corosync (SL7)

Synopsis: Important: corosync security update Advisory ID: SLSA-2018:1169-1 Issue Date: 2018-04-17 CVE Numbers: CVE-2018-1084 — Security Fix(es): * corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function (CVE-2018-1084) — SL7 x86_64 corosync-2.4.3-2.el7_5.1.x86_64.rpm corosync-debuginfo-2.4.3-2.el7_5.1.i686.rpm corosync-debuginfo-2.4.3-2.el7_5.1.x86_64.rpm corosync-qdevice-2.4.3-2.el7_5.1.x86_64.rpm corosync-qnetd-2.4.3-2.el7_5.1.x86_64.rpm corosynclib-2.4.3-2.el7_5.1.i686.rpm corosynclib-2.4.3-2.el7_5.1.x86_64.rpm corosynclib-devel-2.4.3-2.el7_5.1.i686.rpm corosynclib-devel-2.4.3-2.el7_5.1.x86_64.rpm – Scientific Linux … Read More

gcc (SL7)

Synopsis: Low: gcc security, bug fix, and enhancement update Advisory ID: SLSA-2018:0849-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-11671 — Security Fix(es): * gcc: GCC generates incorrect code for RDRAND/RDSEED intrinsics (CVE-2017-11671) Additional Changes: — SL7 x86_64 cpp-4.8.5-28.el7.x86_64.rpm gcc-4.8.5-28.el7.x86_64.rpm gcc-base-debuginfo-4.8.5-28.el7.i686.rpm gcc-base-debuginfo-4.8.5-28.el7.x86_64.rpm … Read More

glibc (SL7)

Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: SLSA-2018:0805-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2014-9402 CVE-2015-5180 CVE-2017-12132 CVE-2017-15670 CVE-2017-15804 CVE-2018-1000001 — Security Fix(es): * glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation (CVE-2018-1000001) … Read More

openssl (SL7)

Synopsis: Moderate: openssl security and bug fix update Advisory ID: SLSA-2018:0998-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 — Security Fix(es): * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) … Read More

qemu-kvm (SL7)

Synopsis: Low: qemu-kvm security, bug fix, and enhancement update Advisory ID: SLSA-2018:0816-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-13711 CVE-2017-13672 CVE-2017-15268 CVE-2017-15124 CVE-2018-5683 — Security Fix(es): * Qemu: vga: OOB read access during display update (CVE-2017-13672) * Qemu: Slirp: use-after-free when … Read More

ntp (SL7)

Synopsis: Moderate: ntp security, bug fix, and enhancement update Advisory ID: SLSA-2018:0855-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-6464 CVE-2017-6462 CVE-2017-6463 — Security Fix(es): * ntp: Authenticated DoS via Malicious Config Option (CVE-2017-6463) * ntp: Denial of Service via Malformed Config … Read More

openssh (SL7)

Synopsis: Low: openssh security, bug fix, and enhancement update Advisory ID: SLSA-2018:0980-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-15906 — Security Fix(es): * openssh: Improper write operations in readonly mode allow for zero- length file creation (CVE-2017-15906) Additional Changes: — SL7 … Read More

kernel (SL7)

Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: SLSA-2018:1062-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-5754 CVE-2017-8824 CVE-2017-12190 CVE-2017-1000410 CVE-2017-17449 CVE-2017-17448 CVE-2017-15129 CVE-2018-1000004 CVE-2018-6927 CVE-2016-3672 CVE-2016-8633 CVE-2016-7913 CVE-2017-7294 CVE-2017-14140 CVE-2017-9725 CVE-2017-1000252 CVE-2017-12154 CVE-2017-15265 CVE-2017-15116 CVE-2017-1000407 CVE-2017-15121 CVE-2017-15126 CVE-2017-15127 … Read More

golang (SL7)

Synopsis: Moderate: golang security, bug fix, and enhancement update Advisory ID: SLSA-2018:0878-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-15042 CVE-2017-15041 CVE-2018-6574 — The following packages have been upgraded to a later upstream version: golang (1.9.4). Security Fix(es): * golang: arbitrary code … Read More

xdg-user-dirs (SL7)

Synopsis: Low: xdg-user-dirs security and bug fix update Advisory ID: SLSA-2018:0842-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-15131 — Security Fix(es): * xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131) Additional Changes: — SL7 … Read More