bash (SL7)

Synopsis: Moderate: bash security update Advisory ID: SLSA-2020:1113-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-9924 — * bash: BASH_CMD is writable in restricted bash shells — SL7 x86_64 bash-4.2.46-34.el7.x86_64.rpm bash-debuginfo-4.2.46-34.el7.x86_64.rpm bash-doc-4.2.46-34.el7.x86_64.rpm – Scientific Linux Development Team

python-twisted-web (SL7)

Synopsis: Moderate: python-twisted-web security update Advisory ID: SLSA-2020:1091-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-12387 — * python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods — SL7 x86_64 python-twisted-web-12.1.0-6.el7.x86_64.rpm – Scientific Linux Development Team

qemu-kvm (SL7)

Synopsis: Important: qemu-kvm security, bug fix, and enhancement update Advisory ID: SLSA-2020:1116-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2020-7039 — * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() — SL7 x86_64 qemu-kvm-1.5.3-173.el7.x86_64.rpm qemu-kvm-tools-1.5.3-173.el7.x86_64.rpm qemu-kvm-common-1.5.3-173.el7.x86_64.rpm qemu-img-1.5.3-173.el7.x86_64.rpm qemu-kvm-debuginfo-1.5.3-173.el7.x86_64.rpm – … Read More

libreoffice (SL7)

Synopsis: Moderate: libreoffice security and bug fix update Advisory ID: SLSA-2020:1151-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-9848 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 CVE-2019-9853 CVE-2019-9854 CVE-2019-9849 — * libreoffice: LibreLogo script can be manipulated into executing arbitrary python commands * libreoffice: Insufficient URL … Read More

docker (SL7)

Synopsis: Moderate: docker security and bug fix update Advisory ID: SLSA-2020:1234-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-16884 CVE-2020-8945 CVE-2020-1702 — * runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc * proglottis/gpgme: Use-after-free in GPGME bindings during … Read More

dovecot (SL7)

Synopsis: Moderate: dovecot security and bug fix update Advisory ID: SLSA-2020:1062-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-7524 CVE-2019-3814 — * dovecot: Improper certificate validation * dovecot: Buffer overflow in indexer-worker process results in privilege escalation — SL7 x86_64 dovecot-pgsql-2.2.36-6.el7.x86_64.rpm dovecot-pigeonhole-2.2.36-6.el7.x86_64.rpm … Read More

squid (SL7)

Synopsis: Moderate: squid security and bug fix update Advisory ID: SLSA-2020:1068-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-13345 CVE-2018-1000024 CVE-2018-1000027 — * squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service * squid: Incorrect pointer handling … Read More

zziplib (SL7)

Synopsis: Moderate: zziplib security update Advisory ID: SLSA-2020:1178-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2018-17828 — * zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c — SL7 x86_64 zziplib-0.13.62-12.el7.i686.rpm zziplib-0.13.62-12.el7.x86_64.rpm zziplib-debuginfo-0.13.62-12.el7.i686.rpm zziplib-debuginfo-0.13.62-12.el7.x86_64.rpm zziplib-devel-0.13.62-12.el7.i686.rpm zziplib-devel-0.13.62-12.el7.x86_64.rpm zziplib-utils-0.13.62-12.el7.x86_64.rpm – Scientific Linux Development Team

libsndfile (SL7)

Synopsis: Moderate: libsndfile security update Advisory ID: SLSA-2020:1185-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2018-13139 — * libsndfile: stack-based buffer overflow in sndfile-deinterleave utility — SL7 x86_64 libsndfile-1.0.25-11.el7.i686.rpm libsndfile-1.0.25-11.el7.x86_64.rpm libsndfile-debuginfo-1.0.25-11.el7.i686.rpm libsndfile-debuginfo-1.0.25-11.el7.x86_64.rpm libsndfile-devel-1.0.25-11.el7.i686.rpm libsndfile-devel-1.0.25-11.el7.x86_64.rpm libsndfile-utils-1.0.25-11.el7.x86_64.rpm – Scientific Linux Development Team

poppler and evince (SL7)

Synopsis: Moderate: poppler and evince security update Advisory ID: SLSA-2020:1074-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2018-21009 CVE-2019-10871 CVE-2019-9959 CVE-2019-11459 CVE-2019-12293 — * poppler: integer overflow in Parser::makeStream in Parser.cc * poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc * … Read More