sssd (SL7)

Synopsis: Moderate: sssd security and bug fix update Advisory ID: SLSA-2017:3379-1 Issue Date: 2017-12-05 CVE Numbers: CVE-2017-12173 — Security Fix(es): * It was found that sssd’s sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable … Read More

liblouis (SL7)

Synopsis: Moderate: liblouis security update Advisory ID: SLSA-2017:3384-1 Issue Date: 2017-12-05 CVE Numbers: CVE-2017-15101 — Security Fix(es): * A missing fix for one stack-based buffer overflow in findTable() for CVE-2014-8184 was discovered. An attacker could cause denial of service or … Read More

thunderbird (SL6, SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2017:3372-1 Issue Date: 2017-12-04 CVE Numbers: CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 — This update upgrades Thunderbird to version 52.5.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web … Read More

qemu-kvm (SL7)

Synopsis: Moderate: qemu-kvm security update Advisory ID: SLSA-2017:3368-1 Issue Date: 2017-11-30 CVE Numbers: CVE-2017-14167 CVE-2017-15289 — Security Fix(es): * Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2017:3315-1 Issue Date: 2017-11-30 CVE Numbers: CVE-2017-1000380 — Security Fix(es): * It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition … Read More

samba4 (SL6)

Synopsis: Important: samba4 security update Advisory ID: SLSA-2017:3278-1 Issue Date: 2017-11-29 CVE Numbers: CVE-2017-14746 CVE-2017-15275 — Security Fix(es): * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 … Read More

apr (SL6, SL7)

Synopsis: Important: apr security update Advisory ID: SLSA-2017:3270-1 Issue Date: 2017-11-29 CVE Numbers: CVE-2017-12613 — Security Fix(es): * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial … Read More

procmail (SL7)

Synopsis: Important: procmail security update Advisory ID: SLSA-2017:3269-1 Issue Date: 2017-11-29 CVE Numbers: CVE-2017-16844 — Security Fix(es): * A heap-based buffer overflow flaw was found in procmail’s formail utility. A remote attacker could send a specially crafted email that, when … Read More

curl (SL7)

Synopsis: Moderate: curl security update Advisory ID: SLSA-2017:3263-1 Issue Date: 2017-11-27 CVE Numbers: CVE-2017-1000257 — Security Fix(es): * A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious … Read More

samba (SL7)

Synopsis: Important: samba security update Advisory ID: SLSA-2017:3260-1 Issue Date: 2017-11-27 CVE Numbers: CVE-2017-14746 CVE-2017-15275 — Security Fix(es): * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 … Read More