dbus (SL6)

Synopsis: Important: dbus security update Advisory ID: SLSA-2019:1726-1 Issue Date: 2019-07-10 CVE Numbers: CVE-2019-12749 — Security Fix(es): * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749) — SL6 x86_64 dbus-1.2.24-11.el6_10.x86_64.rpm dbus-debuginfo-1.2.24-11.el6_10.i686.rpm dbus-debuginfo-1.2.24-11.el6_10.x86_64.rpm dbus-libs-1.2.24-11.el6_10.i686.rpm dbus-libs-1.2.24-11.el6_10.x86_64.rpm dbus-x11-1.2.24-11.el6_10.x86_64.rpm dbus-devel-1.2.24-11.el6_10.i686.rpm dbus-devel-1.2.24-11.el6_10.x86_64.rpm i386 dbus-1.2.24-11.el6_10.i686.rpm dbus-debuginfo-1.2.24-11.el6_10.i686.rpm dbus-libs-1.2.24-11.el6_10.i686.rpm dbus-x11-1.2.24-11.el6_10.i686.rpm … Read More

libssh2 (SL6)

Synopsis: Important: libssh2 security update Advisory ID: SLSA-2019:1652-1 Issue Date: 2019-07-02 CVE Numbers: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3863 — Security Fix(es): * libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) * libssh2: Integer overflow in keyboard … Read More

qemu-kvm (SL6)

Synopsis: Low: qemu-kvm security update Advisory ID: SLSA-2019:1650-1 Issue Date: 2019-07-02 CVE Numbers: CVE-2019-9824 — Security Fix(es): * QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824) — SL6 x86_64 qemu-guest-agent-0.12.1.2-2.506.el6_10.4.x86_64.rpm qemu-img-0.12.1.2-2.506.el6_10.4.x86_64.rpm qemu-kvm-0.12.1.2-2.506.el6_10.4.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.4.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.506.el6_10.4.x86_64.rpm i386 qemu-guest-agent-0.12.1.2-2.506.el6_10.4.i686.rpm … Read More

vim (SL7)

Synopsis: Important: vim security update Advisory ID: SLSA-2019:1619-1 Issue Date: 2019-07-01 CVE Numbers: CVE-2019-12735 — Security Fix(es): * vim/neovim: ‘:source!’ command allows arbitrary command execution via modelines (CVE-2019-12735) — SL7 x86_64 vim-X11-7.4.160-6.el7_6.x86_64.rpm vim-common-7.4.160-6.el7_6.x86_64.rpm vim-debuginfo-7.4.160-6.el7_6.x86_64.rpm vim-enhanced-7.4.160-6.el7_6.x86_64.rpm vim-filesystem-7.4.160-6.el7_6.x86_64.rpm vim-minimal-7.4.160-6.el7_6.x86_64.rpm – Scientific Linux … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:1626-1 Issue Date: 2019-06-27 CVE Numbers: None — Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open … Read More

firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2019:1603-1 Issue Date: 2019-06-26 CVE Numbers: None — Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) — SL7 x86_64 firefox-60.7.2-1.el7_6.x86_64.rpm firefox-debuginfo-60.7.2-1.el7_6.x86_64.rpm firefox-60.7.2-1.el7_6.i686.rpm firefox-debuginfo-60.7.2-1.el7_6.i686.rpm – Scientific … Read More

thunderbird (SL6)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:1624-1 Issue Date: 2019-06-27 CVE Numbers: None — Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open … Read More

firefox (SL6)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2019:1604-1 Issue Date: 2019-06-26 CVE Numbers: None — Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) — SL6 x86_64 firefox-60.7.2-1.el6_10.x86_64.rpm firefox-debuginfo-60.7.2-1.el6_10.x86_64.rpm firefox-60.7.2-1.el6_10.i686.rpm firefox-debuginfo-60.7.2-1.el6_10.i686.rpm i386 firefox-60.7.2-1.el6_10.i686.rpm … Read More

python (SL7)

Synopsis: Important: python security update Advisory ID: SLSA-2019:1587-1 Issue Date: 2019-06-20 CVE Numbers: CVE-2019-10160 — Security Fix(es): * python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160) — SL7 x86_64 python-2.7.5-80.el7_6.x86_64.rpm python-debuginfo-2.7.5-80.el7_6.i686.rpm python-debuginfo-2.7.5-80.el7_6.x86_64.rpm python-libs-2.7.5-80.el7_6.i686.rpm … Read More

libvirt (SL6)

Synopsis: Moderate: libvirt security update Advisory ID: SLSA-2019:1578-1 Issue Date: 2019-06-20 CVE Numbers: CVE-2019-10161 — Security Fix(es): * libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) * libvirt: arbitrary command execution … Read More