Scientific Linux Linux Distribution - Security Advisories - Page 27

SciLinux: SLSA-2019-2099-1 Moderate: samba on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

samba: save registry file outside share as unprivileged user (CVE-2019-3880) SL7 x86_64 samba-winbind-modules-4.9.1-6.el7.x86_64.rpm samba-client-libs-4.9.1-6.el7.x86_64.rpm samba-client-libs-4.9.1-6.el7.i686.rpm samba-python-4.9.1-6.el7.i686.rpm libsmbclient-4.9.1-6.el7.x86_64.rpm libwbclient-4.9.1-6.el7.x86_64.rpm samba-winbind-modules-4.9.1-6.el7.i686.rpm [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2298-1 Moderate: libarchive on SL7.x x86_64

libarchive: Double free in RAR decoder resulting in a denial of service (CVE-2018-1000877) * libarchive: Use after free in RAR decoder resulting in a denial of service (CVE-2018-1000878) * libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service (CVE-2019-1000019) * libarchive: Infinite recursion in archive_read_support_format_iso9660.c resulting [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2143-1 Low: openssh on SL7.x x86_64

openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) SL7 x86_64 openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm openssh-ldap-7.4p1-21.el7.x8 [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2053-1 Moderate: libtiff on SL7.x x86_64

libtiff: buffer overflow in gif2tiff (CVE-2016-3186) * libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution (CVE-2018-12900) * libtiff: Out-of-bounds write in tif_jbig.c (CVE-2018-18557) * libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service (CVE-2018-7456) * libt [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2304-1 Moderate: openssl on SL7.x x86_64

openssl: 0-byte record padding oracle (CVE-2019-1559) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) SL7 x86_64 openssl-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.i686.r [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2029-1 Important: kernel on SL7.x x86_64

Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * kernel: Buffer overflow in hidp_process_report (CVE-2018-9363) * kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517) * kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853) * kernel: [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2075-1 Moderate: binutils on SL7.x x86_64

binutils: integer overflow leads to heap-based buffer overflow in objdump (CVE-2018-1000876) * binutils: Stack Exhaustion in the demangling functions provided by libiberty (CVE-2018-12641) * binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus- dem.c. (CVE-2018-12697) SL7 x86_64 binutils-devel-2.27-41.base.el7.i686.rpm binutils-2.27-41.base.el7.x86_64.rpm bin [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2281-1 Low: ghostscript on SL7.x x86_64

ghostscript: status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files (CVE-2018-11645) SL7 x86_64 ghostscript-9.25-2.el7.i686.rpm libgs-9.25-2.el7.x86_64.rpm ghostscript-9.25-2.el7.x86_64.rpm libgs-9.25-2.el7.i686.rpm ghostscript-cups-9.25-2.el7.x86_64.rpm ghostscript-doc-9.25-2.el7.noarch.rpm ghostscript [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2178-1 Moderate: udisks2 on SL7.x x86_64

udisks: Format string vulnerability in udisks_log in udiskslogging.c (CVE-2018-17336) SL7 x86_64 udisks2-lvm2-2.7.3-9.el7.x86_64.rpm udisks2-2.7.3-9.el7.x86_64.rpm udisks2-lsm-2.7.3-9.el7.x86_64.rpm libudisks2-2.7.3-9.el7.x86_64.rpm libudisks2-2.7.3-9.el7.i686.rpm udisks2-iscsi-2.7.3-9.el7.x86_64.rpm libudisks2-devel-2.7.3-9.el7.i686.rpm libudisks2-devel-2.7. [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2189-1 Moderate: procps-ng on SL7.x x86_64

procps-ng, procps: Local privilege escalation in top (CVE-2018-1122) SL7 x86_64 procps-ng-3.3.10-26.el7.x86_64.rpm procps-ng-3.3.10-26.el7.i686.rpm procps-ng-i18n-3.3.10-26.el7.x86_64.rpm procps-ng-devel-3.3.10-26.el7.x86_64.rpm procps-ng-devel-3.3.10-26.el7.i686.rpm procps-ng-debuginfo-3.3.10-26.el7.i686.rpm procps-ng-debuginfo-3.3.10-26.el7.x86_64.rpm - Scient [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2327-1 Moderate: mariadb on SL7.x x86_64

mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3063) * mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081) * mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282) * mysql: Server: Connection Handling unspecified vulne [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2091-1 Moderate: systemd on SL7.x x86_64

systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) * systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866) * systemd: kills privileged process if unprivileged PIDFile was tampered (CVE-2018-16888) SL7 x86_64 systemd-devel-219-67.el7.i686.rpm systemd-libs-219-67.el7.x86_64.rpm systemd-devel-219-67.el [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2205-1 Moderate: tomcat on SL7.x x86_64

tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304) * tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305) * tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014) * tomcat: Host name verification miss [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2141-1 Low: kde-workspace on SL7.x x86_64

kde-workspace: Missing sanitization of notifications allows to leak client IP address via IMG element (CVE-2018-6790) SL7 x86_64 libkworkspace-4.11.19-13.el7.x86_64.rpm kwin-libs-4.11.19-13.el7.x86_64.rpm kde-settings-pulseaudio-19-23.9.el7.noarch.rpm ksysguardd-4.11.19-13.el7.x86_64.rpm kde-workspace-4.11.19-13.el7.x86_64.rpm khotkeys-4.11.19-13.el7.x86_64.rpm l [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2343-1 Moderate: httpd on SL7.x x86_64

httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * httpd: URL normalization inconsistency (CVE-2019-0220) SL7 x86_64 httpd-tools-2.4.6-90.el7.x86_64.rpm mod_ssl-2.4.6-90.el7.x86_64.rpm httpd-devel-2.4.6-90.el7.x86_64.rpm httpd-manual-2.4.6-90.el7.noarch.rpm httpd-2.4.6-90.el7.x86_64.rpm mod_session-2.4.6-90.el7.x86_64.rpm mod_p [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2169-1 Important: linux-firmware on SL7.x x86_64

kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange (CVE-2018-5383) SL7 x86_64 iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.r [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2229-1 Moderate: spice-gtk on SL7.x x86_64

spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows (CVE-2018-10893) SL7 x86_64 libgovirt-0.3.4-3.el7.i686.rpm spice-gtk3-0.35-4.el7.i686.rpm spice-glib-0.35-4.el7.x86_64.rpm virt-viewer-5.0-15.el7.x86_64.rpm spice-vdagent-0.14.0-18.el7.x86_64.rpm libgovirt-0.3.4-3.el7.x86_64.rpm spice-gtk3-0.35-4.el7.x86_64.rpm spic [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2030-1 Moderate: python on SL7.x x86_64

python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) * python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: Undocumented local_file proto [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2290-1 Low: libsolv on SL7.x x86_64

libsolv: NULL pointer dereference in function testcase_read (CVE-2018-20532) * libsolv: NULL pointer dereference in function testcase_str2dep_complex (CVE-2018-20533) * libsolv: illegal address access in pool_whatprovides in src/pool.h (CVE-2018-20534) SL7 x86_64 libsolv-0.6.34-4.el7.x86_64.rpm libsolv-0.6.34-4.el7.i686.rpm libsolv-devel-0.6.34-4.el7.i686.rpm libsolv-tools [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2197-1 Low: elfutils on SL7.x x86_64

elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file (CVE-2018-16062) * elfutils: Double-free due to double decompression of sections in crafted ELF causes crash (CVE-2018-16402) * elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash (CVE-2018-16403) * elfutils: invalid memory address derefer [More...]

LinuxSecurity.com Team
Aug 26, 2019

Scientific Essential and Critical Security Patch Updates

SciLinux: SLSA-2019-2099-1 Moderate: samba on SL7.x x86_64

SciLinux: SLSA-2019-2298-1 Moderate: libarchive on SL7.x x86_64

SciLinux: SLSA-2019-2143-1 Low: openssh on SL7.x x86_64

SciLinux: SLSA-2019-2053-1 Moderate: libtiff on SL7.x x86_64

SciLinux: SLSA-2019-2304-1 Moderate: openssl on SL7.x x86_64

SciLinux: SLSA-2019-2029-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2019-2075-1 Moderate: binutils on SL7.x x86_64

SciLinux: SLSA-2019-2281-1 Low: ghostscript on SL7.x x86_64

SciLinux: SLSA-2019-2178-1 Moderate: udisks2 on SL7.x x86_64

SciLinux: SLSA-2019-2189-1 Moderate: procps-ng on SL7.x x86_64

SciLinux: SLSA-2019-2327-1 Moderate: mariadb on SL7.x x86_64

SciLinux: SLSA-2019-2091-1 Moderate: systemd on SL7.x x86_64

SciLinux: SLSA-2019-2205-1 Moderate: tomcat on SL7.x x86_64

SciLinux: SLSA-2019-2141-1 Low: kde-workspace on SL7.x x86_64

SciLinux: SLSA-2019-2343-1 Moderate: httpd on SL7.x x86_64

SciLinux: SLSA-2019-2169-1 Important: linux-firmware on SL7.x x86_64

SciLinux: SLSA-2019-2229-1 Moderate: spice-gtk on SL7.x x86_64

SciLinux: SLSA-2019-2030-1 Moderate: python on SL7.x x86_64

SciLinux: SLSA-2019-2290-1 Low: libsolv on SL7.x x86_64

SciLinux: SLSA-2019-2197-1 Low: elfutils on SL7.x x86_64

LinuxSecurity Poll

Which open source security automation tool do you use to protect against vulnerabilities?

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By