curl (SL7)

Synopsis: Moderate: curl security update Advisory ID: SLSA-2017:3263-1 Issue Date: 2017-11-27 CVE Numbers: CVE-2017-1000257 — Security Fix(es): * A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious … Read More

samba (SL7)

Synopsis: Important: samba security update Advisory ID: SLSA-2017:3260-1 Issue Date: 2017-11-27 CVE Numbers: CVE-2017-14746 CVE-2017-15275 — Security Fix(es): * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 … Read More

firefox (SL6, SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2017:3247-1 Issue Date: 2017-11-17 CVE Numbers: CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 — This update upgrades Firefox to version 52.5.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A … Read More

kernel (SL6)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2017:3200-1 Issue Date: 2017-11-15 CVE Numbers: CVE-2017-1000111 CVE-2017-1000112 CVE-2017-14106 — Security Fix(es): * A race condition issue leading to a use-after-free flaw was found in the way the raw packet … Read More

php (SL7)

Synopsis: Moderate: php security update Advisory ID: SLSA-2017:3221-1 Issue Date: 2017-11-15 CVE Numbers: CVE-2016-10167 CVE-2016-10168 — Security Fix(es): * A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application … Read More

liblouis (SL7)

Synopsis: Moderate: liblouis security update Advisory ID: SLSA-2017:3111-1 Issue Date: 2017-11-02 CVE Numbers: CVE-2017-13738 CVE-2017-13744 CVE-2017-13740 CVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2014-8184 — Security Fix(es): * Multiple flaws were found in the processing of translation tables in liblouis. An attacker could crash … Read More

tomcat6 (SL6)

Synopsis: Important: tomcat6 security update Advisory ID: SLSA-2017:3080-1 Issue Date: 2017-10-30 CVE Numbers: CVE-2017-5664 CVE-2017-5647 CVE-2017-12615 CVE-2017-12617 — Security Fix(es): * A vulnerability was discovered in Tomcat’s handling of pipelined requests when “Sendfile” was used. If sendfile processing completed quickly, … Read More

tomcat (SL7)

Synopsis: Important: tomcat security update Advisory ID: SLSA-2017:3081-1 Issue Date: 2017-10-30 CVE Numbers: CVE-2017-5647 CVE-2017-7674 CVE-2017-12615 CVE-2017-12617 — Security Fix(es): * A vulnerability was discovered in Tomcat’s handling of pipelined requests when “Sendfile” was used. If sendfile processing completed quickly, … Read More

wget (SL7)

Synopsis: Important: wget security update Advisory ID: SLSA-2017:3075-1 Issue Date: 2017-10-26 CVE Numbers: CVE-2017-13089 CVE-2017-13090 — Security Fix(es): * A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an … Read More

ntp (SL6)

Synopsis: Moderate: ntp security update Advisory ID: SLSA-2017:3071-1 Issue Date: 2017-10-26 CVE Numbers: CVE-2017-6464 CVE-2017-6462 CVE-2017-6463 — Security Fix(es): * Two vulnerabilities were discovered in the NTP server’s parsing of configuration directives. A remote, authenticated attacker could cause ntpd to … Read More