firefox (SL6)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2018:3006-1 Issue Date: 2018-10-25 CVE Numbers: CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 — This update upgrades Firefox to version 60.3.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 63 … Read More

firefox (SL7)

Synopsis: Critical: firefox security and bug fix update Advisory ID: SLSA-2018:3005-1 Issue Date: 2018-10-25 CVE Numbers: CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 — This update upgrades Firefox to version 60.3.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed … Read More

java-1.8.0-openjdk (SL6)

Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: SLSA-2018:2943-1 Issue Date: 2018-10-18 CVE Numbers: CVE-2018-3183 CVE-2018-3169 CVE-2018-3214 CVE-2018-3139 CVE-2018-3180 CVE-2018-3136 CVE-2018-3149 — Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, … Read More

java-1.8.0-openjdk (SL7)

Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: SLSA-2018:2942-1 Issue Date: 2018-10-18 CVE Numbers: CVE-2018-3183 CVE-2018-3169 CVE-2018-3214 CVE-2018-3139 CVE-2018-3180 CVE-2018-3136 CVE-2018-3149 — Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, … Read More

tomcat (SL7)

Synopsis: Important: tomcat security update Advisory ID: SLSA-2018:2921-1 Issue Date: 2018-10-16 CVE Numbers: CVE-2018-1336 — Security Fix(es): * tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) — SL7 noarch tomcat-servlet-3.0-api-7.0.76-8.el7_5.noarch.rpm tomcat-7.0.76-8.el7_5.noarch.rpm tomcat-admin-webapps-7.0.76-8.el7_5.noarch.rpm tomcat-docs-webapp-7.0.76-8.el7_5.noarch.rpm tomcat-el-2.2-api-7.0.76-8.el7_5.noarch.rpm tomcat-javadoc-7.0.76-8.el7_5.noarch.rpm tomcat-jsp-2.2-api-7.0.76-8.el7_5.noarch.rpm … Read More

ghostscript (SL7)

Synopsis: Important: ghostscript security update Advisory ID: SLSA-2018:2918-1 Issue Date: 2018-10-16 CVE Numbers: CVE-2018-10194 CVE-2018-16509 CVE-2018-15910 CVE-2018-16542 — Security Fix(es): * It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to … Read More

spamassassin (SL7)

Synopsis: Important: spamassassin security update Advisory ID: SLSA-2018:2916-1 Issue Date: 2018-10-11 CVE Numbers: CVE-2017-15705 CVE-2018-11781 — Security Fix(es): * spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and result in denial of service (CVE-2017-15705) * spamassassin: Local … Read More

glusterfs (SL6)

Synopsis: Moderate: glusterfs security, bug fix, and Advisory ID: SLSA-2018:2892-1 Issue Date: 2018-10-09 CVE Numbers: CVE-2018-10911 — The glusterfs packages have been upgraded to upstream version 3.12.2, which provides a number of bug fixes over the previous version. Security Fix(es): … Read More

nss (SL6)

Synopsis: Moderate: nss security update Advisory ID: SLSA-2018:2898-1 Issue Date: 2018-10-09 CVE Numbers: CVE-2018-12384 — Security Fix(es): * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) — SL6 x86_64 nss-3.36.0-9.el6_10.i686.rpm nss-3.36.0-9.el6_10.x86_64.rpm nss-debuginfo-3.36.0-9.el6_10.i686.rpm nss-debuginfo-3.36.0-9.el6_10.x86_64.rpm nss-sysinit-3.36.0-9.el6_10.x86_64.rpm nss-tools-3.36.0-9.el6_10.x86_64.rpm nss-devel-3.36.0-9.el6_10.i686.rpm nss-devel-3.36.0-9.el6_10.x86_64.rpm … Read More

kernel (SL6)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2018:2846-1 Issue Date: 2018-10-09 CVE Numbers: CVE-2018-14634 CVE-2018-5391 — Security Fix(es): * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and … Read More