policycoreutils (SL6, SL7)

Synopsis: Important: policycoreutils security update Advisory ID: SLSA-2016:2702-1 Issue Date: 2016-11-14 CVE Numbers: CVE-2016-7545 — Security Fix(es): * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed … Read More

firefox (SL5, SL6, SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2016:2780-1 Issue Date: 2016-11-16 CVE Numbers: CVE-2016-5296 CVE-2016-5297 CVE-2016-9064 CVE-2016-9066 CVE-2016-5291 CVE-2016-5290 — This update upgrades Firefox to version 45.5.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed … Read More

nss and nss-util (SL5, SL6, SL7)

Synopsis: Moderate: nss and nss-util security update Advisory ID: SLSA-2016:2779-1 Issue Date: 2016-11-16 CVE Numbers: CVE-2016-2834 CVE-2016-5285 CVE-2016-8635 — The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to … Read More

libgcrypt (SL6, SL7)

Synopsis: Moderate: libgcrypt security update Advisory ID: SLSA-2016:2674-1 Issue Date: 2016-11-08 CVE Numbers: CVE-2016-6313 — Security Fix(es): * A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of … Read More

pacemaker (SL6)

Synopsis: Important: pacemaker security update Advisory ID: SLSA-2016:2675-1 Issue Date: 2016-11-08 CVE Numbers: CVE-2016-7035 — Security Fix(es): * An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account … Read More

java-1.7.0-openjdk (SL5, SL6, SL7)

Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: SLSA-2016:2658-1 Issue Date: 2016-11-07 CVE Numbers: CVE-2016-5582 CVE-2016-5573 CVE-2016-5554 CVE-2016-5542 CVE-2016-5597 — Security Fix(es): * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function … Read More

bind97 (SL5)

Synopsis: Important: bind97 security update Advisory ID: SLSA-2016:2142-1 Issue Date: 2016-11-02 CVE Numbers: CVE-2016-8864 — Security Fix(es): * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use … Read More

bind (SL5, SL6)

Synopsis: Important: bind security update Advisory ID: SLSA-2016:2141-1 Issue Date: 2016-11-02 CVE Numbers: CVE-2016-8864 — Security Fix(es): * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use … Read More

kernel (SL5)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2016:2124-1 Issue Date: 2016-10-28 CVE Numbers: CVE-2016-5195 CVE-2016-1583 — Security Fix(es): * A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage … Read More

kernel (SL6)

Synopsis: Important: kernel Advisory ID: SLSA-2016:2105-1 Issue Date: 2016-10-25 CVE Numbers: CVE-2016-5195 — The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux … Read More