Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2019-0415-1 Important: kernel on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) Bug Fix(es): * Previously backported upstream patch caused a change in the behavior of page fault handler. As a consequence, applications compiled through GNU Compiler Collection (GCC) version 4.4.7 sometimes generated stack access exceeding the 64K limit. Running such applications subsequently triggered a segmentatio [More...]

SciLinux: SLSA-2019-0420-1 Important: polkit on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

polkit: Temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133) SL6 x86_64 polkit-0.96-11.el6_10.1.i686.rpm polkit-0.96-11.el6_10.1.x86_64.rpm polkit-debuginfo-0.96-11.el6_10.1.i686.rpm polkit-debuginfo-0.96-11.el6_10.1.x86_64.rpm polkit-devel-0.96-11.el6_10.1.i686.rpm polkit-devel-0.96-11.el6_10.1.x86_64.rpm polkit-docs-0.96-11.el6_10.1.x86_64 [More...]

SciLinux: SLSA-2019-0375-1 Important: flatpak on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

flatpak: potential /proc based sandbox escape (CVE-2019-8308) SL7 x86_64 flatpak-1.0.2-4.el7_6.x86_64.rpm flatpak-builder-1.0.0-4.el7_6.x86_64.rpm flatpak-debuginfo-1.0.2-4.el7_6.x86_64.rpm flatpak-devel-1.0.2-4.el7_6.x86_64.rpm flatpak-libs-1.0.2-4.el7_6.x86_64.rpm firefox-60.5.1-1.el7_6.i686.rpm firefox-60.5.1-1.el7_6.x86_64.rpm firefox-debuginfo-60.5.1-1.e [More...]

SciLinux: SLSA-2019-0374-1 Important: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.5.1 ESR. * chromium-browser, mozilla: Use after free in Skia (CVE-2018-18356) * mozilla: Integer overflow in Skia (CVE-2019-5785) SL7 x86_64 firefox-60.5.1-1.el7_6.i686.rpm firefox-60.5.1-1.el7_6.x86_64.rpm firefox-debuginfo-60.5.1-1.el7_6.i686.rpm firefox-debuginfo-60.5.1-1.el7_6.x86_64.rpm - Scientific Linux Development Team

SciLinux: SLSA-2019-0373-1 Important: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.5.1 ESR. * chromium-browser, mozilla: Use after free in Skia (CVE-2018-18356) * mozilla: Integer overflow in Skia (CVE-2019-5785) SL6 x86_64 firefox-60.5.1-1.el6_10.x86_64.rpm firefox-debuginfo-60.5.1-1.el6_10.x86_64.rpm firefox-60.5.1-1.el6_10.i686.rpm firefox-debuginfo-60.5.1-1.el6_10.i686.rpm i386 firefox-60.5.1-1.el6_10.i6 [More...]

SciLinux: SLSA-2019-0368-1 Important: systemd on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) SL7 x86_64 libgudev1-219-62.el7_6.5.i686.rpm libgudev1-219-62.el7_6.5.x86_64.rpm libgudev1-devel-219-62.el7_6.5.i686.rpm libgudev1-devel-219-62.el7_6.5.x86_64.rpm systemd-219-62.el7_6.5.x86_64.rpm systemd-debuginfo-219-62.el7_6.5.i686.rpm systemd-debuginfo-219- [More...]

SciLinux: SLSA-2019-0270-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 60.5.0. * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) * libical: Multiple use-after-free vulnerabilities (CVE-2016-5824) SL7 x86_64 thunderbird-60.5.0-1.el7_6. [More...]

SciLinux: SLSA-2019-0269-1 Important: thunderbird on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 60.5.0. * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) * libical: Multiple use-after-free vulnerabilities (CVE-2016-5824) SL6 x86_64 thunderbird-60.5.0-1.el6_10 [More...]

SciLinux: SLSA-2019-0230-1 Important: polkit on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

polkit: Temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133) SL7 x86_64 polkit-0.112-18.el7_6.1.i686.rpm polkit-0.112-18.el7_6.1.x86_64.rpm polkit-debuginfo-0.112-18.el7_6.1.i686.rpm polkit-debuginfo-0.112-18.el7_6.1.x86_64.rpm polkit-devel-0.112-18.el7_6.1.i686.rpm polkit-devel-0.112-18.el7_6.1.x86_64.rpm noarch polkit-docs-0.112-18.el7_6 [More...]

SciLinux: SLSA-2019-0229-1 Important: ghostscript on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) * ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) * ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) * ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE- [More...]

SciLinux: SLSA-2019-0219-1 Critical: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.5.0 ESR. * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) SL7 x86_64 firefox-60.5.0-2.el7.x86_64.rpm firefox-debuginfo-60.5.0-2.el7.x86_64.rpm firefox-60.5. [More...]

SciLinux: SLSA-2019-0218-1 Critical: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.5.0 ESR. * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) SL6 x86_64 firefox-60.5.0-2.el6.x86_64.rpm firefox-60.5.0-2.el6.i686.rpm i386 firefox-60.5.0-2.e [More...]

SciLinux: SLSA-2019-0201-1 Low: systemd on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864 (CVE-2019-3815) SL7 x86_64 libgudev1-219-62.el7_6.3.i686.rpm libgudev1-219-62.el7_6.3.x86_64.rpm systemd-219-62.el7_6.3.x86_64.rpm systemd-debuginfo-219-62.el7_6.3.i686.rpm systemd-debuginfo-219-62.el7_6.3.x86_64.rpm systemd-libs-219-62.el7_6.3.i686.rpm systemd-libs-219-62.el7_6.3.x86_ [More...]

SciLinux: SLSA-2019-0194-1 Moderate: bind on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary (CVE-2018-5742) SL7 x86_64 bind-debuginfo-9.9.4-73.el7_6.i686.rpm bind-debuginfo-9.9.4-73.el7_6.x86_64.rpm bind-libs-9.9.4-73.el7_6.i686.rpm bind-libs-9.9.4-73.el7_6.x86_64.rpm bind-libs-lite-9.9.4-73.el7_6.i686.rpm bind-libs-lite-9.9.4-73.el7_6.x86_64.rpm bind-utils- [More...]

SciLinux: SLSA-2019-0163-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397) Bug Fix(es): See the descriptions in the related Knowledge Article: SL7 x86_64 bpftool-3.10.0-957.5.1.el7.x86_64.rpm kernel-3.10.0-957.5.1.el7.x86_64.rpm kernel-debug-3.10.0-957.5.1.el7.x86_64.rpm kernel-debug-deb [More...]

SciLinux: SLSA-2019-0159-1 Important: thunderbird on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 60.4.0. * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violatio [More...]

SciLinux: SLSA-2019-0160-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 60.4.0. * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violatio [More...]