jss (SL7)

Synopsis: Important: jss security update Advisory ID: SLSA-2019:3067-1 Issue Date: 2019-10-16 CVE Numbers: None — Security Fix(es): * JSS: OCSP policy “Leaf and Chain” implicitly trusts the root certificate (CVE-2019-14823) For more details about the security issue(s), including the impact, … Read More

patch (SL7)

Synopsis: Important: patch security update Advisory ID: SLSA-2019:2964-1 Issue Date: 2019-10-03 CVE Numbers: CVE-2019-13638 CVE-2018-20969 — Security Fix(es): * patch: do_ed_script in pch.c does not block strings beginning with a ! character (CVE-2018-20969) * patch: OS shell command injection when … Read More

qemu-kvm (SL6)

Synopsis: Important: qemu-kvm security update Advisory ID: SLSA-2019:2892-1 Issue Date: 2019-09-24 CVE Numbers: CVE-2018-11806 CVE-2019-6778 CVE-2019-12155 CVE-2018-10839 CVE-2018-17962 — Security Fix(es): * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806) * QEMU: slirp: heap buffer overflow in tcp_emu() … Read More

dovecot (SL6)

Synopsis: Important: dovecot security update Advisory ID: SLSA-2019:2885-1 Issue Date: 2019-09-23 CVE Numbers: CVE-2019-11500 — * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) — SL6 x86_64 dovecot-2.0.9-22.el6_10.1.i686.rpm dovecot-2.0.9-22.el6_10.1.x86_64.rpm dovecot-debuginfo-2.0.9-22.el6_10.1.i686.rpm … Read More

kernel (SL6)

Synopsis: Important: kernel security update Advisory ID: SLSA-2019:2863-1 Issue Date: 2019-09-23 CVE Numbers: CVE-2019-14835 — Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel’s vhost functionality that translates virtqueue buffers to IOVs, logged the buffer … Read More

kernel (SL7)

Synopsis: Important: kernel security update Advisory ID: SLSA-2019:2829-1 Issue Date: 2019-09-20 CVE Numbers: None — Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel’s vhost functionality that translates virtqueue buffers to IOVs, logged the buffer … Read More

dovecot (SL7)

Synopsis: Important: dovecot security update Advisory ID: SLSA-2019:2836-1 Issue Date: 2019-09-20 CVE Numbers: None — Security Fix(es): * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about … Read More

thunderbird (SL6)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:2807-1 Issue Date: 2019-09-19 CVE Numbers: CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11739 — This update upgrades Thunderbird to version 60.9.0. Security Fix(es): * Mozilla: Covert Content Attack on S/MIME encryption using a … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:2773-1 Issue Date: 2019-09-18 CVE Numbers: CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11739 — This update upgrades Thunderbird to version 60.9.0. Security Fix(es): * Mozilla: Covert Content Attack on S/MIME encryption using a … Read More

kernel (SL6)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2019:2736-1 Issue Date: 2019-09-12 CVE Numbers: CVE-2018-9568 CVE-2019-11810 — Security Fix(es): * kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading … Read More