libmspack (SL7)

Synopsis: Moderate: libmspack security update Advisory ID: SLSA-2019:2049-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-18584 CVE-2018-18585 — Security Fix(es): * libmspack: Out-of-bounds write in mspack/cab.h (CVE-2018-18584) * libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes (CVE-2018-18585) — SL7 x86_64 libmspack-0.5-0.7.alpha.el7.i686.rpm … Read More

compat-libtiff3 (SL7)

Synopsis: Low: compat-libtiff3 security update Advisory ID: SLSA-2019:2051-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-7456 — Security Fix(es): * libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service (CVE-2018-7456) — SL7 x86_64 compat-libtiff3-3.9.4-12.el7.i686.rpm compat-libtiff3-3.9.4-12.el7.x86_64.rpm compat-libtiff3-debuginfo-3.9.4-12.el7.i686.rpm compat-libtiff3-debuginfo-3.9.4-12.el7.x86_64.rpm – Scientific Linux … Read More

libreoffice (SL7)

Synopsis: Low: libreoffice security and bug fix update Advisory ID: SLSA-2019:2130-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-16858 — Security Fix(es): * libreoffice: Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning (CVE-2018-16858) — SL7 x86_64 … Read More

libcgroup (SL7)

Synopsis: Moderate: libcgroup security update Advisory ID: SLSA-2019:2047-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-14348 — Security Fix(es): * libcgroup: cgrulesengd creates log files with insecure permissions (CVE-2018-14348) — SL7 x86_64 libcgroup-0.41-21.el7.i686.rpm libcgroup-tools-0.41-21.el7.x86_64.rpm libcgroup-0.41-21.el7.x86_64.rpm libcgroup-devel-0.41-21.el7.i686.rpm libcgroup-pam-0.41-21.el7.x86_64.rpm libcgroup-devel-0.41-21.el7.x86_64.rpm libcgroup-pam-0.41-21.el7.i686.rpm libcgroup-debuginfo-0.41-21.el7.i686.rpm libcgroup-debuginfo-0.41-21.el7.x86_64.rpm – … Read More

sssd (SL7)

Synopsis: Moderate: sssd security, bug fix, and enhancement update Advisory ID: SLSA-2019:2177-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-16838 CVE-2019-3811 — The following packages have been upgraded to a later upstream version: sssd (1.16.4). Security Fix(es): * sssd: fallback_homedir returns ‘/’ … Read More

libwpd (SL7)

Synopsis: Low: libwpd security update Advisory ID: SLSA-2019:2126-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-19208 — Security Fix(es): * libwpd: NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp (CVE-2018-19208) — SL7 x86_64 libwpd-0.10.0-2.el7.i686.rpm libwpd-0.10.0-2.el7.x86_64.rpm libwpd-doc-0.10.0-2.el7.noarch.rpm libwpd-devel-0.10.0-2.el7.i686.rpm libwpd-tools-0.10.0-2.el7.x86_64.rpm libwpd-devel-0.10.0-2.el7.x86_64.rpm libwpd-debuginfo-0.10.0-2.el7.i686.rpm libwpd-debuginfo-0.10.0-2.el7.x86_64.rpm … Read More

libssh2 (SL7)

Synopsis: Moderate: libssh2 security, bug fix, and enhancement update Advisory ID: SLSA-2019:2136-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2019-3861 CVE-2019-3858 — The following packages have been upgraded to a later upstream version: libssh2 (1.8.0). Security Fix(es): * libssh2: Zero-byte allocation with … Read More

ruby (SL7)

Synopsis: Moderate: ruby security update Advisory ID: SLSA-2019:2028-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-8779 CVE-2018-1000077 CVE-2018-8780 CVE-2018-1000075 CVE-2018-1000078 CVE-2018-6914 CVE-2018-8777 CVE-2018-1000076 CVE-2017-17742 CVE-2018-1000079 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-8778 CVE-2018-16396 — Security Fix(es): * ruby: HTTP response splitting in WEBrick (CVE-2017-17742) * ruby: … Read More

exempi (SL7)

Synopsis: Low: exempi security update Advisory ID: SLSA-2019:2048-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-7730 CVE-2017-18233 CVE-2017-18238 CVE-2017-18236 CVE-2017-18234 — Security Fix(es): * exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp (CVE-2017-18233) * exempi: Use after free via a PDF file … Read More

nss, nss-softokn, nss-util, and nspr (SL7)

Synopsis: Moderate: nss, nss-softokn, nss-util, and nspr security, bug Advisory ID: SLSA-2019:2237-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-0495 CVE-2018-12404 — Netscape Portable Runtime (NSPR) provides platform independence for non- GUI operating system facilities. The following packages have been upgraded to … Read More