firefox (SL6, SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2018:0549-1 Issue Date: 2018-03-19 CVE Numbers: CVE-2018-5146 — This update upgrades Firefox to version 52.7.2 ESR. Security Fix(es): * Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146) — SL6 x86_64 … Read More

firefox (SL6)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2018:0526-1 Issue Date: 2018-03-15 CVE Numbers: CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 — This update upgrades Firefox to version 52.7.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 59 … Read More

firefox (SL7)

Synopsis: Critical: firefox security update Advisory ID: SLSA-2018:0527-1 Issue Date: 2018-03-15 CVE Numbers: CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 — This update upgrades Firefox to version 52.7.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 59 … Read More

389-ds-base (SL6)

Synopsis: Important: 389-ds-base security update Advisory ID: SLSA-2018:0515-1 Issue Date: 2018-03-13 CVE Numbers: CVE-2017-15135 CVE-2018-1054 — Security Fix(es): * 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c (CVE-2018-1054) * 389-ds-base: Authentication bypass due to lack … Read More

libreoffice (SL6)

Synopsis: Moderate: libreoffice security update Advisory ID: SLSA-2018:0517-1 Issue Date: 2018-03-13 CVE Numbers: CVE-2018-6871 — Security Fix(es): * libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula (CVE-2018-6871) — SL6 x86_64 libreoffice-base-4.3.7.2-2.el6_9.2.x86_64.rpm libreoffice-calc-4.3.7.2-2.el6_9.2.x86_64.rpm libreoffice-core-4.3.7.2-2.el6_9.2.x86_64.rpm libreoffice-debuginfo-4.3.7.2-2.el6_9.2.x86_64.rpm libreoffice-draw-4.3.7.2-2.el6_9.2.x86_64.rpm libreoffice-emailmerge-4.3.7.2-2.el6_9.2.x86_64.rpm libreoffice-graphicfilter-4.3.7.2-2.el6_9.2.x86_64.rpm libreoffice-headless-4.3.7.2-2.el6_9.2.x86_64.rpm libreoffice-impress-4.3.7.2-2.el6_9.2.x86_64.rpm … Read More

kernel (SL6)

Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2018:0512-1 Issue Date: 2018-03-13 CVE Numbers: CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 — Security Fix(es): * hw: cpu: speculative execution branch target injection (s390-only) (CVE-2017-5715, Important) * hw: cpu: speculative execution bounds-check bypass … Read More

qemu-kvm (SL6)

Synopsis: Moderate: qemu-kvm security update Advisory ID: SLSA-2018:0516-1 Issue Date: 2018-03-13 CVE Numbers: CVE-2017-15289 — Security Fix(es): * Qemu: cirrus: OOB access issue in mode4and5 write functions (CVE-2017-15289) — SL6 x86_64 qemu-guest-agent-0.12.1.2-2.503.el6_9.5.x86_64.rpm qemu-img-0.12.1.2-2.503.el6_9.5.x86_64.rpm qemu-kvm-0.12.1.2-2.503.el6_9.5.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.5.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.503.el6_9.5.x86_64.rpm i386 qemu-guest-agent-0.12.1.2-2.503.el6_9.5.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.5.i686.rpm – … Read More

mailman (SL6)

Synopsis: Moderate: mailman security update Advisory ID: SLSA-2018:0504-1 Issue Date: 2018-03-13 CVE Numbers: CVE-2018-5950 — Security Fix(es): * mailman: Cross-site scripting (XSS) vulnerability in web UI (CVE-2018-5950) — SL6 x86_64 mailman-2.1.12-26.el6_9.3.x86_64.rpm mailman-debuginfo-2.1.12-26.el6_9.3.x86_64.rpm i386 mailman-2.1.12-26.el6_9.3.i686.rpm mailman-debuginfo-2.1.12-26.el6_9.3.i686.rpm – Scientific Linux Development Team

mailman (SL7)

Synopsis: Moderate: mailman security update Advisory ID: SLSA-2018:0505-1 Issue Date: 2018-03-13 CVE Numbers: CVE-2018-5950 — Security Fix(es): * mailman: Cross-site scripting (XSS) vulnerability in web UI (CVE-2018-5950) — SL7 x86_64 mailman-2.1.15-26.el7_4.1.x86_64.rpm mailman-debuginfo-2.1.15-26.el7_4.1.x86_64.rpm – Scientific Linux Development Team

dhcp (SL7)

Synopsis: Important: dhcp security update Advisory ID: SLSA-2018:0483-1 Issue Date: 2018-03-12 CVE Numbers: CVE-2018-5732 CVE-2018-5733 — Security Fix(es): * dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server (CVE-2018-5732) * dhcp: Reference count overflow in dhcpd … Read More