curl and nss-pem (SL7)

Synopsis: Moderate: curl and nss-pem security and bug fix update Advisory ID: SLSA-2018:3157-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-1000007 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2018-1000301 — Security Fix(es): * curl: HTTP authentication leak in redirects (CVE-2018-1000007) * curl: FTP path trickery leads … Read More

setup (SL7)

Synopsis: Low: setup security and bug fix update Advisory ID: SLSA-2018:3249-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-1113 — Security Fix(es): * setup: nologin listed in /etc/shells violates security expectations (CVE-2018-1113) — SL7 noarch setup-2.8.71-10.el7.noarch.rpm – Scientific Linux Development Team

binutils (SL7)

Synopsis: Low: binutils security, bug fix, and enhancement update Advisory ID: SLSA-2018:3032-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-13033 — Security Fix(es): * binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for … Read More

python (SL7)

Synopsis: Moderate: python security and bug fix update Advisory ID: SLSA-2018:3041-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-1060 CVE-2018-1061 — Security Fix(es): * python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * python: DOS via regular expression … Read More

sssd (SL7)

Synopsis: Low: sssd security, bug fix, and enhancement update Advisory ID: SLSA-2018:3158-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10852 — Security Fix(es): * sssd: information leak from the sssd-sudo responder (CVE-2018-10852) — SL7 x86_64 libipa_hbac-1.16.2-13.el7.i686.rpm libipa_hbac-1.16.2-13.el7.x86_64.rpm libsss_autofs-1.16.2-13.el7.x86_64.rpm libsss_certmap-1.16.2-13.el7.i686.rpm libsss_certmap-1.16.2-13.el7.x86_64.rpm libsss_idmap-1.16.2-13.el7.i686.rpm libsss_idmap-1.16.2-13.el7.x86_64.rpm … Read More

gnutls (SL7)

Synopsis: Moderate: gnutls security, bug fix, and enhancement Advisory ID: SLSA-2018:3050-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 — Security Fix(es): * gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844) * gnutls: … Read More

git (SL7)

Synopsis: Important: git security update Advisory ID: SLSA-2018:3408-1 Issue Date: 2018-10-31 CVE Numbers: CVE-2018-17456 — Security Fix(es): * git: arbitrary code execution via .gitmodules (CVE-2018-17456) — SL7 x86_64 git-1.8.3.1-20.el7.x86_64.rpm git-daemon-1.8.3.1-20.el7.x86_64.rpm git-debuginfo-1.8.3.1-20.el7.x86_64.rpm git-gnome-keyring-1.8.3.1-20.el7.x86_64.rpm git-svn-1.8.3.1-20.el7.x86_64.rpm git-1.8.3.1-20.el7.src.rpm noarch emacs-git-1.8.3.1-20.el7.noarch.rpm emacs-git-el-1.8.3.1-20.el7.noarch.rpm git-all-1.8.3.1-20.el7.noarch.rpm git-bzr-1.8.3.1-20.el7.noarch.rpm git-cvs-1.8.3.1-20.el7.noarch.rpm … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2018:3458-1 Issue Date: 2018-11-05 CVE Numbers: CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 — This update upgrades Thunderbird to version 60.2.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 62 and … Read More

java-11-openjdk (SL7)

Synopsis: Critical: java-11-openjdk security update Advisory ID: SLSA-2018:3521-1 Issue Date: 2018-11-07 CVE Numbers: CVE-2018-3183 CVE-2018-3169 CVE-2018-3139 CVE-2018-3180 CVE-2018-3136 CVE-2018-3149 CVE-2018-3150 — Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, … Read More

X.org X11 (SL7)

Synopsis: Low: X.org X11 security, bug fix, and enhancement update Advisory ID: SLSA-2018:3059-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2015-9262 — Security Fix(es): * libxcursor: 1-byte heap-based overflow in _XcursorThemeInherits function in library.c (CVE-2015-9262) The SL Team added a fix for … Read More