Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: SLSA-2018:3350-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-3169 CVE-2018-3214 CVE-2018-3139 CVE-2018-3180 CVE-2018-3136 CVE-2018-3149 — Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, … Read More
Synopsis: Low: krb5 security, bug fix, and enhancement update Advisory ID: SLSA-2018:3071-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-5730 CVE-2018-5729 — Security Fix(es): * krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * … Read More
Synopsis: Low: zziplib security update Advisory ID: SLSA-2018:3229-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-7725 CVE-2018-7726 CVE-2018-7727 — Security Fix(es): * zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash (CVE-2018-7725) * zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted … Read More
Synopsis: Moderate: glusterfs security, bug fix, and Advisory ID: SLSA-2018:3242-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10911 — Security Fix(es): * glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory (CVE-2018-10911) — SL7 x86_64 glusterfs-3.12.2-18.el7.x86_64.rpm glusterfs-api-3.12.2-18.el7.x86_64.rpm glusterfs-cli-3.12.2-18.el7.x86_64.rpm glusterfs-client-xlators-3.12.2-18.el7.x86_64.rpm … Read More
Synopsis: Low: libmspack security update Advisory ID: SLSA-2018:3327-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-14679 CVE-2018-14681 CVE-2018-14680 CVE-2018-14682 — Security Fix(es): * libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) * libmspack: off-by-one error in the CHM … Read More
Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: SLSA-2018:3092-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2017-16997 CVE-2018-6485 CVE-2018-11236 CVE-2018-11237 — Security Fix(es): * glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from … Read More
Synopsis: Important: kernel security, bug fix, and enhancement Advisory ID: SLSA-2018:3083-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2015-8830 CVE-2018-5803 CVE-2018-1130 CVE-2017-0861 CVE-2018-5391 CVE-2016-4913 CVE-2017-10661 CVE-2017-17805 CVE-2018-5344 CVE-2018-1000026 CVE-2017-18208 CVE-2018-7740 CVE-2018-7757 CVE-2017-18232 CVE-2018-1092 CVE-2018-1094 CVE-2018-8781 CVE-2018-10322 CVE-2018-1118 CVE-2018-1120 CVE-2018-10940 CVE-2018-10902 CVE-2018-5848 CVE-2018-10878 … Read More
Synopsis: Moderate: libvirt security, bug fix, and enhancement Advisory ID: SLSA-2018:3113-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-6764 — Security Fix(es): * libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init (CVE-2018-6764) — SL7 x86_64 libvirt-4.5.0-10.el7.x86_64.rpm libvirt-bash-completion-4.5.0-10.el7.x86_64.rpm … Read More
Synopsis: Moderate: zsh security and bug fix update Advisory ID: SLSA-2018:3073-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2014-10072 CVE-2017-18206 CVE-2018-1083 CVE-2018-1100 CVE-2014-10071 CVE-2018-7549 CVE-2017-18205 CVE-2018-1071 — Security Fix(es): * zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c (CVE-2018-1083) * zsh: buffer … Read More
Synopsis: Moderate: openssl security, bug fix, and enhancement Advisory ID: SLSA-2018:3221-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-0739 CVE-2017-3735 CVE-2018-0737 CVE-2018-0732 CVE-2018-0495 — Security Fix(es): * openssl: ROHNP – Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious … Read More
