libsoup (SL7)

Synopsis: Important: libsoup security update Advisory ID: SLSA-2017:2459-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-2885 — Security Fix(es): * A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause … Read More

spice (SL7)

Synopsis: Important: spice security update Advisory ID: SLSA-2017:2471-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-7506 — Security Fix(es): * A vulnerability was discovered in spice server’s protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing … Read More

firefox (SL6, SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2017:2456-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809 — This update upgrades Firefox to version 52.3.0 ESR. Security Fix(es): * … Read More

qemu-kvm (SL7)

Synopsis: Moderate: qemu-kvm security update Advisory ID: SLSA-2017:2445-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-10664 — Security Fix(es): * Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The … Read More

subversion (SL7)

Synopsis: Important: subversion security update Advisory ID: SLSA-2017:2480-1 Issue Date: 2017-08-16 CVE Numbers: CVE-2017-9800 — Security Fix(es): * A shell command injection flaw related to the handling of “svn+ssh” URLs has been discovered in Subversion. An attacker could use this … Read More

groovy (SL7)

Synopsis: Important: groovy security update Advisory ID: SLSA-2017:2486-1 Issue Date: 2017-08-17 CVE Numbers: CVE-2016-6814 — Security Fix(es): * It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is … Read More

mercurial (SL7)

Synopsis: Important: mercurial security update Advisory ID: SLSA-2017:2489-1 Issue Date: 2017-08-17 CVE Numbers: CVE-2017-1000116 CVE-2017-1000115 — Security Fix(es): * A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository … Read More

git (SL7)

Synopsis: Important: git security update Advisory ID: SLSA-2017:2484-1 Issue Date: 2017-08-17 CVE Numbers: CVE-2017-1000117 — Security Fix(es): * A shell command injection flaw related to the handling of “ssh” URLs has been discovered in Git. An attacker could use this … Read More

xmlsec1 (SL7)

Synopsis: Moderate: xmlsec1 security update Advisory ID: SLSA-2017:2492-1 Issue Date: 2017-08-21 CVE Numbers: CVE-2017-1000061 — Security Fix(es): * It was discovered xmlsec1’s use of libxml2 inadvertently enabled external entity expansion (XXE) along with validation. An attacker could craft an XML … Read More

git (SL6)

Synopsis: Important: git security update Advisory ID: SLSA-2017:2485-1 Issue Date: 2017-08-17 CVE Numbers: CVE-2017-1000117 — Security Fix(es): * A shell command injection flaw related to the handling of “ssh” URLs has been discovered in Git. An attacker could use this … Read More