Linux Advisory Watch: August 30th, 2019

Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input (both pre- and post-login). A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to

Several vulnerabilities have been found in the Apache HTTPD server. CVE-2019-9517

Three vulnerabilities were discovered in the HTTP/2 code of the H2O HTTP server, which could result in denial of service. For the stable distribution (buster), these problems have been fixed in

Several vulnerabilities were discovered in Squid, a fully featured web proxy cache. The flaws in the HTTP Digest Authentication processing, the HTTP Basic Authentication processing and in the cachemgr.cgi allowed remote attackers to perform denial of service and cross-site scripting

Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or bypass of ACLs.

Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a high-performance web and reverse proxy server, which could result in denial of service.

* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes

Rebuilt with newer nghttp2 ---- This update includes the latest upstream release of `mod_http2`, version **1.15.3**. Upstream changes include: * fixes Timeout vs. KeepAliveTimeout behaviour, see PR 63534. * Fixes stream cleanup when connection throttling is in place. * Counts stream resets by client on streams initiated by client as cause for connection throttling. * Header length

New version 3.0.3, Security fix for CVE-2019-13619

Update to 2.6.7

New version 3.0.3, Security fix for CVE-2019-13619

Update to 2.6.7

- update to the latest upstream release (fixes CVE-2019-9511 and CVE-2019-9513)

Security fix for CVE-2019-13509

Security fix for CVE-2019-13509

Update to v1.15.2 + carry upstream #81330

Addresses CVE-2019-14462 and CVE-2019-14463

Addresses CVE-2019-14462 and CVE-2019-14463

Update to Node.js 10.6.13

2019-08-14 - Fix compile issues - Fix output buffer size for lzo1x_decompress_safe() 2019-08-07 - Fix VerifyExtensionMap #179 2019-08-06 - Fix compile errors 2019-08-05 - Fix nfdump.1 man page. #175 - Fix off by 1 array. #173 - Fix use after free in ModifyCompressFile - Add bound checks in AddExporterStat #174 - Add bound checks in AddSamplerInfo #176 - Add bound

2019-08-14 - Fix compile issues - Fix output buffer size for lzo1x_decompress_safe() 2019-08-07 - Fix VerifyExtensionMap #179 2019-08-06 - Fix compile errors 2019-08-05 - Fix nfdump.1 man page. #175 - Fix off by 1 array. #173 - Fix use after free in ModifyCompressFile - Add bound checks in AddExporterStat #174 - Add bound checks in AddSamplerInfo #176 - Add bound

This update includes the latest release of the Apache HTTP Server, version `2.4.41`, fixing various security issues. Several major enhancements are also included in this update: * `mod_md` is now packaged from upstream *github* releases, adding support for ACMEv2. * `mod_cgid` stderr handling has been improved See for a full list of

This update includes the latest release of the Apache HTTP Server, version `2.4.41`, fixing various security issues. Several major enhancements are also included in this update: * `mod_md` is now packaged from upstream *github* releases, adding support for ACMEv2. * `mod_cgid` stderr handling has been improved See for a full list of

- update to the latest upstream release (fixes CVE-2019-9511 and CVE-2019-9513)

- Security fix for CVE-2019-13636 - Security fix for CVE-2019-13638

An update for pango is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update is now available for Red Hat Ceph Storage 3.3 on Ubuntu 16.04. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for jenkins is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for pango is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update is now available for Red Hat Ceph Storage 3.3 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for ruby is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New kernel packages are available for Slackware 14.2 to fix a security issue.

An update that fixes 8 vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that solves 7 vulnerabilities and has 9 fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves three vulnerabilities and has 7 fixes is now available.

An update that contains security fixes can now be installed.

An update that fixes 9 vulnerabilities is now available.

An update that solves two vulnerabilities and has two fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes 6 vulnerabilities is now available.

An update that solves 5 vulnerabilities and has one errata is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves three vulnerabilities and has four fixes is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

An update that solves three vulnerabilities and has two fixes is now available.

An update that solves three vulnerabilities and has one errata is now available.

An update that fixes one vulnerability is now available.

Several security issues were fixed in Apache.

Ceph could be made to crash if it received specially crafted network traffic.

Ghostscript could be made to access arbitrary files if it opened a specially crafted file.

USN-4110-1 introduced a regression in Dovecot.

USN-4110-1 introduced a regression in Dovecot.

Several security issues were fixed in the kernel.

Dovecot could be made to crash or execute arbitrary code if it received a specially crafted data.

Dovecot could be made to crash or execute arbitrary code if it received a specially crafted data.

Hongxu Chen found several issues in djvulibre, a library and set of tools to handle images in the DjVu format.

Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems:

Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input (both pre- and post-login). A remote attacker can take advantage

Two security vulnerabilities were found in the Apache HTTP server. CVE-2019-10092

Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder: CVE-2018-19502

Multiple vulnerabilities have been found in xymon, the network monitoring application. Remote attackers might leverage these vulnerabilities in the CGI parsing code (including buffer overflows and XSS) to cause denial of service, or any other unspecified impact.

Even Rouault found an issue in tiff, a library providing support for the Tag Image File Format. Wrong handling off integer overflow checks, that are based on undefined

It was discovered that there was a remote arbitrary code vulnerability in commons-beanutils, a set of utilities for manipulating JavaBeans code.

JsHuang found an issue in libmspack, a library for Microsoft compression format. Opening a crafted chm file might result in a buffer overflow which might

Compass Security Schweiz AG discovered an issue in libapache2-mod-auth-openidc, an OpenID Connect authentication module for Apache. The OIDCRedirectURI page contains generated JavaScript code that

The latest security update of openjdk-7 caused a regression when applications relied on elliptic curve algorithms to establish SSL connections. Several duplicate classes were removed from rt.jar by the upstream developers of OpenJDK because they were also present in

Two issues have been found in cups, the Common UNIX Printing System(tm). Basically both CVEs (CVE-2019-8675 and CVE-2019-8696) are about

The package pigeonhole before version 0.5.7.2-1 is vulnerable to arbitrary code execution.

The package dovecot before version 2.3.7.2-1 is vulnerable to arbitrary code execution.

The package libnghttp2 before version 1.39.2-1 is vulnerable to denial of service.

The package go-pie before version 2:1.12.8-1 is vulnerable to multiple issues including denial of service and insufficient validation.

The package go before version 2:1.12.8-1 is vulnerable to multiple issues including denial of service and insufficient validation.

The package gettext before version 0.20.1-1 is vulnerable to arbitrary code execution.

The package nginx before version 1.16.1-1 is vulnerable to denial of service.

The package nginx-mainline before version 1.17.3-1 is vulnerable to denial of service.

The package firefox before version 68.0.2-1 is vulnerable to information disclosure.

The package subversion before version 1.12.2-1 is vulnerable to denial of service.

The package libreoffice-still before version 6.2.6-1 is vulnerable to multiple issues including arbitrary command execution and information disclosure.

pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow (CVE-2019-1010238) SL7 x86_64 pango-1.42.4-4.el7_7.i686.rpm pango-1.42.4-4.el7_7.x86_64.rpm pango-debuginfo-1.42.4-4.el7_7.i686.rpm pango-debuginfo-1.42.4-4.el7_7.x86_64.rpm pango-devel-1.42.4-4.el7_7.i686.rpm pango-devel-1.42.4-4.el7_7.x86_64.rpm pango-tests-1.42.4-4.el7_7.x86_64.rpm - Scien [More...]

ghostscript: -dSAFER escape via .buildfont1 (701394) (CVE-2019-10216) SL7 x86_64 ghostscript-9.25-2.el7_7.1.i686.rpm ghostscript-9.25-2.el7_7.1.x86_64.rpm ghostscript-cups-9.25-2.el7_7.1.x86_64.rpm ghostscript-debuginfo-9.25-2.el7_7.1.i686.rpm ghostscript-debuginfo-9.25-2.el7_7.1.x86_64.rpm libgs-9.25-2.el7_7.1.i686.rpm libgs-9.25-2.el7_7.1.x86_64.rpm ghostsc [More...]

zziplib: Bus error caused by loading of a misaligned address inzzip/zip.c (CVE-2018-6541) * zziplib: Memory leak triggered in the function __zzip_parse_root_directory in zip.c (CVE-2018-16548) SL7 x86_64 zziplib-0.13.62-11.el7.i686.rpm zziplib-0.13.62-11.el7.x86_64.rpm zziplib-devel-0.13.62-11.el7.x86_64.rpm zziplib-utils-0.13.62-11.el7.x86_64.rpm zziplib-devel-0.13.62- [More...]

opensc: Buffer overflows handling responses from Muscle Cards in card- muscle.c:muscle_list_files() (CVE-2018-16391) * opensc: Buffer overflows handling responses from TCOS Cards in card- tcos.c:tcos_select_file() (CVE-2018-16392) * opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len() (CVE-2018-16393) * opensc: Buffer overflow h [More...]

gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (CVE-2019-3827) SL7 x86_64 gvfs-1.36.2-3.el7.i686.rpm gvfs-smb-1.36.2-3.el7.x86_64.rpm gvfs-afp-1.36.2-3.el7.x86_64.rpm gvfs-mtp-1.36.2-3.el7.x86_64.rpm gvfs-devel-1.36.2-3.el7.x86_64.rpm gvfs-client-1.36.2-3.el7.x86_64.rpm gvfs [More...]

libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function (CVE-2019-3840) SL7 x86_64 libvirt-bash-completion-4.5.0-23.el7.x86_64.rpm libvirt-daemon-driver-storage-mpath-4.5.0-23.el7.x86_64.rpm libvirt-daemon-config-nwfilter-4.5.0-23.el7.x86_64.rpm libvirt-client-4.5.0-23.el7.x86_64.rpm libvirt-daemon-driver-storage-core-4.5.0-23. [More...]

edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731) * edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732) * edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733) * edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2 [More...]

nodejs: Denial of Service with large HTTP headers (CVE-2018-12121) * nodejs: HTTP parser allowed for spaces inside Content-Length header values (CVE-2018-7159) SL7 x86_64 http-parser-2.7.1-8.el7.i686.rpm http-parser-2.7.1-8.el7.x86_64.rpm http-parser-devel-2.7.1-8.el7.x86_64.rpm http-parser-devel-2.7.1-8.el7.i686.rpm http-parser-debuginfo-2.7.1-8.el7.i686.rpm http-p [More...]

libX11: Crash on invalid reply in XListExtensions in ListExt.c (CVE-2018-14598) * libX11: Off-by-one error in XListExtensions in ListExt.c (CVE-2018-14599) * libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600) * libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash (CVE-2018-15857) * libxkbcommon: Endless recursion in xkbcomp/expr.c resulting [More...]

poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310) * poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200) * poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646) * poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897) * poppler: reachable abort in [More...]

exiv2: heap-buffer-overflow in Exiv2::IptcData::printStructure in src/iptc.cpp (CVE-2017-17724) * exiv2: out-of-bounds read in Exiv2::Internal::stringFormat image.cpp (CVE-2018-8976) * exiv2: invalid memory access in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp (CVE-2018-8977) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305) * exiv2: OOB rea [More...]

dhcp: double-deletion of the released addresses in the dhcpv6 code leading to crash and possible DoS (CVE-2019-6470) SL7 x86_64 dhcp-libs-4.2.5-77.el7.i686.rpm dhcp-4.2.5-77.el7.x86_64.rpm dhcp-common-4.2.5-77.el7.x86_64.rpm dhclient-4.2.5-77.el7.x86_64.rpm dhcp-libs-4.2.5-77.el7.x86_64.rpm dhcp-devel-4.2.5-77.el7.x86_64.rpm dhcp-devel-4.2.5-77.el7.i686.rpm d [More...]

samba: save registry file outside share as unprivileged user (CVE-2019-3880) SL7 x86_64 samba-winbind-modules-4.9.1-6.el7.x86_64.rpm samba-client-libs-4.9.1-6.el7.x86_64.rpm samba-client-libs-4.9.1-6.el7.i686.rpm samba-python-4.9.1-6.el7.i686.rpm libsmbclient-4.9.1-6.el7.x86_64.rpm libwbclient-4.9.1-6.el7.x86_64.rpm samba-winbind-modules-4.9.1-6.el7.i686.rpm [More...]

libarchive: Double free in RAR decoder resulting in a denial of service (CVE-2018-1000877) * libarchive: Use after free in RAR decoder resulting in a denial of service (CVE-2018-1000878) * libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service (CVE-2019-1000019) * libarchive: Infinite recursion in archive_read_support_format_iso9660.c resulting [More...]

openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) SL7 x86_64 openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm openssh-ldap-7.4p1-21.el7.x8 [More...]

libtiff: buffer overflow in gif2tiff (CVE-2016-3186) * libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution (CVE-2018-12900) * libtiff: Out-of-bounds write in tif_jbig.c (CVE-2018-18557) * libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service (CVE-2018-7456) * libt [More...]

openssl: 0-byte record padding oracle (CVE-2019-1559) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) SL7 x86_64 openssl-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.i686.r [More...]

Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * kernel: Buffer overflow in hidp_process_report (CVE-2018-9363) * kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517) * kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853) * kernel: [More...]

binutils: integer overflow leads to heap-based buffer overflow in objdump (CVE-2018-1000876) * binutils: Stack Exhaustion in the demangling functions provided by libiberty (CVE-2018-12641) * binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus- dem.c. (CVE-2018-12697) SL7 x86_64 binutils-devel-2.27-41.base.el7.i686.rpm binutils-2.27-41.base.el7.x86_64.rpm bin [More...]

ghostscript: status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files (CVE-2018-11645) SL7 x86_64 ghostscript-9.25-2.el7.i686.rpm libgs-9.25-2.el7.x86_64.rpm ghostscript-9.25-2.el7.x86_64.rpm libgs-9.25-2.el7.i686.rpm ghostscript-cups-9.25-2.el7.x86_64.rpm ghostscript-doc-9.25-2.el7.noarch.rpm ghostscript [More...]

udisks: Format string vulnerability in udisks_log in udiskslogging.c (CVE-2018-17336) SL7 x86_64 udisks2-lvm2-2.7.3-9.el7.x86_64.rpm udisks2-2.7.3-9.el7.x86_64.rpm udisks2-lsm-2.7.3-9.el7.x86_64.rpm libudisks2-2.7.3-9.el7.x86_64.rpm libudisks2-2.7.3-9.el7.i686.rpm udisks2-iscsi-2.7.3-9.el7.x86_64.rpm libudisks2-devel-2.7.3-9.el7.i686.rpm libudisks2-devel-2.7. [More...]

procps-ng, procps: Local privilege escalation in top (CVE-2018-1122) SL7 x86_64 procps-ng-3.3.10-26.el7.x86_64.rpm procps-ng-3.3.10-26.el7.i686.rpm procps-ng-i18n-3.3.10-26.el7.x86_64.rpm procps-ng-devel-3.3.10-26.el7.x86_64.rpm procps-ng-devel-3.3.10-26.el7.i686.rpm procps-ng-debuginfo-3.3.10-26.el7.i686.rpm procps-ng-debuginfo-3.3.10-26.el7.x86_64.rpm - Scient [More...]

mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3063) * mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081) * mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282) * mysql: Server: Connection Handling unspecified vulne [More...]

systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) * systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866) * systemd: kills privileged process if unprivileged PIDFile was tampered (CVE-2018-16888) SL7 x86_64 systemd-devel-219-67.el7.i686.rpm systemd-libs-219-67.el7.x86_64.rpm systemd-devel-219-67.el [More...]

tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304) * tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305) * tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014) * tomcat: Host name verification miss [More...]

kde-workspace: Missing sanitization of notifications allows to leak client IP address via IMG element (CVE-2018-6790) SL7 x86_64 libkworkspace-4.11.19-13.el7.x86_64.rpm kwin-libs-4.11.19-13.el7.x86_64.rpm kde-settings-pulseaudio-19-23.9.el7.noarch.rpm ksysguardd-4.11.19-13.el7.x86_64.rpm kde-workspace-4.11.19-13.el7.x86_64.rpm khotkeys-4.11.19-13.el7.x86_64.rpm l [More...]

httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * httpd: URL normalization inconsistency (CVE-2019-0220) SL7 x86_64 httpd-tools-2.4.6-90.el7.x86_64.rpm mod_ssl-2.4.6-90.el7.x86_64.rpm httpd-devel-2.4.6-90.el7.x86_64.rpm httpd-manual-2.4.6-90.el7.noarch.rpm httpd-2.4.6-90.el7.x86_64.rpm mod_session-2.4.6-90.el7.x86_64.rpm mod_p [More...]

kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange (CVE-2018-5383) SL7 x86_64 iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.r [More...]

spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows (CVE-2018-10893) SL7 x86_64 libgovirt-0.3.4-3.el7.i686.rpm spice-gtk3-0.35-4.el7.i686.rpm spice-glib-0.35-4.el7.x86_64.rpm virt-viewer-5.0-15.el7.x86_64.rpm spice-vdagent-0.14.0-18.el7.x86_64.rpm libgovirt-0.3.4-3.el7.x86_64.rpm spice-gtk3-0.35-4.el7.x86_64.rpm spic [More...]

python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) * python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: Undocumented local_file proto [More...]

libsolv: NULL pointer dereference in function testcase_read (CVE-2018-20532) * libsolv: NULL pointer dereference in function testcase_str2dep_complex (CVE-2018-20533) * libsolv: illegal address access in pool_whatprovides in src/pool.h (CVE-2018-20534) SL7 x86_64 libsolv-0.6.34-4.el7.x86_64.rpm libsolv-0.6.34-4.el7.i686.rpm libsolv-devel-0.6.34-4.el7.i686.rpm libsolv-tools [More...]

elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file (CVE-2018-16062) * elfutils: Double-free due to double decompression of sections in crafted ELF causes crash (CVE-2018-16402) * elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash (CVE-2018-16403) * elfutils: invalid memory address derefer [More...]

rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881) SL7 x86_64 rsyslog-relp-8.24.0-38.el7.x86_64.rpm rsyslog-mysql-8.24.0-38.el7.x86_64.rpm rsyslog-gnutls-8.24.0-38.el7.x86_64.rpm rsyslog-gssapi-8.24.0-38.el7.x86_64.rpm rsyslog-8.24.0-38.el7.x86_64.rpm rsyslog-pgsql-8.24.0-38.el7.x86_64.rpm rsyslog-kafka-8.24.0-38.el7.x86_ [More...]

glibc: getaddrinfo should reject IP addresses with trailing characters (CVE-2016-10739) SL7 x86_64 glibc-2.17-292.el7.x86_64.rpm glibc-devel-2.17-292.el7.i686.rpm glibc-2.17-292.el7.i686.rpm glibc-common-2.17-292.el7.x86_64.rpm glibc-headers-2.17-292.el7.x86_64.rpm nscd-2.17-292.el7.x86_64.rpm glibc-utils-2.17-292.el7.x86_64.rpm glibc-devel-2.17-292.el7.x86_6 [More...]

bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies (CVE-2018-5741) SL7 x86_64 bind-libs-lite-9.11.4-9.P2.el7.i686.rpm bind-9.11.4-9.P2.el7.x86_64.rpm bind-export-libs-9.11.4-9.P2.el7.i686.rpm bind-pkcs11-utils-9.11.4-9.P2.el7.x86_64.rpm bind-chroot-9.11.4-9.P2.el7.x86_64.rpm bind-license-9.11.4-9.P2.el7.noarch.rpm bind-pkcs11-9.11.4- [More...]

freerdp: out of bounds read in drdynvc_process_capability_request (CVE-2018-1000852) SL7 x86_64 vinagre-3.22.0-12.el7.i686.rpm freerdp-libs-2.0.0-1.rc4.el7.x86_64.rpm libwinpr-2.0.0-1.rc4.el7.x86_64.rpm vinagre-3.22.0-12.el7.x86_64.rpm freerdp-2.0.0-1.rc4.el7.x86_64.rpm libwinpr-2.0.0-1.rc4.el7.i686.rpm freerdp-libs-2.0.0-1.rc4.el7.i686.rpm libwinpr-devel-2.0 [More...]

libjpeg: null pointer dereference in cjpeg (CVE-2016-3616) * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213) * libjpeg: Segmentat [More...]

qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518) * qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869) * qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870) * qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871) * qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873) SL7 [More...]

ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * nss: Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404) SL7 x86_64 nss-softokn-3.44.0-5.el7.x86_64.rpm nss-devel-3.44.0-4.el7.i686.rpm nss-softokn-freebl-3.44.0-5.el7.i686.rpm nspr-devel-4.21.0-1.el7.i686.rpm nss-devel-3.44.0-4.el7.x86_64.rpm nss-tools-3.44.0-4.el [More...]

exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp (CVE-2017-18233) * exempi: Use after free via a PDF file containing JPEG data (CVE-2017-18234) * exempi: Infinite loop in ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp (CVE-2017-18236) * exempi: Infinite loop in TradQT_Manager::ParseCachedBoxes function in XMPFiles/source [More...]

ruby: HTTP response splitting in WEBrick (CVE-2017-17742) * ruby: DoS by large request in WEBrick (CVE-2018-8777) * ruby: Buffer under-read in String#unpack (CVE-2018-8778) * ruby: Unintentional directory traversal by poisoned NULL byte in Dir (CVE-2018-8780) * ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives (CVE-2018-16396) * rubygems: Path tra [More...]

libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read (CVE-2019-3858) * libssh2: Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861) SL7 x86_64 libssh2-1.8.0-3.el7.x86_64.rpm libssh2-1.8.0-3.el7.i686.rpm libssh2-devel-1.8.0-3.el7.i686.rpm libssh2-docs-1.8.0-3.el7.noarch.rpm libssh2-devel-1.8.0-3.el7.x86_64 [More...]

sssd: fallback_homedir returns '/' for empty home directories in passwd file (CVE-2019-3811) * sssd: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838) SL7 x86_64 sssd-polkit-rules-1.16.4-21.el7.x86_64.rpm sssd-proxy-1.16.4-21.el7.x86_64.rpm libsss_simpleifp-1.16.4-21.el7.i686.rpm libsss_certmap-1.16.4-21.el7.x86_64.rpm sssd-1.16.4-21.el [More...]

libcgroup: cgrulesengd creates log files with insecure permissions (CVE-2018-14348) SL7 x86_64 libcgroup-0.41-21.el7.i686.rpm libcgroup-tools-0.41-21.el7.x86_64.rpm libcgroup-0.41-21.el7.x86_64.rpm libcgroup-devel-0.41-21.el7.i686.rpm libcgroup-pam-0.41-21.el7.x86_64.rpm libcgroup-devel-0.41-21.el7.x86_64.rpm libcgroup-pam-0.41-21.el7.i686.rpm libcgroup-debug [More...]

libreoffice: Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning (CVE-2018-16858) SL7 x86_64 libreofficekit-5.3.6.1-21.el7.x86_64.rpm libreoffice-base-5.3.6.1-21.el7.x86_64.rpm libreoffice-pdfimport-5.3.6.1-21.el7.x86_64.rpm libreoffice-help-pt-BR-5.3.6.1-21.el7.x86_64.rpm autocorr-it-5.3.6.1-21.el7.noarch.rpm libreoffice [More...]

perl: Directory traversal in Archive::Tar (CVE-2018-12015) SL7 x86_64 perl-Archive-Tar-1.92-3.el7.noarch.rpm noarch perl-Archive-Tar-1.92-3.el7.noarch.rpm - Scientific Linux Development Team

QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824) SL7 x86_64 qemu-kvm-common-1.5.3-167.el7.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7.x86_64.rpm qemu-img-1.5.3-167.el7.x86_64.rpm qemu-kvm-1.5.3-167.el7.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7.x86_64.rpm - Scientific Linux Development Team

unzip: Buffer overflow in list.c resulting in a denial of service (CVE-2018-18384) SL7 x86_64 unzip-6.0-20.el7.x86_64.rpm unzip-debuginfo-6.0-20.el7.x86_64.rpm - Scientific Linux Development Team

libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service (CVE-2018-7456) SL7 x86_64 compat-libtiff3-3.9.4-12.el7.i686.rpm compat-libtiff3-3.9.4-12.el7.x86_64.rpm compat-libtiff3-debuginfo-3.9.4-12.el7.i686.rpm compat-libtiff3-debuginfo-3.9.4-12.el7.x86_64.rpm - Scientific Linux Development Team

libmspack: Out-of-bounds write in mspack/cab.h (CVE-2018-18584) * libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes (CVE-2018-18585) SL7 x86_64 libmspack-0.5-0.7.alpha.el7.i686.rpm libmspack-0.5-0.7.alpha.el7.x86_64.rpm libmspack-devel-0.5-0.7.alpha.el7.x86_64.rpm libmspack-devel-0.5-0.7.alpha.el7.i686.rpm libmspack-debuginfo-0.5-0.7.alpha.e [More...]

mod_auth_openidc: OIDC_CLAIM and OIDCAuthNHeader not skipped in an "AuthType oauth20" configuration (CVE-2017-6413) * mod_auth_openidc: Shows user-supplied content on error pages (CVE-2017-6059) SL7 x86_64 mod_auth_openidc-1.8.8-5.el7.x86_64.rpm mod_auth_openidc-debuginfo-1.8.8-5.el7.x86_64.rpm - Scientific Linux Development Team

keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloak_cli.py (CVE-2017-15111) * keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line (CVE-2017-15112) SL7 x86_64 python2-keycloak-httpd-client-install-0.8-1.el7.noarch.rpm keycloak-httpd-client-install-0.8-1.el7.noarch.rpm noarch keycloak-httpd-client-install-0.8-1.el7.n [More...]

ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755) SL7 x86_64 libguestfs-winsupport-7.2-3.el7.x86_64.rpm - Scientific Linux Development Team

curl: Heap-based buffer over-read in the curl tool warning formatting (CVE-2018-16842) SL7 x86_64 curl-7.29.0-54.el7.x86_64.rpm libcurl-7.29.0-54.el7.x86_64.rpm libcurl-7.29.0-54.el7.i686.rpm libcurl-devel-7.29.0-54.el7.x86_64.rpm libcurl-devel-7.29.0-54.el7.i686.rpm curl-debuginfo-7.29.0-54.el7.i686.rpm curl-debuginfo-7.29.0-54.el7.x86_64.rpm - Scientific Linux [More...]

patch: Out-of-bounds access in pch_write_line function in pch.c (CVE-2016-10713) * patch: Double free of memory in pch.c:another_hunk() causes a crash (CVE-2018-6952) SL7 x86_64 patch-2.7.1-11.el7.x86_64.rpm patch-debuginfo-2.7.1-11.el7.x86_64.rpm - Scientific Linux Development Team

ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) SL7 x86_64 ntpdate-4.2.6p5-29.el7.x86_64.rpm ntp-4.2.6p5-29.el7.x86_64.rpm ntp-doc-4.2.6p5-29.el7.noarch.rpm sntp-4.2.6p5-29.el7.x86_64.rpm ntp-perl-4.2.6p5-29.el7.noarch.rpm ntp-debuginfo-4.2.6p5-29.el7.x86_64.rpm noarch ntp-doc-4.2.6p5-29.el7.noarch. [More...]

python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) SL7 x86_64 python-urllib3-1.10.2-7.el7.noarch.rpm noarch python-urllib3-1.10.2-7.el7.noarch.rpm - Scientific Linux Developme [More...]

python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) SL7 x86_64 python-requests-2.6.0-5.el7.noarch.rpm noarch python-requests-2.6.0-5.el7.noarch.rpm - Scientific Linux Development Team

sox: NULL pointer dereference in startread function in xa.c (CVE-2017-18189) SL7 x86_64 sox-14.4.1-7.el7.x86_64.rpm sox-14.4.1-7.el7.i686.rpm sox-devel-14.4.1-7.el7.i686.rpm sox-devel-14.4.1-7.el7.x86_64.rpm sox-debuginfo-14.4.1-7.el7.i686.rpm sox-debuginfo-14.4.1-7.el7.x86_64.rpm - Scientific Linux Development Team

keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks (CVE-2018-19044) SL7 x86_64 keepalived-1.3.5-16.el7.x86_64.rpm keepalived-debuginfo-1.3.5-16.el7.x86_64.rpm - Scientific Linux Development Team

polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass (CVE-2018-19788) SL7 x86_64 polkit-devel-0.112-22.el7.x86_64.rpm polkit-docs-0.112-22.el7.noarch.rpm polkit-0.112-22.el7.x86_64.rpm polkit-0.112-22.el7.i686.rpm polkit-devel-0.112-22.el7.i686.rpm polkit-debuginfo-0.112-22.el7.i686.rpm polkit-debuginfo-0.112-22.el7.x86_64.rpm n [More...]

blktrace: buffer overflow in the dev_map_read function in btt/devmap.c (CVE-2018-10689) SL7 x86_64 blktrace-1.0.5-9.el7.x86_64.rpm blktrace-debuginfo-1.0.5-9.el7.x86_64.rpm - Scientific Linux Development Team

mercurial: Buffer underflow in mpatch.c:mpatch_apply() (CVE-2018-13347) * mercurial: HTTP server permissions bypass (CVE-2018-1000132) * mercurial: Missing check for fragment start position in mpatch.c:mpatch_apply() (CVE-2018-13346) SL7 x86_64 mercurial-2.6.2-10.el7.x86_64.rpm emacs-mercurial-el-2.6.2-10.el7.x86_64.rpm emacs-mercurial-2.6.2-10.el7.x86_64.rpm mercurial-hgk [More...]

unixODBC: Buffer overflow in unicode_to_ansi_copy() can lead to crash or other unspecified impact (CVE-2018-7409) * unixODBC: Insecure buffer copy in SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c (CVE-2018-7485) SL7 x86_64 unixODBC-devel-2.3.1-14.el7.x86_64.rpm unixODBC-2.3.1-14.el7.i686.rpm unixODBC-devel-2.3.1-14.el7.i686.rpm unixODBC-2.3.1-14.el7.x86_64.rpm [More...]

libwpd: NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp (CVE-2018-19208) SL7 x86_64 libwpd-0.10.0-2.el7.i686.rpm libwpd-0.10.0-2.el7.x86_64.rpm libwpd-doc-0.10.0-2.el7.noarch.rpm libwpd-devel-0.10.0-2.el7.i686.rpm libwpd-tools-0.10.0-2.el7.x86_64.rpm libwpd-devel-0.10.0-2.el7.x86_64.rpm libwpd-debuginfo-0.10.0-2. [More...]

zsh: Improper handling of shebang line longer than 64 (CVE-2018-13259) SL7 x86_64 zsh-5.0.2-33.el7.x86_64.rpm zsh-html-5.0.2-33.el7.x86_64.rpm zsh-debuginfo-5.0.2-33.el7.x86_64.rpm - Scientific Linux Development Team

advancecomp: null pointer dereference in function be_uint32_read() in endianrw.h (CVE-2019-8379) * advancecomp: denial of service in function adv_png_unfilter_8 in lib/png.c (CVE-2019-8383) SL7 x86_64 advancecomp-1.15-21.el7.x86_64.rpm advancecomp-debuginfo-1.15-21.el7.x86_64.rpm - Scientific Linux Development Team

An update that fixes one vulnerability is now available.

An update that solves four vulnerabilities and has three fixes is now available.

An update that fixes two vulnerabilities is now available.

An update that contains security fixes can now be installed.

An update that solves 7 vulnerabilities and has three fixes is now available.

An update that fixes one vulnerability is now available.

An update that contains security fixes can now be installed.

An update that solves one vulnerability and has two fixes is now available.

An update that solves three vulnerabilities and has two fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes 10 vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.