openssl (SL6)

Synopsis: Moderate: openssl security update Advisory ID: SLSA-2019:2471-1 Issue Date: 2019-08-13 CVE Numbers: CVE-2019-1559 — Security Fix(es): * openssl: 0-byte record padding oracle (CVE-2019-1559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other … Read More

kernel (SL6)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2019:2473-1 Issue Date: 2019-08-13 CVE Numbers: CVE-2017-17805 CVE-2018-17972 CVE-2019-5489 CVE-2019-1125 — Security Fix(es): * Kernel: page cache side channel attacks (CVE-2019-5489) * kernel: Salsa20 encryption algorithm does not correctly handle … Read More

icedtea-web (SL7)

Synopsis: Important: icedtea-web security update Advisory ID: SLSA-2019:2003-1 Issue Date: 2019-07-31 CVE Numbers: CVE-2019-10182 CVE-2019-10185 CVE-2019-10181 — Security Fix(es): * icedtea-web: path traversal while processing elements of JNLP files results in arbitrary file overwrite (CVE-2019-10182) * icedtea-web: directory traversal in … Read More

kernel (SL7)

Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: SLSA-2019:1873-1 Issue Date: 2019-07-29 CVE Numbers: CVE-2018-16871 CVE-2018-16884 CVE-2019-11811 CVE-2019-11085 — Security Fix(es): * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * kernel: insufficient input validation in kernel mode driver … Read More

httpd (SL7)

Synopsis: Low: httpd security update Advisory ID: SLSA-2019:1898-1 Issue Date: 2019-07-29 CVE Numbers: CVE-2018-1312 — Security Fix(es): * httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312) — SL7 x86_64 httpd-2.4.6-89.el7_6.1.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.1.x86_64.rpm httpd-devel-2.4.6-89.el7_6.1.x86_64.rpm httpd-tools-2.4.6-89.el7_6.1.x86_64.rpm mod_ldap-2.4.6-89.el7_6.1.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.1.x86_64.rpm mod_session-2.4.6-89.el7_6.1.x86_64.rpm mod_ssl-2.4.6-89.el7_6.1.x86_64.rpm httpd-2.4.6-89.el7_6.1.src.rpm noarch … Read More

389-ds-base (SL7)

Synopsis: Moderate: 389-ds-base security and bug fix update Advisory ID: SLSA-2019:1896-1 Issue Date: 2019-07-29 CVE Numbers: CVE-2019-3883 — Security Fix(es): * 389-ds-base: DoS via hanging secured connections (CVE-2019-3883) Bug Fix(es): * Previously, if you were using the PAM plugin and … Read More

libssh2 (SL7)

Synopsis: Moderate: libssh2 security update Advisory ID: SLSA-2019:1884-1 Issue Date: 2019-07-29 CVE Numbers: CVE-2019-3862 — Security Fix(es): * libssh2: Out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862) — SL7 x86_64 libssh2-1.4.3-12.el7_6.3.i686.rpm libssh2-1.4.3-12.el7_6.3.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.3.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.3.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.3.i686.rpm libssh2-devel-1.4.3-12.el7_6.3.x86_64.rpm libssh2-1.4.3-12.el7_6.3.src.rpm noarch … Read More

qemu-kvm (SL7)

Synopsis: Important: qemu-kvm security update Advisory ID: SLSA-2019:1883-1 Issue Date: 2019-07-29 CVE Numbers: CVE-2019-6778 — Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running … Read More

curl (SL7)

Synopsis: Low: curl security and bug fix update Advisory ID: SLSA-2019:1880-1 Issue Date: 2019-07-29 CVE Numbers: CVE-2018-14618 — The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, … Read More

curl (SL7)

Synopsis: Low: curl security and bug fix update Advisory ID: SLSA-2019:1880-1 Issue Date: 2019-07-29 CVE Numbers: CVE-2018-14618 — The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, … Read More