Scientific Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) Bug Fix(es): * Previously backported upstream patch caused a change in the behavior of page fault handler. As a consequence, applications compiled through GNU Compiler Collection (GCC) version 4.4.7 sometimes generated stack access exceeding the 64K limit. Running such applications subsequently triggered a segmentatio [More...]
OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) SL6 x86_64 java-1.8.0-openjdk-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.201.b09-1.el6_10.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.201.b09-1.el [More...]
polkit: Temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133) SL6 x86_64 polkit-0.96-11.el6_10.1.i686.rpm polkit-0.96-11.el6_10.1.x86_64.rpm polkit-debuginfo-0.96-11.el6_10.1.i686.rpm polkit-debuginfo-0.96-11.el6_10.1.x86_64.rpm polkit-devel-0.96-11.el6_10.1.i686.rpm polkit-devel-0.96-11.el6_10.1.x86_64.rpm polkit-docs-0.96-11.el6_10.1.x86_64 [More...]
flatpak: potential /proc based sandbox escape (CVE-2019-8308) SL7 x86_64 flatpak-1.0.2-4.el7_6.x86_64.rpm flatpak-builder-1.0.0-4.el7_6.x86_64.rpm flatpak-debuginfo-1.0.2-4.el7_6.x86_64.rpm flatpak-devel-1.0.2-4.el7_6.x86_64.rpm flatpak-libs-1.0.2-4.el7_6.x86_64.rpm firefox-60.5.1-1.el7_6.i686.rpm firefox-60.5.1-1.el7_6.x86_64.rpm firefox-debuginfo-60.5.1-1.e [More...]
This update upgrades Firefox to version 60.5.1 ESR. * chromium-browser, mozilla: Use after free in Skia (CVE-2018-18356) * mozilla: Integer overflow in Skia (CVE-2019-5785) SL7 x86_64 firefox-60.5.1-1.el7_6.i686.rpm firefox-60.5.1-1.el7_6.x86_64.rpm firefox-debuginfo-60.5.1-1.el7_6.i686.rpm firefox-debuginfo-60.5.1-1.el7_6.x86_64.rpm - Scientific Linux Development Team
This update upgrades Firefox to version 60.5.1 ESR. * chromium-browser, mozilla: Use after free in Skia (CVE-2018-18356) * mozilla: Integer overflow in Skia (CVE-2019-5785) SL6 x86_64 firefox-60.5.1-1.el6_10.x86_64.rpm firefox-debuginfo-60.5.1-1.el6_10.x86_64.rpm firefox-60.5.1-1.el6_10.i686.rpm firefox-debuginfo-60.5.1-1.el6_10.i686.rpm i386 firefox-60.5.1-1.el6_10.i6 [More...]
systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) SL7 x86_64 libgudev1-219-62.el7_6.5.i686.rpm libgudev1-219-62.el7_6.5.x86_64.rpm libgudev1-devel-219-62.el7_6.5.i686.rpm libgudev1-devel-219-62.el7_6.5.x86_64.rpm systemd-219-62.el7_6.5.x86_64.rpm systemd-debuginfo-219-62.el7_6.5.i686.rpm systemd-debuginfo-219- [More...]
This update upgrades Thunderbird to version 60.5.0. * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) * libical: Multiple use-after-free vulnerabilities (CVE-2016-5824) SL7 x86_64 thunderbird-60.5.0-1.el7_6. [More...]
This update upgrades Thunderbird to version 60.5.0. * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) * libical: Multiple use-after-free vulnerabilities (CVE-2016-5824) SL6 x86_64 thunderbird-60.5.0-1.el6_10 [More...]
polkit: Temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133) SL7 x86_64 polkit-0.112-18.el7_6.1.i686.rpm polkit-0.112-18.el7_6.1.x86_64.rpm polkit-debuginfo-0.112-18.el7_6.1.i686.rpm polkit-debuginfo-0.112-18.el7_6.1.x86_64.rpm polkit-devel-0.112-18.el7_6.1.i686.rpm polkit-devel-0.112-18.el7_6.1.x86_64.rpm noarch polkit-docs-0.112-18.el7_6 [More...]
ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) * ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) * ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) * ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE- [More...]
spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) SL6 x86_64 spice-server-0.12.4-16.el6_10.3.x86_64.rpm spice-server-debuginfo-0.12.4-16.el6_10.3.x86_64.rpm - Scientific Linux Development Team
spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) SL7 x86_64 spice-debuginfo-0.14.0-6.el7_6.1.x86_64.rpm spice-server-0.14.0-6.el7_6.1.x86_64.rpm spice-server-devel-0.14.0-6.el7_6.1.x86_64.rpm - Scientific Linux Development Team
This update upgrades Firefox to version 60.5.0 ESR. * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) SL7 x86_64 firefox-60.5.0-2.el7.x86_64.rpm firefox-debuginfo-60.5.0-2.el7.x86_64.rpm firefox-60.5. [More...]
This update upgrades Firefox to version 60.5.0 ESR. * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) SL6 x86_64 firefox-60.5.0-2.el6.x86_64.rpm firefox-60.5.0-2.el6.i686.rpm i386 firefox-60.5.0-2.e [More...]
systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864 (CVE-2019-3815) SL7 x86_64 libgudev1-219-62.el7_6.3.i686.rpm libgudev1-219-62.el7_6.3.x86_64.rpm systemd-219-62.el7_6.3.x86_64.rpm systemd-debuginfo-219-62.el7_6.3.i686.rpm systemd-debuginfo-219-62.el7_6.3.x86_64.rpm systemd-libs-219-62.el7_6.3.i686.rpm systemd-libs-219-62.el7_6.3.x86_ [More...]
bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary (CVE-2018-5742) SL7 x86_64 bind-debuginfo-9.9.4-73.el7_6.i686.rpm bind-debuginfo-9.9.4-73.el7_6.x86_64.rpm bind-libs-9.9.4-73.el7_6.i686.rpm bind-libs-9.9.4-73.el7_6.x86_64.rpm bind-libs-lite-9.9.4-73.el7_6.i686.rpm bind-libs-lite-9.9.4-73.el7_6.x86_64.rpm bind-utils- [More...]
kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397) Bug Fix(es): See the descriptions in the related Knowledge Article: SL7 x86_64 bpftool-3.10.0-957.5.1.el7.x86_64.rpm kernel-3.10.0-957.5.1.el7.x86_64.rpm kernel-debug-3.10.0-957.5.1.el7.x86_64.rpm kernel-debug-deb [More...]
This update upgrades Thunderbird to version 60.4.0. * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violatio [More...]
This update upgrades Thunderbird to version 60.4.0. * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violatio [More...]