glibc (SL7)

Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: SLSA-2018:0805-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2014-9402 CVE-2015-5180 CVE-2017-12132 CVE-2017-15670 CVE-2017-15804 CVE-2018-1000001 — Security Fix(es): * glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation (CVE-2018-1000001) … Read More

openssl (SL7)

Synopsis: Moderate: openssl security and bug fix update Advisory ID: SLSA-2018:0998-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 — Security Fix(es): * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) … Read More

qemu-kvm (SL7)

Synopsis: Low: qemu-kvm security, bug fix, and enhancement update Advisory ID: SLSA-2018:0816-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-13711 CVE-2017-13672 CVE-2017-15268 CVE-2017-15124 CVE-2018-5683 — Security Fix(es): * Qemu: vga: OOB read access during display update (CVE-2017-13672) * Qemu: Slirp: use-after-free when … Read More

ntp (SL7)

Synopsis: Moderate: ntp security, bug fix, and enhancement update Advisory ID: SLSA-2018:0855-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-6464 CVE-2017-6462 CVE-2017-6463 — Security Fix(es): * ntp: Authenticated DoS via Malicious Config Option (CVE-2017-6463) * ntp: Denial of Service via Malformed Config … Read More

openssh (SL7)

Synopsis: Low: openssh security, bug fix, and enhancement update Advisory ID: SLSA-2018:0980-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-15906 — Security Fix(es): * openssh: Improper write operations in readonly mode allow for zero- length file creation (CVE-2017-15906) Additional Changes: — SL7 … Read More

kernel (SL7)

Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: SLSA-2018:1062-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-5754 CVE-2017-8824 CVE-2017-12190 CVE-2017-1000410 CVE-2017-17449 CVE-2017-17448 CVE-2017-15129 CVE-2018-1000004 CVE-2018-6927 CVE-2016-3672 CVE-2016-8633 CVE-2016-7913 CVE-2017-7294 CVE-2017-14140 CVE-2017-9725 CVE-2017-1000252 CVE-2017-12154 CVE-2017-15265 CVE-2017-15116 CVE-2017-1000407 CVE-2017-15121 CVE-2017-15126 CVE-2017-15127 … Read More

golang (SL7)

Synopsis: Moderate: golang security, bug fix, and enhancement update Advisory ID: SLSA-2018:0878-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-15042 CVE-2017-15041 CVE-2018-6574 — The following packages have been upgraded to a later upstream version: golang (1.9.4). Security Fix(es): * golang: arbitrary code … Read More

xdg-user-dirs (SL7)

Synopsis: Low: xdg-user-dirs security and bug fix update Advisory ID: SLSA-2018:0842-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-15131 — Security Fix(es): * xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131) Additional Changes: — SL7 … Read More

pcs (SL7)

Synopsis: Important: pcs security update Advisory ID: SLSA-2018:1060-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-1000119 CVE-2018-1079 CVE-2018-1086 — Security Fix(es): * pcs: Privilege escalation via authorized user malicious REST call (CVE-2018-1079) * pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086) … Read More

libvncserver (SL7)

Synopsis: Moderate: libvncserver security update Advisory ID: SLSA-2018:1055-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-7225 — Security Fix(es): * libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225) — SL7 x86_64 libvncserver-0.9.9-12.el7_5.i686.rpm libvncserver-0.9.9-12.el7_5.x86_64.rpm libvncserver-debuginfo-0.9.9-12.el7_5.i686.rpm libvncserver-debuginfo-0.9.9-12.el7_5.x86_64.rpm libvncserver-devel-0.9.9-12.el7_5.i686.rpm libvncserver-devel-0.9.9-12.el7_5.x86_64.rpm – Scientific Linux Development … Read More