Scientific Linux Security Update : kvm on SL5.x x86_64 (20170307)

Security Fixes : - Quick emulator QEMU built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20170224)

Security Fixes : - A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol DCCP implementation freed SKB socket buffer resources for a DCCPPKTREQUEST packet when the IPV6RECVPKTINFO option is set on the socket. A local, unprivileged user could use this...

Scientific Linux Security Update : bind on SL5.x, SL6.x i386/x86_64 (20170116)

Security Fixes : - A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. CVE-2016-9147...

Scientific Linux Security Update : xen on SL5.x i386/x86_64 (20161220)

Security Fixes : - An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw t...

Scientific Linux Security Update : bind on SL5.x, SL6.x i386/x86_64 (20161102)

Security Fixes : - A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. CVE-2016-8864 %NASLMINLEVEL 70300 C Tenable...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20161028) (Dirty COW)

Security Fixes : - A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write COW breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase...

Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20161020)

Security Fixes : - A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet. CVE-2016-2848 %NASLMINLEVEL 70300 C Tenable Network...

Scientific Linux Security Update : bind on SL5.x, SL6.x i386/x86_64 (20161020)

Security Fixes : - A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet. CVE-2016-2848 %NASLMINLEVEL 70300 C Tenable Network...

Scientific Linux Security Update : bind on SL5.x, SL6.x, SL7.x i386/x86_64 (20160928)

Security Fixes : - A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. CVE-2016-2776 %NASLMINLEVE...

Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20160928)

Security Fixes : - A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. CVE-2016-2776 %NASLMINLEVE...

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20160905)

This update upgrades Thunderbird to version 45.3.0. Security Fixes : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running...

Scientific Linux Security Update : tzdata bug fix update on SL5.x, SL6.x i386/x86_64 (20160621)

This update fixes the following bugs : - In 2015, Egypt did not observe Daylight Savings Time DST. However, in 2016, Egypt observes DST from July 7 at 24:00 to October 27 at 24:00. As a consequence of this change, the tzdata package had incorrect data regarding DST in Egypt in 2016. This has been...

Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20160531)

Security Fixes : - A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the us...

Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL7.x i386/x86_64 (20160325)

Security Fixes : - An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. CVE-2016-0636 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

Scientific Linux Security Update : bind on SL5.x, SL6.x, SL7.x i386/x86_64 (20160316)

A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash. CVE-2016-1286 A denial of service flaw was found in the way BIND processed certain control channel...

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20160218)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. CVE-2016-1930, CVE-2016-1935 After installing the update,...

Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20160216)

Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2016-1521, CVE-2016-1522, CVE-2016-1523 After...

Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20151216)

A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive serve...

Scientific Linux Security Update : kvm on SL5.x x86_64 (20151022)

A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance denial of service or potentially execute arbitrary code on the host...

Scientific Linux Security Update : openldap on SL5.x, SL6.x, SL7.x i386/x86_64 (20150929)

A flaw was found in the way the OpenLDAP server daemon slapd parsed certain Basic Encoding Rules BER data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. CVE-2015-6908 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C Scientific...