Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2019-3287-1 Critical: php on SL6.x i386/x86_64

SciLinux: SLSA-2019-3287-1 Critical: php on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) SL6 x86_64 php-5.3.3-50.el6_10.x86_64.rpm php-bcmath-5.3.3-50.el6_10.x86_64.rpm php-cli-5.3.3-50.el6_10.x86_64.rpm php-common-5.3.3-50.el6_10.x86_64.rpm php-dba-5.3.3-50.el6_10.x86_64.rpm php-debuginfo-5.3.3-50.el6_10.x86_64.rpm php-devel-5.3.3-50.el6_10.x86_64.rpm php-embedded-5.3.3-50.el6_10.x86 [More...]

SciLinux: SLSA-2019-3286-1 Critical: php on SL7.x x86_64

SciLinux: SLSA-2019-3286-1 Critical: php on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) SL7 x86_64 php-5.4.16-46.1.el7_7.x86_64.rpm php-bcmath-5.4.16-46.1.el7_7.x86_64.rpm php-cli-5.4.16-46.1.el7_7.x86_64.rpm php-common-5.4.16-46.1.el7_7.x86_64.rpm php-dba-5.4.16-46.1.el7_7.x86_64.rpm php-debuginfo-5.4.16-46.1.el7_7.x86_64.rpm php-devel-5.4.16-46.1.el7_7.x86_64.rpm php-embedded-5.4.1 [More...]

SciLinux: SLSA-2019-3210-1 Important: thunderbird on SL7.x x86_64

SciLinux: SLSA-2019-3210-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 68.2.0. * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buf [More...]

SciLinux: SLSA-2019-3197-1 Important: sudo on SL7.x x86_64

SciLinux: SLSA-2019-3197-1 Important: sudo on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287) SL7 x86_64 sudo-1.8.23-4.el7_7.1.x86_64.rpm sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm sudo-debuginfo-1.8.23-4.el7_7.1.i686.rpm sudo-devel-1.8.23-4.el7_7.1.i686.rpm sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm - Scientific Linux Development Team

SciLinux: SLSA-2019-3193-1 Critical: firefox on SL7.x x86_64

SciLinux: SLSA-2019-3193-1 Critical: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 68.2.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buf [More...]

SciLinux: SLSA-2019-3157-1 Moderate: java-1.7.0-openjdk on SL7.x x86_64

SciLinux: SLSA-2019-3157-1 Moderate: java-1.7.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) * OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) * OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019- [More...]

SciLinux: SLSA-2019-3136-1 Important: java-1.8.0-openjdk on SL6.x i386/x86_64

SciLinux: SLSA-2019-3136-1 Important: java-1.8.0-openjdk on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) (CVE-2019-2975) * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConne [More...]

SciLinux: SLSA-2019-3055-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2019-3055-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856) * kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ [More...]

SciLinux: SLSA-2019-3127-1 Important: java-11-openjdk on SL7.x x86_64

SciLinux: SLSA-2019-3127-1 Important: java-11-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) (CVE-2019-2975) * OpenJDK: Out of bounds access in optimized String indexof implementation (Hotspot, 8224062) (CVE-2019-2977) * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handl [More...]

SciLinux: SLSA-2019-3128-1 Important: java-1.8.0-openjdk on SL7.x x86_64

SciLinux: SLSA-2019-3128-1 Important: java-1.8.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) (CVE-2019-2975) * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConne [More...]

SciLinux: SLSA-2019-3067-1 Important: jss on SL7.x x86_64

SciLinux: SLSA-2019-3067-1 Important: jss on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

JSS: OCSP policy "Leaf and Chain" implicitly trusts the root certificate (CVE-2019-14823) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. SL7 x86_64 jss-4.4.6-3.el7_7.x86_64.rpm jss-debuginfo-4.4.6-3.el7_7.x86_64.rpm jss-javadoc-4.4.6-3.el [More...]

SciLinux: SLSA-2019-2964-1 Important: patch on SL7.x x86_64

SciLinux: SLSA-2019-2964-1 Important: patch on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

patch: do_ed_script in pch.c does not block strings beginning with a ! character (CVE-2018-20969) * patch: OS shell command injection when processing crafted patch files (CVE-2019-13638) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. SL7 x86_64 [More...]

SciLinux: SLSA-2019-2892-1 Important: qemu-kvm on SL6.x i386/x86_64

SciLinux: SLSA-2019-2892-1 Important: qemu-kvm on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806) * QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778) * QEMU: ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839) * QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962) * QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-1 [More...]

SciLinux: SLSA-2019-2863-1 Important: kernel on SL6.x i386/x86_64

SciLinux: SLSA-2019-2863-1 Important: kernel on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) SL6 x86_64 kernel-2.6.32-754.23 [More...]

SciLinux: SLSA-2019-2836-1 Important: dovecot on SL7.x x86_64

SciLinux: SLSA-2019-2836-1 Important: dovecot on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. SL7 x86_64 dovecot-2.2.36-3.el7_7.1.i686.rpm [More...]

SciLinux: SLSA-2019-2829-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2019-2829-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) SL7 x86 [More...]

SciLinux: SLSA-2019-2807-1 Important: thunderbird on SL6.x i386/x86_64

SciLinux: SLSA-2019-2807-1 Important: thunderbird on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 60.9.0. * Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mo [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved