firefox (SL7)

Synopsis: Moderate: firefox security update Advisory ID: SLSA-2018:2835-1 Issue Date: 2018-09-27 CVE Numbers: CVE-2018-12383 CVE-2018-12385 — This update upgrades Firefox to version 60.2.1 ESR. Security Fix(es): * Mozilla: Crash in TransportSecurityInfo due to cached data (CVE-2018-12385) * Mozilla: Setting a … Read More

nss (SL7)

Synopsis: Moderate: nss security update Advisory ID: SLSA-2018:2768-1 Issue Date: 2018-09-25 CVE Numbers: CVE-2018-12384 — Security Fix(es): * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) — SL7 x86_64 nss-3.36.0-7.el7_5.i686.rpm nss-3.36.0-7.el7_5.x86_64.rpm nss-debuginfo-3.36.0-7.el7_5.i686.rpm nss-debuginfo-3.36.0-7.el7_5.x86_64.rpm nss-sysinit-3.36.0-7.el7_5.x86_64.rpm nss-tools-3.36.0-7.el7_5.x86_64.rpm nss-devel-3.36.0-7.el7_5.i686.rpm nss-devel-3.36.0-7.el7_5.x86_64.rpm … Read More

389-ds-base (SL7)

Synopsis: Moderate: 389-ds-base security and bug fix update Advisory ID: SLSA-2018:2757-1 Issue Date: 2018-09-25 CVE Numbers: CVE-2018-10850 CVE-2018-10935 CVE-2018-14624 CVE-2018-14638 — Security Fix(es): * 389-ds-base: race condition on reference counter leads to DoS using persistent search (CVE-2018-10850) * 389-ds-base: ldapsearch … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2018:2748-1 Issue Date: 2018-09-25 CVE Numbers: CVE-2018-14634 — Security Fix(es): * kernel: Integer overflow in Linux’s create_elf_tables function (CVE-2018-14634) — SL7 x86_64 kernel-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm kernel-devel-3.10.0-862.14.4.el7.x86_64.rpm kernel-headers-3.10.0-862.14.4.el7.x86_64.rpm … Read More

flatpak (SL7)

Synopsis: Moderate: flatpak security update Advisory ID: SLSA-2018:2766-1 Issue Date: 2018-09-25 CVE Numbers: CVE-2018-6560 — Security Fix(es): * flatpak: sandbox escape in D-Bus filtering by a crafted authentication handshake (CVE-2018-6560) — SL7 x86_64 flatpak-0.8.8-4.el7_5.x86_64.rpm flatpak-debuginfo-0.8.8-4.el7_5.x86_64.rpm flatpak-libs-0.8.8-4.el7_5.x86_64.rpm flatpak-builder-0.8.8-4.el7_5.x86_64.rpm flatpak-devel-0.8.8-4.el7_5.x86_64.rpm – Scientific … Read More

mod_perl (SL6)

Synopsis: Important: mod_perl security update Advisory ID: SLSA-2018:2737-1 Issue Date: 2018-09-24 CVE Numbers: CVE-2011-2767 — Security Fix(es): * mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess (CVE-2011-2767) — SL6 x86_64 mod_perl-2.0.4-12.el6_10.x86_64.rpm mod_perl-debuginfo-2.0.4-12.el6_10.x86_64.rpm … Read More

spice and spice-gtk (SL7)

Synopsis: Important: spice and spice-gtk security update Advisory ID: SLSA-2018:2731-1 Issue Date: 2018-09-20 CVE Numbers: CVE-2018-10873 — The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Both Virtual Machine Manager and … Read More

spice-gtk and spice-server (SL6)

Synopsis: Important: spice-gtk and spice-server security update Advisory ID: SLSA-2018:2732-1 Issue Date: 2018-09-20 CVE Numbers: CVE-2018-10873 — The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Both Virtual Machine Manager and … Read More

firefox (SL6)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2018:2693-1 Issue Date: 2018-09-12 CVE Numbers: CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 — This update upgrades Firefox to version 60.2.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox … Read More

Moderate: OpenAFS (SL6, SL7)

Synopsis: Moderate: OpenAFS Advisory ID: OPENAFS-SA-2018-001:2:3 Issue Date: 2018-09-11 CVE Numbers: None — These releases include fixes for three security advisories, OPENAFS-SA-2018-001, OPENAFS-SA-2018-002, and OPENAFS-SA-2018-003. OPENAFS-SA-2018-001 only affects deployments that run the ‘butc’ utility as part of the in-tree backup … Read More