Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2019-1624-1 Important: thunderbird on SL6.x i386/x86_64

SciLinux: SLSA-2019-1624-1 Important: thunderbird on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) * thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) * thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalu [More...]

SciLinux: SLSA-2019-1604-1 Critical: firefox on SL6.x i386/x86_64

SciLinux: SLSA-2019-1604-1 Critical: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) SL6 x86_64 firefox-60.7.2-1.el6_10.x86_64.rpm firefox-debuginfo-60.7.2-1.el6_10.x86_64.rpm firefox-60.7.2-1.el6_10.i686.rpm firefox-debuginfo-60.7.2-1.el6_10.i686.rpm i386 firefox-60.7.2-1.el6_10.i686.rpm firefox-debuginfo-60.7.2-1.el6_10.i686.rpm - [More...]

SciLinux: SLSA-2019-1587-1 Important: python on SL7.x x86_64

SciLinux: SLSA-2019-1587-1 Important: python on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160) SL7 x86_64 python-2.7.5-80.el7_6.x86_64.rpm python-debuginfo-2.7.5-80.el7_6.i686.rpm python-debuginfo-2.7.5-80.el7_6.x86_64.rpm python-libs-2.7.5-80.el7_6.i686.rpm python-libs-2.7.5-80.el7_6.x86_64.rpm python-debug-2.7.5-80.el7_6.x86_64.rpm python-devel-2.7. [More...]

SciLinux: SLSA-2019-1578-1 Moderate: libvirt on SL6.x i386/x86_64

SciLinux: SLSA-2019-1578-1 Moderate: libvirt on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) * libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) * libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE [More...]

SciLinux: SLSA-2019-1579-1 Important: libvirt on SL7.x x86_64

SciLinux: SLSA-2019-1579-1 Important: libvirt on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) * libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) * libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE [More...]

SciLinux: SLSA-2019-1481-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2019-1481-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs in [More...]

SciLinux: SLSA-2019-1488-1 Important: kernel on SL6.x i386/x86_64

SciLinux: SLSA-2019-1488-1 Important: kernel on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs in [More...]

SciLinux: SLSA-2019-1492-1 Important: bind on SL6.x i386/x86_64

SciLinux: SLSA-2019-1492-1 Important: bind on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) SL6 x86_64 bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-utils-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-chroot [More...]

SciLinux: SLSA-2019-1467-1 Important: python on SL6.x i386/x86_64

SciLinux: SLSA-2019-1467-1 Important: python on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) SL6 x86_64 python-2.6.6-68.el6_10.x86_64.rpm python-debuginfo-2.6.6-68.el6_10.i686.rpm python-debuginfo-2.6.6-68.el6_10.x86_64.rpm python-libs-2.6.6-68.el6_10.i686.rpm python-libs-2.6.6-68.el6_10.x86_64.rpm tkinter-2.6.6-68.el6_10.x86_64.rpm python-devel-2.6.6-68.el6_10.i68 [More...]

SciLinux: SLSA-2019-1310-1 Important: thunderbird on SL6.x i386/x86_64

SciLinux: SLSA-2019-1310-1 Important: thunderbird on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-a [More...]

SciLinux: SLSA-2019-1309-1 Important: thunderbird on SL7.x x86_64

SciLinux: SLSA-2019-1309-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-a [More...]

SciLinux: SLSA-2019-1294-1 Important: bind on SL7.x x86_64

SciLinux: SLSA-2019-1294-1 Important: bind on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) SL7 x86_64 bind-debuginfo-9.9.4-74.el7_6.1.i686.rpm bind-debuginfo-9.9.4-74.el7_6.1.x86_64.rpm bind-libs-9.9.4-74.el7_6.1.i686.rpm bind-libs-9.9.4-74.el7_6.1.x86_64.rpm bind-libs-lite-9.9.4-74.el7_6.1.i686.rpm bind-libs-lite-9.9.4-74.el7_6.1.x86_64.rpm bind-utils-9.9.4-74.el7_6.1.x86_64.rpm [More...]

SciLinux: SLSA-2019-1278-1 Important: pacemaker on SL7.x x86_64

SciLinux: SLSA-2019-1278-1 Important: pacemaker on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc (CVE-2018-16877) * pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878) * pacemaker: Information disclosure through use-after-free (CVE-2019-3885) SL7 x86_64 pacemaker-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-cl [More...]

SciLinux: SLSA-2019-1267-1 Critical: firefox on SL6.x i386/x86_64

SciLinux: SLSA-2019-1267-1 Critical: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: U [More...]

SciLinux: SLSA-2019-1265-1 Critical: firefox on SL7.x x86_64

SciLinux: SLSA-2019-1265-1 Critical: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.7.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment [More...]

SciLinux: SLSA-2019-1264-1 Important: libvirt on SL7.x x86_64

SciLinux: SLSA-2019-1264-1 Important: libvirt on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter (CVE-2019-10132) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * libvirt terminates and core-dumps with SIGABRT as a result of a invalid pointer error t [More...]

SciLinux: SLSA-2019-1235-1 Important: ruby on SL7.x x86_64

SciLinux: SLSA-2019-1235-1 Important: ruby on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324) * rubygems: Escape sequence injection vulnerability in gem owner (CVE-2019-8322) * rubygems: Escape sequence injection vulnerability in API response handling (CVE-2019-8323) * rubygems: Escape sequence injection vulnerability in errors (CVE-2019-8325) SL7 x86_64 ruby-2.0.0.648-35.el7_6.x86_64.rp [More...]

SciLinux: SLSA-2019-1181-1 Important: qemu-kvm on SL6.x i386/x86_64

SciLinux: SLSA-2019-1181-1 Important: qemu-kvm on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data [More...]

SciLinux: SLSA-2019-1180-1 Important: libvirt on SL6.x i386/x86_64

SciLinux: SLSA-2019-1180-1 Important: libvirt on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved