glibc (SL7)

Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: SLSA-2018:3092-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2017-16997 CVE-2018-6485 CVE-2018-11236 CVE-2018-11237 — Security Fix(es): * glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from … Read More

kernel (SL7)

Synopsis: Important: kernel security, bug fix, and enhancement Advisory ID: SLSA-2018:3083-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2015-8830 CVE-2018-5803 CVE-2018-1130 CVE-2017-0861 CVE-2018-5391 CVE-2016-4913 CVE-2017-10661 CVE-2017-17805 CVE-2018-5344 CVE-2018-1000026 CVE-2017-18208 CVE-2018-7740 CVE-2018-7757 CVE-2017-18232 CVE-2018-1092 CVE-2018-1094 CVE-2018-8781 CVE-2018-10322 CVE-2018-1118 CVE-2018-1120 CVE-2018-10940 CVE-2018-10902 CVE-2018-5848 CVE-2018-10878 … Read More

libvirt (SL7)

Synopsis: Moderate: libvirt security, bug fix, and enhancement Advisory ID: SLSA-2018:3113-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-6764 — Security Fix(es): * libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init (CVE-2018-6764) — SL7 x86_64 libvirt-4.5.0-10.el7.x86_64.rpm libvirt-bash-completion-4.5.0-10.el7.x86_64.rpm … Read More

zsh (SL7)

Synopsis: Moderate: zsh security and bug fix update Advisory ID: SLSA-2018:3073-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2014-10072 CVE-2017-18206 CVE-2018-1083 CVE-2018-1100 CVE-2014-10071 CVE-2018-7549 CVE-2017-18205 CVE-2018-1071 — Security Fix(es): * zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c (CVE-2018-1083) * zsh: buffer … Read More

openssl (SL7)

Synopsis: Moderate: openssl security, bug fix, and enhancement Advisory ID: SLSA-2018:3221-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-0739 CVE-2017-3735 CVE-2018-0737 CVE-2018-0732 CVE-2018-0495 — Security Fix(es): * openssl: ROHNP – Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious … Read More

libreoffice (SL7)

Synopsis: Moderate: libreoffice security and bug fix update Advisory ID: SLSA-2018:3054-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10119 CVE-2018-10120 CVE-2018-10583 — Security Fix(es): * libreoffice: Use-after-free in sdstor/stgstrms.cxx:StgSmallStrm class allows for denial of service with crafted document (CVE-2018-10119) * libreoffice: Out … Read More

libcdio (SL7)

Synopsis: Low: libcdio security update Advisory ID: SLSA-2018:3246-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2017-18198 CVE-2017-18199 CVE-2017-18201 — Security Fix(es): * libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198) * libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199) … Read More

libkdcraw (SL7)

Synopsis: Moderate: libkdcraw security update Advisory ID: SLSA-2018:3065-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5805 CVE-2018-5806 — * LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805) * LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp … Read More

389-ds-base (SL7)

Synopsis: Moderate: 389-ds-base security, bug fix, and Advisory ID: SLSA-2018:3127-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10935 CVE-2018-14648 — Security Fix(es): * 389-ds-base: Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service (CVE-2018-14648) — SL7 x86_64 389-ds-base-1.3.8.4-15.el7.x86_64.rpm 389-ds-base-debuginfo-1.3.8.4-15.el7.x86_64.rpm 389-ds-base-devel-1.3.8.4-15.el7.x86_64.rpm 389-ds-base-libs-1.3.8.4-15.el7.x86_64.rpm … Read More

samba (SL7)

Synopsis: Moderate: samba security, bug fix, and enhancement update Advisory ID: SLSA-2018:3056-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-1050 CVE-2018-1139 CVE-2018-10858 — Security Fix(es): * samba: Weak authentication protocol regression (CVE-2018-1139) * samba: Insufficient input validation in libsmbclient (CVE-2018-10858) * samba: … Read More