Synopsis: Important: libvirt security update Advisory ID: SLSA-2019:1177-1 Issue Date: 2019-05-14 CVE Numbers: CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 — Security Fix(es): * A flaw was found in the implementation of the “fill buffer”, a mechanism used by modern CPUs when a … Read More
Synopsis: Important: wget security update Advisory ID: SLSA-2019:1228-1 Issue Date: 2019-05-14 CVE Numbers: CVE-2019-5953 — Security Fix(es): * wget: do_conversion() heap-based buffer overflow vulnerability (CVE-2019-5953) — SL7 x86_64 wget-1.14-18.el7_6.1.x86_64.rpm wget-debuginfo-1.14-18.el7_6.1.x86_64.rpm – Scientific Linux Development Team
Synopsis: Important: python-jinja2 security update Advisory ID: SLSA-2019:1022-1 Issue Date: 2019-05-07 CVE Numbers: CVE-2016-10745 — * python-jinja2: Sandbox escape due to information disclosure via str.format (CVE-2016-10745) — SL7 noarch python-jinja2-2.7.2-3.el7_6.noarch.rpm – Scientific Linux Development Team
Synopsis: Important: freeradius security update Advisory ID: SLSA-2019:1131-1 Issue Date: 2019-05-09 CVE Numbers: CVE-2019-11235 CVE-2019-11234 — Security Fix(es): * freeradius: eap-pwd: authentication bypass via an invalid curve attack (CVE-2019-11235) * freeradius: eap-pwd: fake authentication using reflection (CVE-2019-11234) — SL7 x86_64 … Read More
Synopsis: Important: flatpak security update Advisory ID: SLSA-2019:1024-1 Issue Date: 2019-05-08 CVE Numbers: CVE-2019-10063 — Security Fix(es): * flatpak: Sandbox bypass via IOCSTI (incomplete fix for CVE-2017-5226) (CVE-2019-10063) — SL7 x86_64 flatpak-1.0.2-5.el7_6.x86_64.rpm flatpak-debuginfo-1.0.2-5.el7_6.x86_64.rpm flatpak-libs-1.0.2-5.el7_6.x86_64.rpm flatpak-builder-1.0.0-5.el7_6.x86_64.rpm flatpak-devel-1.0.2-5.el7_6.x86_64.rpm flatpak-1.0.2-5.el7_6.src.rpm – Scientific Linux … Read More
Synopsis: Important: ghostscript security update Advisory ID: SLSA-2019:1017-1 Issue Date: 2019-05-07 CVE Numbers: CVE-2019-3839 — Security Fix(es): * ghostscript: missing attack vector protections for CVE-2019-6116 (CVE-2019-3839) — SL7 x86_64 ghostscript-9.07-31.el7_6.11.i686.rpm ghostscript-9.07-31.el7_6.11.x86_64.rpm ghostscript-cups-9.07-31.el7_6.11.x86_64.rpm ghostscript-debuginfo-9.07-31.el7_6.11.i686.rpm ghostscript-debuginfo-9.07-31.el7_6.11.x86_64.rpm ghostscript-devel-9.07-31.el7_6.11.i686.rpm ghostscript-devel-9.07-31.el7_6.11.x86_64.rpm ghostscript-gtk-9.07-31.el7_6.11.x86_64.rpm ghostscript-9.07-31.el7_6.11.src.rpm noarch ghostscript-doc-9.07-31.el7_6.11.noarch.rpm … Read More
Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2019:0818-1 Issue Date: 2019-04-23 CVE Numbers: CVE-2019-7221 CVE-2019-6974 — Security Fix(es): * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of … Read More
Synopsis: Important: ovmf security update Advisory ID: SLSA-2019:0809-1 Issue Date: 2019-04-23 CVE Numbers: CVE-2018-12180 — Security Fix(es): * edk2: Buffer Overflow in BlockIo service for RAM disk (CVE-2018-12180) — SL7 noarch OVMF-20180508-3.gitee3198e672e2.el7_6.1.noarch.rpm – Scientific Linux Development Team
Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: SLSA-2019:0790-1 Issue Date: 2019-04-22 CVE Numbers: CVE-2019-2602 CVE-2019-2698 CVE-2019-2684 — Security Fix(es): * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long … Read More
Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: SLSA-2019:0791-1 Issue Date: 2019-04-22 CVE Numbers: CVE-2019-2602 CVE-2019-2698 CVE-2019-2684 — Security Fix(es): * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long … Read More
