Synopsis: Moderate: openssl security and bug fix update Advisory ID: SLSA-2018:0998-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 — Security Fix(es): * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) … Read More
Synopsis: Low: qemu-kvm security, bug fix, and enhancement update Advisory ID: SLSA-2018:0816-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-13711 CVE-2017-13672 CVE-2017-15268 CVE-2017-15124 CVE-2018-5683 — Security Fix(es): * Qemu: vga: OOB read access during display update (CVE-2017-13672) * Qemu: Slirp: use-after-free when … Read More
Synopsis: Moderate: ntp security, bug fix, and enhancement update Advisory ID: SLSA-2018:0855-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-6464 CVE-2017-6462 CVE-2017-6463 — Security Fix(es): * ntp: Authenticated DoS via Malicious Config Option (CVE-2017-6463) * ntp: Denial of Service via Malformed Config … Read More
Synopsis: Low: openssh security, bug fix, and enhancement update Advisory ID: SLSA-2018:0980-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-15906 — Security Fix(es): * openssh: Improper write operations in readonly mode allow for zero- length file creation (CVE-2017-15906) Additional Changes: — SL7 … Read More
Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: SLSA-2018:1062-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-5754 CVE-2017-8824 CVE-2017-12190 CVE-2017-1000410 CVE-2017-17449 CVE-2017-17448 CVE-2017-15129 CVE-2018-1000004 CVE-2018-6927 CVE-2016-3672 CVE-2016-8633 CVE-2016-7913 CVE-2017-7294 CVE-2017-14140 CVE-2017-9725 CVE-2017-1000252 CVE-2017-12154 CVE-2017-15265 CVE-2017-15116 CVE-2017-1000407 CVE-2017-15121 CVE-2017-15126 CVE-2017-15127 … Read More
Synopsis: Moderate: golang security, bug fix, and enhancement update Advisory ID: SLSA-2018:0878-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-15042 CVE-2017-15041 CVE-2018-6574 — The following packages have been upgraded to a later upstream version: golang (1.9.4). Security Fix(es): * golang: arbitrary code … Read More
Synopsis: Low: xdg-user-dirs security and bug fix update Advisory ID: SLSA-2018:0842-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-15131 — Security Fix(es): * xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131) Additional Changes: — SL7 … Read More
Synopsis: Important: pcs security update Advisory ID: SLSA-2018:1060-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-1000119 CVE-2018-1079 CVE-2018-1086 — Security Fix(es): * pcs: Privilege escalation via authorized user malicious REST call (CVE-2018-1079) * pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086) … Read More
Synopsis: Moderate: libvncserver security update Advisory ID: SLSA-2018:1055-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-7225 — Security Fix(es): * libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225) — SL7 x86_64 libvncserver-0.9.9-12.el7_5.i686.rpm libvncserver-0.9.9-12.el7_5.x86_64.rpm libvncserver-debuginfo-0.9.9-12.el7_5.i686.rpm libvncserver-debuginfo-0.9.9-12.el7_5.x86_64.rpm libvncserver-devel-0.9.9-12.el7_5.i686.rpm libvncserver-devel-0.9.9-12.el7_5.x86_64.rpm – Scientific Linux Development … Read More
Synopsis: Important: libvorbis security update Advisory ID: SLSA-2018:1058-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-5146 — Security Fix(es): * Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146) — SL7 x86_64 libvorbis-1.3.3-8.el7.1.i686.rpm libvorbis-1.3.3-8.el7.1.x86_64.rpm libvorbis-debuginfo-1.3.3-8.el7.1.i686.rpm libvorbis-debuginfo-1.3.3-8.el7.1.x86_64.rpm libvorbis-devel-1.3.3-8.el7.1.i686.rpm libvorbis-devel-1.3.3-8.el7.1.x86_64.rpm noarch libvorbis-devel-docs-1.3.3-8.el7.1.noarch.rpm … Read More
