thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:3210-1 Issue Date: 2019-10-29 CVE Numbers: CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 — This update upgrades Thunderbird to version 68.2.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox … Read More

sudo (SL7)

Synopsis: Important: sudo security update Advisory ID: SLSA-2019:3197-1 Issue Date: 2019-10-24 CVE Numbers: CVE-2019-14287 — Security Fix(es): * sudo: Privilege escalation via ‘Runas’ specification with ‘ALL’ keyword (CVE-2019-14287) — SL7 x86_64 sudo-1.8.23-4.el7_7.1.x86_64.rpm sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm sudo-debuginfo-1.8.23-4.el7_7.1.i686.rpm sudo-devel-1.8.23-4.el7_7.1.i686.rpm sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm – Scientific Linux Development … Read More

firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2019:3193-1 Issue Date: 2019-10-23 CVE Numbers: CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 — This update upgrades Firefox to version 68.2.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox … Read More

Important: OpenAFS (SL6, SL7)

Synopsis: Important: OpenAFS security update Advisory ID: RITM0891205 Issue Date: 2019-10-23 — Security Fixes: * Fix OPENAFS-SA-2019-001: information leakage in failed RPC output Generated RPC handler routines ran output variables through XDR encoding even when the call had failed and … Read More

java-1.7.0-openjdk (SL6)

Synopsis: Moderate: java-1.7.0-openjdk security update Advisory ID: SLSA-2019:3158-1 Issue Date: 2019-10-22 CVE Numbers: None — Security Fix(es): * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses … Read More

java-1.7.0-openjdk (SL7)

Synopsis: Moderate: java-1.7.0-openjdk security update Advisory ID: SLSA-2019:3157-1 Issue Date: 2019-10-22 CVE Numbers: None — Security Fix(es): * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses … Read More

java-1.8.0-openjdk (SL6)

Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: SLSA-2019:3136-1 Issue Date: 2019-10-18 CVE Numbers: CVE-2019-2964 CVE-2019-2975 CVE-2019-2973 CVE-2019-2981 CVE-2019-2999 CVE-2019-2988 CVE-2019-2978 CVE-2019-2992 CVE-2019-2987 CVE-2019-2983 CVE-2019-2962 CVE-2019-2949 CVE-2019-2945 CVE-2019-2989 — Security Fix(es): * OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2019:3055-1 Issue Date: 2019-10-16 CVE Numbers: None — Security Fix(es): * kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856) * kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846) * … Read More

java-11-openjdk (SL7)

Synopsis: Important: java-11-openjdk security update Advisory ID: SLSA-2019:3127-1 Issue Date: 2019-10-16 CVE Numbers: None — Security Fix(es): * OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, … Read More

java-1.8.0-openjdk (SL7)

Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: SLSA-2019:3128-1 Issue Date: 2019-10-16 CVE Numbers: CVE-2019-2945 CVE-2019-2949 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 — Security Fix(es): * OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) … Read More