Scientific Linux Linux Distribution - Security Advisories - Page 28

SciLinux: SLSA-2019-2110-1 Moderate: rsyslog on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881) SL7 x86_64 rsyslog-relp-8.24.0-38.el7.x86_64.rpm rsyslog-mysql-8.24.0-38.el7.x86_64.rpm rsyslog-gnutls-8.24.0-38.el7.x86_64.rpm rsyslog-gssapi-8.24.0-38.el7.x86_64.rpm rsyslog-8.24.0-38.el7.x86_64.rpm rsyslog-pgsql-8.24.0-38.el7.x86_64.rpm rsyslog-kafka-8.24.0-38.el7.x86_ [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2118-1 Moderate: glibc on SL7.x x86_64

glibc: getaddrinfo should reject IP addresses with trailing characters (CVE-2016-10739) SL7 x86_64 glibc-2.17-292.el7.x86_64.rpm glibc-devel-2.17-292.el7.i686.rpm glibc-2.17-292.el7.i686.rpm glibc-common-2.17-292.el7.x86_64.rpm glibc-headers-2.17-292.el7.x86_64.rpm nscd-2.17-292.el7.x86_64.rpm glibc-utils-2.17-292.el7.x86_64.rpm glibc-devel-2.17-292.el7.x86_6 [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2057-1 Moderate: bind on SL7.x x86_64

bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies (CVE-2018-5741) SL7 x86_64 bind-libs-lite-9.11.4-9.P2.el7.i686.rpm bind-9.11.4-9.P2.el7.x86_64.rpm bind-export-libs-9.11.4-9.P2.el7.i686.rpm bind-pkcs11-utils-9.11.4-9.P2.el7.x86_64.rpm bind-chroot-9.11.4-9.P2.el7.x86_64.rpm bind-license-9.11.4-9.P2.el7.noarch.rpm bind-pkcs11-9.11.4- [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2157-1 Low: freerdp and vinagre on SL7.x x86_64

freerdp: out of bounds read in drdynvc_process_capability_request (CVE-2018-1000852) SL7 x86_64 vinagre-3.22.0-12.el7.i686.rpm freerdp-libs-2.0.0-1.rc4.el7.x86_64.rpm libwinpr-2.0.0-1.rc4.el7.x86_64.rpm vinagre-3.22.0-12.el7.x86_64.rpm freerdp-2.0.0-1.rc4.el7.x86_64.rpm libwinpr-2.0.0-1.rc4.el7.i686.rpm freerdp-libs-2.0.0-1.rc4.el7.i686.rpm libwinpr-devel-2.0 [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2052-1 Moderate: libjpeg-turbo on SL7.x x86_64

libjpeg: null pointer dereference in cjpeg (CVE-2016-3616) * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213) * libjpeg: Segmentat [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2135-1 Moderate: qt5 on SL7.x x86_64

qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518) * qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869) * qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870) * qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871) * qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873) SL7 [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2237-1 Moderate: nss, nss-softokn, nss-util, and nspr on SL7.x x86_64

ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * nss: Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404) SL7 x86_64 nss-softokn-3.44.0-5.el7.x86_64.rpm nss-devel-3.44.0-4.el7.i686.rpm nss-softokn-freebl-3.44.0-5.el7.i686.rpm nspr-devel-4.21.0-1.el7.i686.rpm nss-devel-3.44.0-4.el7.x86_64.rpm nss-tools-3.44.0-4.el [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2048-1 Low: exempi on SL7.x x86_64

exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp (CVE-2017-18233) * exempi: Use after free via a PDF file containing JPEG data (CVE-2017-18234) * exempi: Infinite loop in ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp (CVE-2017-18236) * exempi: Infinite loop in TradQT_Manager::ParseCachedBoxes function in XMPFiles/source [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2028-1 Moderate: ruby on SL7.x x86_64

ruby: HTTP response splitting in WEBrick (CVE-2017-17742) * ruby: DoS by large request in WEBrick (CVE-2018-8777) * ruby: Buffer under-read in String#unpack (CVE-2018-8778) * ruby: Unintentional directory traversal by poisoned NULL byte in Dir (CVE-2018-8780) * ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives (CVE-2018-16396) * rubygems: Path tra [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2136-1 Moderate: libssh2 on SL7.x x86_64

libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read (CVE-2019-3858) * libssh2: Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861) SL7 x86_64 libssh2-1.8.0-3.el7.x86_64.rpm libssh2-1.8.0-3.el7.i686.rpm libssh2-devel-1.8.0-3.el7.i686.rpm libssh2-docs-1.8.0-3.el7.noarch.rpm libssh2-devel-1.8.0-3.el7.x86_64 [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2177-1 Moderate: sssd on SL7.x x86_64

sssd: fallback_homedir returns '/' for empty home directories in passwd file (CVE-2019-3811) * sssd: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838) SL7 x86_64 sssd-polkit-rules-1.16.4-21.el7.x86_64.rpm sssd-proxy-1.16.4-21.el7.x86_64.rpm libsss_simpleifp-1.16.4-21.el7.i686.rpm libsss_certmap-1.16.4-21.el7.x86_64.rpm sssd-1.16.4-21.el [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2047-1 Moderate: libcgroup on SL7.x x86_64

libcgroup: cgrulesengd creates log files with insecure permissions (CVE-2018-14348) SL7 x86_64 libcgroup-0.41-21.el7.i686.rpm libcgroup-tools-0.41-21.el7.x86_64.rpm libcgroup-0.41-21.el7.x86_64.rpm libcgroup-devel-0.41-21.el7.i686.rpm libcgroup-pam-0.41-21.el7.x86_64.rpm libcgroup-devel-0.41-21.el7.x86_64.rpm libcgroup-pam-0.41-21.el7.i686.rpm libcgroup-debug [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2130-1 Low: libreoffice on SL7.x x86_64

libreoffice: Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning (CVE-2018-16858) SL7 x86_64 libreofficekit-5.3.6.1-21.el7.x86_64.rpm libreoffice-base-5.3.6.1-21.el7.x86_64.rpm libreoffice-pdfimport-5.3.6.1-21.el7.x86_64.rpm libreoffice-help-pt-BR-5.3.6.1-21.el7.x86_64.rpm autocorr-it-5.3.6.1-21.el7.noarch.rpm libreoffice [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2097-1 Moderate: perl-Archive-Tar on SL7.x x86_64

perl: Directory traversal in Archive::Tar (CVE-2018-12015) SL7 x86_64 perl-Archive-Tar-1.92-3.el7.noarch.rpm noarch perl-Archive-Tar-1.92-3.el7.noarch.rpm - Scientific Linux Development Team

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2078-1 Low: qemu-kvm on SL7.x x86_64

QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824) SL7 x86_64 qemu-kvm-common-1.5.3-167.el7.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7.x86_64.rpm qemu-img-1.5.3-167.el7.x86_64.rpm qemu-kvm-1.5.3-167.el7.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7.x86_64.rpm - Scientific Linux Development Team

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2159-1 Low: unzip on SL7.x x86_64

unzip: Buffer overflow in list.c resulting in a denial of service (CVE-2018-18384) SL7 x86_64 unzip-6.0-20.el7.x86_64.rpm unzip-debuginfo-6.0-20.el7.x86_64.rpm - Scientific Linux Development Team

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2051-1 Low: compat-libtiff3 on SL7.x x86_64

libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service (CVE-2018-7456) SL7 x86_64 compat-libtiff3-3.9.4-12.el7.i686.rpm compat-libtiff3-3.9.4-12.el7.x86_64.rpm compat-libtiff3-debuginfo-3.9.4-12.el7.i686.rpm compat-libtiff3-debuginfo-3.9.4-12.el7.x86_64.rpm - Scientific Linux Development Team

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2049-1 Moderate: libmspack on SL7.x x86_64

libmspack: Out-of-bounds write in mspack/cab.h (CVE-2018-18584) * libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes (CVE-2018-18585) SL7 x86_64 libmspack-0.5-0.7.alpha.el7.i686.rpm libmspack-0.5-0.7.alpha.el7.x86_64.rpm libmspack-devel-0.5-0.7.alpha.el7.x86_64.rpm libmspack-devel-0.5-0.7.alpha.el7.i686.rpm libmspack-debuginfo-0.5-0.7.alpha.e [More...]

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2112-1 Moderate: mod_auth_openidc on SL7.x x86_64

mod_auth_openidc: OIDC_CLAIM and OIDCAuthNHeader not skipped in an "AuthType oauth20" configuration (CVE-2017-6413) * mod_auth_openidc: Shows user-supplied content on error pages (CVE-2017-6059) SL7 x86_64 mod_auth_openidc-1.8.8-5.el7.x86_64.rpm mod_auth_openidc-debuginfo-1.8.8-5.el7.x86_64.rpm - Scientific Linux Development Team

LinuxSecurity.com Team
Aug 26, 2019

SciLinux: SLSA-2019-2137-1 Low: keycloak-httpd-client-install on SL7.x x86_64

keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloak_cli.py (CVE-2017-15111) * keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line (CVE-2017-15112) SL7 x86_64 python2-keycloak-httpd-client-install-0.8-1.el7.noarch.rpm keycloak-httpd-client-install-0.8-1.el7.noarch.rpm noarch keycloak-httpd-client-install-0.8-1.el7.n [More...]

LinuxSecurity.com Team
Aug 26, 2019

Scientific Essential and Critical Security Patch Updates

SciLinux: SLSA-2019-2110-1 Moderate: rsyslog on SL7.x x86_64

SciLinux: SLSA-2019-2118-1 Moderate: glibc on SL7.x x86_64

SciLinux: SLSA-2019-2057-1 Moderate: bind on SL7.x x86_64

SciLinux: SLSA-2019-2157-1 Low: freerdp and vinagre on SL7.x x86_64

SciLinux: SLSA-2019-2052-1 Moderate: libjpeg-turbo on SL7.x x86_64

SciLinux: SLSA-2019-2135-1 Moderate: qt5 on SL7.x x86_64

SciLinux: SLSA-2019-2237-1 Moderate: nss, nss-softokn, nss-util, and nspr on SL7.x x86_64

SciLinux: SLSA-2019-2048-1 Low: exempi on SL7.x x86_64

SciLinux: SLSA-2019-2028-1 Moderate: ruby on SL7.x x86_64

SciLinux: SLSA-2019-2136-1 Moderate: libssh2 on SL7.x x86_64

SciLinux: SLSA-2019-2177-1 Moderate: sssd on SL7.x x86_64

SciLinux: SLSA-2019-2047-1 Moderate: libcgroup on SL7.x x86_64

SciLinux: SLSA-2019-2130-1 Low: libreoffice on SL7.x x86_64

SciLinux: SLSA-2019-2097-1 Moderate: perl-Archive-Tar on SL7.x x86_64

SciLinux: SLSA-2019-2078-1 Low: qemu-kvm on SL7.x x86_64

SciLinux: SLSA-2019-2159-1 Low: unzip on SL7.x x86_64

SciLinux: SLSA-2019-2051-1 Low: compat-libtiff3 on SL7.x x86_64

SciLinux: SLSA-2019-2049-1 Moderate: libmspack on SL7.x x86_64

SciLinux: SLSA-2019-2112-1 Moderate: mod_auth_openidc on SL7.x x86_64

SciLinux: SLSA-2019-2137-1 Low: keycloak-httpd-client-install on SL7.x x86_64

LinuxSecurity Poll

Which open source security automation tool do you use to protect against vulnerabilities?

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By