unixODBC (SL7)

Synopsis: Moderate: unixODBC security update Advisory ID: SLSA-2019:2336-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-7409 CVE-2018-7485 — Security Fix(es): * unixODBC: Buffer overflow in unicode_to_ansi_copy() can lead to crash or other unspecified impact (CVE-2018-7409) * unixODBC: Insecure buffer copy in SQLWriteFileDSN … Read More

mercurial (SL7)

Synopsis: Moderate: mercurial security update Advisory ID: SLSA-2019:2276-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-1000132 CVE-2018-13347 CVE-2018-13346 — Security Fix(es): * mercurial: Buffer underflow in mpatch.c:mpatch_apply() (CVE-2018-13347) * mercurial: HTTP server permissions bypass (CVE-2018-1000132) * mercurial: Missing check for fragment start … Read More

blktrace (SL7)

Synopsis: Low: blktrace security update Advisory ID: SLSA-2019:2162-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-10689 — Security Fix(es): * blktrace: buffer overflow in the dev_map_read function in btt/devmap.c (CVE-2018-10689) — SL7 x86_64 blktrace-1.0.5-9.el7.x86_64.rpm blktrace-debuginfo-1.0.5-9.el7.x86_64.rpm – Scientific Linux Development Team

polkit (SL7)

Synopsis: Moderate: polkit security and bug fix update Advisory ID: SLSA-2019:2046-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-19788 — Security Fix(es): * polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass (CVE-2018-19788) — SL7 x86_64 polkit-devel-0.112-22.el7.x86_64.rpm polkit-docs-0.112-22.el7.noarch.rpm … Read More

keepalived (SL7)

Synopsis: Moderate: keepalived security and bug fix update Advisory ID: SLSA-2019:2285-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-19044 — Security Fix(es): * keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks (CVE-2018-19044) — SL7 x86_64 keepalived-1.3.5-16.el7.x86_64.rpm keepalived-debuginfo-1.3.5-16.el7.x86_64.rpm – … Read More

sox (SL7)

Synopsis: Low: sox security update Advisory ID: SLSA-2019:2283-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2017-18189 — Security Fix(es): * sox: NULL pointer dereference in startread function in xa.c (CVE-2017-18189) — SL7 x86_64 sox-14.4.1-7.el7.x86_64.rpm sox-14.4.1-7.el7.i686.rpm sox-devel-14.4.1-7.el7.i686.rpm sox-devel-14.4.1-7.el7.x86_64.rpm sox-debuginfo-14.4.1-7.el7.i686.rpm sox-debuginfo-14.4.1-7.el7.x86_64.rpm – Scientific Linux … Read More

python-requests (SL7)

Synopsis: Low: python-requests security update Advisory ID: SLSA-2019:2035-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-18074 — Security Fix(es): * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) — SL7 x86_64 python-requests-2.6.0-5.el7.noarch.rpm noarch python-requests-2.6.0-5.el7.noarch.rpm – Scientific Linux Development … Read More

python-urllib3 (SL7)

Synopsis: Moderate: python-urllib3 security update Advisory ID: SLSA-2019:2272-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-20060 CVE-2019-11236 — Security Fix(es): * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding … Read More

ntp (SL7)

Synopsis: Low: ntp security, bug fix, and enhancement update Advisory ID: SLSA-2019:2077-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-12327 — Security Fix(es): * ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) — SL7 … Read More

patch (SL7)

Synopsis: Low: patch security and bug fix update Advisory ID: SLSA-2019:2033-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-6952 CVE-2016-10713 — Security Fix(es): * patch: Out-of-bounds access in pch_write_line function in pch.c (CVE-2016-10713) * patch: Double free of memory in pch.c:another_hunk() causes … Read More