librelp (SL7)

Synopsis: Critical: librelp security update Advisory ID: SLSA-2018:1223-1 Issue Date: 2018-04-24 CVE Numbers: CVE-2018-1000140 — Security Fix(es): * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c (CVE-2018-1000140) — SL7 x86_64 librelp-1.2.12-1.el7_5.1.i686.rpm librelp-1.2.12-1.el7_5.1.x86_64.rpm librelp-debuginfo-1.2.12-1.el7_5.1.i686.rpm librelp-debuginfo-1.2.12-1.el7_5.1.x86_64.rpm librelp-devel-1.2.12-1.el7_5.1.i686.rpm librelp-devel-1.2.12-1.el7_5.1.x86_64.rpm – Scientific Linux … Read More

PackageKit (SL7)

Synopsis: Moderate: PackageKit security update Advisory ID: SLSA-2018:1224-1 Issue Date: 2018-04-24 CVE Numbers: CVE-2018-1106 — Security Fix(es): * PackageKit: authentication bypass allows to install signed packages without administrator privileges (CVE-2018-1106) — SL7 x86_64 PackageKit-1.1.5-2.sl7_5.x86_64.rpm PackageKit-command-not-found-1.1.5-2.sl7_5.x86_64.rpm PackageKit-debuginfo-1.1.5-2.sl7_5.i686.rpm PackageKit-debuginfo-1.1.5-2.sl7_5.x86_64.rpm PackageKit-glib-1.1.5-2.sl7_5.i686.rpm PackageKit-glib-1.1.5-2.sl7_5.x86_64.rpm PackageKit-gstreamer-plugin-1.1.5-2.sl7_5.x86_64.rpm … Read More

patch (SL7)

Synopsis: Important: patch security update Advisory ID: SLSA-2018:1200-1 Issue Date: 2018-04-23 CVE Numbers: CVE-2018-1000156 — Patch should be installed because it is a common way of upgrading applications. Security Fix(es): * patch: Malicious patch files cause ed to execute arbitrary … Read More

java-1.8.0-openjdk (SL7)

Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: SLSA-2018:1191-1 Issue Date: 2018-04-19 CVE Numbers: CVE-2018-2814 CVE-2018-2794 CVE-2018-2795 CVE-2018-2815 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2800 CVE-2018-2790 — Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) … Read More

corosync (SL7)

Synopsis: Important: corosync security update Advisory ID: SLSA-2018:1169-1 Issue Date: 2018-04-17 CVE Numbers: CVE-2018-1084 — Security Fix(es): * corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function (CVE-2018-1084) — SL7 x86_64 corosync-2.4.3-2.el7_5.1.x86_64.rpm corosync-debuginfo-2.4.3-2.el7_5.1.i686.rpm corosync-debuginfo-2.4.3-2.el7_5.1.x86_64.rpm corosync-qdevice-2.4.3-2.el7_5.1.x86_64.rpm corosync-qnetd-2.4.3-2.el7_5.1.x86_64.rpm corosynclib-2.4.3-2.el7_5.1.i686.rpm corosynclib-2.4.3-2.el7_5.1.x86_64.rpm corosynclib-devel-2.4.3-2.el7_5.1.i686.rpm corosynclib-devel-2.4.3-2.el7_5.1.x86_64.rpm – Scientific Linux … Read More

gcc (SL7)

Synopsis: Low: gcc security, bug fix, and enhancement update Advisory ID: SLSA-2018:0849-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-11671 — Security Fix(es): * gcc: GCC generates incorrect code for RDRAND/RDSEED intrinsics (CVE-2017-11671) Additional Changes: — SL7 x86_64 cpp-4.8.5-28.el7.x86_64.rpm gcc-4.8.5-28.el7.x86_64.rpm gcc-base-debuginfo-4.8.5-28.el7.i686.rpm gcc-base-debuginfo-4.8.5-28.el7.x86_64.rpm … Read More

glibc (SL7)

Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: SLSA-2018:0805-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2014-9402 CVE-2015-5180 CVE-2017-12132 CVE-2017-15670 CVE-2017-15804 CVE-2018-1000001 — Security Fix(es): * glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation (CVE-2018-1000001) … Read More

openssl (SL7)

Synopsis: Moderate: openssl security and bug fix update Advisory ID: SLSA-2018:0998-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 — Security Fix(es): * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) … Read More

qemu-kvm (SL7)

Synopsis: Low: qemu-kvm security, bug fix, and enhancement update Advisory ID: SLSA-2018:0816-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-13711 CVE-2017-13672 CVE-2017-15268 CVE-2017-15124 CVE-2018-5683 — Security Fix(es): * Qemu: vga: OOB read access during display update (CVE-2017-13672) * Qemu: Slirp: use-after-free when … Read More

ntp (SL7)

Synopsis: Moderate: ntp security, bug fix, and enhancement update Advisory ID: SLSA-2018:0855-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-6464 CVE-2017-6462 CVE-2017-6463 — Security Fix(es): * ntp: Authenticated DoS via Malicious Config Option (CVE-2017-6463) * ntp: Denial of Service via Malformed Config … Read More