Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2019-0697-1 Important: freerdp on SL7.x x86_64

SciLinux: SLSA-2019-0697-1 Important: freerdp on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

freerdp: Integer truncation leading to heap-based buffer overflow in update_read_bitmap_update() function (CVE-2018-8786) * freerdp: Integer overflow leading to heap-based buffer overflow in gdi_Bitmap_Decompress() function (CVE-2018-8787) * freerdp: Out-of-bounds write in nsc_rle_decode() function (CVE-2018-8788) SL7 x86_64 freerdp-1.0.2-15.el7_6.1.x86_64.rpm freerdp-debuginfo-1. [More...]

SciLinux: SLSA-2019-0680-1 Important: thunderbird on SL6.x i386/x86_64

SciLinux: SLSA-2019-0680-1 Important: thunderbird on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792) * Mozilla: IonMonkey MArr [More...]

SciLinux: SLSA-2019-0681-1 Important: thunderbird on SL7.x x86_64

SciLinux: SLSA-2019-0681-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792) * Mozilla: IonMonkey MArr [More...]

SciLinux: SLSA-2019-0679-1 Important: libssh2 on SL7.x x86_64

SciLinux: SLSA-2019-0679-1 Important: libssh2 on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) * libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) * libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) * libssh2: Integer overflow in user authenticate keyboard interactive allows out [More...]

SciLinux: SLSA-2019-0672-1 Critical: firefox on SL6.x i386/x86_64

SciLinux: SLSA-2019-0672-1 Critical: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.6.1 ESR. * Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810) * Mozilla: Ionmonkey type confusion with __proto__ mutations (CVE-2019-9813) SL6 x86_64 firefox-60.6.1-1.el6_10.x86_64.rpm firefox-debuginfo-60.6.1-1.el6_10.x86_64.rpm firefox-60.6.1-1.el6_10.i686.rpm firefox-debuginfo-60.6.1-1.el6_10.i686.rpm [More...]

SciLinux: SLSA-2019-0671-1 Critical: firefox on SL7.x x86_64

SciLinux: SLSA-2019-0671-1 Critical: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.6.1 ESR. * Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810) * Mozilla: Ionmonkey type confusion with __proto__ mutations (CVE-2019-9813) SL7 x86_64 firefox-60.6.1-1.el7_6.x86_64.rpm firefox-debuginfo-60.6.1-1.el7_6.x86_64.rpm firefox-60.6.1-1.el7_6.i686.rpm firefox-debuginfo-60.6.1-1.el7_6.i686.rpm - S [More...]

SciLinux: SLSA-2019-0638-1 Important: openwsman on SL7.x x86_64

SciLinux: SLSA-2019-0638-1 Important: openwsman on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

openwsman: Disclosure of arbitrary files outside of the registered URIs (CVE-2019-3816) SL7 x86_64 libwsman1-2.6.3-6.git4391e5c.el7_6.i686.rpm libwsman1-2.6.3-6.git4391e5c.el7_6.x86_64.rpm openwsman-client-2.6.3-6.git4391e5c.el7_6.i686.rpm openwsman-client-2.6.3-6.git4391e5c.el7_6.x86_64.rpm openwsman-debuginfo-2.6.3-6.git4391e5c.el7_6.i686.rpm openwsman-debuginfo-2. [More...]

SciLinux: SLSA-2019-0633-1 Important: ghostscript on SL7.x x86_64

SciLinux: SLSA-2019-0633-1 Important: ghostscript on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ghostscript: superexec operator is available (700585) (CVE-2019-3835) * ghostscript: forceput in DefineResource is still accessible (700576) (CVE-2019-3838) Bug Fix(es): * ghostscript: Regression: double comment chars '%%' in gs_init.ps leading to missing metadata SL7 x86_64 ghostscript-9.07-31.el7_6.10.i686.rpm ghostscript-9.07-31.el7_6.10.x86_64.rpm ghostscript-cups-9.07-31 [More...]

SciLinux: SLSA-2019-0623-1 Critical: firefox on SL6.x i386/x86_64

SciLinux: SLSA-2019-0623-1 Critical: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.6.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value [More...]

SciLinux: SLSA-2019-0622-1 Critical: firefox on SL7.x x86_64

SciLinux: SLSA-2019-0622-1 Critical: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.6.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value [More...]

SciLinux: SLSA-2019-0512-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2019-0512-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: Faulty computation of numberic bounds in the BPF verifier (CVE-2018-18445) Bug Fix(es) and Enhancement(s): * kernel fuse invalidates cached attributes during reads * [NetApp-FC-NVMe] SL7.6: nvme reset gets hung i [More...]

SciLinux: SLSA-2019-0485-1 Moderate: tomcat on SL7.x (noarch)

SciLinux: SLSA-2019-0485-1 Moderate: tomcat on SL7.x (noarch)

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

tomcat: Open redirect in default servlet (CVE-2018-11784) SL7 noarch tomcat-servlet-3.0-api-7.0.76-9.el7_6.noarch.rpm tomcat-7.0.76-9.el7_6.noarch.rpm tomcat-admin-webapps-7.0.76-9.el7_6.noarch.rpm tomcat-docs-webapp-7.0.76-9.el7_6.noarch.rpm tomcat-el-2.2-api-7.0.76-9.el7_6.noarch.rpm tomcat-javadoc-7.0.76-9.el7_6.noarch.rpm tomcat-jsp-2.2-api-7.0.76-9.el7_6.noa [More...]

SciLinux: SLSA-2019-0482-1 Moderate: cockpit on SL7.x x86_64

SciLinux: SLSA-2019-0482-1 Moderate: cockpit on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

cockpit: Crash when parsing invalid base64 headers (CVE-2019-3804) SL7 x86_64 cockpit-173.2-1.el7.x86_64.rpm cockpit-bridge-173.2-1.el7.x86_64.rpm cockpit-debuginfo-173.2-1.el7.i686.rpm cockpit-debuginfo-173.2-1.el7.x86_64.rpm cockpit-ws-173.2-1.el7.i686.rpm cockpit-ws-173.2-1.el7.x86_64.rpm cockpit-doc-173.2-1.el7.x86_64.rpm cockpit-173.2-1.el7.src.rpm noa [More...]

SciLinux: SLSA-2019-0483-1 Moderate: openssl on SL7.x x86_64

SciLinux: SLSA-2019-0483-1 Moderate: openssl on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) Bug Fix(es): * Perform the RSA signature self-tests with SHA-256 SL7 x86_64 openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el [More...]

SciLinux: SLSA-2019-0464-1 Moderate: java-1.7.0-openjdk on SL7.x x86_64

SciLinux: SLSA-2019-0464-1 Moderate: java-1.7.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) SL7 x86_64 java-1.7.0-openjdk-1.7.0.211-2.6.17.1.el7_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.211-2.6.17.1.el7_6.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.211-2.6.17.1.el7_6.x86_64.rpm java-1.7.0-openjdk-accessibility-1.7.0.211-2.6.17.1.el7_6.x86_64.rpm java-1.7.0-openjdk-demo-1. [More...]

SciLinux: SLSA-2019-0435-1 Moderate: java-1.8.0-openjdk on SL7.x x86_64

SciLinux: SLSA-2019-0435-1 Moderate: java-1.8.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) SL7 x86_64 java-1.8.0-openjdk-1.8.0.201.b09-0.el7_6.i686.rpm java-1.8.0-openjdk-1.8.0.201.b09-0.el7_6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.201.b09-0.el7_6.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.201.b09-0.el7_6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.201.b09-0.el7_6.i686. [More...]

SciLinux: SLSA-2019-0436-1 Moderate: java-11-openjdk on SL7.x x86_64

SciLinux: SLSA-2019-0436-1 Moderate: java-11-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) SL7 x86_64 java-11-openjdk-11.0.2.7-0.el7_6.i686.rpm java-11-openjdk-11.0.2.7-0.el7_6.x86_64.rpm java-11-openjdk-debuginfo-11.0.2.7-0.el7_6.i686.rpm java-11-openjdk-debuginfo-11.0.2.7-0.el7_6.x86_64.rpm java-11-openjdk-headless-11.0.2.7-0.el7_6.i686.rpm java-11-openjdk-headless-11.0.2. [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved