ovmf (SL7)

Synopsis: Moderate: ovmf security, bug fix, and enhancement update Advisory ID: SLSA-2018:3090-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-0739 — Security Fix(es): * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) … Read More

wpa_supplicant (SL7)

Synopsis: Moderate: wpa_supplicant security and bug fix update Advisory ID: SLSA-2018:3107-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-14526 — Security Fix(es): * wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526) — SL7 x86_64 wpa_supplicant-2.6-12.el7.x86_64.rpm wpa_supplicant-debuginfo-2.6-12.el7.x86_64.rpm – Scientific Linux Development Team

jasper (SL7)

Synopsis: Low: jasper security update Advisory ID: SLSA-2018:3253-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2016-9396 CVE-2017-1000050 — Security Fix(es): * jasper: reachable assertion in JPC_NOMINALGAIN() (CVE-2016-9396) * jasper: NULL pointer exception in jp2_encode() (CVE-2017-1000050) — SL7 x86_64 jasper-debuginfo-1.900.1-33.el7.i686.rpm jasper-debuginfo-1.900.1-33.el7.x86_64.rpm jasper-libs-1.900.1-33.el7.i686.rpm jasper-libs-1.900.1-33.el7.x86_64.rpm … Read More

xerces-c (SL7)

Synopsis: Moderate: xerces-c security update Advisory ID: SLSA-2018:3335-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2016-4463 — Security Fix(es): * xerces-c: Stack overflow when parsing deeply nested DTD (CVE-2016-4463) — SL7 x86_64 xerces-c-3.1.1-9.el7.i686.rpm xerces-c-3.1.1-9.el7.x86_64.rpm xerces-c-debuginfo-3.1.1-9.el7.i686.rpm xerces-c-debuginfo-3.1.1-9.el7.x86_64.rpm xerces-c-devel-3.1.1-9.el7.i686.rpm xerces-c-devel-3.1.1-9.el7.x86_64.rpm noarch xerces-c-doc-3.1.1-9.el7.noarch.rpm – Scientific … Read More

GNOME (SL7)

Synopsis: Moderate: GNOME security, bug fix, and enhancement update Advisory ID: SLSA-2018:3140-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10733 CVE-2018-10768 CVE-2018-10767 CVE-2017-18267 CVE-2018-12910 CVE-2018-13988 — Security Fix(es): * libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910) * poppler: Infinite recursion in … Read More

java-1.7.0-openjdk (SL7)

Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: SLSA-2018:3350-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-3169 CVE-2018-3214 CVE-2018-3139 CVE-2018-3180 CVE-2018-3136 CVE-2018-3149 — Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, … Read More

krb5 (SL7)

Synopsis: Low: krb5 security, bug fix, and enhancement update Advisory ID: SLSA-2018:3071-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-5730 CVE-2018-5729 — Security Fix(es): * krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * … Read More

zziplib (SL7)

Synopsis: Low: zziplib security update Advisory ID: SLSA-2018:3229-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-7725 CVE-2018-7726 CVE-2018-7727 — Security Fix(es): * zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash (CVE-2018-7725) * zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted … Read More

glusterfs (SL7)

Synopsis: Moderate: glusterfs security, bug fix, and Advisory ID: SLSA-2018:3242-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10911 — Security Fix(es): * glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory (CVE-2018-10911) — SL7 x86_64 glusterfs-3.12.2-18.el7.x86_64.rpm glusterfs-api-3.12.2-18.el7.x86_64.rpm glusterfs-cli-3.12.2-18.el7.x86_64.rpm glusterfs-client-xlators-3.12.2-18.el7.x86_64.rpm … Read More

libmspack (SL7)

Synopsis: Low: libmspack security update Advisory ID: SLSA-2018:3327-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-14679 CVE-2018-14681 CVE-2018-14680 CVE-2018-14682 — Security Fix(es): * libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) * libmspack: off-by-one error in the CHM … Read More