qemu-kvm (SL7)

Synopsis: Important: qemu-kvm security, bug fix, and enhancement update Advisory ID: SLSA-2020:1116-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2020-7039 — * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() — SL7 x86_64 qemu-kvm-1.5.3-173.el7.x86_64.rpm qemu-kvm-tools-1.5.3-173.el7.x86_64.rpm qemu-kvm-common-1.5.3-173.el7.x86_64.rpm qemu-img-1.5.3-173.el7.x86_64.rpm qemu-kvm-debuginfo-1.5.3-173.el7.x86_64.rpm – … Read More

libreoffice (SL7)

Synopsis: Moderate: libreoffice security and bug fix update Advisory ID: SLSA-2020:1151-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-9848 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 CVE-2019-9853 CVE-2019-9854 CVE-2019-9849 — * libreoffice: LibreLogo script can be manipulated into executing arbitrary python commands * libreoffice: Insufficient URL … Read More

docker (SL7)

Synopsis: Moderate: docker security and bug fix update Advisory ID: SLSA-2020:1234-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-16884 CVE-2020-8945 CVE-2020-1702 — * runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc * proglottis/gpgme: Use-after-free in GPGME bindings during … Read More

dovecot (SL7)

Synopsis: Moderate: dovecot security and bug fix update Advisory ID: SLSA-2020:1062-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-7524 CVE-2019-3814 — * dovecot: Improper certificate validation * dovecot: Buffer overflow in indexer-worker process results in privilege escalation — SL7 x86_64 dovecot-pgsql-2.2.36-6.el7.x86_64.rpm dovecot-pigeonhole-2.2.36-6.el7.x86_64.rpm … Read More

squid (SL7)

Synopsis: Moderate: squid security and bug fix update Advisory ID: SLSA-2020:1068-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-13345 CVE-2018-1000024 CVE-2018-1000027 — * squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service * squid: Incorrect pointer handling … Read More

zziplib (SL7)

Synopsis: Moderate: zziplib security update Advisory ID: SLSA-2020:1178-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2018-17828 — * zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c — SL7 x86_64 zziplib-0.13.62-12.el7.i686.rpm zziplib-0.13.62-12.el7.x86_64.rpm zziplib-debuginfo-0.13.62-12.el7.i686.rpm zziplib-debuginfo-0.13.62-12.el7.x86_64.rpm zziplib-devel-0.13.62-12.el7.i686.rpm zziplib-devel-0.13.62-12.el7.x86_64.rpm zziplib-utils-0.13.62-12.el7.x86_64.rpm – Scientific Linux Development Team

libsndfile (SL7)

Synopsis: Moderate: libsndfile security update Advisory ID: SLSA-2020:1185-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2018-13139 — * libsndfile: stack-based buffer overflow in sndfile-deinterleave utility — SL7 x86_64 libsndfile-1.0.25-11.el7.i686.rpm libsndfile-1.0.25-11.el7.x86_64.rpm libsndfile-debuginfo-1.0.25-11.el7.i686.rpm libsndfile-debuginfo-1.0.25-11.el7.x86_64.rpm libsndfile-devel-1.0.25-11.el7.i686.rpm libsndfile-devel-1.0.25-11.el7.x86_64.rpm libsndfile-utils-1.0.25-11.el7.x86_64.rpm – Scientific Linux Development Team

poppler and evince (SL7)

Synopsis: Moderate: poppler and evince security update Advisory ID: SLSA-2020:1074-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2018-21009 CVE-2019-10871 CVE-2019-9959 CVE-2019-11459 CVE-2019-12293 — * poppler: integer overflow in Parser::makeStream in Parser.cc * poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc * … Read More

rsyslog (SL7)

Synopsis: Moderate: rsyslog security, bug fix, and enhancement update Advisory ID: SLSA-2020:1000-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-17042 CVE-2019-17041 — * rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c * rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c — SL7 x86_64 rsyslog-mysql-8.24.0-52.el7.x86_64.rpm rsyslog-relp-8.24.0-52.el7.x86_64.rpm rsyslog-gnutls-8.24.0-52.el7.x86_64.rpm rsyslog-pgsql-8.24.0-52.el7.x86_64.rpm rsyslog-mmjsonparse-8.24.0-52.el7.x86_64.rpm … Read More

php (SL7)

Synopsis: Moderate: php security update Advisory ID: SLSA-2020:1112-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2018-10547 CVE-2019-9024 CVE-2018-7584 CVE-2018-5712 — * php: Reflected XSS on PHAR 404 page * php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response * … Read More