java-1.8.0-openjdk (SL6)

Synopsis: Moderate: java-1.8.0-openjdk security update Advisory ID: SLSA-2019:0416-1 Issue Date: 2019-02-26 CVE Numbers: CVE-2019-2422 — Security Fix(es): * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) — SL6 x86_64 java-1.8.0-openjdk-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.201.b09-1.el6_10.x86_64.rpm … Read More

polkit (SL6)

Synopsis: Important: polkit security update Advisory ID: SLSA-2019:0420-1 Issue Date: 2019-02-26 CVE Numbers: CVE-2019-6133 — Security Fix(es): * polkit: Temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133) — SL6 x86_64 polkit-0.96-11.el6_10.1.i686.rpm polkit-0.96-11.el6_10.1.x86_64.rpm polkit-debuginfo-0.96-11.el6_10.1.i686.rpm polkit-debuginfo-0.96-11.el6_10.1.x86_64.rpm polkit-devel-0.96-11.el6_10.1.i686.rpm polkit-devel-0.96-11.el6_10.1.x86_64.rpm polkit-docs-0.96-11.el6_10.1.x86_64.rpm i386 … Read More

flatpak (SL7)

Synopsis: Important: flatpak security update Advisory ID: SLSA-2019:0375-1 Issue Date: 2019-02-21 CVE Numbers: CVE-2019-8308 — Security Fix(es): * flatpak: potential /proc based sandbox escape (CVE-2019-8308) — SL7 x86_64 flatpak-1.0.2-4.el7_6.x86_64.rpm flatpak-builder-1.0.0-4.el7_6.x86_64.rpm flatpak-debuginfo-1.0.2-4.el7_6.x86_64.rpm flatpak-devel-1.0.2-4.el7_6.x86_64.rpm flatpak-libs-1.0.2-4.el7_6.x86_64.rpm firefox-60.5.1-1.el7_6.i686.rpm firefox-60.5.1-1.el7_6.x86_64.rpm firefox-debuginfo-60.5.1-1.el7_6.i686.rpm firefox-debuginfo-60.5.1-1.el7_6.x86_64.rpm – Scientific Linux … Read More

firefox (SL7)

Synopsis: Important: firefox security update Advisory ID: SLSA-2019:0374-1 Issue Date: 2019-02-21 CVE Numbers: None — Security Fix(es): This update upgrades Firefox to version 60.5.1 ESR. Security Fix(es): * chromium-browser, mozilla: Use after free in Skia (CVE-2018-18356) * mozilla: Integer overflow … Read More

firefox (SL6)

Synopsis: Important: firefox security update Advisory ID: SLSA-2019:0373-1 Issue Date: 2019-02-19 CVE Numbers: CVE-2018-18356 CVE-2019-5785 — This update upgrades Firefox to version 60.5.1 ESR. Security Fix(es): * chromium-browser, mozilla: Use after free in Skia (CVE-2018-18356) * mozilla: Integer overflow in … Read More

systemd (SL7)

Synopsis: Important: systemd security update Advisory ID: SLSA-2019:0368-1 Issue Date: 2019-02-21 CVE Numbers: CVE-2019-6454 — Security Fix(es): * systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) — SL7 x86_64 libgudev1-219-62.el7_6.5.i686.rpm libgudev1-219-62.el7_6.5.x86_64.rpm libgudev1-devel-219-62.el7_6.5.i686.rpm libgudev1-devel-219-62.el7_6.5.x86_64.rpm systemd-219-62.el7_6.5.x86_64.rpm systemd-debuginfo-219-62.el7_6.5.i686.rpm systemd-debuginfo-219-62.el7_6.5.x86_64.rpm … Read More

thunderbird (SL7)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:0270-1 Issue Date: 2019-02-04 CVE Numbers: CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2016-5824 — This update upgrades Thunderbird to version 60.5.0. Security Fix(es): * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed … Read More

thunderbird (SL6)

Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:0269-1 Issue Date: 2019-02-04 CVE Numbers: CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2016-5824 — This update upgrades Thunderbird to version 60.5.0. Security Fix(es): * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed … Read More

polkit (SL7)

Synopsis: Important: polkit security update Advisory ID: SLSA-2019:0230-1 Issue Date: 2019-01-31 CVE Numbers: CVE-2019-6133 — Security Fix(es): * polkit: Temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133) — SL7 x86_64 polkit-0.112-18.el7_6.1.i686.rpm polkit-0.112-18.el7_6.1.x86_64.rpm polkit-debuginfo-0.112-18.el7_6.1.i686.rpm polkit-debuginfo-0.112-18.el7_6.1.x86_64.rpm polkit-devel-0.112-18.el7_6.1.i686.rpm polkit-devel-0.112-18.el7_6.1.x86_64.rpm noarch polkit-docs-0.112-18.el7_6.1.noarch.rpm … Read More

ghostscript (SL7)

Synopsis: Important: ghostscript security and bug fix update Advisory ID: SLSA-2019:0229-1 Issue Date: 2019-01-31 CVE Numbers: CVE-2018-16540 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 CVE-2019-6116 — Security Fix(es): * ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) … Read More