java-1.8.0-openjdk (SL6, SL7)

Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: SLSA-2017:2998-1 Issue Date: 2017-10-20 CVE Numbers: CVE-2017-10285 CVE-2017-10346 CVE-2017-10388 CVE-2017-10274 CVE-2017-10349 CVE-2017-10357 CVE-2017-10348 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 CVE-2017-10355 CVE-2017-10356 — Security Fix(es): * Multiple flaws were discovered in the RMI and Hotspot … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2017:2930-1 Issue Date: 2017-10-19 CVE Numbers: CVE-2016-8399 CVE-2017-7541 CVE-2017-7184 CVE-2017-11176 CVE-2017-7542 CVE-2017-1000111 CVE-2017-1000112 CVE-2017-7558 CVE-2017-14106 — Security Fix(es): * Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel’s IP … Read More

httpd (SL6)

Synopsis: Moderate: httpd security update Advisory ID: SLSA-2017:2972-1 Issue Date: 2017-10-19 CVE Numbers: CVE-2017-9798 CVE-2017-12171 — Security Fix(es): * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive … Read More

wpa_supplicant (SL6)

Synopsis: Important: wpa_supplicant security update Advisory ID: SLSA-2017:2911-1 Issue Date: 2017-10-18 CVE Numbers: CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 CVE-2017-13087 — Security Fix(es): * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi … Read More

wpa_supplicant (SL7)

Synopsis: Important: wpa_supplicant security update Advisory ID: SLSA-2017:2907-1 Issue Date: 2017-10-18 CVE Numbers: CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 — Security Fix(es): * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote … Read More

thunderbird (SL6, SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2017:2885-1 Issue Date: 2017-10-12 CVE Numbers: CVE-2017-7793 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 — This update upgrades Thunderbird to version 52.4.0. Security Fix(es): * Multiple flaws were found in the processing of malformed … Read More

httpd (SL7)

Synopsis: Moderate: httpd security update Advisory ID: SLSA-2017:2882-1 Issue Date: 2017-10-11 CVE Numbers: CVE-2017-9798 — Security Fix(es): * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used … Read More

kernel (SL6)

Synopsis: Moderate: kernel security and bug fix update Advisory ID: SLSA-2017:2863-1 Issue Date: 2017-10-06 CVE Numbers: CVE-2017-7541 — Security Fix(es): * Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to … Read More

postgresql (SL6)

Synopsis: Moderate: postgresql security update Advisory ID: SLSA-2017:2860-1 Issue Date: 2017-10-05 CVE Numbers: CVE-2017-7546 — Security Fix(es): * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq’s refusal to send an … Read More

dnsmasq (SL7)

Synopsis: Critical: dnsmasq security update Advisory ID: SLSA-2017:2836-1 Issue Date: 2017-10-02 CVE Numbers: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 — Security Fix(es): * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An … Read More