spamassassin (SL7)

Synopsis: Important: spamassassin security update Advisory ID: SLSA-2018:2916-1 Issue Date: 2018-10-11 CVE Numbers: CVE-2017-15705 CVE-2018-11781 — Security Fix(es): * spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and result in denial of service (CVE-2017-15705) * spamassassin: Local … Read More

glusterfs (SL6)

Synopsis: Moderate: glusterfs security, bug fix, and Advisory ID: SLSA-2018:2892-1 Issue Date: 2018-10-09 CVE Numbers: CVE-2018-10911 — The glusterfs packages have been upgraded to upstream version 3.12.2, which provides a number of bug fixes over the previous version. Security Fix(es): … Read More

nss (SL6)

Synopsis: Moderate: nss security update Advisory ID: SLSA-2018:2898-1 Issue Date: 2018-10-09 CVE Numbers: CVE-2018-12384 — Security Fix(es): * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) — SL6 x86_64 nss-3.36.0-9.el6_10.i686.rpm nss-3.36.0-9.el6_10.x86_64.rpm nss-debuginfo-3.36.0-9.el6_10.i686.rpm nss-debuginfo-3.36.0-9.el6_10.x86_64.rpm nss-sysinit-3.36.0-9.el6_10.x86_64.rpm nss-tools-3.36.0-9.el6_10.x86_64.rpm nss-devel-3.36.0-9.el6_10.i686.rpm nss-devel-3.36.0-9.el6_10.x86_64.rpm … Read More

kernel (SL6)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2018:2846-1 Issue Date: 2018-10-09 CVE Numbers: CVE-2018-14634 CVE-2018-5391 — Security Fix(es): * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and … Read More

firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2018:2884-1 Issue Date: 2018-10-08 CVE Numbers: CVE-2018-12386 CVE-2018-12387 — This update upgrades Firefox to version 60.2.2 ESR. Security Fix(es): * Mozilla: type confusion in JavaScript (CVE-2018-12386) * Mozilla: stack out-of-bounds read in Array.prototype.push … Read More

firefox (SL6)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2018:2881-1 Issue Date: 2018-10-08 CVE Numbers: CVE-2018-12386 CVE-2018-12387 — This update upgrades Firefox to version 60.2.2 ESR. Security Fix(es): * Mozilla: type confusion in JavaScript (CVE-2018-12386) * Mozilla: stack out-of-bounds read in Array.prototype.push … Read More

firefox (SL6)

Synopsis: Moderate: firefox security update Advisory ID: SLSA-2018:2834-1 Issue Date: 2018-09-27 CVE Numbers: CVE-2018-12383 CVE-2018-12385 — This update upgrades Firefox to version 60.2.1 ESR. Security Fix(es): * Mozilla: Crash in TransportSecurityInfo due to cached data (CVE-2018-12385) * Mozilla: Setting a … Read More

firefox (SL7)

Synopsis: Moderate: firefox security update Advisory ID: SLSA-2018:2835-1 Issue Date: 2018-09-27 CVE Numbers: CVE-2018-12383 CVE-2018-12385 — This update upgrades Firefox to version 60.2.1 ESR. Security Fix(es): * Mozilla: Crash in TransportSecurityInfo due to cached data (CVE-2018-12385) * Mozilla: Setting a … Read More

nss (SL7)

Synopsis: Moderate: nss security update Advisory ID: SLSA-2018:2768-1 Issue Date: 2018-09-25 CVE Numbers: CVE-2018-12384 — Security Fix(es): * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) — SL7 x86_64 nss-3.36.0-7.el7_5.i686.rpm nss-3.36.0-7.el7_5.x86_64.rpm nss-debuginfo-3.36.0-7.el7_5.i686.rpm nss-debuginfo-3.36.0-7.el7_5.x86_64.rpm nss-sysinit-3.36.0-7.el7_5.x86_64.rpm nss-tools-3.36.0-7.el7_5.x86_64.rpm nss-devel-3.36.0-7.el7_5.i686.rpm nss-devel-3.36.0-7.el7_5.x86_64.rpm … Read More

389-ds-base (SL7)

Synopsis: Moderate: 389-ds-base security and bug fix update Advisory ID: SLSA-2018:2757-1 Issue Date: 2018-09-25 CVE Numbers: CVE-2018-10850 CVE-2018-10935 CVE-2018-14624 CVE-2018-14638 — Security Fix(es): * 389-ds-base: race condition on reference counter leads to DoS using persistent search (CVE-2018-10850) * 389-ds-base: ldapsearch … Read More