Synopsis: Important: corosync security update Advisory ID: SLSA-2018:1169-1 Issue Date: 2018-04-17 CVE Numbers: CVE-2018-1084 — Security Fix(es): * corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function (CVE-2018-1084) — SL7 x86_64 corosync-2.4.3-2.el7_5.1.x86_64.rpm corosync-debuginfo-2.4.3-2.el7_5.1.i686.rpm corosync-debuginfo-2.4.3-2.el7_5.1.x86_64.rpm corosync-qdevice-2.4.3-2.el7_5.1.x86_64.rpm corosync-qnetd-2.4.3-2.el7_5.1.x86_64.rpm corosynclib-2.4.3-2.el7_5.1.i686.rpm corosynclib-2.4.3-2.el7_5.1.x86_64.rpm corosynclib-devel-2.4.3-2.el7_5.1.i686.rpm corosynclib-devel-2.4.3-2.el7_5.1.x86_64.rpm – Scientific Linux … Read More

Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: SLSA-2018:0805-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2014-9402 CVE-2015-5180 CVE-2017-12132 CVE-2017-15670 CVE-2017-15804 CVE-2018-1000001 — Security Fix(es): * glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation (CVE-2018-1000001) … Read More

Synopsis: Low: qemu-kvm security, bug fix, and enhancement update Advisory ID: SLSA-2018:0816-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-13711 CVE-2017-13672 CVE-2017-15268 CVE-2017-15124 CVE-2018-5683 — Security Fix(es): * Qemu: vga: OOB read access during display update (CVE-2017-13672) * Qemu: Slirp: use-after-free when … Read More

Synopsis: Low: openssh security, bug fix, and enhancement update Advisory ID: SLSA-2018:0980-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-15906 — Security Fix(es): * openssh: Improper write operations in readonly mode allow for zero- length file creation (CVE-2017-15906) Additional Changes: — SL7 … Read More

Synopsis: Moderate: golang security, bug fix, and enhancement update Advisory ID: SLSA-2018:0878-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-15042 CVE-2017-15041 CVE-2018-6574 — The following packages have been upgraded to a later upstream version: golang (1.9.4). Security Fix(es): * golang: arbitrary code … Read More