Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2019-0109-1 Important: perl on SL7.x x86_64

SciLinux: SLSA-2019-0109-1 Important: perl on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

perl: Integer overflow leading to buffer overflow in Perl_my_setenv() (CVE-2018-18311) SL7 x86_64 perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86 [More...]

SciLinux: SLSA-2019-0059-1 Important: libvncserver on SL7.x x86_64

SciLinux: SLSA-2019-0059-1 Important: libvncserver on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libvncserver: Heap out-of-bounds write in rfbserver.c in rfbProcessFileTransferReadBuffer() allows for potential code execution (CVE-2018-15127) SL7 x86_64 libvncserver-0.9.9-13.el7_6.i686.rpm libvncserver-0.9.9-13.el7_6.x86_64.rpm libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm libvncserver-devel-0.9.9-13.el7_6.i686.rpm [More...]

SciLinux: SLSA-2019-0049-1 Important: systemd on SL7.x x86_64

SciLinux: SLSA-2019-0049-1 Important: systemd on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688) * systemd: stack overflow when calling syslog from a command with long cmdline (CVE-2018-16864) * systemd: stack overflow when receiving many journald entries (CVE-2018-16865) SL7 x86_64 libgudev1-219-62.el7_6.2.i686.rpm libgudev1-219-62.el7_6.2.x86_64.rpm systemd-219-62.el7_6.2.x86_6 [More...]

SciLinux: SLSA-2018-3854-1 Low: ntp on SL6.x i386/x86_64

SciLinux: SLSA-2018-3854-1 Low: ntp on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) SL6 x86_64 ntp-4.2.6p5-15.el6_10.x86_64.rpm ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm ntpdate-4.2.6p5-15.el6_10.x86_64.rpm ntp-perl-4.2.6p5-15.el6_10.x86_64.rpm i386 ntp-4.2.6p5-15.el6_10.i686.rpm ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm ntpdate-4.2.6 [More...]

SciLinux: SLSA-2018-3831-1 Critical: firefox on SL6.x i386/x86_64

SciLinux: SLSA-2018-3831-1 Critical: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.4.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * Mozilla: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location a [More...]

SciLinux: SLSA-2018-3833-1 Critical: firefox on SL7.x x86_64

SciLinux: SLSA-2018-3833-1 Critical: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.4.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * Mozilla: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location a [More...]

SciLinux: SLSA-2018-3834-1 Important: ghostscript on SL7.x x86_64

SciLinux: SLSA-2018-3834-1 Important: ghostscript on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ghostscript: Incorrect free logic in pagedevice replacement (699664) (CVE-2018-16541) * ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling (CVE-2018-16802) * ghostscript: User-writable error exception table (CVE-2018-17183) * ghostscript: Saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183) (CVE-2018- [More...]

SciLinux: SLSA-2018-3760-1 Important: ghostscript on SL6.x i386/x86_64

SciLinux: SLSA-2018-3760-1 Important: ghostscript on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the - -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. (CVE-2018-16509) SL6 x86_64 ghostscript-8.70-24.el6_10.2.i686.rpm ghostscript-8.70-24.el6_10.2.x86_64.rpm ghostscript- [More...]

SciLinux: SLSA-2018-3761-1 Important: ghostscript on SL7.x x86_64

SciLinux: SLSA-2018-3761-1 Important: ghostscript on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ghostscript: incomplete fix for CVE-2018-16509 (CVE-2018-16863) Bug Fix(es): * Previously, the flushpage operator has been removed as part of a major clean-up of a non-standard operator. However, flushpage has been found to be used in a few specific use cases. With this update, it has been re- added to support those use cases. SL7 x86_64 ghostscript-9.07-31.el7_6.3.i686.rpm ghosts [More...]

SciLinux: SLSA-2018-3738-1 Important: ruby on SL7.x x86_64

SciLinux: SLSA-2018-3738-1 Important: ruby on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ruby: OpenSSL::X509::Name equality check does not work correctly (CVE-2018-16395) SL7 x86_64 ruby-2.0.0.648-34.el7_6.x86_64.rpm ruby-debuginfo-2.0.0.648-34.el7_6.i686.rpm ruby-debuginfo-2.0.0.648-34.el7_6.x86_64.rpm ruby-libs-2.0.0.648-34.el7_6.i686.rpm ruby-libs-2.0.0.648-34.el7_6.x86_64.rpm rubygem-bigdecimal-1.2.0-34.el7_6.x86_64.rpm rubygem-io-console-0.4.2-3 [More...]

SciLinux: SLSA-2018-3651-1 Moderate: kernel on SL7.x x86_64

SciLinux: SLSA-2018-3651-1 Moderate: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target (CVE-2018-14633) * kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() allows for denial of service (CVE-2018-14646) Bug Fix(es): See the descriptions in the related Knowledge Article: SL7 x86_64 bpftool-3.10.0-957.1.3.el7.x86_64.rpm kernel-3.10.0-957.1.3.el7.x86_64.rpm kernel [More...]

SciLinux: SLSA-2018-3665-1 Important: NetworkManager on SL7.x x86_64

SciLinux: SLSA-2018-3665-1 Important: NetworkManager on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688) SL7 x86_64 NetworkManager-1.12.0-8.el7_6.x86_64.rpm NetworkManager-adsl-1.12.0-8.el7_6.x86_64.rpm NetworkManager-bluetooth-1.12.0-8.el7_6.x86_64.rpm NetworkManager-debuginfo-1.12.0-8.el7_6.i686.rpm NetworkManager-debuginfo-1.12.0-8.el7_6.x86_64.rpm NetworkManager-glib-1.12.0 [More...]

SciLinux: SLSA-2018-3650-1 Important: ghostscript on SL7.x x86_64

SciLinux: SLSA-2018-3650-1 Important: ghostscript on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

ghostscript: .tempfile file permission issues (699657) (CVE-2018-15908) * ghostscript: shading_param incomplete type checking (699660) (CVE-2018-15909) * ghostscript: missing type check in type checker (699659) (CVE-2018-16511) * ghostscript: incorrect access checking in temp file handling to disclose contents of files (699658) (CVE-2018-16539) SL7 x86_64 ghostscript-9.07-31.el7_6.1. [More...]

SciLinux: SLSA-2018-3324-1 Moderate: fuse on SL7.x x86_64

SciLinux: SLSA-2018-3324-1 Moderate: fuse on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906) SL7 x86_64 fuse-2.9.2-11.el7.x86_64.rpm fuse-debuginfo-2.9.2-11.el7.i686.rpm fuse-debuginfo-2.9.2-11.el7.x86_64.rpm fuse-libs-2.9.2-11.el7.i686.rpm fuse-libs-2.9.2-11.el7.x86_64.rpm fuse-devel-2.9.2-11.el7.i686.rpm fuse-devel-2.9.2-11.el7.x86_64.rpm - Scientific Linux Deve [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved