Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2019-1898-1 Low: httpd on SL7.x x86_64

SciLinux: SLSA-2019-1898-1 Low: httpd on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312) SL7 x86_64 httpd-2.4.6-89.el7_6.1.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.1.x86_64.rpm httpd-devel-2.4.6-89.el7_6.1.x86_64.rpm httpd-tools-2.4.6-89.el7_6.1.x86_64.rpm mod_ldap-2.4.6-89.el7_6.1.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.1.x86_64.rpm mod_session-2.4.6-89.el7_6.1.x86_64.rpm [More...]

SciLinux: SLSA-2019-1896-1 Moderate: 389-ds-base on SL7.x x86_64

SciLinux: SLSA-2019-1896-1 Moderate: 389-ds-base on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

389-ds-base: DoS via hanging secured connections (CVE-2019-3883) Bug Fix(es): * Previously, if you were using the PAM plugin and attempted to bind as a dn that doesn't exist, the server would crash. This has now been fixed. SL7 x86_64 389-ds-base-1.3.8.4-25.1.el7_6.x86_64.rpm 389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.x86_64.rpm 389-ds-base-devel-1.3.8.4-25.1.el7_6.x86_64.rpm [More...]

SciLinux: SLSA-2019-1884-1 Moderate: libssh2 on SL7.x x86_64

SciLinux: SLSA-2019-1884-1 Moderate: libssh2 on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libssh2: Out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862) SL7 x86_64 libssh2-1.4.3-12.el7_6.3.i686.rpm libssh2-1.4.3-12.el7_6.3.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.3.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.3.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.3.i686.rpm libssh2-devel-1.4.3-12.el7_6.3.x86_64.rpm libssh2- [More...]

SciLinux: SLSA-2019-1883-1 Important: qemu-kvm on SL7.x x86_64

SciLinux: SLSA-2019-1883-1 Important: qemu-kvm on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

QEMU: device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * As newer machine remove csske feature, detection of the processor fail and machine used old version a [More...]

SciLinux: SLSA-2019-1839-1 Moderate: java-1.7.0-openjdk on SL7.x x86_64

SciLinux: SLSA-2019-1839-1 Moderate: java-1.7.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 822151 [More...]

SciLinux: SLSA-2019-1840-1 Moderate: java-1.7.0-openjdk on SL6.x i386/x86_64

SciLinux: SLSA-2019-1840-1 Moderate: java-1.7.0-openjdk on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 822151 [More...]

SciLinux: SLSA-2019-1811-1 Moderate: java-1.8.0-openjdk on SL6.x i386/x86_64

SciLinux: SLSA-2019-1811-1 Moderate: java-1.8.0-openjdk on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 822151 [More...]

SciLinux: SLSA-2019-1815-1 Moderate: java-1.8.0-openjdk on SL7.x x86_64

SciLinux: SLSA-2019-1815-1 Moderate: java-1.8.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 822151 [More...]

SciLinux: SLSA-2019-1810-1 Moderate: java-11-openjdk on SL7.x x86_64

SciLinux: SLSA-2019-1810-1 Moderate: java-11-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 822151 [More...]

SciLinux: SLSA-2019-1777-1 Important: thunderbird on SL6.x i386/x86_64

SciLinux: SLSA-2019-1777-1 Important: thunderbird on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 60.8.0. * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following [More...]

SciLinux: SLSA-2019-1775-1 Important: thunderbird on SL7.x x86_64

SciLinux: SLSA-2019-1775-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 60.8.0. * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following [More...]

SciLinux: SLSA-2019-1774-1 Important: vim on SL6.x i386/x86_64

SciLinux: SLSA-2019-1774-1 Important: vim on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

vim/neovim: ':source!' command allows arbitrary command execution via modelines (CVE-2019-12735) SL6 x86_64 vim-X11-7.4.629-5.el6_10.2.x86_64.rpm vim-common-7.4.629-5.el6_10.2.x86_64.rpm vim-debuginfo-7.4.629-5.el6_10.2.x86_64.rpm vim-enhanced-7.4.629-5.el6_10.2.x86_64.rpm vim-filesystem-7.4.629-5.el6_10.2.x86_64.rpm vim-minimal-7.4.629-5.el6_10.2.x86_64.rpm i386 [More...]

SciLinux: SLSA-2019-1765-1 Critical: firefox on SL6.x i386/x86_64

SciLinux: SLSA-2019-1765-1 Critical: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.8.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following [More...]

SciLinux: SLSA-2019-1763-1 Critical: firefox on SL7.x x86_64

SciLinux: SLSA-2019-1763-1 Critical: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.8.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following [More...]

SciLinux: SLSA-2019-1726-1 Important: dbus on SL6.x i386/x86_64

SciLinux: SLSA-2019-1726-1 Important: dbus on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749) SL6 x86_64 dbus-1.2.24-11.el6_10.x86_64.rpm dbus-debuginfo-1.2.24-11.el6_10.i686.rpm dbus-debuginfo-1.2.24-11.el6_10.x86_64.rpm dbus-libs-1.2.24-11.el6_10.i686.rpm dbus-libs-1.2.24-11.el6_10.x86_64.rpm dbus-x11-1.2.24-11.el6_10.x86_64.rpm dbus-devel-1.2.24-11.el6_10.i686.rpm dbus-devel-1 [More...]

SciLinux: SLSA-2019-1652-1 Important: libssh2 on SL6.x i386/x86_64

SciLinux: SLSA-2019-1652-1 Important: libssh2 on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) * libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) * libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) * libssh2: Integer overflow in user authenticate keyboard interactive allows out [More...]

SciLinux: SLSA-2019-1650-1 Low: qemu-kvm on SL6.x i386/x86_64

SciLinux: SLSA-2019-1650-1 Low: qemu-kvm on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824) SL6 x86_64 qemu-guest-agent-0.12.1.2-2.506.el6_10.4.x86_64.rpm qemu-img-0.12.1.2-2.506.el6_10.4.x86_64.rpm qemu-kvm-0.12.1.2-2.506.el6_10.4.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.4.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.506.el6_10.4.x86_64.rpm i386 qemu-gue [More...]

SciLinux: SLSA-2019-1619-1 Important: vim on SL7.x x86_64

SciLinux: SLSA-2019-1619-1 Important: vim on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

vim/neovim: ':source!' command allows arbitrary command execution via modelines (CVE-2019-12735) SL7 x86_64 vim-X11-7.4.160-6.el7_6.x86_64.rpm vim-common-7.4.160-6.el7_6.x86_64.rpm vim-debuginfo-7.4.160-6.el7_6.x86_64.rpm vim-enhanced-7.4.160-6.el7_6.x86_64.rpm vim-filesystem-7.4.160-6.el7_6.x86_64.rpm vim-minimal-7.4.160-6.el7_6.x86_64.rpm - Scientific Linux Develo [More...]

SciLinux: SLSA-2019-1626-1 Important: thunderbird on SL7.x x86_64

SciLinux: SLSA-2019-1626-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) * thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) * thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalu [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved