Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150827)

A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2015-4497 A flaw was found in the way Firefox handled installation of...

Scientific Linux Security Update : net-snmp on SL6.x i386/x86_64 (20150722)

A denial of service flaw was found in the way snmptrapd handled certain SNMP traps when started with the '-OQ' option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash. CVE-2014-3565 This update...

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20150225)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. CVE-2015-0836, CVE-2015-0831, CVE-2015-0827 An information lea...

Scientific Linux Security Update : httpd on SL4.x, SL5.x, SL6.x i386/x86_64

The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially crafted Range header...

Scientific Linux Security Update : krb5 on SL4.x, SL5.x i386/x86_64

Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third- party, the Key Distribution Center KDC. A buffer overflow flaw was found in the MIT krb5 telnet daemon telnetd. A remote attacker who can acce...

Scientific Linux Security Update : xen on SL5.x i386/x86_64

It was found that the xctrybzip2decode and xctrylzmadecode decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest...

Scientific Linux Security Update : libpng on SL3.x, SL4.x, SL5.x i386/x86_64

A flaw was discovered in libpng that could result in libpng trying to free random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary...