openssh (SL7)

Synopsis: Low: openssh security, bug fix, and enhancement update Advisory ID: SLSA-2018:0980-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-15906 — Security Fix(es): * openssh: Improper write operations in readonly mode allow for zero- length file creation (CVE-2017-15906) Additional Changes: — SL7 … Read More

kernel (SL7)

Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: SLSA-2018:1062-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-5754 CVE-2017-8824 CVE-2017-12190 CVE-2017-1000410 CVE-2017-17449 CVE-2017-17448 CVE-2017-15129 CVE-2018-1000004 CVE-2018-6927 CVE-2016-3672 CVE-2016-8633 CVE-2016-7913 CVE-2017-7294 CVE-2017-14140 CVE-2017-9725 CVE-2017-1000252 CVE-2017-12154 CVE-2017-15265 CVE-2017-15116 CVE-2017-1000407 CVE-2017-15121 CVE-2017-15126 CVE-2017-15127 … Read More

golang (SL7)

Synopsis: Moderate: golang security, bug fix, and enhancement update Advisory ID: SLSA-2018:0878-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-15042 CVE-2017-15041 CVE-2018-6574 — The following packages have been upgraded to a later upstream version: golang (1.9.4). Security Fix(es): * golang: arbitrary code … Read More

xdg-user-dirs (SL7)

Synopsis: Low: xdg-user-dirs security and bug fix update Advisory ID: SLSA-2018:0842-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-15131 — Security Fix(es): * xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131) Additional Changes: — SL7 … Read More

pcs (SL7)

Synopsis: Important: pcs security update Advisory ID: SLSA-2018:1060-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-1000119 CVE-2018-1079 CVE-2018-1086 — Security Fix(es): * pcs: Privilege escalation via authorized user malicious REST call (CVE-2018-1079) * pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086) … Read More

libvncserver (SL7)

Synopsis: Moderate: libvncserver security update Advisory ID: SLSA-2018:1055-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-7225 — Security Fix(es): * libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225) — SL7 x86_64 libvncserver-0.9.9-12.el7_5.i686.rpm libvncserver-0.9.9-12.el7_5.x86_64.rpm libvncserver-debuginfo-0.9.9-12.el7_5.i686.rpm libvncserver-debuginfo-0.9.9-12.el7_5.x86_64.rpm libvncserver-devel-0.9.9-12.el7_5.i686.rpm libvncserver-devel-0.9.9-12.el7_5.x86_64.rpm – Scientific Linux Development … Read More

libvorbis (SL7)

Synopsis: Important: libvorbis security update Advisory ID: SLSA-2018:1058-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-5146 — Security Fix(es): * Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146) — SL7 x86_64 libvorbis-1.3.3-8.el7.1.i686.rpm libvorbis-1.3.3-8.el7.1.x86_64.rpm libvorbis-debuginfo-1.3.3-8.el7.1.i686.rpm libvorbis-debuginfo-1.3.3-8.el7.1.x86_64.rpm libvorbis-devel-1.3.3-8.el7.1.i686.rpm libvorbis-devel-1.3.3-8.el7.1.x86_64.rpm noarch libvorbis-devel-docs-1.3.3-8.el7.1.noarch.rpm … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2018:1099-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-5148 — This update upgrades Firefox to version 52.7.3 ESR. Security Fix(es): * firefox: Use-after-free in compositor potentially allows code execution (CVE-2018-5148) — SL7 x86_64 firefox-52.7.3-1.el7_5.x86_64.rpm firefox-debuginfo-52.7.3-1.el7_5.x86_64.rpm … Read More

librelp (SL6)

Synopsis: Critical: librelp security update Advisory ID: SLSA-2018:1225-1 Issue Date: 2018-04-24 CVE Numbers: CVE-2018-1000140 — Security Fix(es): * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c (CVE-2018-1000140) — SL6 x86_64 librelp-1.2.7-3.el6_9.1.x86_64.rpm librelp-debuginfo-1.2.7-3.el6_9.1.x86_64.rpm librelp-1.2.7-3.el6_9.1.i686.rpm librelp-debuginfo-1.2.7-3.el6_9.1.i686.rpm librelp-devel-1.2.7-3.el6_9.1.i686.rpm librelp-devel-1.2.7-3.el6_9.1.x86_64.rpm i386 librelp-1.2.7-3.el6_9.1.i686.rpm librelp-debuginfo-1.2.7-3.el6_9.1.i686.rpm … Read More

patch (SL6)

Synopsis: Important: patch security update Advisory ID: SLSA-2018:1199-1 Issue Date: 2018-04-23 CVE Numbers: CVE-2018-1000156 — Patch should be installed because it is a common way of upgrading applications. Security Fix(es): * patch: Malicious patch files cause ed to execute arbitrary … Read More