Synopsis: Moderate: uriparser security update Advisory ID: SLSA-2019:2280-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-19198 CVE-2018-19199 — * uriparser: Out-of-bounds write via uriComposeQuery* or uriComposeQueryEx* function (CVE-2018-19198) * uriparser: Integer overflow via uriComposeQuery* or uriComposeQueryEx* function (CVE-2018-19199) — SL7 x86_64 uriparser-0.7.5-10.el7.x86_64.rpm … Read More
Synopsis: Low: advancecomp security update Advisory ID: SLSA-2019:2332-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2019-8379 CVE-2019-8383 — Security Fix(es): * advancecomp: null pointer dereference in function be_uint32_read() in endianrw.h (CVE-2019-8379) * advancecomp: denial of service in function adv_png_unfilter_8 in lib/png.c (CVE-2019-8383) … Read More
Synopsis: Moderate: zsh security and bug fix update Advisory ID: SLSA-2019:2017-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-13259 — Security Fix(es): * zsh: Improper handling of shebang line longer than 64 (CVE-2018-13259) — SL7 x86_64 zsh-5.0.2-33.el7.x86_64.rpm zsh-html-5.0.2-33.el7.x86_64.rpm zsh-debuginfo-5.0.2-33.el7.x86_64.rpm – Scientific Linux … Read More
Synopsis: Moderate: unixODBC security update Advisory ID: SLSA-2019:2336-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-7409 CVE-2018-7485 — Security Fix(es): * unixODBC: Buffer overflow in unicode_to_ansi_copy() can lead to crash or other unspecified impact (CVE-2018-7409) * unixODBC: Insecure buffer copy in SQLWriteFileDSN … Read More
Synopsis: Moderate: mercurial security update Advisory ID: SLSA-2019:2276-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-1000132 CVE-2018-13347 CVE-2018-13346 — Security Fix(es): * mercurial: Buffer underflow in mpatch.c:mpatch_apply() (CVE-2018-13347) * mercurial: HTTP server permissions bypass (CVE-2018-1000132) * mercurial: Missing check for fragment start … Read More
Synopsis: Low: blktrace security update Advisory ID: SLSA-2019:2162-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-10689 — Security Fix(es): * blktrace: buffer overflow in the dev_map_read function in btt/devmap.c (CVE-2018-10689) — SL7 x86_64 blktrace-1.0.5-9.el7.x86_64.rpm blktrace-debuginfo-1.0.5-9.el7.x86_64.rpm – Scientific Linux Development Team
Synopsis: Moderate: polkit security and bug fix update Advisory ID: SLSA-2019:2046-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-19788 — Security Fix(es): * polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass (CVE-2018-19788) — SL7 x86_64 polkit-devel-0.112-22.el7.x86_64.rpm polkit-docs-0.112-22.el7.noarch.rpm … Read More
Synopsis: Moderate: keepalived security and bug fix update Advisory ID: SLSA-2019:2285-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-19044 — Security Fix(es): * keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks (CVE-2018-19044) — SL7 x86_64 keepalived-1.3.5-16.el7.x86_64.rpm keepalived-debuginfo-1.3.5-16.el7.x86_64.rpm – … Read More
Synopsis: Low: sox security update Advisory ID: SLSA-2019:2283-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2017-18189 — Security Fix(es): * sox: NULL pointer dereference in startread function in xa.c (CVE-2017-18189) — SL7 x86_64 sox-14.4.1-7.el7.x86_64.rpm sox-14.4.1-7.el7.i686.rpm sox-devel-14.4.1-7.el7.i686.rpm sox-devel-14.4.1-7.el7.x86_64.rpm sox-debuginfo-14.4.1-7.el7.i686.rpm sox-debuginfo-14.4.1-7.el7.x86_64.rpm – Scientific Linux … Read More
Synopsis: Low: python-requests security update Advisory ID: SLSA-2019:2035-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-18074 — Security Fix(es): * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) — SL7 x86_64 python-requests-2.6.0-5.el7.noarch.rpm noarch python-requests-2.6.0-5.el7.noarch.rpm – Scientific Linux Development … Read More
