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-6952 CVE-2016-10713 — Security Fix(es): * patch: Out-of-bounds access in pch_write_line function in pch.c (CVE-2016-10713) * patch: Double free of memory in pch.c:another_hunk() causes … Read More

curl (SL7)

Synopsis: Low: curl security and bug fix update Advisory ID: SLSA-2019:2181-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-16842 — Security Fix(es): * curl: Heap-based buffer over-read in the curl tool warning formatting (CVE-2018-16842) — SL7 x86_64 curl-7.29.0-54.el7.x86_64.rpm libcurl-7.29.0-54.el7.x86_64.rpm libcurl-7.29.0-54.el7.i686.rpm libcurl-devel-7.29.0-54.el7.x86_64.rpm libcurl-devel-7.29.0-54.el7.i686.rpm … Read More

libguestfs-winsupport (SL7)

Synopsis: Low: libguestfs-winsupport security update Advisory ID: SLSA-2019:2308-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2019-9755 — Security Fix(es): * ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755) — SL7 x86_64 libguestfs-winsupport-7.2-3.el7.x86_64.rpm – Scientific Linux Development Team

keycloak-httpd-client-install (SL7)

Synopsis: Low: keycloak-httpd-client-install security, bug fix, and Advisory ID: SLSA-2019:2137-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2017-15112 CVE-2017-15111 — Security Fix(es): * keycloak-httpd-client-install: unsafe /tmp log file in –log-file option in keycloak_cli.py (CVE-2017-15111) * keycloak-httpd-client-install: unsafe use of -p/–admin-password on command … Read More

mod_auth_openidc (SL7)

Synopsis: Moderate: mod_auth_openidc security update Advisory ID: SLSA-2019:2112-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2017-6413 CVE-2017-6059 — Security Fix(es): * mod_auth_openidc: OIDC_CLAIM and OIDCAuthNHeader not skipped in an “AuthType oauth20″ configuration (CVE-2017-6413) * mod_auth_openidc: Shows user-supplied content on error pages (CVE-2017-6059) … Read More