gnutls (SL7)

Synopsis: Moderate: gnutls security, bug fix, and enhancement Advisory ID: SLSA-2018:3050-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 — Security Fix(es): * gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844) * gnutls: … Read More

git (SL7)

Synopsis: Important: git security update Advisory ID: SLSA-2018:3408-1 Issue Date: 2018-10-31 CVE Numbers: CVE-2018-17456 — Security Fix(es): * git: arbitrary code execution via .gitmodules (CVE-2018-17456) — SL7 x86_64 git-1.8.3.1-20.el7.x86_64.rpm git-daemon-1.8.3.1-20.el7.x86_64.rpm git-debuginfo-1.8.3.1-20.el7.x86_64.rpm git-gnome-keyring-1.8.3.1-20.el7.x86_64.rpm git-svn-1.8.3.1-20.el7.x86_64.rpm git-1.8.3.1-20.el7.src.rpm noarch emacs-git-1.8.3.1-20.el7.noarch.rpm emacs-git-el-1.8.3.1-20.el7.noarch.rpm git-all-1.8.3.1-20.el7.noarch.rpm git-bzr-1.8.3.1-20.el7.noarch.rpm git-cvs-1.8.3.1-20.el7.noarch.rpm … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2018:3458-1 Issue Date: 2018-11-05 CVE Numbers: CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 — This update upgrades Thunderbird to version 60.2.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 62 and … Read More

java-11-openjdk (SL7)

Synopsis: Critical: java-11-openjdk security update Advisory ID: SLSA-2018:3521-1 Issue Date: 2018-11-07 CVE Numbers: CVE-2018-3183 CVE-2018-3169 CVE-2018-3139 CVE-2018-3180 CVE-2018-3136 CVE-2018-3149 CVE-2018-3150 — Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, … Read More

X.org X11 (SL7)

Synopsis: Low: X.org X11 security, bug fix, and enhancement update Advisory ID: SLSA-2018:3059-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2015-9262 — Security Fix(es): * libxcursor: 1-byte heap-based overflow in _XcursorThemeInherits function in library.c (CVE-2015-9262) The SL Team added a fix for … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2018:3532-1 Issue Date: 2018-11-09 CVE Numbers: CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 — This update upgrades Thunderbird to version 60.3.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 … Read More

xorg-x11-server (SL7)

Synopsis: Important: xorg-x11-server security update Advisory ID: SLSA-2018:3410-1 Issue Date: 2018-10-31 CVE Numbers: CVE-2018-14665 — Security Fix(es): * xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665) The SL Team added a fix for upstream bug … Read More

thunderbird (SL6)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2018:3531-1 Issue Date: 2018-11-09 CVE Numbers: CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 — This update upgrades Thunderbird to version 60.3.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 … Read More

spice-server (SL6)

Synopsis: Important: spice-server security update Advisory ID: SLSA-2018:3522-1 Issue Date: 2018-11-08 CVE Numbers: CVE-2017-7506 — Security Fix(es): * spice: Possible buffer overflow via invalid monitor configurations (CVE-2017-7506) — SL6 x86_64 spice-server-0.12.4-16.el6_10.2.x86_64.rpm spice-server-debuginfo-0.12.4-16.el6_10.2.x86_64.rpm spice-server-devel-0.12.4-16.el6_10.2.x86_64.rpm – Scientific Linux Development Team

java-1.7.0-openjdk (SL6)

Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: SLSA-2018:3409-1 Issue Date: 2018-10-31 CVE Numbers: CVE-2018-3169 CVE-2018-3214 CVE-2018-3139 CVE-2018-3180 CVE-2018-3136 CVE-2018-3149 — Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, … Read More