Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2018-3032-1 Low: binutils on SL7.x x86_64

SciLinux: SLSA-2018-3032-1 Low: binutils on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file (CVE-2018-7208) * binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library (CVE-2018-7568) * binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library (CVE-2018-7569) * binut [More...]

SciLinux: SLSA-2018-3041-1 Moderate: python on SL7.x x86_64

SciLinux: SLSA-2018-3041-1 Moderate: python on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) SL7 x86_64 python-2.7.5-76.el7.x86_64.rpm python-debuginfo-2.7.5-76.el7.i686.rpm python-debuginfo-2.7.5-76.el7.x86_64.rpm python-libs-2.7.5-76.el7.i686.rpm pyt [More...]

SciLinux: SLSA-2018-3158-1 Low: sssd on SL7.x x86_64

SciLinux: SLSA-2018-3158-1 Low: sssd on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

sssd: information leak from the sssd-sudo responder (CVE-2018-10852) SL7 x86_64 libipa_hbac-1.16.2-13.el7.i686.rpm libipa_hbac-1.16.2-13.el7.x86_64.rpm libsss_autofs-1.16.2-13.el7.x86_64.rpm libsss_certmap-1.16.2-13.el7.i686.rpm libsss_certmap-1.16.2-13.el7.x86_64.rpm libsss_idmap-1.16.2-13.el7.i686.rpm libsss_idmap-1.16.2-13.el7.x86_64.rpm libsss_nss_idmap-1 [More...]

SciLinux: SLSA-2018-3050-1 Moderate: gnutls on SL7.x x86_64

SciLinux: SLSA-2018-3050-1 Moderate: gnutls on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844) * gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845) * gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846) SL7 x86_64 gnutls-3.3.29-8.el7.i686.rpm gnutls [More...]

SciLinux: SLSA-2018-3408-1 Important: git on SL7.x x86_64

SciLinux: SLSA-2018-3408-1 Important: git on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

git: arbitrary code execution via .gitmodules (CVE-2018-17456) SL7 x86_64 git-1.8.3.1-20.el7.x86_64.rpm git-daemon-1.8.3.1-20.el7.x86_64.rpm git-debuginfo-1.8.3.1-20.el7.x86_64.rpm git-gnome-keyring-1.8.3.1-20.el7.x86_64.rpm git-svn-1.8.3.1-20.el7.x86_64.rpm git-1.8.3.1-20.el7.src.rpm noarch emacs-git-1.8.3.1-20.el7.noarch.rpm emacs-git-el-1.8.3.1-20.el7.no [More...]

SciLinux: SLSA-2018-3458-1 Important: thunderbird on SL7.x x86_64

SciLinux: SLSA-2018-3458-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 60.2.1. * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376) * Mozilla: Use-after-free in driver timers (CVE-2018-12377) * Mozilla: Use-after-free in IndexedDB (CVE-2018-12378) * Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541) * Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-1237 [More...]

SciLinux: SLSA-2018-3521-1 Critical: java-11-openjdk on SL7.x x86_64

SciLinux: SLSA-2018-3521-1 Critical: java-11-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak [More...]

SciLinux: SLSA-2018-3059-1 Low: X.org X11 on SL7.x x86_64

SciLinux: SLSA-2018-3059-1 Low: X.org X11 on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libxcursor: 1-byte heap-based overflow in _XcursorThemeInherits function in library.c (CVE-2015-9262) The SL Team added a fix for upstream bug 1650634 SL7 x86_64 glx-utils-8.3.0-10.el7.x86_64.rpm libX11-1.6.5-2.el7.i686.rpm libX11-1.6.5-2.el7.x86_64.rpm libX11-debuginfo-1.6.5-2.el7.i686.rpm libX11-debuginfo-1.6.5-2.el7.x86_64.rpm libX11-devel-1.6.5-2.el7.i686.rpm [More...]

SciLinux: SLSA-2018-3532-1 Important: thunderbird on SL7.x x86_64

SciLinux: SLSA-2018-3532-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 60.3.0. * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390) * Mozilla: Crash with nested event loops (CVE-2018-12392) * Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393) * Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389) SL7 x86_64 thunderbi [More...]

SciLinux: SLSA-2018-3410-1 Important: xorg-x11-server on SL7.x x86_64

SciLinux: SLSA-2018-3410-1 Important: xorg-x11-server on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665) The SL Team added a fix for upstream bug 1650634 SL7 x86_64 xorg-x11-server-Xephyr-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-Xorg-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-common-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-debuginfo-1.20.1-5.1.el7.x86_64.rpm xorg- [More...]

SciLinux: SLSA-2018-3531-1 Important: thunderbird on SL6.x i386/x86_64

SciLinux: SLSA-2018-3531-1 Important: thunderbird on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 60.3.0. * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390) * Mozilla: Crash with nested event loops (CVE-2018-12392) * Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393) * Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389) SL6 x86_64 thunderbi [More...]

SciLinux: SLSA-2018-3409-1 Important: java-1.7.0-openjdk on SL6.x i386/x86_64

SciLinux: SLSA-2018-3409-1 Important: java-1.7.0-openjdk on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJ [More...]

SciLinux: SLSA-2018-3403-1 Important: thunderbird on SL6.x i386/x86_64

SciLinux: SLSA-2018-3403-1 Important: thunderbird on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 60.2.1. * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376) * Mozilla: Use-after-free in driver timers (CVE-2018-12377) * Mozilla: Use-after-free in IndexedDB (CVE-2018-12378) * Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541) * Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-1237 [More...]

SciLinux: SLSA-2018-3006-1 Critical: firefox on SL6.x i386/x86_64

SciLinux: SLSA-2018-3006-1 Critical: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.3.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390) * Mozilla: Crash with nested event loops (CVE-2018-12392) * Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393) * Mozilla: WebExtension bypass of domain restrictions through header rewriting (CVE-2018-12395) * M [More...]

SciLinux: SLSA-2018-3005-1 Critical: firefox on SL7.x x86_64

SciLinux: SLSA-2018-3005-1 Critical: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.3.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390) * Mozilla: Crash with nested event loops (CVE-2018-12392) * Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393) * Mozilla: WebExtension bypass of domain restrictions through header rewriting (CVE-2018-12395) * M [More...]

SciLinux: SLSA-2018-2943-1 Critical: java-1.8.0-openjdk on SL6.x i386/x86_64

SciLinux: SLSA-2018-2943-1 Critical: java-1.8.0-openjdk on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in singed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak [More...]

SciLinux: SLSA-2018-2942-1 Critical: java-1.8.0-openjdk on SL7.x x86_64

SciLinux: SLSA-2018-2942-1 Critical: java-1.8.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in singed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak [More...]

SciLinux: SLSA-2018-2921-1 Important: tomcat on SL7.x (noarch)

SciLinux: SLSA-2018-2921-1 Important: tomcat on SL7.x (noarch)

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) SL7 noarch tomcat-servlet-3.0-api-7.0.76-8.el7_5.noarch.rpm tomcat-7.0.76-8.el7_5.noarch.rpm tomcat-admin-webapps-7.0.76-8.el7_5.noarch.rpm tomcat-docs-webapp-7.0.76-8.el7_5.noarch.rpm tomcat-el-2.2-api-7.0.76-8.el7_5.noarch.rpm tomcat-javadoc-7.0.76-8.el7_5.noarch.rpm tomcat-jsp-2.2-api-7.0.76-8. [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved