Important: Openafs Security Update (SL6, SL7)

Synopsis: Important: Openafs Security Update Advisory ID: OPENAFS-SA-2017-001 Issue Date: 2017-12-06 — Security Fix(es): * Certain values transmitted in RX ACK packets were not sanity checked by OpenAFS receiving peers, which could lead to an assertion being triggered during construction … Read More

java-1.7.0-openjdk (SL6, SL7)

Synopsis: Important: java-1.7.0-openjdk security and bug fix update Advisory ID: SLSA-2017:3392-1 Issue Date: 2017-12-06 CVE Numbers: CVE-2017-10193 CVE-2017-10198 CVE-2017-10285 CVE-2017-10346 CVE-2017-10388 CVE-2017-10274 CVE-2017-10349 CVE-2017-10357 CVE-2017-10348 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 CVE-2017-10355 CVE-2017-10356 — Security Fix(es): * Multiple flaws were discovered … Read More

firefox (SL6, SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2017:3382-1 Issue Date: 2017-12-05 CVE Numbers: CVE-2017-7843 — This update upgrades Firefox to version 52.5.1 ESR. Security Fix(es): * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker … Read More

sssd (SL7)

Synopsis: Moderate: sssd security and bug fix update Advisory ID: SLSA-2017:3379-1 Issue Date: 2017-12-05 CVE Numbers: CVE-2017-12173 — Security Fix(es): * It was found that sssd’s sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable … Read More

liblouis (SL7)

Synopsis: Moderate: liblouis security update Advisory ID: SLSA-2017:3384-1 Issue Date: 2017-12-05 CVE Numbers: CVE-2017-15101 — Security Fix(es): * A missing fix for one stack-based buffer overflow in findTable() for CVE-2014-8184 was discovered. An attacker could cause denial of service or … Read More

thunderbird (SL6, SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2017:3372-1 Issue Date: 2017-12-04 CVE Numbers: CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 — This update upgrades Thunderbird to version 52.5.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web … Read More

qemu-kvm (SL7)

Synopsis: Moderate: qemu-kvm security update Advisory ID: SLSA-2017:3368-1 Issue Date: 2017-11-30 CVE Numbers: CVE-2017-14167 CVE-2017-15289 — Security Fix(es): * Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2017:3315-1 Issue Date: 2017-11-30 CVE Numbers: CVE-2017-1000380 — Security Fix(es): * It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition … Read More

samba4 (SL6)

Synopsis: Important: samba4 security update Advisory ID: SLSA-2017:3278-1 Issue Date: 2017-11-29 CVE Numbers: CVE-2017-14746 CVE-2017-15275 — Security Fix(es): * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 … Read More

apr (SL6, SL7)

Synopsis: Important: apr security update Advisory ID: SLSA-2017:3270-1 Issue Date: 2017-11-29 CVE Numbers: CVE-2017-12613 — Security Fix(es): * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial … Read More