openslp (SL6)

Synopsis: Critical: openslp security update Advisory ID: SLSA-2020:0199-1 Issue Date: 2020-01-22 CVE Numbers: CVE-2019-5544 — Security Fix(es): * openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution (CVE-2019-5544) — SL6 x86_64 openslp-2.0.0-4.el6_10.i686.rpm openslp-2.0.0-4.el6_10.x86_64.rpm openslp-debuginfo-2.0.0-4.el6_10.i686.rpm openslp-debuginfo-2.0.0-4.el6_10.x86_64.rpm openslp-devel-2.0.0-4.el6_10.i686.rpm … Read More

libarchive (SL7)

Synopsis: Important: libarchive security update Advisory ID: SLSA-2020:0203-1 Issue Date: 2020-01-22 CVE Numbers: CVE-2019-18408 — Security Fix(es): * libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry (CVE-2019-18408) — SL7 x86_64 libarchive-3.1.2-14.el7_7.i686.rpm libarchive-3.1.2-14.el7_7.x86_64.rpm … Read More

apache-commons-beanutils (SL7)

Synopsis: Important: apache-commons-beanutils security update Advisory ID: SLSA-2020:0194-1 Issue Date: 2020-01-21 CVE Numbers: CVE-2019-10086 — Security Fix(es): * apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086) — SL7 noarch apache-commons-beanutils-1.8.3-15.el7_7.noarch.rpm apache-commons-beanutils-javadoc-1.8.3-15.el7_7.noarch.rpm – Scientific Linux Development Team

python-reportlab (SL6)

Synopsis: Important: python-reportlab security update Advisory ID: SLSA-2020:0197-1 Issue Date: 2020-01-21 CVE Numbers: CVE-2019-17626 — Security Fix(es): * python-reportlab: code injection in colors.py allows attacker to execute code (CVE-2019-17626) — SL6 x86_64 python-reportlab-2.3-3.el6_10.1.x86_64.rpm python-reportlab-debuginfo-2.3-3.el6_10.1.x86_64.rpm i386 python-reportlab-2.3-3.el6_10.1.i686.rpm python-reportlab-debuginfo-2.3-3.el6_10.1.i686.rpm noarch python-reportlab-docs-2.3-3.el6_10.1.noarch.rpm – … Read More

python-reportlab (SL7)

Synopsis: Important: python-reportlab security update Advisory ID: SLSA-2020:0195-1 Issue Date: 2020-01-22 CVE Numbers: None — Security Fix(es): * python-reportlab: code injection in colors.py allows attacker to execute code (CVE-2019-17626) — SL7 x86_64 python-reportlab-2.5-9.el7_7.1.x86_64.rpm python-reportlab-debuginfo-2.5-9.el7_7.1.x86_64.rpm python-reportlab-docs-2.5-9.el7_7.1.x86_64.rpm – Scientific Linux Development Team

java-1.8.0-openjdk (SL7)

Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: SLSA-2020:0196-1 Issue Date: 2020-01-22 CVE Numbers: None — Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, … Read More

java-1.8.0-openjdk (SL6)

Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: SLSA-2020:0157-1 Issue Date: 2020-01-21 CVE Numbers: None — Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, … Read More

thunderbird (SL6)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2020:0123-1 Issue Date: 2020-01-16 CVE Numbers: None — Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2020:0120-1 Issue Date: 2020-01-16 CVE Numbers: None — Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type … Read More

git (SL7)

Synopsis: Important: git security update Advisory ID: SLSA-2020:0124-1 Issue Date: 2020-01-16 CVE Numbers: None — Security Fix(es): * git: Remote code execution in recursive clones with nested submodules (CVE-2019-1387) — SL7 x86_64 git-1.8.3.1-21.el7_7.x86_64.rpm git-daemon-1.8.3.1-21.el7_7.x86_64.rpm git-debuginfo-1.8.3.1-21.el7_7.x86_64.rpm git-gnome-keyring-1.8.3.1-21.el7_7.x86_64.rpm git-svn-1.8.3.1-21.el7_7.x86_64.rpm noarch emacs-git-1.8.3.1-21.el7_7.noarch.rpm emacs-git-el-1.8.3.1-21.el7_7.noarch.rpm … Read More