Scientific Linux Linux Distribution - Security Advisories - Page 26

SciLinux: SLSA-2019-2773-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 60.9.0. * Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mo [More...]

LinuxSecurity.com Team
Sep 18, 2019

SciLinux: SLSA-2019-2729-1 Critical: firefox on SL7.x x86_64

Mozilla: Sandbox escape through Firefox Sync (CVE-2019-9812) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use- [More...]

LinuxSecurity.com Team
Sep 12, 2019

SciLinux: SLSA-2019-2736-1 Important: kernel on SL6.x i386/x86_64

kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the R [More...]

LinuxSecurity.com Team
Sep 12, 2019

SciLinux: SLSA-2019-2607-1 Low: qemu-kvm on SL7.x x86_64

Low: qemu-kvm security update

LinuxSecurity.com Team
Sep 03, 2019

SciLinux: SLSA-2019-2606-1 Important: kdelibs and kde-settings on SL7.x x86_64

Important: kdelibs and kde-settings security and bug fix update

LinuxSecurity.com Team
Sep 03, 2019

SciLinux: SLSA-2019-2600-1 Important: kernel on SL7.x x86_64

Important: kernel security and bug fix update

LinuxSecurity.com Team
Sep 03, 2019

SciLinux: SLSA-2019-2586-1 Important: ghostscript on SL7.x x86_64

Multile security issues have been fixed.

LinuxSecurity.com Team
Sep 03, 2019

SciLinux: SLSA-2019-2571-1 Important: pango on SL7.x x86_64

pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow (CVE-2019-1010238) SL7 x86_64 pango-1.42.4-4.el7_7.i686.rpm pango-1.42.4-4.el7_7.x86_64.rpm pango-debuginfo-1.42.4-4.el7_7.i686.rpm pango-debuginfo-1.42.4-4.el7_7.x86_64.rpm pango-devel-1.42.4-4.el7_7.i686.rpm pango-devel-1.42.4-4.el7_7.x86_64.rpm pango-tests-1.42.4-4.el7_7.x86_64.rpm - Scien [More...]

LinuxSecurity.com Team
Aug 28, 2019

SciLinux: SLSA-2019-2462-1 Important: ghostscript on SL7.x x86_64

ghostscript: -dSAFER escape via .buildfont1 (701394) (CVE-2019-10216) SL7 x86_64 ghostscript-9.25-2.el7_7.1.i686.rpm ghostscript-9.25-2.el7_7.1.x86_64.rpm ghostscript-cups-9.25-2.el7_7.1.x86_64.rpm ghostscript-debuginfo-9.25-2.el7_7.1.i686.rpm ghostscript-debuginfo-9.25-2.el7_7.1.x86_64.rpm libgs-9.25-2.el7_7.1.i686.rpm libgs-9.25-2.el7_7.1.x86_64.rpm ghostsc [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2196-1 Low: zziplib on SL7.x x86_64

zziplib: Bus error caused by loading of a misaligned address inzzip/zip.c (CVE-2018-6541) * zziplib: Memory leak triggered in the function __zzip_parse_root_directory in zip.c (CVE-2018-16548) SL7 x86_64 zziplib-0.13.62-11.el7.i686.rpm zziplib-0.13.62-11.el7.x86_64.rpm zziplib-devel-0.13.62-11.el7.x86_64.rpm zziplib-utils-0.13.62-11.el7.x86_64.rpm zziplib-devel-0.13.62- [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2154-1 Moderate: opensc on SL7.x x86_64

opensc: Buffer overflows handling responses from Muscle Cards in card- muscle.c:muscle_list_files() (CVE-2018-16391) * opensc: Buffer overflows handling responses from TCOS Cards in card- tcos.c:tcos_select_file() (CVE-2018-16392) * opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len() (CVE-2018-16393) * opensc: Buffer overflow h [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2145-1 Moderate: gvfs on SL7.x x86_64

gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (CVE-2019-3827) SL7 x86_64 gvfs-1.36.2-3.el7.i686.rpm gvfs-smb-1.36.2-3.el7.x86_64.rpm gvfs-afp-1.36.2-3.el7.x86_64.rpm gvfs-mtp-1.36.2-3.el7.x86_64.rpm gvfs-devel-1.36.2-3.el7.x86_64.rpm gvfs-client-1.36.2-3.el7.x86_64.rpm gvfs [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2037-1 Moderate: fence-agents on SL7.x x86_64

* fence-agents: mis-handling of non-ASCII characters in guest comment fields (CVE-2019-10153)

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2294-1 Moderate: libvirt on SL7.x x86_64

libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function (CVE-2019-3840) SL7 x86_64 libvirt-bash-completion-4.5.0-23.el7.x86_64.rpm libvirt-daemon-driver-storage-mpath-4.5.0-23.el7.x86_64.rpm libvirt-daemon-config-nwfilter-4.5.0-23.el7.x86_64.rpm libvirt-client-4.5.0-23.el7.x86_64.rpm libvirt-daemon-driver-storage-core-4.5.0-23. [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2125-1 Moderate: ovmf on SL7.x x86_64

edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731) * edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732) * edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733) * edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2 [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2258-1 Moderate: http-parser on SL7.x x86_64

nodejs: Denial of Service with large HTTP headers (CVE-2018-12121) * nodejs: HTTP parser allowed for spaces inside Content-Length header values (CVE-2018-7159) SL7 x86_64 http-parser-2.7.1-8.el7.i686.rpm http-parser-2.7.1-8.el7.x86_64.rpm http-parser-devel-2.7.1-8.el7.x86_64.rpm http-parser-devel-2.7.1-8.el7.i686.rpm http-parser-debuginfo-2.7.1-8.el7.i686.rpm http-p [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2079-1 Moderate: Xorg on SL7.x x86_64

libX11: Crash on invalid reply in XListExtensions in ListExt.c (CVE-2018-14598) * libX11: Off-by-one error in XListExtensions in ListExt.c (CVE-2018-14599) * libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600) * libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash (CVE-2018-15857) * libxkbcommon: Endless recursion in xkbcomp/expr.c resulting [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2022-1 Moderate: poppler on SL7.x x86_64

poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310) * poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200) * poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646) * poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897) * poppler: reachable abort in [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2101-1 Low: exiv2 on SL7.x x86_64

exiv2: heap-buffer-overflow in Exiv2::IptcData::printStructure in src/iptc.cpp (CVE-2017-17724) * exiv2: out-of-bounds read in Exiv2::Internal::stringFormat image.cpp (CVE-2018-8976) * exiv2: invalid memory access in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp (CVE-2018-8977) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305) * exiv2: OOB rea [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2060-1 Moderate: dhcp on SL7.x x86_64

dhcp: double-deletion of the released addresses in the dhcpv6 code leading to crash and possible DoS (CVE-2019-6470) SL7 x86_64 dhcp-libs-4.2.5-77.el7.i686.rpm dhcp-4.2.5-77.el7.x86_64.rpm dhcp-common-4.2.5-77.el7.x86_64.rpm dhclient-4.2.5-77.el7.x86_64.rpm dhcp-libs-4.2.5-77.el7.x86_64.rpm dhcp-devel-4.2.5-77.el7.x86_64.rpm dhcp-devel-4.2.5-77.el7.i686.rpm d [More...]

LinuxSecurity.com Team
Aug 26, 2019

Scientific Essential and Critical Security Patch Updates

SciLinux: SLSA-2019-2773-1 Important: thunderbird on SL7.x x86_64

SciLinux: SLSA-2019-2729-1 Critical: firefox on SL7.x x86_64

SciLinux: SLSA-2019-2736-1 Important: kernel on SL6.x i386/x86_64

SciLinux: SLSA-2019-2607-1 Low: qemu-kvm on SL7.x x86_64

SciLinux: SLSA-2019-2606-1 Important: kdelibs and kde-settings on SL7.x x86_64

SciLinux: SLSA-2019-2600-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2019-2586-1 Important: ghostscript on SL7.x x86_64

SciLinux: SLSA-2019-2571-1 Important: pango on SL7.x x86_64

SciLinux: SLSA-2019-2462-1 Important: ghostscript on SL7.x x86_64

SciLinux: SLSA-2019-2196-1 Low: zziplib on SL7.x x86_64

SciLinux: SLSA-2019-2154-1 Moderate: opensc on SL7.x x86_64

SciLinux: SLSA-2019-2145-1 Moderate: gvfs on SL7.x x86_64

SciLinux: SLSA-2019-2037-1 Moderate: fence-agents on SL7.x x86_64

SciLinux: SLSA-2019-2294-1 Moderate: libvirt on SL7.x x86_64

SciLinux: SLSA-2019-2125-1 Moderate: ovmf on SL7.x x86_64

SciLinux: SLSA-2019-2258-1 Moderate: http-parser on SL7.x x86_64

SciLinux: SLSA-2019-2079-1 Moderate: Xorg on SL7.x x86_64

SciLinux: SLSA-2019-2022-1 Moderate: poppler on SL7.x x86_64

SciLinux: SLSA-2019-2101-1 Low: exiv2 on SL7.x x86_64

SciLinux: SLSA-2019-2060-1 Moderate: dhcp on SL7.x x86_64

LinuxSecurity Poll

Which open source security automation tool do you use to protect against vulnerabilities?

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By