| |
Debian: DSA-4549-1: firefox-esr security update (Oct 24) |
| |
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, cross-site scripting or denial of service.
|
| |
Debian: DSA-4548-1: openjdk-8 security update (Oct 21) |
| |
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in cross-site scripting, denial of service, information disclosure or Kerberos user impersonation.
|
| |
Debian: DSA-4547-1: tcpdump security update (Oct 21) |
| |
Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code.
|
| |
Debian: DSA-4546-1: openjdk-11 security update (Oct 20) |
| |
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in cross-site scripting, denial of service, information disclosure or Kerberos user impersonation.
|
| |
Debian: DSA-4545-1: mediawiki security update (Oct 18) |
| |
It was discovered that the Special:Redirect functionality of MediaWiki, a website engine for collaborative work, could expose suppressed user names, resulting in an information leak.
|
| |
|
| |
Fedora 31: kernel-tools FEDORA-2019-6a67ff8793 (Oct 24) |
| |
The 5.3.7 update contains a number of important fixes across the tree. The update also includes a fix for the [CVE-2019-17666](https://access.redhat.com/security/cve/CVE-2019-17666) security vulnerability regarding a buffer overflow in a Realtek wireless driver.
|
| |
Fedora 31: kernel FEDORA-2019-6a67ff8793 (Oct 24) |
| |
The 5.3.7 update contains a number of important fixes across the tree. The update also includes a fix for the [CVE-2019-17666](https://access.redhat.com/security/cve/CVE-2019-17666) security vulnerability regarding a buffer overflow in a Realtek wireless driver.
|
| |
Fedora 30: java-11-openjdk FEDORA-2019-f36ac0db92 (Oct 21) |
| |
Update to OpenJDK October CPU (security update). See: https://openjdk.org/groups/vulnerability/advisories/2019-10-15 https://mail.openjdk.org/pipermail/jdk-updates-dev/2019-October/002025.html
|
| |
Fedora 29: radare2 FEDORA-2019-65c33bdc2a (Oct 19) |
| |
New build after fixing BuildRequires ---- - Rebase to upstream version 3.9.0 - fix CVE-2019-14745
|
| |
Fedora 31: sudo FEDORA-2019-67998e9f7e (Oct 18) |
| |
* Rebase to 1.8.28 * Fixed CVE-2019-14287
|
| |
Fedora 30: kernel-tools FEDORA-2019-057d691fd4 (Oct 18) |
| |
The 5.3.6 update contains a number of important fixes across the tree.
|
| |
Fedora 30: kernel-headers FEDORA-2019-057d691fd4 (Oct 18) |
| |
The 5.3.6 update contains a number of important fixes across the tree.
|
| |
Fedora 30: kernel FEDORA-2019-057d691fd4 (Oct 18) |
| |
The 5.3.6 update contains a number of important fixes across the tree.
|
| |
Fedora 30: mediawiki FEDORA-2019-c4cdd73c74 (Oct 18) |
| |
== Security fixes == * (T230402, CVE-2019-16738) SECURITY: Add permission check for suppressed account to Special:Redirect. == Links to all mentioned tasks == * https://phabricator.wikimedia.org/T230402 * https://phabricator.wikimedia.org/T227662
|
| |
Fedora 31: kernel-tools FEDORA-2019-038d78eaa5 (Oct 17) |
| |
The 5.3.6 update contains a number of important fixes across the tree.
|
| |
Fedora 31: kernel FEDORA-2019-038d78eaa5 (Oct 17) |
| |
The 5.3.6 update contains a number of important fixes across the tree.
|
| |
Fedora 31: kernel-headers FEDORA-2019-038d78eaa5 (Oct 17) |
| |
The 5.3.6 update contains a number of important fixes across the tree.
|
| |
|
| |
Gentoo: GLSA-201910-01: PHP: Arbitrary code execution (Oct 25) |
| |
A vulnerability in PHP might allow an attacker to execute arbitrary code.
|
| |
|
| |
RedHat: RHSA-2019-3207:01 Important: Ansible security and bug fix update (Oct 24) |
| |
An update is now available for Ansible Engine 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3205:01 Important: sudo security update (Oct 24) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3204:01 Important: sudo security update (Oct 24) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3203:01 Important: Ansible security and bug fix update (Oct 24) |
| |
An update is now available for Ansible Engine 2.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3202:01 Important: Ansible security and bug fix update (Oct 24) |
| |
An update is now available for Ansible Engine 2.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3201:01 Important: Ansible security update (Oct 24) |
| |
An update is now available for Ansible Engine 2.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3197:01 Important: sudo security update (Oct 24) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3200:01 Moderate: Red Hat AMQ Streams 1.3.0 release and (Oct 24) |
| |
Red Hat AMQ Streams 1.3.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-3196:01 Critical: firefox security update (Oct 24) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-2769:01 Important: OpenShift Container Platform 3.9 (Oct 23) |
| |
An security update is now available for Red Hat OpenShift Container Platform 3.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3193:01 Critical: firefox security update (Oct 23) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-3187:01 Important: kernel security and bug fix update (Oct 23) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2019-3179:01 Important: qemu-kvm-rhev security and bug fix (Oct 22) |
| |
An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3172:01 Moderate: Red Hat Satellite 6 security, bug fix, (Oct 22) |
| |
An update is now available for Red Hat Satellite 6.6 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-3170:01 Important: python security update (Oct 22) |
| |
An update for python is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2019-3168:01 Important: wget security update (Oct 22) |
| |
An update for wget is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2019-3165:01 Important: kernel-rt security and bug fix update (Oct 22) |
| |
An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3157:01 Moderate: java-1.7.0-openjdk security update (Oct 21) |
| |
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-3158:01 Moderate: java-1.7.0-openjdk security update (Oct 21) |
| |
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-3149:01 Important: OpenShift Container Platform (Oct 18) |
| |
An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3144:01 Important: OpenShift Container Platform 3.11 (Oct 17) |
| |
An update for jenkins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3143:01 Moderate: OpenShift Container Platform 3.11 (Oct 17) |
| |
An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-3142:01 Low: OpenShift Container Platform 3.11 mediawiki (Oct 17) |
| |
An update for mediawiki is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-3140:01 Important: Red Hat JBoss Data Virtualization (Oct 17) |
| |
An update is now available for Red Hat JBoss Data Virtualization. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3136:01 Important: java-1.8.0-openjdk security update (Oct 17) |
| |
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3135:01 Important: java-11-openjdk security update (Oct 17) |
| |
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3134:01 Important: java-1.8.0-openjdk security update (Oct 17) |
| |
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
|
| |
Slackware: 2019-295-01: mozilla-firefox Security Update (Oct 22) |
| |
New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
|
| |
Slackware: 2019-293-01: python Security Update (Oct 20) |
| |
New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
|
| |
|
| |
SUSE: 2019:2778-1 moderate: accountsservice (Oct 24) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2019:2776-1 moderate: nfs-utils (Oct 24) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2779-1 moderate: binutils (Oct 24) |
| |
An update that fixes 28 vulnerabilities is now available.
|
| |
SUSE: 2019:14199-1 important: xen (Oct 24) |
| |
An update that fixes 13 vulnerabilities is now available.
|
| |
SUSE: 2019:2771-1 moderate: nfs-utils (Oct 24) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2769-1 important: xen (Oct 24) |
| |
An update that fixes 16 vulnerabilities is now available.
|
| |
SUSE: 2019:2755-1 moderate: rust (Oct 23) |
| |
An update that solves two vulnerabilities and has two fixes is now available.
|
| |
SUSE: 2019:2757-1 moderate: lz4 (Oct 23) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2753-1 important: xen (Oct 23) |
| |
An update that solves 16 vulnerabilities and has four fixes is now available.
|
| |
SUSE: 2019:2750-1 moderate: zziplib (Oct 23) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2019:2752-1 moderate: sysstat (Oct 23) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2749-1 moderate: sysstat (Oct 23) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2748-1 moderate: python (Oct 23) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2745-1 moderate: libcaca (Oct 22) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
SUSE: 2019:2743-1 moderate: python (Oct 22) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2019:2744-1 moderate: openconnect (Oct 22) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2738-1 important: the Linux Kernel (Oct 22) |
| |
An update that solves 40 vulnerabilities and has 225 fixes is now available.
|
| |
SUSE: 2019:2736-1 moderate: ceph, ceph-iscsi, ses-manual_en (Oct 22) |
| |
An update that solves one vulnerability and has 21 fixes is now available.
|
| |
SUSE: 2019:2737-1 moderate: openconnect (Oct 22) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2730-1 important: procps (Oct 21) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2019:1353-2 moderate: bluez (Oct 18) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2019:2719-1 moderate: python-xdg (Oct 18) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2707-1 important: postgresql10 (Oct 17) |
| |
An update that fixes one vulnerability is now available.
|
| |
|
| |
Ubuntu 4165-1: Firefox vulnerabilities (Oct 23) |
| |
Firefox could be made to crash or run programs as your login if it opened a malicious website.
|
| |
Ubuntu 4162-2: Linux kernel (Azure) vulnerabilities (Oct 23) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4163-2: Linux kernel (Xenial HWE) vulnerabilities (Oct 23) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4164-1: Libxslt vulnerabilities (Oct 22) |
| |
Several security issues were fixed in Libxslt.
|
| |
Ubuntu 0058-1: Linux kernel vulnerability (Oct 22) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu 4163-1: Linux kernel vulnerabilities (Oct 21) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4162-1: Linux kernel vulnerabilities (Oct 21) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4157-2: Linux kernel (HWE) vulnerabilities (Oct 21) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4160-1: UW IMAP vulnerability (Oct 21) |
| |
UW IMAP could be made to execute programs if it received specially crafted input.
|
| |
Ubuntu 4161-1: Linux kernel vulnerability (Oct 21) |
| |
The system could be made to crash under certain conditions.
|
| |
Ubuntu 4159-1: Exiv2 vulnerability (Oct 21) |
| |
Exiv2 could be made to crash if it received a specially crafted file.
|
| |
Ubuntu 4155-2: Aspell vulnerability (Oct 21) |
| |
Aspell could be made to expose sensitive information if it received a specially crafted input.
|
| |
Ubuntu 4158-1: LibTIFF vulnerabilities (Oct 17) |
| |
Several security issues were fixed in LibTIFF.
|
| |
|
| |
Debian LTS: DLA-1969-1: file security update (Oct 23) |
| |
An issue has been found in file, a tool to determine file types by using magic numbers.
|
| |
Debian LTS: DLA-1967-1: libpcap security update (Oct 21) |
| |
libpcap (Packet CAPture), a low-level network monitoring library, does not properly validate the PHB header length before allocating memory. This update added sanity checks for PHB header length.
|
| |
Debian LTS: DLA-1962-1: graphite-web security update (Oct 21) |
| |
The 'send_email' function in graphite-web/webapp/graphite/composer/views.py in Graphite is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource.
|
| |
Debian LTS: DLA-1961-1: milkytracker security update (Oct 21) |
| |
Fredric discovered a couple of buffer overflows in MilkyTracker, of which, a brief description is given below.
|
| |
Debian LTS: DLA-1968-1: imagemagick security update (Oct 21) |
| |
Multiple vulnerabilities have been found in imagemagick, an image processing toolkit. CVE-2019-11470
|
| |
Debian LTS: DLA-1966-1: aspell security update (Oct 19) |
| |
It was discovered that Aspell, the GNU spell checker, incorrectly handled certain inputs which leads to a stack-based buffer over-read. An attacker could potentially access sensitive information.
|
| |
Debian LTS: DLA-1965-1: nfs-utils security update (Oct 19) |
| |
In the nfs-utils package, providing support files for Network File System (NFS) including the rpc.statd daemon, the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files
|
| |
Debian LTS: DLA-1963-2: poppler regression update (Oct 18) |
| |
The fix for CVE-2019-10871 broke xpdf. This change has been reverted until a better fix can be developed.
|
| |
Debian LTS: DLA-1963-1: poppler security update (Oct 18) |
| |
Two buffer allocation issues were identified in poppler. CVE-2019-9959
|
| |
Debian LTS: DLA-1960-1: wordpress security update (Oct 17) |
| |
Several cross-site scripting (XSS) vulnerabilities were discovered in Wordpress, a popular content management framework. An attacker can use these flaws to send malicious scripts to an unsuspecting user.
|
| |
Debian LTS: DLA-1964-1: sudo security update (Oct 17) |
| |
In sudo, a program that provides limited super user privileges to specific users, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can
|
| |
Debian LTS: DLA-1714-2: libsdl2 regression update (Oct 17) |
| |
The update of libsdl2 released as DLA 1714-1 led to several regressions, as reported by Avital Ostromich. These regressions are caused by libsdl1.2 patches for CVE-2019-7637, CVE-2019-7635, CVE-2019-7638 and CVE-2019-7636 being applied to libsdl2 without adaptations.
|
| |
Debian LTS: DLA-1713-2: libsdl1.2 regression update (Oct 17) |
| |
The update of libsdl1.2 released as DLA 1713-1 led to a regression, caused by an incomplete fix for CVE-2019-7637. This issue was known upstream and resulted, among others, in windows versions from libsdl1.2 failing to set video mode.
|
| |
|
| |
ArchLinux: 201910-13: pacman: arbitrary command execution (Oct 23) |
| |
The package pacman before version 5.2.0-1 is vulnerable to arbitrary command execution.
|
| |
ArchLinux: 201910-12: go: denial of service (Oct 23) |
| |
The package go before version 2:1.13.3-1 is vulnerable to denial of service.
|
| |
ArchLinux: 201910-11: go-pie: denial of service (Oct 23) |
| |
The package go-pie before version 2:1.13.3-1 is vulnerable to denial of service.
|
| |
ArchLinux: 201910-10: xpdf: arbitrary code execution (Oct 23) |
| |
The package xpdf before version 4.02-1 is vulnerable to arbitrary code execution.
|
| |
|
| |
CentOS: CESA-2019-3157: Moderate CentOS 7 java-1.7.0-openjdk (Oct 23) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3157
|
| |
CentOS: CESA-2019-2964: Important CentOS 7 patch (Oct 23) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2964
|
| |
CentOS: CESA-2019-3127: Important CentOS 7 java-11-openjdk (Oct 23) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3127
|
| |
CentOS: CESA-2019-3128: Important CentOS 7 java-1.8.0-openjdk (Oct 23) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3128
|
| |
CentOS: CESA-2019-3136: Important CentOS 6 java-1.8.0-openjdk (Oct 22) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3136
|
| |
CentOS: CESA-2019-3158: Moderate CentOS 6 java-1.7.0-openjdk (Oct 22) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3158
|
| |
CentOS: CESA-2019-3055: Important CentOS 7 kernel (Oct 21) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3055
|
| |
CentOS: CESA-2019-3067: Important CentOS 7 jss (Oct 21) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3067
|
| |
|
| |
SciLinux: SLSA-2019-3197-1 Important: sudo on SL7.x x86_64 (Oct 24) |
| |
sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287) SL7 x86_64 sudo-1.8.23-4.el7_7.1.x86_64.rpm sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm sudo-debuginfo-1.8.23-4.el7_7.1.i686.rpm sudo-devel-1.8.23-4.el7_7.1.i686.rpm sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm - Scientific Linux Development Team
|
| |
SciLinux: SLSA-2019-3193-1 Critical: firefox on SL7.x x86_64 (Oct 23) |
| |
This update upgrades Firefox to version 68.2.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buf [More...]
|
| |
SciLinux: important: Important: OpenAFS on SL6.x, SL7.x i386/x86_64 (Oct 23) |
| |
|
| |
SciLinux: SLSA-2019-3158-1 Moderate: java-1.7.0-openjdk on SL6.x i386/x86_64 (Oct 22) |
| |
OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) * OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) * OpenJDK: NULL pointer dereferen [More...]
|
| |
SciLinux: SLSA-2019-3157-1 Moderate: java-1.7.0-openjdk on SL7.x x86_64 (Oct 22) |
| |
OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) * OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) * OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019- [More...]
|
| |
SciLinux: SLSA-2019-3136-1 Important: java-1.8.0-openjdk on SL6.x i386/x86_64 (Oct 21) |
| |
OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) (CVE-2019-2975) * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConne [More...]
|
| |
SciLinux: SLSA-2019-3055-1 Important: kernel on SL7.x x86_64 (Oct 18) |
| |
kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856) * kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ [More...]
|
| |
SciLinux: SLSA-2019-3127-1 Important: java-11-openjdk on SL7.x x86_64 (Oct 17) |
| |
OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) (CVE-2019-2975) * OpenJDK: Out of bounds access in optimized String indexof implementation (Hotspot, 8224062) (CVE-2019-2977) * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handl [More...]
|
| |
SciLinux: SLSA-2019-3128-1 Important: java-1.8.0-openjdk on SL7.x x86_64 (Oct 17) |
| |
OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) (CVE-2019-2975) * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConne [More...]
|
| |
|
| |
openSUSE: 2019:2365-1: moderate: gcc7 (Oct 22) |
| |
An update that solves two vulnerabilities and has three fixes is now available.
|
| |
openSUSE: 2019:2364-1: moderate: gcc7 (Oct 22) |
| |
An update that solves two vulnerabilities and has three fixes is now available.
|
| |
openSUSE: 2019:2361-1: moderate: libreoffice (Oct 22) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2347-1: moderate: lighttpd (Oct 20) |
| |
An update that solves one vulnerability and has three fixes is now available.
|
| |
openSUSE: 2019:2348-1: important: tcpdump (Oct 20) |
| |
An update that fixes 28 vulnerabilities is now available.
|
| |
openSUSE: 2019:2343-1: important: libpcap (Oct 20) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2345-1: important: libpcap (Oct 20) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2344-1: important: tcpdump (Oct 20) |
| |
An update that fixes 28 vulnerabilities is now available.
|
| |
openSUSE: 2019:2340-1: moderate: dhcp (Oct 20) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
openSUSE: 2019:2341-1: moderate: dhcp (Oct 20) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
openSUSE: 2019:2333-1: important: sudo (Oct 17) |
| |
An update that fixes one vulnerability is now available.
|
| |
|
| |
Mageia 2019-0304: chromium-browser-stable security update (Oct 23) |
| |
Chromium-browser 77.0.3865.120 fixes security issues: Four use-after-free bugs were found in Chromium 77.0.3865.90: one in the IndexedDB component (CVE-2019-13693), one in the WebRTC component (CVE-2019-13694), one in the audio component (CVE-2019-13695), and one in
|
| |
Mageia 2019-0303: virtualbox security update (Oct 23) |
| |
This update provides the upstream 6.0.14 and fixes the following security issues: An easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to
|
| |
Mageia 2019-0302: java-1.8.0-openjdk security update (Oct 23) |
| |
The updated packages fix several bugs and some security issues: Missing restrictions on use of custom SocketImpl (Networking, 8218573). (CVE-2019-2945)
|
| |
Mageia 2019-0301: mediawiki security update (Oct 23) |
| |
Updated mediawiki packages fix security vulnerability: In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup (CVE-2019-16738).
|
| |
Mageia 2019-0300: libsndfile security update (Oct 23) |
| |
Updated libsndfile package fixes security vulnerability: It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code
|
| |
Mageia 2019-0299: bind security update (Oct 23) |
| |
Updated bind packages fix security vulnerabilities Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) Race condition when discarding malformed packets can cause bind to
|
