log4j (SL7)

Synopsis: Important: log4j security update Advisory ID: SLSA-2017:2423-1 Issue Date: 2017-08-07 CVE Numbers: CVE-2017-5645 — Security Fix(es): * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via … Read More

httpd (SL7)

Synopsis: Important: httpd security update Advisory ID: SLSA-2017:2479-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 CVE-2017-9788 CVE-2017-7668 — Security Fix(es): * It was discovered that the httpd’s mod_auth_digest module did not properly initialize memory before using it when processing … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2017:2473-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-7533 — Security Fix(es): * A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads … Read More

libsoup (SL7)

Synopsis: Important: libsoup security update Advisory ID: SLSA-2017:2459-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-2885 — Security Fix(es): * A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause … Read More

spice (SL7)

Synopsis: Important: spice security update Advisory ID: SLSA-2017:2471-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-7506 — Security Fix(es): * A vulnerability was discovered in spice server’s protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing … Read More

firefox (SL6, SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2017:2456-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809 — This update upgrades Firefox to version 52.3.0 ESR. Security Fix(es): * … Read More

qemu-kvm (SL7)

Synopsis: Moderate: qemu-kvm security update Advisory ID: SLSA-2017:2445-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-10664 — Security Fix(es): * Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The … Read More

subversion (SL7)

Synopsis: Important: subversion security update Advisory ID: SLSA-2017:2480-1 Issue Date: 2017-08-16 CVE Numbers: CVE-2017-9800 — Security Fix(es): * A shell command injection flaw related to the handling of “svn+ssh” URLs has been discovered in Subversion. An attacker could use this … Read More

groovy (SL7)

Synopsis: Important: groovy security update Advisory ID: SLSA-2017:2486-1 Issue Date: 2017-08-17 CVE Numbers: CVE-2016-6814 — Security Fix(es): * It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is … Read More

mercurial (SL7)

Synopsis: Important: mercurial security update Advisory ID: SLSA-2017:2489-1 Issue Date: 2017-08-17 CVE Numbers: CVE-2017-1000116 CVE-2017-1000115 — Security Fix(es): * A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository … Read More