Explore top 10 tips to secure your open-source projects now. Read More
×An update is now available for Red Hat Enterprise Linux 7
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect. The X server must be
restarted (log out, then log back in) for this update to take effect. The
GNOME session must be restarted (log out, then log back in) for this update
to take effect. All running instances of Evolution must be restarted for
this update to take effect.
GNOME is the default desktop environment of Red Hat Enterprise Linux.
Security Fix(es):
* libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames
(CVE-2018-12910)
* poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph()
function allows denial of service (CVE-2017-18267)
* libgxps: heap based buffer over read in ft_font_face_hash function of
gxps-fonts.c (CVE-2018-10733)
* libgxps: Stack-based buffer overflow in calling glib in
gxps_images_guess_content_type of gcontenttype.c (CVE-2018-10767)
* poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength()
allows for denial of service via crafted PDF (CVE-2018-10768)
* poppler: out of bounds read in pdfunite (CVE-2018-13988)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Red Hat would like to thank chenyuan (NESA Lab) for reporting
CVE-2018-10733 and CVE-2018-10767 and Hosein Askari for reporting
CVE-2018-13988.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.6 Release Notes linked from the References section.
https://access.redhat.com/security/cve/CVE-2017-18267 https://access.redhat.com/security/cve/CVE-2018-10733 https://access.redhat.com/security/cve/CVE-2018-10767 https://access.redhat.com/security/cve/CVE-2018-10768 https://access.redhat.com/security/cve/CVE-2018-12910 https://access.redhat.com/security/cve/CVE-2018-13988 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
Red Hat Enterprise Linux Client (v. 7):
Source:
PackageKit-1.1.10-1.el7.src.rpm
accountsservice-0.6.50-2.el7.src.rpm
adwaita-icon-theme-3.28.0-1.el7.src.rpm
appstream-data-7-20180614.el7.src.rpm
at-spi2-atk-2.26.2-1.el7.src.rpm
at-spi2-core-2.28.0-1.el7.src.rpm
atk-2.28.1-1.el7.src.rpm
baobab-3.28.0-2.el7.src.rpm
bolt-0.4-3.el7.src.rpm
brasero-3.12.2-5.el7.src.rpm
cairo-1.15.12-3.el7.src.rpm
cheese-3.28.0-1.el7.src.rpm
clutter-gst3-3.0.26-1.el7.src.rpm
compat-exiv2-023-0.23-2.el7.src.rpm
control-center-3.28.1-4.el7.src.rpm
dconf-0.28.0-4.el7.src.rpm
dconf-editor-3.28.0-1.el7.src.rpm
ekiga-4.0.1-8.el7.src.rpm
empathy-3.12.13-1.el7.src.rpm
eog-3.28.3-1.el7.src.rpm
evince-3.28.2-5.el7.src.rpm
evolution-3.28.5-2.el7.src.rpm
evolution-data-server-3.28.5-1.el7.src.rpm
evolution-ews-3.28.5-1.el7.src.rpm
evolution-mapi-3.28.3-2.el7.src.rpm
file-roller-3.28.1-2.el7.src.rpm
flatpak-1.0.2-2.el7.src.rpm
folks-0.11.4-1.el7.src.rpm
fontconfig-2.13.0-4.3.el7.src.rpm
freetype-2.8-12.el7.src.rpm
fribidi-1.0.2-1.el7.src.rpm
fwupd-1.0.8-4.el7.src.rpm
fwupdate-12-5.el7.src.rpm
gcr-3.28.0-1.el7.src.rpm
gdk-pixbuf2-2.36.12-3.el7.src.rpm
gdm-3.28.2-9.el7.src.rpm
gedit-3.28.1-1.el7.src.rpm
gedit-plugins-3.28.1-1.el7.src.rpm
Read the Full Advisory
An update is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x
1309776 - [abrt] gvfs-mtp: sync_transfer_wait_for_completion(): gvfsd-mtp killed by SIGSEGV
1347188 - [abrt] [faf] gnome-shell: gray_record_cell(): /usr/bin/gnome-shell killed by 11
1396775 - Cover art placeholder visible when viewing disabled.
1415697 - No authentication dialog for samba printers1423374 - gnome-shell crashes with signal 11 due to NULL value passed to _clutter_input_device_reset_scroll_info()
1451211 - File conflicts when updating totem
1473167 - There is a NULL pointer dereference in gxps-archive.c in libgxps library .
1484094 - fontconfig-2.10.95-11.el7 pulls random fonts as a dependency
1486064 - gsd selects incorrect backlight on some DRM PRIME configurations
1491720 - reproducer: failed assertion by input through a pipe and then sudo to: accounts-daemon
1497303 - X no longer activates hotplugged monitors if started without one
1501989 - Need to be able to have different language keyboard layout as the first priority on gdm login screen
1502788 - gdkscreen-x11: Don't try to calculate a refresh rate when the XRRModeInfo doesn't have one
1503624 - webkitgtk4: Crash on Google login page when a11y is active
1504129 - Request for Evolution 3.28 series (latest stable)
1507892 - bad post install scripts
1511454 - Inconsistent shell version shown on multiple places
1514182 - the system menu shows a blank space in the VPN item
Get the latest Linux and open source security news straight to your inbox.