java-1.7.0-openjdk (SL7)

Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: SLSA-2018:1278-1 Issue Date: 2018-05-02 CVE Numbers: CVE-2018-2814 CVE-2018-2794 CVE-2018-2795 CVE-2018-2815 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2800 CVE-2018-2790 — Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) … Read More

krb5 (SL7)

Synopsis: Moderate: krb5 security, bug fix, and enhancement update Advisory ID: SLSA-2018:0666-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-11368 CVE-2017-7562 — Security Fix(es): * krb5: Authentication bypass by improper validation of certificate EKU and SAN (CVE-2017-7562) * krb5: Invalid S4U2Self or … Read More

java-1.7.0-openjdk (SL6)

Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: SLSA-2018:1270-1 Issue Date: 2018-04-30 CVE Numbers: CVE-2018-2814 CVE-2018-2794 CVE-2018-2795 CVE-2018-2815 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2800 CVE-2018-2790 — Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) … Read More

policycoreutils (SL7)

Synopsis: Low: policycoreutils security, bug fix, and enhancement update Advisory ID: SLSA-2018:0913-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-1063 — Security Fix(es): * policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead (CVE-2018-1063) This … Read More

librelp (SL7)

Synopsis: Critical: librelp security update Advisory ID: SLSA-2018:1223-1 Issue Date: 2018-04-24 CVE Numbers: CVE-2018-1000140 — Security Fix(es): * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c (CVE-2018-1000140) — SL7 x86_64 librelp-1.2.12-1.el7_5.1.i686.rpm librelp-1.2.12-1.el7_5.1.x86_64.rpm librelp-debuginfo-1.2.12-1.el7_5.1.i686.rpm librelp-debuginfo-1.2.12-1.el7_5.1.x86_64.rpm librelp-devel-1.2.12-1.el7_5.1.i686.rpm librelp-devel-1.2.12-1.el7_5.1.x86_64.rpm – Scientific Linux … Read More

PackageKit (SL7)

Synopsis: Moderate: PackageKit security update Advisory ID: SLSA-2018:1224-1 Issue Date: 2018-04-24 CVE Numbers: CVE-2018-1106 — Security Fix(es): * PackageKit: authentication bypass allows to install signed packages without administrator privileges (CVE-2018-1106) — SL7 x86_64 PackageKit-1.1.5-2.sl7_5.x86_64.rpm PackageKit-command-not-found-1.1.5-2.sl7_5.x86_64.rpm PackageKit-debuginfo-1.1.5-2.sl7_5.i686.rpm PackageKit-debuginfo-1.1.5-2.sl7_5.x86_64.rpm PackageKit-glib-1.1.5-2.sl7_5.i686.rpm PackageKit-glib-1.1.5-2.sl7_5.x86_64.rpm PackageKit-gstreamer-plugin-1.1.5-2.sl7_5.x86_64.rpm … Read More

patch (SL7)

Synopsis: Important: patch security update Advisory ID: SLSA-2018:1200-1 Issue Date: 2018-04-23 CVE Numbers: CVE-2018-1000156 — Patch should be installed because it is a common way of upgrading applications. Security Fix(es): * patch: Malicious patch files cause ed to execute arbitrary … Read More

java-1.8.0-openjdk (SL7)

Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: SLSA-2018:1191-1 Issue Date: 2018-04-19 CVE Numbers: CVE-2018-2814 CVE-2018-2794 CVE-2018-2795 CVE-2018-2815 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2800 CVE-2018-2790 — Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) … Read More

corosync (SL7)

Synopsis: Important: corosync security update Advisory ID: SLSA-2018:1169-1 Issue Date: 2018-04-17 CVE Numbers: CVE-2018-1084 — Security Fix(es): * corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function (CVE-2018-1084) — SL7 x86_64 corosync-2.4.3-2.el7_5.1.x86_64.rpm corosync-debuginfo-2.4.3-2.el7_5.1.i686.rpm corosync-debuginfo-2.4.3-2.el7_5.1.x86_64.rpm corosync-qdevice-2.4.3-2.el7_5.1.x86_64.rpm corosync-qnetd-2.4.3-2.el7_5.1.x86_64.rpm corosynclib-2.4.3-2.el7_5.1.i686.rpm corosynclib-2.4.3-2.el7_5.1.x86_64.rpm corosynclib-devel-2.4.3-2.el7_5.1.i686.rpm corosynclib-devel-2.4.3-2.el7_5.1.x86_64.rpm – Scientific Linux … Read More

gcc (SL7)

Synopsis: Low: gcc security, bug fix, and enhancement update Advisory ID: SLSA-2018:0849-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-11671 — Security Fix(es): * gcc: GCC generates incorrect code for RDRAND/RDSEED intrinsics (CVE-2017-11671) Additional Changes: — SL7 x86_64 cpp-4.8.5-28.el7.x86_64.rpm gcc-4.8.5-28.el7.x86_64.rpm gcc-base-debuginfo-4.8.5-28.el7.i686.rpm gcc-base-debuginfo-4.8.5-28.el7.x86_64.rpm … Read More