firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2018:1099-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-5148 — This update upgrades Firefox to version 52.7.3 ESR. Security Fix(es): * firefox: Use-after-free in compositor potentially allows code execution (CVE-2018-5148) — SL7 x86_64 firefox-52.7.3-1.el7_5.x86_64.rpm firefox-debuginfo-52.7.3-1.el7_5.x86_64.rpm … Read More

librelp (SL6)

Synopsis: Critical: librelp security update Advisory ID: SLSA-2018:1225-1 Issue Date: 2018-04-24 CVE Numbers: CVE-2018-1000140 — Security Fix(es): * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c (CVE-2018-1000140) — SL6 x86_64 librelp-1.2.7-3.el6_9.1.x86_64.rpm librelp-debuginfo-1.2.7-3.el6_9.1.x86_64.rpm librelp-1.2.7-3.el6_9.1.i686.rpm librelp-debuginfo-1.2.7-3.el6_9.1.i686.rpm librelp-devel-1.2.7-3.el6_9.1.i686.rpm librelp-devel-1.2.7-3.el6_9.1.x86_64.rpm i386 librelp-1.2.7-3.el6_9.1.i686.rpm librelp-debuginfo-1.2.7-3.el6_9.1.i686.rpm … Read More

patch (SL6)

Synopsis: Important: patch security update Advisory ID: SLSA-2018:1199-1 Issue Date: 2018-04-23 CVE Numbers: CVE-2018-1000156 — Patch should be installed because it is a common way of upgrading applications. Security Fix(es): * patch: Malicious patch files cause ed to execute arbitrary … Read More

java-1.8.0-openjdk (SL6)

Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: SLSA-2018:1188-1 Issue Date: 2018-04-19 CVE Numbers: CVE-2018-2814 CVE-2018-2794 CVE-2018-2795 CVE-2018-2815 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2800 CVE-2018-2790 — Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) … Read More

python-paramiko (SL6)

Synopsis: Critical: python-paramiko security update Advisory ID: SLSA-2018:1124-1 Issue Date: 2018-04-12 CVE Numbers: CVE-2018-7750 — Security Fix(es): * python-paramiko: Authentication bypass in transport.py (CVE-2018-7750) — SL6 noarch python-paramiko-1.7.5-4.el6_9.noarch.rpm – Scientific Linux Development Team

firefox (SL6)

Synopsis: Important: firefox security update Advisory ID: SLSA-2018:1098-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-5148 — This update upgrades Firefox to version 52.7.3 ESR. Security Fix(es): * firefox: Use-after-free in compositor potentially allows code execution (CVE-2018-5148) — SL6 x86_64 firefox-52.7.3-1.el6_9.x86_64.rpm firefox-debuginfo-52.7.3-1.el6_9.x86_64.rpm … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2018:0648-1 Issue Date: 2018-04-05 CVE Numbers: CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 — This update upgrades Thunderbird to version 52.7.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox … Read More

thunderbird (SL6)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2018:0647-1 Issue Date: 2018-04-05 CVE Numbers: CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 — This update upgrades Thunderbird to version 52.7.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox … Read More

libvorbis (SL6)

Synopsis: Important: libvorbis security update Advisory ID: SLSA-2018:0649-1 Issue Date: 2018-04-05 CVE Numbers: CVE-2018-5146 — Security Fix(es): * Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146) — SL6 x86_64 libvorbis-1.2.3-5.el6_9.1.i686.rpm libvorbis-1.2.3-5.el6_9.1.x86_64.rpm libvorbis-debuginfo-1.2.3-5.el6_9.1.i686.rpm libvorbis-debuginfo-1.2.3-5.el6_9.1.x86_64.rpm libvorbis-devel-1.2.3-5.el6_9.1.i686.rpm libvorbis-devel-1.2.3-5.el6_9.1.x86_64.rpm i386 libvorbis-1.2.3-5.el6_9.1.i686.rpm … Read More

slf4j (SL7)

Synopsis: Important: slf4j security update Advisory ID: SLSA-2018:0592-1 Issue Date: 2018-03-26 CVE Numbers: CVE-2018-8088 — Security Fix(es): * slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) — SL7 noarch slf4j-1.7.4-4.el7_4.noarch.rpm slf4j-javadoc-1.7.4-4.el7_4.noarch.rpm slf4j-manual-1.7.4-4.el7_4.noarch.rpm – Scientific Linux … Read More