Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2019-1169-1 Important: kernel on SL6.x i386/x86_64

SciLinux: SLSA-2019-1169-1 Important: kernel on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data [More...]

SciLinux: SLSA-2019-1168-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2019-1168-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data [More...]

SciLinux: SLSA-2019-1178-1 Important: qemu-kvm on SL7.x x86_64

SciLinux: SLSA-2019-1178-1 Important: qemu-kvm on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data [More...]

SciLinux: SLSA-2019-1177-1 Important: libvirt on SL7.x x86_64

SciLinux: SLSA-2019-1177-1 Important: libvirt on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data [More...]

SciLinux: SLSA-2019-1131-1 Important: freeradius on SL7.x x86_64

SciLinux: SLSA-2019-1131-1 Important: freeradius on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

freeradius: eap-pwd: authentication bypass via an invalid curve attack (CVE-2019-11235) * freeradius: eap-pwd: fake authentication using reflection (CVE-2019-11234) SL7 x86_64 freeradius-3.0.13-10.el7_6.x86_64.rpm freeradius-debuginfo-3.0.13-10.el7_6.x86_64.rpm freeradius-debuginfo-3.0.13-10.el7_6.i686.rpm freeradius-devel-3.0.13-10.el7_6.i686.rpm freeradius-devel-3.0.1 [More...]

SciLinux: SLSA-2019-1024-1 Important: flatpak on SL7.x x86_64

SciLinux: SLSA-2019-1024-1 Important: flatpak on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

flatpak: Sandbox bypass via IOCSTI (incomplete fix for CVE-2017-5226) (CVE-2019-10063) SL7 x86_64 flatpak-1.0.2-5.el7_6.x86_64.rpm flatpak-debuginfo-1.0.2-5.el7_6.x86_64.rpm flatpak-libs-1.0.2-5.el7_6.x86_64.rpm flatpak-builder-1.0.0-5.el7_6.x86_64.rpm flatpak-devel-1.0.2-5.el7_6.x86_64.rpm flatpak-1.0.2-5.el7_6.src.rpm - Scientific Linux Development Team

SciLinux: SLSA-2019-1017-1 Important: ghostscript on SL7.x x86_64

SciLinux: SLSA-2019-1017-1 Important: ghostscript on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ghostscript: missing attack vector protections for CVE-2019-6116 (CVE-2019-3839) SL7 x86_64 ghostscript-9.07-31.el7_6.11.i686.rpm ghostscript-9.07-31.el7_6.11.x86_64.rpm ghostscript-cups-9.07-31.el7_6.11.x86_64.rpm ghostscript-debuginfo-9.07-31.el7_6.11.i686.rpm ghostscript-debuginfo-9.07-31.el7_6.11.x86_64.rpm ghostscript-devel-9.07-31.el7_6.11.i686.rpm ghostscr [More...]

SciLinux: SLSA-2019-0818-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2019-0818-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221) Bug Fix(es): * rbd: avoid corruption on partially completed bios [rhel-7.6.z] * xfs_vm_writepages deadly embrace between kworker and user task. [rhel-7.6.z] * Offload Connections always get vlan priorit [More...]

SciLinux: SLSA-2019-0790-1 Important: java-1.7.0-openjdk on SL6.x i386/x86_64

SciLinux: SLSA-2019-0790-1 Important: java-1.7.0-openjdk on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) SL6 x86_64 java-1.7.0-openjdk-1.7.0.221-2.6.18.0.el6_10.x86_64.rpm java-1.7.0-openjd [More...]

SciLinux: SLSA-2019-0791-1 Important: java-1.7.0-openjdk on SL7.x x86_64

SciLinux: SLSA-2019-0791-1 Important: java-1.7.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) SL7 x86_64 java-1.7.0-openjdk-1.7.0.221-2.6.18.0.el7_6.x86_64.rpm java-1.7.0-openjdk [More...]

SciLinux: SLSA-2019-0778-1 Moderate: java-11-openjdk on SL7.x x86_64

SciLinux: SLSA-2019-0778-1 Moderate: java-11-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) SL7 x86_64 java-11-openjdk-11.0.3.7-0.el7_6.i686.rpm java-11-openjdk-11.0.3.7-0.el7_6.x86_64.rpm java-11-openjdk-debuginfo-11.0.3.7-0.el7_6.i686.rpm java-11-openjdk-debuginfo- [More...]

SciLinux: SLSA-2019-0774-1 Important: java-1.8.0-openjdk on SL6.x i386/x86_64

SciLinux: SLSA-2019-0774-1 Important: java-1.8.0-openjdk on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) Bug Fix(es): * assert failure in coalesce.cpp: attempted to spill a non-spillable item SL6 [More...]

SciLinux: SLSA-2019-0775-1 Important: java-1.8.0-openjdk on SL7.x x86_64

SciLinux: SLSA-2019-0775-1 Important: java-1.8.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) SL7 x86_64 java-1.8.0-openjdk-1.8.0.212.b04-0.el7_6.i686.rpm java-1.8.0-openjdk-1.8. [More...]

SciLinux: SLSA-2019-0766-1 Important: mod_auth_mellon on SL7.x x86_64

SciLinux: SLSA-2019-0766-1 Important: mod_auth_mellon on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

mod_auth_mellon: authentication bypass in ECP flow (CVE-2019-3878) * mod_auth_mellon: open redirect in logout url when using URLs with backslashes (CVE-2019-3877) Bug Fix(es): * mod_auth_mellon Cert files name wrong when hostname contains a number (fixed in upstream package) SL7 x86_64 mod_auth_mellon-0.14.0-2.el7_6.4.x86_64.rpm mod_auth_mellon-debuginfo-0.14.0-2.el7_6.4.x86_64.r [More...]

SciLinux: SLSA-2019-0717-1 Important: kernel on SL6.x i386/x86_64

SciLinux: SLSA-2019-0717-1 Important: kernel on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) SL6 x86_64 kernel-2.6.32-754.12.1.el6.x86_64.rpm kernel-debug-2.6.32-754.12.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.12.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.12.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.12.1.el6.i68 [More...]

SciLinux: SLSA-2019-0711-1 Low: openssh on SL6.x i386/x86_64

SciLinux: SLSA-2019-0711-1 Low: openssh on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) SL6 x86_64 openssh-5.3p1-124.el6_10.x86_64.rpm openssh-askpass-5.3p1-124.el6_10.x86_64.rpm openssh-clients-5.3p1-124.el6_10.x86_64.rpm openssh-debuginfo-5.3p1-124.el6_10.x86_64.rpm openssh-server-5.3p1-124.el6_10.x86_64.rpm openssh-debuginfo-5.3p1-124.el6_10.i686.rpm opens [More...]

SciLinux: SLSA-2019-0710-1 Important: python on SL7.x x86_64

SciLinux: SLSA-2019-0710-1 Important: python on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) SL7 x86_64 python-2.7.5-77.el7_6.x86_64.rpm python-debuginfo-2.7.5-77.el7_6.i686.rpm python-debuginfo-2.7.5-77.el7_6.x86_64.rpm python-libs-2.7.5-77.el7_6.i686.rpm python-libs-2.7.5-77.el7_6.x86_64.rpm python-debug-2.7.5-77.el7_6.x86_64.rpm python-devel-2.7.5-77.el7_6.x86_6 [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved