firefox (SL6)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2018:3831-1 Issue Date: 2018-12-17 CVE Numbers: CVE-2018-17466 CVE-2018-12405 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 — This update upgrades Firefox to version 60.4.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 64 and … Read More

firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2018:3833-1 Issue Date: 2018-12-17 CVE Numbers: CVE-2018-17466 CVE-2018-12405 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 — This update upgrades Firefox to version 60.4.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 64 and … Read More

ghostscript (SL7)

Synopsis: Important: ghostscript security and bug fix update Advisory ID: SLSA-2018:3834-1 Issue Date: 2018-12-17 CVE Numbers: CVE-2018-15911 CVE-2018-16541 CVE-2018-16802 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19134 — Security Fix(es): * ghostscript: Incorrect free logic in pagedevice replacement (699664) (CVE-2018-16541) * ghostscript: … Read More

ghostscript (SL6)

Synopsis: Important: ghostscript security update Advisory ID: SLSA-2018:3760-1 Issue Date: 2018-12-04 CVE Numbers: CVE-2018-16509 — Security Fix(es): * It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the – … Read More

ghostscript (SL7)

Synopsis: Important: ghostscript security and bug fix update Advisory ID: SLSA-2018:3761-1 Issue Date: 2018-12-04 CVE Numbers: CVE-2018-16863 — Security Fix(es): * ghostscript: incomplete fix for CVE-2018-16509 (CVE-2018-16863) Bug Fix(es): * Previously, the flushpage operator has been removed as part of … Read More

ruby (SL7)

Synopsis: Important: ruby security update Advisory ID: SLSA-2018:3738-1 Issue Date: 2018-11-30 CVE Numbers: CVE-2018-16395 — Security Fix(es): * ruby: OpenSSL::X509::Name equality check does not work correctly (CVE-2018-16395) — SL7 x86_64 ruby-2.0.0.648-34.el7_6.x86_64.rpm ruby-debuginfo-2.0.0.648-34.el7_6.i686.rpm ruby-debuginfo-2.0.0.648-34.el7_6.x86_64.rpm ruby-libs-2.0.0.648-34.el7_6.i686.rpm ruby-libs-2.0.0.648-34.el7_6.x86_64.rpm rubygem-bigdecimal-1.2.0-34.el7_6.x86_64.rpm rubygem-io-console-0.4.2-34.el7_6.x86_64.rpm rubygem-json-1.7.7-34.el7_6.x86_64.rpm rubygem-psych-2.0.0-34.el7_6.x86_64.rpm ruby-devel-2.0.0.648-34.el7_6.x86_64.rpm … Read More

kernel (SL7)

Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: SLSA-2018:3651-1 Issue Date: 2018-11-27 CVE Numbers: CVE-2018-14633 CVE-2018-14646 — Security Fix(es): * kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target (CVE-2018-14633) * kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() … Read More

NetworkManager (SL7)

Synopsis: Important: NetworkManager security update Advisory ID: SLSA-2018:3665-1 Issue Date: 2018-11-27 CVE Numbers: CVE-2018-15688 — Security Fix(es): * systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688) — SL7 x86_64 NetworkManager-1.12.0-8.el7_6.x86_64.rpm NetworkManager-adsl-1.12.0-8.el7_6.x86_64.rpm NetworkManager-bluetooth-1.12.0-8.el7_6.x86_64.rpm NetworkManager-debuginfo-1.12.0-8.el7_6.i686.rpm NetworkManager-debuginfo-1.12.0-8.el7_6.x86_64.rpm NetworkManager-glib-1.12.0-8.el7_6.i686.rpm NetworkManager-glib-1.12.0-8.el7_6.x86_64.rpm NetworkManager-libnm-1.12.0-8.el7_6.i686.rpm NetworkManager-libnm-1.12.0-8.el7_6.x86_64.rpm … Read More

ghostscript (SL7)

Synopsis: Important: ghostscript security update Advisory ID: SLSA-2018:3650-1 Issue Date: 2018-11-27 CVE Numbers: CVE-2018-15908 CVE-2018-16511 CVE-2018-15909 CVE-2018-16539 — Security Fix(es): * ghostscript: .tempfile file permission issues (699657) (CVE-2018-15908) * ghostscript: shading_param incomplete type checking (699660) (CVE-2018-15909) * ghostscript: missing type … Read More

sos-collector (SL7)

Synopsis: Moderate: sos-collector security update Advisory ID: SLSA-2018:3663-1 Issue Date: 2018-11-27 CVE Numbers: CVE-2018-14650 — The following packages have been upgraded to a later upstream version: sos-collector (1.5). Security Fix(es): * sos-collector: incorrect permissions set on newly created files (CVE-2018-14650) … Read More