libreoffice (SL7)

Synopsis: Moderate: libreoffice security and bug fix update Advisory ID: SLSA-2018:3054-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10119 CVE-2018-10120 CVE-2018-10583 — Security Fix(es): * libreoffice: Use-after-free in sdstor/stgstrms.cxx:StgSmallStrm class allows for denial of service with crafted document (CVE-2018-10119) * libreoffice: Out … Read More

libcdio (SL7)

Synopsis: Low: libcdio security update Advisory ID: SLSA-2018:3246-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2017-18198 CVE-2017-18199 CVE-2017-18201 — Security Fix(es): * libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198) * libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199) … Read More

libkdcraw (SL7)

Synopsis: Moderate: libkdcraw security update Advisory ID: SLSA-2018:3065-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5805 CVE-2018-5806 — * LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805) * LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp … Read More

389-ds-base (SL7)

Synopsis: Moderate: 389-ds-base security, bug fix, and Advisory ID: SLSA-2018:3127-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10935 CVE-2018-14648 — Security Fix(es): * 389-ds-base: Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service (CVE-2018-14648) — SL7 x86_64 389-ds-base-1.3.8.4-15.el7.x86_64.rpm 389-ds-base-debuginfo-1.3.8.4-15.el7.x86_64.rpm 389-ds-base-devel-1.3.8.4-15.el7.x86_64.rpm 389-ds-base-libs-1.3.8.4-15.el7.x86_64.rpm … Read More

samba (SL7)

Synopsis: Moderate: samba security, bug fix, and enhancement update Advisory ID: SLSA-2018:3056-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-1050 CVE-2018-1139 CVE-2018-10858 — Security Fix(es): * samba: Weak authentication protocol regression (CVE-2018-1139) * samba: Insufficient input validation in libsmbclient (CVE-2018-10858) * samba: … Read More

curl and nss-pem (SL7)

Synopsis: Moderate: curl and nss-pem security and bug fix update Advisory ID: SLSA-2018:3157-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-1000007 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2018-1000301 — Security Fix(es): * curl: HTTP authentication leak in redirects (CVE-2018-1000007) * curl: FTP path trickery leads … Read More

setup (SL7)

Synopsis: Low: setup security and bug fix update Advisory ID: SLSA-2018:3249-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-1113 — Security Fix(es): * setup: nologin listed in /etc/shells violates security expectations (CVE-2018-1113) — SL7 noarch setup-2.8.71-10.el7.noarch.rpm – Scientific Linux Development Team

binutils (SL7)

Synopsis: Low: binutils security, bug fix, and enhancement update Advisory ID: SLSA-2018:3032-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-13033 — Security Fix(es): * binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for … Read More

python (SL7)

Synopsis: Moderate: python security and bug fix update Advisory ID: SLSA-2018:3041-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-1060 CVE-2018-1061 — Security Fix(es): * python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * python: DOS via regular expression … Read More

sssd (SL7)

Synopsis: Low: sssd security, bug fix, and enhancement update Advisory ID: SLSA-2018:3158-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10852 — Security Fix(es): * sssd: information leak from the sssd-sudo responder (CVE-2018-10852) — SL7 x86_64 libipa_hbac-1.16.2-13.el7.i686.rpm libipa_hbac-1.16.2-13.el7.x86_64.rpm libsss_autofs-1.16.2-13.el7.x86_64.rpm libsss_certmap-1.16.2-13.el7.i686.rpm libsss_certmap-1.16.2-13.el7.x86_64.rpm libsss_idmap-1.16.2-13.el7.i686.rpm libsss_idmap-1.16.2-13.el7.x86_64.rpm … Read More