libcgroup (SL7)

Synopsis: Moderate: libcgroup security update Advisory ID: SLSA-2019:2047-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-14348 — Security Fix(es): * libcgroup: cgrulesengd creates log files with insecure permissions (CVE-2018-14348) — SL7 x86_64 libcgroup-0.41-21.el7.i686.rpm libcgroup-tools-0.41-21.el7.x86_64.rpm libcgroup-0.41-21.el7.x86_64.rpm libcgroup-devel-0.41-21.el7.i686.rpm libcgroup-pam-0.41-21.el7.x86_64.rpm libcgroup-devel-0.41-21.el7.x86_64.rpm libcgroup-pam-0.41-21.el7.i686.rpm libcgroup-debuginfo-0.41-21.el7.i686.rpm libcgroup-debuginfo-0.41-21.el7.x86_64.rpm – … Read More

sssd (SL7)

Synopsis: Moderate: sssd security, bug fix, and enhancement update Advisory ID: SLSA-2019:2177-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-16838 CVE-2019-3811 — The following packages have been upgraded to a later upstream version: sssd (1.16.4). Security Fix(es): * sssd: fallback_homedir returns ‘/’ … Read More

libwpd (SL7)

Synopsis: Low: libwpd security update Advisory ID: SLSA-2019:2126-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-19208 — Security Fix(es): * libwpd: NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp (CVE-2018-19208) — SL7 x86_64 libwpd-0.10.0-2.el7.i686.rpm libwpd-0.10.0-2.el7.x86_64.rpm libwpd-doc-0.10.0-2.el7.noarch.rpm libwpd-devel-0.10.0-2.el7.i686.rpm libwpd-tools-0.10.0-2.el7.x86_64.rpm libwpd-devel-0.10.0-2.el7.x86_64.rpm libwpd-debuginfo-0.10.0-2.el7.i686.rpm libwpd-debuginfo-0.10.0-2.el7.x86_64.rpm … Read More

libssh2 (SL7)

Synopsis: Moderate: libssh2 security, bug fix, and enhancement update Advisory ID: SLSA-2019:2136-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2019-3861 CVE-2019-3858 — The following packages have been upgraded to a later upstream version: libssh2 (1.8.0). Security Fix(es): * libssh2: Zero-byte allocation with … Read More

ruby (SL7)

Synopsis: Moderate: ruby security update Advisory ID: SLSA-2019:2028-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-8779 CVE-2018-1000077 CVE-2018-8780 CVE-2018-1000075 CVE-2018-1000078 CVE-2018-6914 CVE-2018-8777 CVE-2018-1000076 CVE-2017-17742 CVE-2018-1000079 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-8778 CVE-2018-16396 — Security Fix(es): * ruby: HTTP response splitting in WEBrick (CVE-2017-17742) * ruby: … Read More

exempi (SL7)

Synopsis: Low: exempi security update Advisory ID: SLSA-2019:2048-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-7730 CVE-2017-18233 CVE-2017-18238 CVE-2017-18236 CVE-2017-18234 — Security Fix(es): * exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp (CVE-2017-18233) * exempi: Use after free via a PDF file … Read More

nss, nss-softokn, nss-util, and nspr (SL7)

Synopsis: Moderate: nss, nss-softokn, nss-util, and nspr security, bug Advisory ID: SLSA-2019:2237-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-0495 CVE-2018-12404 — Netscape Portable Runtime (NSPR) provides platform independence for non- GUI operating system facilities. The following packages have been upgraded to … Read More

qt5 (SL7)

Synopsis: Moderate: qt5 security, bug fix, and enhancement update Advisory ID: SLSA-2019:2135-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-15518 CVE-2018-19871 CVE-2018-19869 CVE-2018-19873 CVE-2018-19870 — The following packages have been upgraded to a later upstream version: qt5-qt3d (5.9.7), qt5-qtbase (5.9.7), qt5-qtcanvas3d (5.9.7), … Read More

unzip (SL7)

Synopsis: Low: unzip security update Advisory ID: SLSA-2019:2159-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-18384 — Security Fix(es): * unzip: Buffer overflow in list.c resulting in a denial of service (CVE-2018-18384) — SL7 x86_64 unzip-6.0-20.el7.x86_64.rpm unzip-debuginfo-6.0-20.el7.x86_64.rpm – Scientific Linux Development Team

libjpeg-turbo (SL7)

Synopsis: Moderate: libjpeg-turbo security update Advisory ID: SLSA-2019:2052-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2016-3616 CVE-2018-11213 CVE-2018-11212 CVE-2018-11214 CVE-2018-14498 CVE-2018-11813 — Security Fix(es): * libjpeg: null pointer dereference in cjpeg (CVE-2016-3616) * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in … Read More