qemu-kvm (SL7)

Synopsis: Low: qemu-kvm security, bug fix, and enhancement update Advisory ID: SLSA-2020:3906-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2018-15746 CVE-2019-20382 — Security Fix(es): * QEMU: seccomp: blacklist is not applied to all threads (CVE-2018-15746) * QEMU: vnc: memory leakage upon disconnect … Read More

python (SL7)

Synopsis: Moderate: python security update Advisory ID: SLSA-2020:3911-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-16935 — Security Fix(es): * python: XSS vulnerability in the documentation XML-RPC server in server_title field (CVE-2019-16935) — SL7 x86_64 python-devel-2.7.5-89.el7.x86_64.rpm python-libs-2.7.5-89.el7.x86_64.rpm python-libs-2.7.5-89.el7.i686.rpm python-2.7.5-89.el7.x86_64.rpm python-debuginfo-2.7.5-89.el7.i686.rpm python-debuginfo-2.7.5-89.el7.x86_64.rpm python-debug-2.7.5-89.el7.x86_64.rpm … Read More

systemd (SL7)

Synopsis: Low: systemd security and bug fix update Advisory ID: SLSA-2020:4007-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-20386 — Security Fix(es): * systemd: memory leak in button_open() in login/logind-button.c when udev events are received (CVE-2019-20386) — SL7 x86_64 systemd-devel-219-78.el7.x86_64.rpm libgudev1-devel-219-78.el7.x86_64.rpm libgudev1-219-78.el7.x86_64.rpm … Read More

pcp (SL7)

Synopsis: Low: pcp security, bug fix, and enhancement update Advisory ID: SLSA-2020:3869-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-3696 CVE-2019-3695 — Security Fix(es): * pcp: Local privilege escalation in pcp spec file %post section (CVE-2019-3695) * pcp: Local privilege escalation in … Read More

libtiff (SL7)

Synopsis: Moderate: libtiff security update Advisory ID: SLSA-2020:3902-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-17546 CVE-2019-14973 — Security Fix(es): * libtiff: integer overflow in _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c (CVE-2019-14973) * libtiff: integer overflow leading to heap-based buffer overflow in tif_getimage.c … Read More

qemu-kvm (SL7)

Synopsis: Important: qemu-kvm security update Advisory ID: SLSA-2020:4079-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2020-1983 CVE-2020-14364 — Security Fix(es): * QEMU: usb: out-of-bounds r/w access issue while processing usb packets (CVE-2020-14364) * QEMU: slirp: use-after-free in ip_reass() function in ip_input.c (CVE-2020-1983) … Read More

subversion (SL7)

Synopsis: Moderate: subversion security update Advisory ID: SLSA-2020:3972-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2018-11782 — Security Fix(es): * subversion: remotely triggerable DoS vulnerability in svnserve ‘get-deleted-rev’ (CVE-2018-11782) — SL7 x86_64 subversion-1.7.14-16.el7.i686.rpm subversion-libs-1.7.14-16.el7.x86_64.rpm subversion-gnome-1.7.14-16.el7.x86_64.rpm subversion-gnome-1.7.14-16.el7.i686.rpm subversion-1.7.14-16.el7.x86_64.rpm mod_dav_svn-1.7.14-16.el7.x86_64.rpm subversion-libs-1.7.14-16.el7.i686.rpm subversion-debuginfo-1.7.14-16.el7.i686.rpm subversion-debuginfo-1.7.14-16.el7.x86_64.rpm subversion-devel-1.7.14-16.el7.i686.rpm … Read More

expat (SL7)

Synopsis: Moderate: expat security update Advisory ID: SLSA-2020:3952-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2018-20843 — Security Fix(es): * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843) * expat: heap-based buffer … Read More

cups (SL7)

Synopsis: Moderate: cups security and bug fix update Advisory ID: SLSA-2020:3864-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-8675 CVE-2017-18190 CVE-2019-8696 — Security Fix(es): * cups: DNS rebinding attacks via incorrect whitelist (CVE-2017-18190) * cups: stack-buffer-overflow in libcups’s asn1_get_type function (CVE-2019-8675) * … Read More

fontforge (SL7)

Synopsis: Moderate: fontforge security update Advisory ID: SLSA-2020:3966-1 Issue Date: 2020-10-01 CVE Numbers: None — Security Fix(es): * fontforge: out-of-bounds write in SFD_GetFontMetaData function in sfd.c (CVE-2020-5395) — SL7 x86_64 fontforge-20120731b-13.el7.i686.rpm fontforge-20120731b-13.el7.x86_64.rpm fontforge-debuginfo-20120731b-13.el7.i686.rpm fontforge-debuginfo-20120731b-13.el7.x86_64.rpm fontforge-devel-20120731b-13.el7.i686.rpm fontforge-devel-20120731b-13.el7.x86_64.rpm – Scientific Linux Development … Read More