Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:0270-1 Issue Date: 2019-02-04 CVE Numbers: CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2016-5824 — This update upgrades Thunderbird to version 60.5.0. Security Fix(es): * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed … Read More
Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:0269-1 Issue Date: 2019-02-04 CVE Numbers: CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2016-5824 — This update upgrades Thunderbird to version 60.5.0. Security Fix(es): * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed … Read More
Synopsis: Important: polkit security update Advisory ID: SLSA-2019:0230-1 Issue Date: 2019-01-31 CVE Numbers: CVE-2019-6133 — Security Fix(es): * polkit: Temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133) — SL7 x86_64 polkit-0.112-18.el7_6.1.i686.rpm polkit-0.112-18.el7_6.1.x86_64.rpm polkit-debuginfo-0.112-18.el7_6.1.i686.rpm polkit-debuginfo-0.112-18.el7_6.1.x86_64.rpm polkit-devel-0.112-18.el7_6.1.i686.rpm polkit-devel-0.112-18.el7_6.1.x86_64.rpm noarch polkit-docs-0.112-18.el7_6.1.noarch.rpm … Read More
Synopsis: Important: ghostscript security and bug fix update Advisory ID: SLSA-2019:0229-1 Issue Date: 2019-01-31 CVE Numbers: CVE-2018-16540 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 CVE-2019-6116 — Security Fix(es): * ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) … Read More
Synopsis: Important: spice-server security update Advisory ID: SLSA-2019:0232-1 Issue Date: 2019-01-31 CVE Numbers: CVE-2019-3813 — Security Fix(es): * spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) — SL6 x86_64 spice-server-0.12.4-16.el6_10.3.x86_64.rpm spice-server-debuginfo-0.12.4-16.el6_10.3.x86_64.rpm – Scientific Linux Development Team
Synopsis: Important: spice security update Advisory ID: SLSA-2019:0231-1 Issue Date: 2019-01-31 CVE Numbers: CVE-2019-3813 — Security Fix(es): * spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) — SL7 x86_64 spice-debuginfo-0.14.0-6.el7_6.1.x86_64.rpm spice-server-0.14.0-6.el7_6.1.x86_64.rpm spice-server-devel-0.14.0-6.el7_6.1.x86_64.rpm – Scientific Linux Development Team
Synopsis: Critical: firefox security update Advisory ID: SLSA-2019:0219-1 Issue Date: 2019-01-30 CVE Numbers: CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 — This update upgrades Firefox to version 60.5.0 ESR. Security Fix(es): * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed … Read More
Synopsis: Critical: firefox security update Advisory ID: SLSA-2019:0218-1 Issue Date: 2019-01-30 CVE Numbers: CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 — This update upgrades Firefox to version 60.5.0 ESR. Security Fix(es): * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed … Read More
Synopsis: Low: systemd security update Advisory ID: SLSA-2019:0201-1 Issue Date: 2019-01-29 CVE Numbers: CVE-2019-3815 — Security Fix(es): * systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864 (CVE-2019-3815) — SL7 x86_64 libgudev1-219-62.el7_6.3.i686.rpm libgudev1-219-62.el7_6.3.x86_64.rpm systemd-219-62.el7_6.3.x86_64.rpm systemd-debuginfo-219-62.el7_6.3.i686.rpm systemd-debuginfo-219-62.el7_6.3.x86_64.rpm systemd-libs-219-62.el7_6.3.i686.rpm systemd-libs-219-62.el7_6.3.x86_64.rpm systemd-python-219-62.el7_6.3.x86_64.rpm … Read More
Synopsis: Moderate: bind security update Advisory ID: SLSA-2019:0194-1 Issue Date: 2019-01-29 CVE Numbers: CVE-2018-5742 — Security Fix(es): * bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary (CVE-2018-5742) — SL7 x86_64 bind-debuginfo-9.9.4-73.el7_6.i686.rpm … Read More
