NetworkManager (SL7)

Synopsis: Moderate: NetworkManager security and bug fix update Advisory ID: SLSA-2020:4003-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2020-10754 — Security Fix(es): * NetworkManager: user configuration not honoured leaving the connection unauthenticated via insecure defaults (CVE-2020-10754) — SL7 x86_64 NetworkManager-adsl-1.18.8-1.el7.x86_64.rpm NetworkManager-wwan-1.18.8-1.el7.x86_64.rpm NetworkManager-bluetooth-1.18.8-1.el7.x86_64.rpm … Read More

kernel (SL7)

Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: SLSA-2020:4060-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2017-18551 CVE-2019-19530 CVE-2019-15217 CVE-2020-2732 CVE-2020-8649 CVE-2020-10942 CVE-2019-20054 CVE-2019-20636 CVE-2020-10732 CVE-2019-19059 CVE-2019-19537 CVE-2019-19062 CVE-2019-20095 CVE-2019-19767 CVE-2019-19046 CVE-2019-19524 CVE-2020-10742 CVE-2019-15807 CVE-2019-19055 CVE-2020-14305 CVE-2019-15917 CVE-2020-12770 CVE-2020-10690 … Read More

tomcat (SL7)

Synopsis: Important: tomcat security and bug fix update Advisory ID: SLSA-2020:4004-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-17563 CVE-2020-13935 — Security Fix(es): * tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS (CVE-2020-13935) * tomcat: … Read More

mariadb (SL7)

Synopsis: Moderate: mariadb security and bug fix update Advisory ID: SLSA-2020:4026-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-2974 CVE-2020-2812 CVE-2020-2780 CVE-2020-2752 CVE-2020-2574 — Security Fix(es): * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974) * mysql: C API unspecified vulnerability … Read More

evince and poppler (SL7)

Synopsis: Low: evince and poppler security and bug fix update Advisory ID: SLSA-2020:3977-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-14494 — Security Fix(es): * poppler: divide-by-zero in function SplashOutputDev::tilingPatternFill in SplashOutputDev.cc (CVE-2019-14494) — SL7 x86_64 poppler-utils-0.26.5-43.el7.x86_64.rpm evince-dvi-3.28.2-10.el7.x86_64.rpm poppler-0.26.5-43.el7.x86_64.rpm evince-libs-3.28.2-10.el7.i686.rpm evince-nautilus-3.28.2-10.el7.x86_64.rpm poppler-qt-0.26.5-43.el7.x86_64.rpm … Read More

OpenEXR (SL7)

Synopsis: Moderate: OpenEXR security update Advisory ID: SLSA-2020:4039-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2020-11763 CVE-2020-11764 CVE-2020-11761 — Security Fix(es): * OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761) * OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763) * OpenEXR: out-of-bounds … Read More

qt5-qtbase (SL7)

Synopsis: Moderate: qt5-qtbase security update Advisory ID: SLSA-2020:4025-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2020-0570 CVE-2020-0569 — Security Fix(es): * qt: files placed by attacker can influence the working directory and lead to malicious code execution (CVE-2020-0569) * qt: files placed … Read More

dnsmasq (SL7)

Synopsis: Low: dnsmasq security and bug fix update Advisory ID: SLSA-2020:3878-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-14834 — Security Fix(es): * dnsmasq: memory leak in the create_helper() function in /src/helper.c (CVE-2019-14834) — SL7 x86_64 dnsmasq-2.76-16.el7.x86_64.rpm dnsmasq-debuginfo-2.76-16.el7.x86_64.rpm dnsmasq-utils-2.76-16.el7.x86_64.rpm – Scientific Linux … Read More

libpng (SL7)

Synopsis: Low: libpng security update Advisory ID: SLSA-2020:3901-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2017-12652 — Security Fix(es): * libpng: does not check length of chunks against user limit (CVE-2017-12652) — SL7 x86_64 libpng-1.5.13-8.el7.i686.rpm libpng-1.5.13-8.el7.x86_64.rpm libpng-devel-1.5.13-8.el7.x86_64.rpm libpng-devel-1.5.13-8.el7.i686.rpm libpng-debuginfo-1.5.13-8.el7.i686.rpm libpng-debuginfo-1.5.13-8.el7.x86_64.rpm libpng-static-1.5.13-8.el7.i686.rpm libpng-static-1.5.13-8.el7.x86_64.rpm … Read More

cloud-init (SL7)

Synopsis: Moderate: cloud-init security, bug fix, and enhancement update Advisory ID: SLSA-2020:3898-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2018-10896 CVE-2020-8632 CVE-2020-8631 — Security Fix(es): * cloud-init: Use of random.choice when generating random password (CVE-2020-8631) * cloud-init: Too short random password length … Read More