Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2018-2462-1 Important: qemu-kvm on SL7.x x86_64

SciLinux: SLSA-2018-2462-1 Important: qemu-kvm on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806) * QEMU: i386: multiboot OOB access while loading kernel image (CVE-2018-7550) Bug Fix(es): * Previously, live migrating a Windows guest in some cases caused the guest to become unresponsive. This update ensures that Real-time Clock (RTC) interrupts are not missed, which prevents the problem from occur [More...]

SciLinux: SLSA-2018-2390-1 Important: kernel on SL6.x i386/x86_64

SciLinux: SLSA-2018-2390-1 Important: kernel on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-fault [More...]

SciLinux: SLSA-2018-2384-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2018-2384-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-fault [More...]

SciLinux: SLSA-2018-2308-1 Important: openslp on SL6.x i386/x86_64

SciLinux: SLSA-2018-2308-1 Important: openslp on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution (CVE-2017-17833) SL6 x86_64 openslp-2.0.0-3.el6.i686.rpm openslp-2.0.0-3.el6.x86_64.rpm openslp-debuginfo-2.0.0-3.el6.i686.rpm openslp-debuginfo-2.0.0-3.el6.x86_64.rpm openslp-devel-2.0.0-3.el6.i686.rpm openslp-devel-2.0.0-3.el6.x86_64.rpm openslp-server- [More...]

SciLinux: SLSA-2018-2284-1 Important: yum-utils on SL6.x (noarch)

SciLinux: SLSA-2018-2284-1 Important: yum-utils on SL6.x (noarch)

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) SL6 noarch yum-plugin-aliases-1.1.30-42.el6_10.noarch.rpm yum-plugin-changelog-1.1.30-42.el6_10.noarch.rpm yum-plugin-ovl-1.1.30-42.el6_10.noarch.rpm yum-plugin-security-1.1.30-42.el6_10.noarch.rpm yum-plugin-tmprepo-1.1.30-42.el6_10.noarch.rpm yum-plugin-verify-1.1.30-42.e [More...]

SciLinux: SLSA-2018-2285-1 Important: yum-utils on SL7.x (noarch)

SciLinux: SLSA-2018-2285-1 Important: yum-utils on SL7.x (noarch)

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) SL7 noarch yum-plugin-aliases-1.1.31-46.el7_5.noarch.rpm yum-plugin-changelog-1.1.31-46.el7_5.noarch.rpm yum-plugin-ovl-1.1.31-46.el7_5.noarch.rpm yum-plugin-tmprepo-1.1.31-46.el7_5.noarch.rpm yum-plugin-verify-1.1.31-46.el7_5.noarch.rpm yum-plugin-versionlock-1.1.31-46.el7 [More...]

SciLinux: SLSA-2018-2286-1 Moderate: java-1.7.0-openjdk on SL7.x x86_64

SciLinux: SLSA-2018-2286-1 Moderate: java-1.7.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) SL7 x86_64 java-1.7.0-openjdk-1.7.0.191-2.6.15.4.el7_5.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.191-2.6.15.4.el7_5.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.191-2.6.15.4.el7_5.x86_64.rpm java-1.7.0-openjdk-accessibility-1.7.0.191-2.6.15.4.el7_5.x86_64. [More...]

SciLinux: SLSA-2018-2251-1 Important: thunderbird on SL6.x i386/x86_64

SciLinux: SLSA-2018-2251-1 Important: thunderbird on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 52.9.1. * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188) * Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359) * Mozilla: Use-after-free using focus() (CVE-2018-12360) * Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362) * Mozilla: Use-after-free when appe [More...]

SciLinux: SLSA-2018-2252-1 Important: thunderbird on SL7.x x86_64

SciLinux: SLSA-2018-2252-1 Important: thunderbird on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Thunderbird to version 52.9.1. * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188) * Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359) * Mozilla: Use-after-free using focus() (CVE-2018-12360) * Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362) * Mozilla: Use-after-free when appe [More...]

SciLinux: SLSA-2018-2240-1 Important: openslp on SL7.x x86_64

SciLinux: SLSA-2018-2240-1 Important: openslp on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution (CVE-2017-17833) SL7 x86_64 openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm op [More...]

SciLinux: SLSA-2018-2242-1 Moderate: java-1.8.0-openjdk on SL7.x x86_64

SciLinux: SLSA-2018-2242-1 Moderate: java-1.8.0-openjdk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Bug Fix(es): * This update applies changes from OpenJDK upstream v [More...]

SciLinux: SLSA-2018-2181-1 Important: gnupg2 on SL7.x x86_64

SciLinux: SLSA-2018-2181-1 Important: gnupg2 on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) SL7 x86_64 gnupg2-2.0.22-5.el7_5.x86_64.rpm gnupg2-debuginfo-2.0.22-5.el7_5.x86_64.rpm gnupg2-smime-2.0.22-5.el7_5.x86_64.rpm gnupg2-2.0.22-5.el7_5.src.rpm - Scientific Linux Development Team

SciLinux: SLSA-2018-2180-1 Important: gnupg2 on SL6.x i386/x86_64

SciLinux: SLSA-2018-2180-1 Important: gnupg2 on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) SL6 x86_64 gnupg2-2.0.14-9.el6_10.x86_64.rpm gnupg2-debuginfo-2.0.14-9.el6_10.x86_64.rpm gnupg2-smime-2.0.14-9.el6_10.x86_64.rpm i386 gnupg2-2.0.14-9.el6_10.i686.rpm gnupg2-debuginfo-2.0.14-9.el6_10.i686.rpm gnupg2-smim [More...]

SciLinux: SLSA-2018-2162-1 Important: qemu-kvm on SL6.x i386/x86_64

SciLinux: SLSA-2018-2162-1 Important: qemu-kvm on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older v [More...]

SciLinux: SLSA-2018-2164-1 Important: kernel on SL6.x i386/x86_64

SciLinux: SLSA-2018-2164-1 Important: kernel on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older v [More...]

SciLinux: SLSA-2018-2112-1 Critical: firefox on SL6.x i386/x86_64

SciLinux: SLSA-2018-2112-1 Critical: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.1.0 ESR. Many older firefox extensions must be updated to work with this new release. * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188) * Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359) * Mozilla: Use-after-free using focus() (CVE-2018-12360) * Mozilla: Media re [More...]

SciLinux: SLSA-2018-2113-1 Critical: firefox on SL7.x x86_64

SciLinux: SLSA-2018-2113-1 Critical: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.1.0 ESR. Many older firefox extensions must be updated to work with this new release. * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188) * Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359) * Mozilla: Use-after-free using focus() (CVE-2018-12360) * Mozilla: Media re [More...]

SciLinux: SLSA-2018-2123-1 Moderate: python on SL7.x x86_64

SciLinux: SLSA-2018-2123-1 Moderate: python on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) Note: This update modifies the Python ssl module to disable 3DES cipher [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved