Author Archives: LinuxSecurity Advisories

Fedora 28: python2-django1.11 Security Update

- CVE-2019-3498: Content spoofing possibility in the default 404 page - CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format() - Fixed a race condition in QuerySet.update_or_create() that could result in data loss - geo: Prevented repetitive calls to geos_version_tuple() in the WKBWriter class

SciLinux: Critical: firefox on SL7.x x86_64

This update upgrades Firefox to version 60.6.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value [More...]

RedHat: RHSA-2019-0623:01 Critical: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2019-0622:01 Critical: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2019-0600:01 Moderate: CloudForms 4.6.9 security,

An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2019-0597:01 Moderate: cloud-init security update

An update for cloud-init is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2019-0580:01 Low: openstack-ceilometer security and bug fix

An update for openstack-ceilometer is now available for Red Hat OpenStack Platform 14.0 (Rocky). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

Fedora 29: php Security Update

**PHP version 7.2.16** (07 Mar 2019) **Core:** * Fixed bug php#77589 (Core dump using parse_ini_string with numeric sections). (Laruence) * Fixed bug php#77630 (rename() across the device may allow unwanted access during processing). (Stas) **EXIF:** * Fixed bug php#77509 (Uninitialized read in exif_process_IFD_in_TIFF). (Stas) * Fixed bug php#77540 (Invalid Read on

SciLinux: Important: kernel on SL7.x x86_64

kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: Faulty computation of numberic bounds in the BPF verifier (CVE-2018-18445) Bug Fix(es) and Enhancement(s): * kernel fuse invalidates cached attributes during reads * [NetApp-FC-NVMe] SL7.6: nvme reset gets hung i [More...]

Fedora 28: php Security Update

**PHP version 7.2.16** (07 Mar 2019) **Core:** * Fixed bug php#77589 (Core dump using parse_ini_string with numeric sections). (Laruence) * Fixed bug php#77630 (rename() across the device may allow unwanted access during processing). (Stas) **EXIF:** * Fixed bug php#77509 (Uninitialized read in exif_process_IFD_in_TIFF). (Stas) * Fixed bug php#77540 (Invalid Read on

Mageia 2019-0108: gnupg2 security update

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to