Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2018-3253-1 Low: jasper on SL7.x x86_64

SciLinux: SLSA-2018-3253-1 Low: jasper on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

jasper: reachable assertion in JPC_NOMINALGAIN() (CVE-2016-9396) * jasper: NULL pointer exception in jp2_encode() (CVE-2017-1000050) SL7 x86_64 jasper-debuginfo-1.900.1-33.el7.i686.rpm jasper-debuginfo-1.900.1-33.el7.x86_64.rpm jasper-libs-1.900.1-33.el7.i686.rpm jasper-libs-1.900.1-33.el7.x86_64.rpm jasper-1.900.1-33.el7.x86_64.rpm jasper-devel-1.900.1-33.el7.i686. [More...]

SciLinux: SLSA-2018-3335-1 Moderate: xerces-c on SL7.x x86_64

SciLinux: SLSA-2018-3335-1 Moderate: xerces-c on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

xerces-c: Stack overflow when parsing deeply nested DTD (CVE-2016-4463) SL7 x86_64 xerces-c-3.1.1-9.el7.i686.rpm xerces-c-3.1.1-9.el7.x86_64.rpm xerces-c-debuginfo-3.1.1-9.el7.i686.rpm xerces-c-debuginfo-3.1.1-9.el7.x86_64.rpm xerces-c-devel-3.1.1-9.el7.i686.rpm xerces-c-devel-3.1.1-9.el7.x86_64.rpm noarch xerces-c-doc-3.1.1-9.el7.noarch.rpm - Scientific Linux [More...]

SciLinux: SLSA-2018-3140-1 Moderate: GNOME on SL7.x x86_64

SciLinux: SLSA-2018-3140-1 Moderate: GNOME on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910) * poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service (CVE-2017-18267) * libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c (CVE-2018-10733) * libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_con [More...]

SciLinux: SLSA-2018-3350-1 Important: java-1.7.0-openjdk on SL7.x x86_64

SciLinux: SLSA-2018-3350-1 Important: java-1.7.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJ [More...]

SciLinux: SLSA-2018-3071-1 Low: krb5 on SL7.x x86_64

SciLinux: SLSA-2018-3071-1 Low: krb5 on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730) SL7 x86_64 krb5-debuginfo-1.15.1-34.el7.i686.rpm krb5-debuginfo-1.15.1-34.el7.x86_64.rpm krb5-libs-1.15.1-34.el7.i686.rpm krb5-libs-1.15.1-34.el7.x86_64.rpm krb5-pkinit-1.15.1 [More...]

SciLinux: SLSA-2018-3229-1 Low: zziplib on SL7.x x86_64

SciLinux: SLSA-2018-3229-1 Low: zziplib on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash (CVE-2018-7725) * zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file (CVE-2018-7726) * zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial of service via crafted zip (CVE-2018-7727) SL7 x86_64 zziplib-0.13.62-9.el7.i686.rpm zziplib-0.13.62-9.el7.x86_6 [More...]

SciLinux: SLSA-2018-3242-1 Moderate: glusterfs on SL7.x x86_64

SciLinux: SLSA-2018-3242-1 Moderate: glusterfs on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory (CVE-2018-10911) SL7 x86_64 glusterfs-3.12.2-18.el7.x86_64.rpm glusterfs-api-3.12.2-18.el7.x86_64.rpm glusterfs-cli-3.12.2-18.el7.x86_64.rpm glusterfs-client-xlators-3.12.2-18.el7.x86_64.rpm glusterfs-debuginfo-3.12.2-18.el7.x86_64.rpm glusterfs-fuse-3.12.2-1 [More...]

SciLinux: SLSA-2018-3327-1 Low: libmspack on SL7.x x86_64

SciLinux: SLSA-2018-3327-1 Low: libmspack on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) * libmspack: off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) * libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) * libmspack: off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682) SL7 x86_64 libmspack-0 [More...]

SciLinux: SLSA-2018-3092-1 Moderate: glibc on SL7.x x86_64

SciLinux: SLSA-2018-3092-1 Moderate: glibc on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries (CVE-2017-16997) * glibc: Integer overflow in posix_memalign in memalign functions (CVE-2018-6485) * glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow (CVE-2018-11236) * glibc: Buffer overflow in __mempcpy_avx512_no_vze [More...]

SciLinux: SLSA-2018-3083-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2018-3083-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: out-of-bounds acces [More...]

SciLinux: SLSA-2018-3113-1 Moderate: libvirt on SL7.x x86_64

SciLinux: SLSA-2018-3113-1 Moderate: libvirt on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init (CVE-2018-6764) SL7 x86_64 libvirt-4.5.0-10.el7.x86_64.rpm libvirt-bash-completion-4.5.0-10.el7.x86_64.rpm libvirt-client-4.5.0-10.el7.i686.rpm libvirt-client-4.5.0-10.el7.x86_64.rpm libvirt-daemon-4.5.0-10.el7.x86_64.rpm libvirt-daemon-config-network-4.5.0-10.el7.x86_64.r [More...]

SciLinux: SLSA-2018-3073-1 Moderate: zsh on SL7.x x86_64

SciLinux: SLSA-2018-3073-1 Moderate: zsh on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c (CVE-2018-1083) * zsh: buffer overflow for very long fds in >& fd syntax (CVE-2014-10071) * zsh: buffer overflow when scanning very long directory paths for symbolic links (CVE-2014-10072) * zsh: NULL dereference in cd in sh compatibility mode under given circumstances (CVE-2017-18205) * zsh: buffer overrun in symlinks (C [More...]

SciLinux: SLSA-2018-3221-1 Moderate: openssl on SL7.x x86_64

SciLinux: SLSA-2018-3221-1 Moderate: openssl on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) * openssl: Malformed X.509 IPAdressFamily [More...]

SciLinux: SLSA-2018-3054-1 Moderate: libreoffice on SL7.x x86_64

SciLinux: SLSA-2018-3054-1 Moderate: libreoffice on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libreoffice: Use-after-free in sdstor/stgstrms.cxx:StgSmallStrm class allows for denial of service with crafted document (CVE-2018-10119) * libreoffice: Out of bounds write in filter/ww8/ww8toolbar.cxx:SwCTBWrapper class allows for denial of service with crafted document (CVE-2018-10120) * libreoffice: Information disclosure via SMB connection embedded in malicious file (CVE-2018-10583) SL7 [More...]

SciLinux: SLSA-2018-3246-1 Low: libcdio on SL7.x x86_64

SciLinux: SLSA-2018-3246-1 Low: libcdio on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198) * libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199) * libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c (CVE-2017-18201) SL7 x86_64 libcdio-0.92-3.el7.i686.rpm libcdio-0.92-3.el7.x86_64.rpm libcdio-debuginfo-0.92-3.el7.i68 [More...]

SciLinux: SLSA-2018-3127-1 Moderate: 389-ds-base on SL7.x x86_64

SciLinux: SLSA-2018-3127-1 Moderate: 389-ds-base on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

389-ds-base: Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service (CVE-2018-14648) SL7 x86_64 389-ds-base-1.3.8.4-15.el7.x86_64.rpm 389-ds-base-debuginfo-1.3.8.4-15.el7.x86_64.rpm 389-ds-base-devel-1.3.8.4-15.el7.x86_64.rpm 389-ds-base-libs-1.3.8.4-15.el7.x86_64.rpm 389-ds-base-snmp-1.3.8.4-15.el7.x86_64.rpm - Scientific Linux De [More...]

SciLinux: SLSA-2018-3056-1 Moderate: samba on SL7.x x86_64

SciLinux: SLSA-2018-3056-1 Moderate: samba on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

samba: Weak authentication protocol regression (CVE-2018-1139) * samba: Insufficient input validation in libsmbclient (CVE-2018-10858) * samba: NULL pointer dereference in printer server process (CVE-2018-1050) SL7 x86_64 libsmbclient-4.8.3-4.el7.i686.rpm libsmbclient-4.8.3-4.el7.x86_64.rpm libwbclient-4.8.3-4.el7.i686.rpm libwbclient-4.8.3-4.el7.x86_64.rpm samba-clien [More...]

SciLinux: SLSA-2018-3157-1 Moderate: curl and nss-pem on SL7.x x86_64

SciLinux: SLSA-2018-3157-1 Moderate: curl and nss-pem on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

curl: HTTP authentication leak in redirects (CVE-2018-1000007) * curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120) * curl: RTSP RTP buffer over-read (CVE-2018-1000122) * curl: Out-of-bounds heap read when missing RTSP headers allows information leak of denial of service (CVE-2018-1000301) * curl: LDAP NULL pointer dereference (CVE-2018-1000121) SL7 x86_64 [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved