39 matches found
Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20200603)
Security Fixes : - bind: BIND does not sufficiently limit the number of fetches performed when processing referrals CVE-2020-8616 - bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c CVE-2020-8617 C Tenable Network Security, Inc. The...
Scientific Linux Security Update : zsh on SL6.x i386/x86_64 (20200318)
Security Fixes : - zsh: insecure dropping of privileges when unsetting PRIVILEGED option CVE-2019-20044 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid134695; scriptversion"1.3";...
Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20190226)
Security Fixes : - kernel: MIDI driver race condition leads to a double-free CVE-2018-10902 Bug Fixes : - Previously backported upstream patch caused a change in the behavior of page fault handler. As a consequence, applications compiled through GNU Compiler Collection GCC version 4.4.7 sometimes...
Scientific Linux Security Update : zsh on SL6.x i386/x86_64 (20180619)
Security Fixes : - zsh: Stack-based buffer overflow in genmatchesfiles at compctl.c CVE-2018-1083 - zsh: buffer overflow when scanning very long directory paths for symbolic links CVE-2014-10072 - zsh: buffer overrun in symlinks CVE-2017-18206 - zsh: buffer overflow in utils.c:checkmailpath can...
Scientific Linux Security Update : patch on SL6.x i386/x86_64 (20180423)
Patch should be installed because it is a common way of upgrading applications. Security Fixes : - patch: Malicious patch files cause ed to execute arbitrary commands CVE-2018-1000156 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description...
Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20170711)
Security Fixes : - It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters...
Scientific Linux Security Update : policycoreutils on SL6.x, SL7.x i386/x86_64
Security Fixes : - It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox...
Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20160216)
Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2016-1521, CVE-2016-1522, CVE-2016-1523 After...
Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20160107) (SLOTH)
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...
Scientific Linux Security Update : sqlite on SL6.x i386/x86_64 (20150817)
It was found that SQLite's sqlite3VXPrintf function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts. CVE-2015-3416...
Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20150421)
It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM- allocated buffer boundaries in the host's QEMU process address space with attacker-provided data. CVE-2014-8106 This update also fixes the following bug : -...
Scientific Linux Security Update : rpm on SL5.x, SL6.x i386/x86_64 (20141209)
It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and...
Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20140108)
A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. CVE-2013-6449 It was discovered that the Datagr...
Scientific Linux Security Update : luci on SL6.x i386/x86_64 (20131121)
A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user. CVE-2013-4482 A flaw was found in the way luci...
Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20130730)
A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. CVE-2013-4854 After installing the update, the BIND daemon named will be restarted...
Scientific Linux Security Update : conga on SL5.x i386/x86_64 (20130108)
It was discovered that luci stored usernames and passwords in session cookies. This issue prevented the session inactivity timeout feature from working correctly, and allowed attackers able to get access to a session cookie to obtain the victim's authentication credentials. CVE-2012-3359 This...
Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20121113)
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : - It was found that a previous update did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged use...
Scientific Linux Security Update : libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64
An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. CVE-2008-4226 A denial of service...
Scientific Linux Security Update : selinux-policy on SL6.x i386/x86_64 (20120709)
This update adds the following enhancements : - When the system produces a new SELinux denial, the setroubleshootd daemon executes the rpm tool to check information about the relevant packages. Previously, setroubleshootd was unable to execute the rpm tool, and AVC denials were logged in the...
Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120209)
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - Using the SGIO ioctl to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged...