linux-firmware (SL7)

Synopsis: Important: linux-firmware security, bug fix, and enhancement Advisory ID: SLSA-2019:2169-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-5383 — Security Fix(es): * kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange (CVE-2018-5383) — SL7 x86_64 iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm … Read More

httpd (SL7)

Synopsis: Moderate: httpd security and bug fix update Advisory ID: SLSA-2019:2343-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2019-0220 CVE-2019-0217 — Security Fix(es): * httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * httpd: URL normalization inconsistency (CVE-2019-0220) — SL7 … Read More

kde-workspace (SL7)

Synopsis: Low: kde-workspace security and bug fix update Advisory ID: SLSA-2019:2141-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-6790 — Security Fix(es): * kde-workspace: Missing sanitization of notifications allows to leak client IP address via IMG element (CVE-2018-6790) — SL7 x86_64 libkworkspace-4.11.19-13.el7.x86_64.rpm … Read More

tomcat (SL7)

Synopsis: Moderate: tomcat security, bug fix, and enhancement update Advisory ID: SLSA-2019:2205-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-1305 CVE-2018-1304 CVE-2018-8034 CVE-2018-8014 — Security Fix(es): * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure … Read More

systemd (SL7)

Synopsis: Moderate: systemd security, bug fix, and enhancement update Advisory ID: SLSA-2019:2091-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-16866 CVE-2018-16888 CVE-2018-15686 — Security Fix(es): * systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) * systemd: out-of-bounds read … Read More

mariadb (SL7)

Synopsis: Moderate: mariadb security and bug fix update Advisory ID: SLSA-2019:2327-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-3081 CVE-2019-2529 CVE-2019-2627 CVE-2018-3058 CVE-2019-2614 CVE-2019-2503 CVE-2018-3063 CVE-2018-3066 CVE-2018-3282 — Security Fix(es): * mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058) * mysql: Server: … Read More

procps-ng (SL7)

Synopsis: Moderate: procps-ng security and bug fix update Advisory ID: SLSA-2019:2189-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-1122 — Security Fix(es): * procps-ng, procps: Local privilege escalation in top (CVE-2018-1122) — SL7 x86_64 procps-ng-3.3.10-26.el7.x86_64.rpm procps-ng-3.3.10-26.el7.i686.rpm procps-ng-i18n-3.3.10-26.el7.x86_64.rpm procps-ng-devel-3.3.10-26.el7.x86_64.rpm procps-ng-devel-3.3.10-26.el7.i686.rpm procps-ng-debuginfo-3.3.10-26.el7.i686.rpm procps-ng-debuginfo-3.3.10-26.el7.x86_64.rpm – … Read More

udisks2 (SL7)

Synopsis: Moderate: udisks2 security, bug fix, and enhancement update Advisory ID: SLSA-2019:2178-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-17336 — Security Fix(es): * udisks: Format string vulnerability in udisks_log in udiskslogging.c (CVE-2018-17336) — SL7 x86_64 udisks2-lvm2-2.7.3-9.el7.x86_64.rpm udisks2-2.7.3-9.el7.x86_64.rpm udisks2-lsm-2.7.3-9.el7.x86_64.rpm libudisks2-2.7.3-9.el7.x86_64.rpm libudisks2-2.7.3-9.el7.i686.rpm udisks2-iscsi-2.7.3-9.el7.x86_64.rpm … Read More

ghostscript (SL7)

Synopsis: Low: ghostscript security, bug fix, and enhancement update Advisory ID: SLSA-2019:2281-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-11645 — The following packages have been upgraded to a later upstream version: ghostscript (9.25). Security Fix(es): * ghostscript: status command permitted with … Read More

binutils (SL7)

Synopsis: Moderate: binutils security and bug fix update Advisory ID: SLSA-2019:2075-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-12641 CVE-2018-12697 CVE-2018-1000876 — Security Fix(es): * binutils: integer overflow leads to heap-based buffer overflow in objdump (CVE-2018-1000876) * binutils: Stack Exhaustion in the … Read More