abrt and libreport (SL6)

Synopsis: Important: abrt and libreport security update Issue Date: 2013-01-31 CVE Numbers: CVE-2012-5659 CVE-2012-5660 — It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from … Read More

nss and nspr (SL5)

Synopsis: Important: nss and nspr security, bug fix, and enhancement update Issue Date: 2013-01-31 CVE Numbers: None — It was found that a Certificate Authority (CA) mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in- … Read More

Moderate: xorg-x11-drv-qxl (SL6)

Synopsis: Moderate: xorg-x11-drv-qxl security update Issue Date: 2013-01-31 CVE Numbers: CVE-2013-0241 — A flaw was found in the way the host’s qemu-kvm qxl driver and the guest’s X.Org qxl driver interacted when a SPICE connection terminated. A user able to … Read More

Moderate: mysql (SL6)

Synopsis: Moderate: mysql security update Issue Date: 2013-01-31 CVE Numbers: CVE-2013-0384 CVE-2013-0389 CVE-2013-0385 CVE-2013-0375 CVE-2012-1702 CVE-2013-0383 CVE-2012-0572 CVE-2012-0574 CVE-2012-1705 — This update fixes several vulnerabilities in the MySQL database server. (CVE-2012-0572, CVE-2012-0574, CVE-2012-1702, CVE-2012-1705, CVE-2013-0375, CVE-2013-0383, CVE-2013-0384, CVE-2013-0385, CVE-2013-0389) After … Read More

Important: nss, nss-util, and nspr (SL6)

Synopsis: Important: nss, nss-util, and nspr security, bug fix, and enhancement update Issue Date: 2013-01-31 CVE Numbers: None — It was found that a Certificate Authority (CA) mis-issued two intermediate certificates to customers. These certificates could be used to launch … Read More

Important: freetype (SL5, SL6)

Synopsis: Important: freetype security update Issue Date: 2013-01-31 CVE Numbers: CVE-2012-5669 — A flaw was found in the way the FreeType font rendering engine processed certain Glyph Bitmap Distribution Format (BDF) fonts. If a user loaded a specially-crafted font file … Read More

Important: libvirt (SL6)

Synopsis: Important: libvirt security update Issue Date: 2013-01-28 CVE Numbers: CVE-2013-0170 — A flaw was found in the way libvirtd handled connection cleanup (when a connection was being closed) under certain error conditions. A remote attacker able to establish a … Read More

Important: ipa (SL6)

Synopsis: Important: ipa security update Issue Date: 2013-01-23 CVE Numbers: CVE-2012-5484 — A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide … Read More

ipa-client (SL5)

Synopsis: Important: ipa-client security update Issue Date: 2013-01-23 CVE Numbers: CVE-2012-5484 — A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide … Read More

mysql (SL5)

Synopsis: Important: mysql security update Issue Date: 2013-01-22 CVE Numbers: CVE-2012-2749 CVE-2012-5611 CVE-2012-2122 — A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the … Read More