firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2019:2729-1 Issue Date: 2019-09-11 CVE Numbers: CVE-2019-9812 CVE-2019-11733 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 — Security Fix(es): * Mozilla: Sandbox escape through Firefox Sync (CVE-2019-9812) * Mozilla: Memory safety bugs fixed in Firefox … Read More

qemu-kvm (SL7)

Synopsis: Low: qemu-kvm security update Advisory ID: SLSA-2019:2607-1 Issue Date: 2019-09-03 CVE Numbers: CVE-2019-12155 — Security Fix(es): * QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155) — SL7 x86_64 qemu-img-1.5.3-167.el7_7.1.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.1.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.1.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.1.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7_7.1.x86_64.rpm – Scientific Linux Development … Read More

kdelibs and kde-settings (SL7)

Synopsis: Important: kdelibs and kde-settings security and bug fix update Advisory ID: SLSA-2019:2606-1 Issue Date: 2019-09-03 CVE Numbers: CVE-2019-14744 — * kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction (CVE-2019-14744) Bug Fix(es): * … Read More

kernel (SL7)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2019:2600-1 Issue Date: 2019-09-03 CVE Numbers: CVE-2019-1125 CVE-2019-9500 — Security Fix(es): * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) * kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500) Bug Fix(es): … Read More

ghostscript (SL7)

Synopsis: Important: ghostscript security update Advisory ID: SLSA-2019:2586-1 Issue Date: 2019-09-03 CVE Numbers: CVE-2019-14813 CVE-2019-14812 CVE-2019-14811 CVE-2019-14817 — Security Fix(es): * ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445) (CVE-2019-14811) * ghostscript: Safer mode bypass by .forceput exposure … Read More

pango (SL7)

Synopsis: Important: pango security update Advisory ID: SLSA-2019:2571-1 Issue Date: 2019-08-28 CVE Numbers: CVE-2019-1010238 — Security Fix(es): * pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow (CVE-2019-1010238) — SL7 x86_64 pango-1.42.4-4.el7_7.i686.rpm pango-1.42.4-4.el7_7.x86_64.rpm pango-debuginfo-1.42.4-4.el7_7.i686.rpm pango-debuginfo-1.42.4-4.el7_7.x86_64.rpm pango-devel-1.42.4-4.el7_7.i686.rpm pango-devel-1.42.4-4.el7_7.x86_64.rpm pango-tests-1.42.4-4.el7_7.x86_64.rpm – Scientific Linux Development Team

ghostscript (SL7)

Synopsis: Important: ghostscript security update Advisory ID: SLSA-2019:2462-1 Issue Date: 2019-08-12 CVE Numbers: CVE-2019-10216 — Security Fix(es): * ghostscript: -dSAFER escape via .buildfont1 (701394) (CVE-2019-10216) — SL7 x86_64 ghostscript-9.25-2.el7_7.1.i686.rpm ghostscript-9.25-2.el7_7.1.x86_64.rpm ghostscript-cups-9.25-2.el7_7.1.x86_64.rpm ghostscript-debuginfo-9.25-2.el7_7.1.i686.rpm ghostscript-debuginfo-9.25-2.el7_7.1.x86_64.rpm libgs-9.25-2.el7_7.1.i686.rpm libgs-9.25-2.el7_7.1.x86_64.rpm ghostscript-gtk-9.25-2.el7_7.1.x86_64.rpm libgs-devel-9.25-2.el7_7.1.i686.rpm libgs-devel-9.25-2.el7_7.1.x86_64.rpm noarch ghostscript-doc-9.25-2.el7_7.1.noarch.rpm … Read More

uriparser (SL7)

Synopsis: Moderate: uriparser security update Advisory ID: SLSA-2019:2280-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-19198 CVE-2018-19199 — * uriparser: Out-of-bounds write via uriComposeQuery* or uriComposeQueryEx* function (CVE-2018-19198) * uriparser: Integer overflow via uriComposeQuery* or uriComposeQueryEx* function (CVE-2018-19199) — SL7 x86_64 uriparser-0.7.5-10.el7.x86_64.rpm … Read More

advancecomp (SL7)

Synopsis: Low: advancecomp security update Advisory ID: SLSA-2019:2332-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2019-8379 CVE-2019-8383 — Security Fix(es): * advancecomp: null pointer dereference in function be_uint32_read() in endianrw.h (CVE-2019-8379) * advancecomp: denial of service in function adv_png_unfilter_8 in lib/png.c (CVE-2019-8383) … Read More

zsh (SL7)

Synopsis: Moderate: zsh security and bug fix update Advisory ID: SLSA-2019:2017-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-13259 — Security Fix(es): * zsh: Improper handling of shebang line longer than 64 (CVE-2018-13259) — SL7 x86_64 zsh-5.0.2-33.el7.x86_64.rpm zsh-html-5.0.2-33.el7.x86_64.rpm zsh-debuginfo-5.0.2-33.el7.x86_64.rpm – Scientific Linux … Read More