php (SL7)

Synopsis: Moderate: php security update Advisory ID: SLSA-2018:0406-1 Issue Date: 2018-03-06 CVE Numbers: CVE-2017-7890 — Security Fix(es): * php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890) — SL7 x86_64 php-5.4.16-43.el7_4.1.x86_64.rpm php-bcmath-5.4.16-43.el7_4.1.x86_64.rpm php-cli-5.4.16-43.el7_4.1.x86_64.rpm php-common-5.4.16-43.el7_4.1.x86_64.rpm php-dba-5.4.16-43.el7_4.1.x86_64.rpm php-debuginfo-5.4.16-43.el7_4.1.x86_64.rpm php-devel-5.4.16-43.el7_4.1.x86_64.rpm php-embedded-5.4.16-43.el7_4.1.x86_64.rpm php-enchant-5.4.16-43.el7_4.1.x86_64.rpm … Read More

389-ds-base (SL7)

Synopsis: Important: 389-ds-base security and bug fix update Advisory ID: SLSA-2018:0414-1 Issue Date: 2018-03-06 CVE Numbers: CVE-2017-15135 CVE-2018-1054 — Security Fix(es): * 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c (CVE-2018-1054) * 389-ds-base: Authentication bypass … Read More

quagga (SL7)

Synopsis: Important: quagga security update Advisory ID: SLSA-2018:0377-1 Issue Date: 2018-02-28 CVE Numbers: CVE-2018-5379 — Security Fix(es): * quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code (CVE-2018-5379) … Read More

ruby (SL7)

Synopsis: Important: ruby security update Advisory ID: SLSA-2018:0378-1 Issue Date: 2018-02-28 CVE Numbers: CVE-2017-14064 CVE-2017-0901 CVE-2017-0900 CVE-2017-0902 CVE-2017-0899 CVE-2017-14033 CVE-2017-10784 CVE-2017-0898 CVE-2017-0903 CVE-2017-17405 CVE-2017-17790 — Security Fix(es): * It was discovered that the Net::FTP module did not properly process filenames … Read More

java-1.7.0-openjdk (SL6, SL7)

Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: SLSA-2018:0349-1 Issue Date: 2018-02-26 CVE Numbers: CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2579 CVE-2018-2588 CVE-2018-2602 CVE-2018-2599 CVE-2018-2603 CVE-2018-2629 CVE-2018-2618 CVE-2018-2641 CVE-2018-2634 CVE-2018-2637 CVE-2018-2633 — Security Fix(es): * A flaw was found in the AWT component of … Read More

gcab (SL7)

Synopsis: Important: gcab security update Advisory ID: SLSA-2018:0350-1 Issue Date: 2018-02-26 CVE Numbers: CVE-2018-5345 — Security Fix(es): * gcab: Extracting malformed .cab files causes stack smashing potentially leading to arbitrary code execution (CVE-2018-5345) — SL7 x86_64 gcab-debuginfo-0.7-4.el7_4.i686.rpm gcab-debuginfo-0.7-4.el7_4.x86_64.rpm libgcab1-0.7-4.el7_4.i686.rpm libgcab1-0.7-4.el7_4.x86_64.rpm … Read More

thunderbird (SL6, SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2018:0262-1 Issue Date: 2018-02-01 CVE Numbers: CVE-2018-5089 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 — This update upgrades Thunderbird to version 52.6.0. Security Fix(es): * Multiple flaws were found in the … Read More

systemd (SL7)

Synopsis: Moderate: systemd security update Advisory ID: SLSA-2018:0260-1 Issue Date: 2018-01-31 CVE Numbers: CVE-2018-1049 — Security Fix(es): * A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, … Read More

kernel (SL6)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2018:0169-1 Issue Date: 2018-01-25 CVE Numbers: CVE-2017-9074 CVE-2017-11176 CVE-2017-7542 — Security Fix(es): * An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) … Read More

nautilus (SL7)

Synopsis: Moderate: nautilus security update Advisory ID: SLSA-2018:0223-1 Issue Date: 2018-01-25 CVE Numbers: CVE-2017-14604 — Security Fix(es): * An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened … Read More