CHG000000013739[domain_realm] section will be updated. The [domain_realm] section provides a translation from a domain name or hostname to a Kerberos realm name. We need to map pingdev.fnal.gov to FERMI domain. Additionally 38 translations will be removed since these hostnames no longer exist in DNS. [instancemapping] section will be removed, since there is no AFS at Fermilab anymore.Scientific Linux FermiScientific Linux Fermi 6krb5-fermi-config-5.3-1.6.1.noarch.rpm45bf513697d573439f9e8ed99d0694b28f5f31104632c906a676455407d1245ckrb5-fermi-krb5.conf-5.3-1.6.1.noarch.rpm3af1836760ceade7f97ed616cd7257e89af81eeb96934a08123fd0a61525cdf8CHG000000016873Currently the krb5.conf file has SULLY as the first DC and this machine is located in Accelerator Division's server room. As a group, we have decided to move the servers around so that the first server is ELMO, which is located in FCC.Scientific Linux FermiScientific Linux Fermi 6krb5-fermi-krb5.conf-5.4-1.1.noarch.rpma420dcdb61417cddafa7d52d5a1eb994aaa078f316097e7cf5a915cbdac021b7krb5-fermi-config-5.4-1.1.noarch.rpmcac2ce2dc2a325cbac8afd178276cd2c745e67ad81f30b85d9219bca9efebe98CHG000000016874Scientific Linux FermiScientific Linux Fermi 6krb5-fermi-config-5.5-1.noarch.rpm9014eb7ad74684ebabf09a8464db9989bb561139cd497b9b825e0dd9ff0bae75krb5-fermi-krb5.conf-5.5-1.noarch.rpm4de82f88966cb22d714c6ea7bc248a21bd883b788f657fcbdd1b8d6d60b33594CHG000000017316In some instances the /etc/kdc.list entries were not automatically inserted into the correct place within /etc/krb5.confScientific Linux FermiScientific Linux Fermi 6krb5-fermi-config-5.5-2.noarch.rpmf5131ccf50fd9828d170160783a92079c52ffc2a2b0c5c133219d8dd0718dfbckrb5-fermi-krb5.conf-5.5-2.noarch.rpme30f6238343a490bf2298e9295c9de2a56b85cc897f37b92f8db4ff7819c6740ENHC0003766Scientific Linux FermiScientific Linux Fermi 6kmod-openafs-754-1.6.22.3-286.sl6.754.i686.rpmf7c3d82a64eddaabf9c98ac7d791ab6c61b46eeaedf4e14e2315cd948d99495ckmod-openafs-1.6.22.3-1.SL610.el6.noarch.rpm2acf39e723919085e97abdd00b5c8c8a6b67fffa13ca88b7d78f549ab6ce3dbcENHC0004153Authentication Services operates a non-accredited CA that is integrated with the FERMI and SERVICES domains.Scientific Linux FermiScientific Linux Fermi 6fermilab-conf_ca-certs-2019.01-2.sl6.noarch.rpmc08eac2053aaaa2ce047f54b41c6615bfbb67247fd0251000eaac3a90d66121cOPENAFS-SA-2017-001Security Fix(es): * Certain values transmitted in RX ACK packets were not sanity checked by OpenAFS receiving peers, which could lead to an assertion being triggered during construction of outgoing packets on the same connection, resulting in server process crashes or client kernel panics.importantScientific Linux FermiScientific Linux Fermi 6openafs-client-1.6.20-257.sl6.i686.rpm888414f0036675b95ab5aad5a7a8ce5e99622534c28d0ab63aeb8986415c1501openafs-kpasswd-1.6.20-257.sl6.i686.rpm88b7cf09746c753cf3ed5e441fa1b9d9d7eb5b765aeeb4d10f76471c9453490fkmod-openafs-696-1.6.20-257.sl6.696.i686.rpmaebd122bb5c3cf1d917256d42199becff9561b0a65fb1c82585aa8eed01d58bdopenafs-module-tools-1.6.20-257.sl6.i686.rpmeacdc46e8ca8127dec2d873fa4a49da91501d2a9dfaa4f5ffed59f7ca9c36889openafs-authlibs-devel-1.6.20-257.sl6.i686.rpm914ddb90c7b6122b98fb835a36a1f5cc6c1e75b54ce49c02cae19159389a56cdopenafs-devel-1.6.20-257.sl6.i686.rpm79579aa0d38fe6d84ed615bf61796ada7e5f59b8904f449326e75bac78d179d2openafs-1.6.20-257.sl6.i686.rpm522126e8802aed2787821e6bed71ff3843301d96ebb2c1ad982e9b89f53dc696openafs-kernel-source-1.6.20-257.sl6.i686.rpm677ecee9b44924da34913037bd5375867267ab816d9f6c33fa6f5ade766e2459openafs-server-1.6.20-257.sl6.i686.rpm71a169723b327e61a356afebac8c0216bf8b3dd4c4d2e711aed9b6707356c808openafs-plumbing-tools-1.6.20-257.sl6.i686.rpm570e2ae41411535165f1345e04d3d81aa09dbfa58efe6450f16281dbbc029ab9openafs-krb5-1.6.20-257.sl6.i686.rpme4a791a2d53324b071317eeb52dd05c1c0504c41ae183b67dbfd3c273f6b8e49openafs-authlibs-1.6.20-257.sl6.i686.rpm1bd7a401b4ddb198a3e1abab19482a27233593e8446f685e6d8b1a9d46b95542openafs-compat-1.6.20-257.sl6.i686.rpma6807ac07961497f6161398d817447518a05fab6b62062f78f5f63c50ed74862OPENAFS-SA-2018-001:2:3These releases include fixes for three security advisories, OPENAFS-SA-2018-001, OPENAFS-SA-2018-002, and OPENAFS-SA-2018-003. OPENAFS-SA-2018-001 only affects deployments that run the 'butc' utility as part of the in-tree backup system, but is of high severity for those sites which are affected -- an anonymous attacker could replace entire volumes with attacker-controlled contents. OPENAFS-SA-2018-002 is for information leakage over the network via uninitialized RPC output variables. A number of RPCs are affected, some of which require the caller to be authenticated, but in some cases hundreds of bytes of data can be leaked per call. Of note is that cache managers are also subject to (kernel) memory leakage via AFSCB_ RPCs. OPENAFS-SA-2018-003 is a denial of service whereby anonymous attackers can cause server processes to consume large quantities of memory for a sustained period of time. The changes to fix OPENAFS-SA-2018-001 require behavior change in both butc(8) and backup(8) to use authenticated connections; old and new versions of these utilities will not interoperate absent specific configuration of the new tool to use the old (insecure) behavior. These changes also are expected to cause backup(8)'s interactive mode to be limited to only butc connections requiring (or not requiring) authentication within a given interactive session, based on the initial arguments selected.moderateScientific Linux FermiScientific Linux Fermi 6openafs-authlibs-1.6.23-289.sl6.i686.rpm3b783270c6a8a50f544f5270a1b7ae809354ba0a56c2cfd17e2d0eec9d78c0bfopenafs-plumbing-tools-1.6.23-289.sl6.i686.rpm7a8e8fcbe4ab94497e0086db4edd7e12e6a1a0185779e14bb8bcc3cd0c698525openafs-devel-1.6.23-289.sl6.i686.rpmdc8f3f044a9de4e3a4046ccb055ffc92e9b633ecd8d3285992ee9895b725a806openafs-module-tools-1.6.23-289.sl6.i686.rpmdff95f310dcca400e1e7f8b6ca832d53132c88d7db56fd40ddf2259ccea35dffopenafs-client-1.6.23-289.sl6.i686.rpm3b263772cd504189257f5b5342deaba3b3ed24a7f6275be116b28bfa0182c52eopenafs-1.6.23-289.sl6.i686.rpmeea6a33ab3f6fcae8dd4cc823f7604933eae13432bcc29c1c6f6bf41777b9647openafs-compat-1.6.23-289.sl6.i686.rpm603d2670599485e838f984f51d93c0ebf5886c23d2bb2c35775f35b79e709c06openafs-authlibs-devel-1.6.23-289.sl6.i686.rpmc5a506e3c5b84f45999986ff625b24ba7383efc42a791fb8a80c8a7d310d2999kmod-openafs-754-1.6.23-289.sl6.754.3.5.i686.rpm0d1e1c93acb3b84d24c0512577bcf65732757b96ecce21967d2722ed9969d21dopenafs-kernel-source-1.6.23-289.sl6.i686.rpm88c8bd96f451347aee4bfdf7c651cfa14ae8ff4826ae35fbd723d09a1bd89ec6openafs-krb5-1.6.23-289.sl6.i686.rpmd3566565060384c0c4de2f26d66d5107b9813381192258ca3b8d3e2f6146fc26openafs-server-1.6.23-289.sl6.i686.rpmfd347282cda817cee871713c7f27139e26b98b2cf5a25157133a01d8de5e2dd9openafs-kpasswd-1.6.23-289.sl6.i686.rpmcad75d48fc6a606bac2e2def7f6578b9836b8aabb8f826cf6fa1b65e59b012abRITM0891205Security Fixes: * Fix OPENAFS-SA-2019-001: information leakage in failed RPC output Generated RPC handler routines ran output variables through XDR encoding even when the call had failed and would shortly be aborted (and for which uninitialized output variables is common); any complete packets assembled in the process would be sent to the peer, leaking the contents of the uninitialized memory in question. * Fix OPENAFS-SA-2019-002: information leakage from uninitialized scalars Generated RPC handler routines did not initialize output variables of scalar (fixed-length) type, since they did not require dedicated logic to free. Such variables allocated on the stack could remain uninitialized in some cases (including those affected by OPENAFS-SA-2019-001), and the contents of uninitialized memory would be returned to the peer.importantScientific Linux FermiScientific Linux Fermi 6openafs-devel-1.6.24-290.sl6.i686.rpm27c3ba44661b415b3b678824e518075225a798a58a4cdf2b159310745f9a0380openafs-1.6.24-290.sl6.i686.rpm45c44a28c3759bb534b76e7082ff50099a8fe4815f7a79dddcbc38e2e502dbc7openafs-client-1.6.24-290.sl6.i686.rpm110b6df56bfd875af80024f30392d7f20204941962da01f53bdb0eff27ebb00bopenafs-module-tools-1.6.24-290.sl6.i686.rpmfd1ee25cc110d1dc290c6ef2d7b857625beb3a981e9156a1af399ef318ef47c3openafs-kernel-source-1.6.24-290.sl6.i686.rpm8eee0296180ba5e69073187ca8b89b9e00e190c46df10b7af8aa46b8fba79d2dopenafs-kpasswd-1.6.24-290.sl6.i686.rpmd5d45f52ab7c25fcece779c74ff045dab6bc4bb66756d1e5eeac2de097fcc8c2openafs-server-1.6.24-290.sl6.i686.rpm7dafd0f4af181dfb3a5f120bb55c8e155c9da79c4770382937587d0e123ed11eopenafs-krb5-1.6.24-290.sl6.i686.rpm6c473c28bcb1ccc9b3afc09669ae1df2e3d69a8a90868ba2bf7a5b98a55ae0b8openafs-plumbing-tools-1.6.24-290.sl6.i686.rpmb0c9ef40c73648cc448c087f18a1b7ba71084a103333b10a9b335ea7fe8a6506openafs-authlibs-1.6.24-290.sl6.i686.rpm3ef41e809ea7df3e25e1d77f3c68fdfac3f92ee9054d17021f0ac2b254f37d82openafs-compat-1.6.24-290.sl6.i686.rpmf59e9895af3f6a7a3d4bd1967899463517469759041f76d00b5c39ddffad1bffopenafs-authlibs-devel-1.6.24-290.sl6.i686.rpm54ba766d659e98361a2b16ac66d63c2f388d1f53e6782a117a5c765ea29e2dafkmod-openafs-754-1.6.24-290.sl6.754.23.1.i686.rpm41e199bbd199176515d412e05f24930e7a0de6c2e045906c8effb780eb3ce955SLBA-2017:1434-1* An updated version of libntirpc (1.4.3-4) that contains changes to the transport independent RPC (TI-RPC) library for NFS-Ganesha is included in this package. Since NFS-Ganesha consumes those functions, it is now recompiled against libntirpc-1.4.3.4.Scientific Linux FermiScientific Linux Fermi 6libntirpc-devel-1.4.3-4.el6.i686.rpm6db84c38548e80079fcbc259fb45bd999980f5d82cddf3aea8bda63ccace1ce5libntirpc-1.4.3-4.el6.i686.rpmd1d62919e0d32969404a6212e688bdcfe9f9063d722b99af9dab7673fa0ca818SLBA-2017:1435-1This update fixes the following bug: * Prior to this update, the rpcbind utility terminated unexpectedly on start. A patch has been applied, and rpcbind now starts as expected.Scientific Linux FermiScientific Linux Fermi 6rpcbind-0.2.0-13.el6_9.1.i686.rpm070d683de09ff14e54b39a9bf7e3c3ec960e86ef4fdc4535c6531d2ef69f9a18SLBA-2018:0176-1Scientific Linux FermiScientific Linux Fermi 6selinux-policy-targeted-3.7.19-307.el6_9.3.noarch.rpm95423e3b58cc925b5a358890bedd91f31454e27b968fabca5fd8f091373254e2selinux-policy-doc-3.7.19-307.el6_9.3.noarch.rpmba63efd959353ba6c550f8dd623aee421da76cd9b93e18df71bca5760d199e12selinux-policy-3.7.19-307.el6_9.3.noarch.rpmcdbf6e7669e5d5f1a21068eb68125c559ff0b471ba26d51256027df7950db09bselinux-policy-minimum-3.7.19-307.el6_9.3.noarch.rpm0a01da2f03e640243879ffe83610ca1da8bb70bda284221db154eb9de7754c1bselinux-policy-mls-3.7.19-307.el6_9.3.noarch.rpm91ad7b260c80b7cef0ba31e3922f18eb53e022b02fa8bbdaa6c5a8ff1f0e3948SLBA-2018:0597-1* The Antarctica/Casey time zone has been changed from UTC+11 to UTC+8.Scientific Linux FermiScientific Linux Fermi 6tzdata-2018d-1.el6.noarch.rpmb0311e8b6f5dc1b3944f1de7961e85bd237abc109eebda3fa51c40dc8e33d4d7tzdata-java-2018d-1.el6.noarch.rpm155eef77fc54cb05c666c1b5a742488d2aab7adbe2c7d486c4d61e8f5d6ca01bSLBA-2018:1339-1* In this update, the upstream project now defaults to using the "vanguard" data implementation which includes negative DST offsets. However, we are continuing to provide the "rearguard" format for data which does not use negative DST offsets to provide better compatibility with existing tools. We intend to transition to the "vanguard" data implementation in the future.Scientific Linux FermiScientific Linux Fermi 6tzdata-java-2018e-3.el6.noarch.rpm40fb5cb634cedda909a94696ce1f83da58b67dafc599b8ec342db293b9871368tzdata-2018e-3.el6.noarch.rpmf7e03d38a6de62a054de45a2db10340f06a9a4e30d9d1c80314fbe6cfc0bb050SLBA-2018:1857-1Scientific Linux FermiScientific Linux Fermi 6copy-jdk-configs-3.3-9.el6.noarch.rpm3265471cef84f21333bce8cf101268b52cc7f6fa5fdc136ecbf9de61dd9d02e9SLBA-2018:1923-1Scientific Linux FermiScientific Linux Fermi 6clufter-common-0.77.1-1.el6.noarch.rpm389e5b2cce8fb7ab6ba9b39c28b18bd0644221daf28822e7d7e088644eb22558clufter-lib-pcs-0.77.1-1.el6.noarch.rpm4a497cae3fab4d2d531668a02d125f74c4e1a983b45980bc46308606deda709cpython-clufter-0.77.1-1.el6.noarch.rpm3fcabeebdbf603bb3eafcba40097095d9d7a5ea062e4835ff5bd2b6255724ce3clufter-lib-general-0.77.1-1.el6.noarch.rpm5857472ac34d33a8e087f4da84d34ed4d4d2607a59075bb0df81446e66511cf3clufter-bin-0.77.1-1.el6.i686.rpm57dd1475f806f7b11431cbf0e935a3da83bc603193abe66917636ee6e9ab251bclufter-cli-0.77.1-1.el6.noarch.rpm2250b16cc8a423dd2304b30d5fa3c8deac5917ed6557626bc5506af9880f31adclufter-lib-ccs-0.77.1-1.el6.noarch.rpme633dbc982b69031eab0027926cf39eea7e53abb357441b0f881625fa0529399SLBA-2018:3013-1* The Pacific/Fiji time zone will end Daylight Saving Time (DST) on January 13, 2019 rather than January 20, 2019. * Most regions in Chile will end Daylight Saving Time (DST) on the first Sunday in April, 2019.Scientific Linux FermiScientific Linux Fermi 6tzdata-java-2018f-1.el6.noarch.rpm92b0d5fce4699b908a80d999f188607d82d1e284ec4e219ca1a1e840b31d4c00tzdata-2018f-1.el6.noarch.rpmf0da448a10ba632c51d202b7889cd86ee06d2fe891e30282e2b31d44c2b4fd7aSLBA-2018:3454-1Scientific Linux FermiScientific Linux Fermi 6tzdata-java-2018g-1.el6.noarch.rpm2fb8cb6851408affdaafa8881f9fdb109c22d10226edaa8bdae769523c025baetzdata-2018g-1.el6.noarch.rpmdd6914d95ecc991db1d1a76a6d8c6d831e1c6ca386ccc5189abe9e2399a5660aSLBA-2019:0037-1The tzdata packages have been updated to version 2018i, which addresses recent time zone changes. Notably: * Africa/São Tomé and Príncipe changed from UTC+01 to UTC+00 on January 01, 2019. * Asia/Qyzylorda, Kazakhstan changed from UTC+06 to UTC+05 on December 21, 2018. * A new time zone, Asia/Qostanay, has been created because Qostanay, Kazakhstan did not transition with the Asia/Qyzylorda change. * America/Metlakatla, Alaska will observe Pacific Standard Time (PST) for this winter only. * Updates to Asia/Casablanca have been implemented based on a prediction that Morocco will continue to adjust clocks around Ramadan. * Changes to Asia/Tehran have been made based on predictions for Iran from 2038 through 2090.Scientific Linux FermiScientific Linux Fermi 6tzdata-2018i-1.el6.noarch.rpm60e2001038dfb303134d64a9068f1544d239b0ddca9c382a09982fa4cbdf3775tzdata-java-2018i-1.el6.noarch.rpm5a741f8213fd65ad537f949d2006bf2878358e743726a8e5844316a62c35b0a9SLBA-2019:0689-1The tzdata packages have been updated to version 2019a, which addresses recent time zone changes. Notably: * The Asia/Hebron and Asia/Gaza zones will start DST on 2019-03-30, rather than 2019-03-23 as previously predicted. * Metlakatla rejoined Alaska time on 2019-01-20, ending its observances of Pacific standard time.Scientific Linux FermiScientific Linux Fermi 6tzdata-java-2019a-1.el6.noarch.rpm09657e7344eb2c6f84d4f463481576d59b7a5dc54c76f86057c8edbb3615ccd5tzdata-2019a-1.el6.noarch.rpm988fc743347abada03a088728a3e751d7e0577ef016442fdb16bda5480454228SLBA-2019:1227-1This update fixes the following bug: * The spice-vdagent is not starting and spice is opening thousands of unix sockets.Scientific Linux FermiScientific Linux Fermi 6spice-vdagent-0.14.0-13.el6_10.1.i686.rpmc1907296bab148b6cba00eadd989559db50cf7454f6704292d6ed4538007fc56SLBA-2019:1651-1* dentry with DCACHE_SHRINKING set but no task shrinking dcacheScientific Linux FermiScientific Linux Fermi 6kernel-2.6.32-754.17.1.el6.i686.rpm9a6e1248791f75edfc661cc64b83bbb8b9cb0baaafd7a727a60b5762c1af2ce5kernel-devel-2.6.32-754.17.1.el6.i686.rpmfb96ffab9ca2b76099de803a292da6e7588f38035bef72c241786b02b9b2d05akernel-headers-2.6.32-754.17.1.el6.i686.rpm33b6b5e829accc30db3d9450694e247933878abc0830b72e6a63cc0e20dfdcabkernel-firmware-2.6.32-754.17.1.el6.noarch.rpmd6eb649785de43e9eaabcc5b18bd4c9405cfd2ff40524467703ba5d63eb615f9kernel-debug-devel-2.6.32-754.17.1.el6.i686.rpm6d04b7de6f99a043663bf889f4f4a1f108bd72960e6ae60a25eb40a8ce5021a3kernel-doc-2.6.32-754.17.1.el6.noarch.rpmd93f41a04c12482def9428979c1111bbd32d3366de833f6af0269ee8e77d1f6bkernel-abi-whitelists-2.6.32-754.17.1.el6.noarch.rpm6c25ef94a9ebc45d194d41b66918917019c5f3d25e72eae9d72243f4ff902a38perf-2.6.32-754.17.1.el6.i686.rpmbd224abbd3720424b34322ee0d2f92a413e3a1ea0ebc1178f55b8748fd94a7dekernel-debug-2.6.32-754.17.1.el6.i686.rpm032ee282eaa3acee0fb34686f89f14704c1e6caab6fcce0aa7683bbbff5ca9e3SLBA-2019:1703-1* The 2019 spring DST transition for Palestine occurred on March 29, not March 30.Scientific Linux FermiScientific Linux Fermi 6tzdata-java-2019b-2.el6.noarch.rpm7008f8ae57c82cb201946f2fc12167249b4373a78bd8ffe548f9d63fb1099037tzdata-2019b-2.el6.noarch.rpm6f36b7d2cf5955cf97d56e2a64c64941cf74133b2f4425a9c97afdc037794563SLBA-2019:2871-1The tzdata packages have been updated to version 2019c, which addresses recent time zone changes. Notably: * Fiji will observe the daylight saving time (DST) from November 10, 2019 to January 12, 2020. * Norfolk Island will start to observe Australian-style DST on November 06, 2019.Scientific Linux FermiScientific Linux Fermi 6tzdata-2019c-1.el6.noarch.rpma39f2001bf8cfc0be237ccf50a9ace47f164e735c182ab8b5d999c2e637764eatzdata-java-2019c-1.el6.noarch.rpm6674b8c0d3301c748fe7b73ebfe17a14974cde36deb4d81ed6fa2742f85b868aSLBA-2020:1982-1The tzdata packages have been updated to version 2020a, which addresses recent time zone changes. Notably: In Morocco (the Africa/Casablanca time zone), daylight saving time starts on 2020-05-31 instead of on 2020-05-24. Canada's Yukon region (the America/Whitehorse and America/Dawson time zones) changed to a year-round UTC-07 time on 2020-03-08. The America/Godthab time zone has been renamed to America/Nuuk.Scientific Linux FermiScientific Linux Fermi 6tzdata-java-2020a-1.el6.noarch.rpmacc38f1677f866ea1fd1f115ecb9a4ed831d7a5b7ccda6b6effaf7a314659c4dtzdata-2020a-1.el6.noarch.rpm8b0c71c5689666a060de7b991d6d8c7ac2f5a903d8b42af4da0bef2812bcfe63SLBA-2020:4282-1The tzdata packages have been updated to version 2020b, which addresses recent time zone changes. Notably: * Yukon timezones represented by America/Whitehorse and America/Dawson will change time zone rules from -08/-07 to permanent -07 on November 01, 2020, not on August 03, 2020, contrary to what was in the version 2020a. * The most recent winter(+08)/summer(+11) transition for Casey Station, Antarctica was on April 04, 2020 at 00:01. * Obsolete pacificnew, systemv, and yearistype.sh files have been removed from the distribution.Scientific Linux FermiScientific Linux Fermi 6tzdata-2020b-2.el6.noarch.rpm45de9b5c05f500bb9f37ce3cf655437c91f107403bc843fe9ee441a5d2140d7etzdata-java-2020b-2.el6.noarch.rpm3c911a314eea6f7ab5633bbb68684d444288a2b595d69b2ff0bae0f9bf45fd34SLBA-2020:4329-1The tzdata packages have been updated to version 2020d, which addresses recent time zone changes. Notably: * Fiji starts the daylight saving time (DST) later than usual on December 20, 2020, rather than the predicted November O8, 2020. * Palestine will end summer time on October 24, 2020 rather than the predicted October 31, 2020.Scientific Linux FermiScientific Linux Fermi 6tzdata-2020d-1.el6.noarch.rpm32d9a91f4702285b3295efd420d69823bbeeefa05251da72f3fbae6a61771a7ctzdata-java-2020d-1.el6.noarch.rpm4d2f476832375f815cf1b39ef3c4e03c526f6b188af7f71d12a3d7e94f222e3cSLEA-2017:3052-1* Sudan will switch from UTC+03 to UTC+02 on November 1, 2017. * Tonga will no longer use DST (Daylight Saving Time). This change takes effect on November 5, 2017. * Fiji ends DST on January 14, 2018 instead of January 21, 2018. * Namibia, on September 3, 2017 will switch from UTC+01 with DST to UTC+02 around the year. This change takes effect on April 1, 2018. * On March 11, 2018, the Turks and Caicos Islands will change from UTC-04 to UTC-05 with US DST starting on March 11, 2018. Effective change date is November 4, 2018. * tzdata now includes two text versions of the time zone data: the "tzdata.zi" and "leapseconds" files.Scientific Linux FermiScientific Linux Fermi 6tzdata-java-2017c-1.el6.noarch.rpm70d1973c6bed76f1fd8c34e8202bace484f5934e816ff4f9754ceb9936e5ce72tzdata-2017c-1.el6.noarch.rpmc42f3d1defe0ae10931a797df80bbdd7d6973b4b48b586117c7880e683154835SLEA-2018:0232-1* Brazil's Daylight Saving Time (DST) will start on the first Sunday in November. * Support has been added for the "-t" option for the zic utility. This enables the user to put the configuration link in the specified file instead of the standard location.Scientific Linux FermiScientific Linux Fermi 6tzdata-2018c-1.el6.noarch.rpm1c881e691d7705bc094334b7863df3425281ef8fca91f469635a060f05aca5c0tzdata-java-2018c-1.el6.noarch.rpm9de078f2470d37c30f16a4285dc0b5edd1bb5ee3e78ce13131170778cffe62f3SLEA-2018:1580-1Scientific Linux FermiScientific Linux Fermi 6microcode_ctl-1.17-25.6.el6_9.i686.rpm3554b2c167a3a377cafa48f09e73d1a0c7a2f30d58ebabce3111e5c50f66ed56SLEA-2019:1212-1This update adds the following enhancement: * The Intel CPU microcode has been updated to the latest upstream version to mitigate CVE-2018-12126, CVE-2018-12126, CVE-2018-12126, and CVE-2019-11091.Scientific Linux FermiScientific Linux Fermi 6microcode_ctl-1.17-33.11.el6_10.i686.rpmcd817b19a6cfba4dcbe70b6a4628847ba3283d18b772001bb59a8efa1a28ac1eSLEA-2019:3280-1The nss, nss-softokn and nss-util packages have been upgraded to upstream versions 3.44, and the nspr packages have been upgraded to upstream version 4.21. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Notably, these upgrades allow users to upgrade to Mozilla Firefox 68 Extended Support Release.Scientific Linux FermiScientific Linux Fermi 6nss-devel-3.44.0-7.el6_10.i686.rpmf5cc0e653315b63ed8f33b022a23930206be9436d42ad2a4c3afe9bcc5bfe820nspr-4.21.0-1.el6_10.i686.rpm3ec55d700846f9f7e59f2203aed75413c3393a4518541e28d30eae1594d03b98nss-sysinit-3.44.0-7.el6_10.i686.rpmaf080881b84bb309f2007c6ac395e24a1a27f8e8dac4a2a1a05c12881ba322d0nss-softokn-3.44.0-5.el6_10.i686.rpm5f346059c0b817e31dd71c56b780c8c08f6d501a5bf6c5177eb8b72d91b7c83anss-softokn-freebl-3.44.0-5.el6_10.i686.rpm3ef47aa10369ef5e10b78e6e4d6871c8992140b3876acf2e67fda9822f68b021nss-softokn-freebl-devel-3.44.0-5.el6_10.i686.rpm9a5978576dc18065ac5080ce9c925d5ca9cca66e2d67e068daf38cbf70a4eaadnss-3.44.0-7.el6_10.i686.rpm7cbd70bef055e0a871668e47ae1776c67a1a03bd86da3ff2ed88c5186e374539nss-util-devel-3.44.0-1.el6_10.i686.rpm63024af655b77fc6ac02b9548d5808451204a6226a1c702118ed8dcf1ce701a6nss-softokn-devel-3.44.0-5.el6_10.i686.rpm7cd6baf9f77fe0889bd3df37ba0b69d1a8098718c9adda2cf6ab1d95f721602cnss-tools-3.44.0-7.el6_10.i686.rpm437c2a3d09adf393d984540d955d1c4f586548d7c31eec94f149dcc2284dee21nspr-devel-4.21.0-1.el6_10.i686.rpm371c05559f0ebb77332c15478ef85f3febc3ab84a5cf77f08f1f3a6325985f33nss-util-3.44.0-1.el6_10.i686.rpm609f04ec4a2525a0d8d9a07b2ee809fea3ca69c1fc8344e4edf085c4eba37769nss-pkcs11-devel-3.44.0-7.el6_10.i686.rpmc9ec26643fab67c23805dacaeceab64d9677edd959e2876ca109ec12a6265ec7SLSA-2017:0847-1Security Fix(es): * It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server. (CVE-2017-2628)moderateScientific Linux FermiScientific Linux Fermi 6libcurl-7.19.7-53.el6_9.i686.rpm5bbc01fe12b11dcaff88c84555839fa0d8ced7475befb2ef0645fe82c53d72falibcurl-devel-7.19.7-53.el6_9.i686.rpmb723bd289740d91c37ead4ad92e9ee01d201e59e0d10944afff717028d913729curl-7.19.7-53.el6_9.i686.rpm77a51eda3454ff13064b7b3dfb8a69243f4715f25d5e06c2f37d20a66a2d4016SLSA-2017:0979-1Security Fix(es): * It was found that LibreOffice disclosed contents of a file specified in an embedded object's preview. An attacker could potentially use this flaw to expose details of a system running LibreOffice as an online service via a crafted document. (CVE-2017-3157)moderateScientific Linux FermiScientific Linux Fermi 6libreoffice-langpack-uk-4.3.7.2-2.el6_9.1.i686.rpmf4b6b1cee6aff631d80a5858b047e6da5af5615740120899f30e1a54af2c241blibreoffice-langpack-hi-4.3.7.2-2.el6_9.1.i686.rpm8d598eeb756f0cbd541a87182f48312bf1a9a86c588c9b357a5dc7cfb826f543libreoffice-langpack-ta-4.3.7.2-2.el6_9.1.i686.rpm5b3997e43304af0ae2db21737aab8943e63a6cef4a086c96ae73d4825b048455libreoffice-langpack-zu-4.3.7.2-2.el6_9.1.i686.rpm64a9328646fc65ca7c109015c56402b4cad85e94a5155ab4ad3ffe41075bcdc4libreoffice-langpack-ro-4.3.7.2-2.el6_9.1.i686.rpm8d302f6f7073651770c31101bff8dbc9af60cac089993625f8baa83160d011faautocorr-ro-4.3.7.2-2.el6_9.1.noarch.rpm069b7f785f4fff02f70970193e0a2c9c7e09c4f5131b09d83d3786a22dcb0edblibreoffice-nlpsolver-4.3.7.2-2.el6_9.1.i686.rpm57f63c99fcf1ca5e580bdc92c3e0d0c013a82c8e0f8c4905ed52177205a96d86libreoffice-ure-4.3.7.2-2.el6_9.1.i686.rpm1284b459af30f725a9793f0ae806dab3c7bad8d6f973007fb61c9c9234f6085clibreoffice-langpack-it-4.3.7.2-2.el6_9.1.i686.rpm5983f9da296f0adddd723fc74c3986e43eefeb3d1d9399d81bf2f4798d422a85libreoffice-langpack-tr-4.3.7.2-2.el6_9.1.i686.rpmaa7ae29f9e3112b125db205de4cb5920c1a4efb4c386caf412d9d061a0bc41fclibreoffice-math-4.3.7.2-2.el6_9.1.i686.rpm0a14c47250b37d44745d3833de898febc0ba0e379696bf27d2c94ab887eae87clibreoffice-4.3.7.2-2.el6_9.1.i686.rpm9377f2a8df84a8ddd65463a0c5de96793912c22704da6307901e6b95ee3874d0libreoffice-base-4.3.7.2-2.el6_9.1.i686.rpm506acad8976565e077046af2e7d2889598ffc2531fbfb6b5890937f83c41ba3clibreoffice-core-4.3.7.2-2.el6_9.1.i686.rpm4a65c3bc1c624c899f7d9500aefe352c0208a661b6ea7936208b3ea468a75478autocorr-cs-4.3.7.2-2.el6_9.1.noarch.rpm2154934563d2380e3b827a156f8621ae84f697ea4f4a757b0c2aaf812367c3baautocorr-hu-4.3.7.2-2.el6_9.1.noarch.rpm531b3b4aa2a290b9566d22f51164807b7f4362fccb4bcb2bf8e561c1044e16d5libreoffice-emailmerge-4.3.7.2-2.el6_9.1.i686.rpmdf0792c572cbaef75aad281b1fa620567774cd8676ffd42e968a25b798451c73autocorr-sk-4.3.7.2-2.el6_9.1.noarch.rpmce7974e9a0c5ec4f4d10ae2a20493c42945c6d2517bb07e3058c530fff3e923clibreoffice-langpack-mr-4.3.7.2-2.el6_9.1.i686.rpmec998a0873d2d3a3f8377794c1d90f85ab28700b6093f2d83e693af233839cdbautocorr-af-4.3.7.2-2.el6_9.1.noarch.rpm1c2f4cb40ca90b5c5a70d20b2b6d6c61b0daa9e0c7b9e9de4a59e1843e71b1cclibreoffice-langpack-pt-BR-4.3.7.2-2.el6_9.1.i686.rpme2a9ad44ff88c751a53e50bbc8c63f8ba0d0031bd16ba9a63e52513e224a5a34libreoffice-langpack-ja-4.3.7.2-2.el6_9.1.i686.rpm21fcf2d902eac9db1658f2a845121a8374cc4ffa72c90b901cb11ef7cc37bea4libreoffice-langpack-sl-4.3.7.2-2.el6_9.1.i686.rpmbe0fb4aca9a70dffd834beb3182142efae61a9fc1859a06a603ee81765c74b41libreoffice-langpack-cs-4.3.7.2-2.el6_9.1.i686.rpm111b8373fde085efebfe58ced1fc2d66f26dd3240ad8fcf6ca067176a71cb72flibreoffice-langpack-te-4.3.7.2-2.el6_9.1.i686.rpm6cf4d4f32ae6e6761aacbee8edfc1644cb8797970156e9ae44772eddd0cb9663libreoffice-gdb-debug-support-4.3.7.2-2.el6_9.1.i686.rpm7b3afd43e8fb2ee32149e9c20afd31b989e127434cb0ede1290c4e82ff40bd27libreoffice-calc-4.3.7.2-2.el6_9.1.i686.rpm3f3bff1d76250aebcc4f424919bcf61952e4bcc80ffdd47e5145995a096c4ae1libreoffice-langpack-zh-Hans-4.3.7.2-2.el6_9.1.i686.rpmee122225c9bcf75103e6d66aa377713b2b1309a61dd006962699d93c2800bb78libreoffice-langpack-es-4.3.7.2-2.el6_9.1.i686.rpm6749e90b47ef0dbc14f68f6b42c0225e133b0eced195f38dd368c9e6bd316130libreoffice-langpack-gl-4.3.7.2-2.el6_9.1.i686.rpm6ec6bdc9853be5ebb431c94f5d63087048b16509165d7dfc4d1b3018010a77calibreoffice-pdfimport-4.3.7.2-2.el6_9.1.i686.rpm48e19d4098f58617021ee86ed7a647924b9dc13d815a4af3299090415c350cf1libreoffice-langpack-nso-4.3.7.2-2.el6_9.1.i686.rpmc062fb74be32a4f63c712791373bdb489c9782bddc3042f4f85170da4497a679autocorr-sv-4.3.7.2-2.el6_9.1.noarch.rpm4f05489a659db751a27aa5e9a06896326f9afd04779148d969a414fa665d9ecalibreoffice-langpack-pl-4.3.7.2-2.el6_9.1.i686.rpm26183eb84140f030add069aaae4e805e3546163489b2064dce82a860427d82a5libreoffice-glade-4.3.7.2-2.el6_9.1.i686.rpm9a80c906e2cd1e8f7ae5471346e70a27b5ca52f4818d4d22a7b3ee9dacb82cfflibreoffice-langpack-ga-4.3.7.2-2.el6_9.1.i686.rpm5c6f8413684576890bc98fff3a73b6d21b86d5b41ee2b35ef821128339a26c31libreoffice-langpack-eu-4.3.7.2-2.el6_9.1.i686.rpm810a03b3ea1bd53d2bba51bd46689a557d2f83c2fa08307db41fa8b8472606cfautocorr-is-4.3.7.2-2.el6_9.1.noarch.rpm50b80dd7b0ef8b80e7b38d43dbe3240544911af61475098f7e40abd02938dc7eautocorr-fi-4.3.7.2-2.el6_9.1.noarch.rpm5b11a0f1cb83bde880b62e187dbdfdddc9ec5f0a23f6c4352ee0abefe139a3d8libreoffice-langpack-fr-4.3.7.2-2.el6_9.1.i686.rpm5df27ce6fd66be699756b3039e2d7eb65f2e16408425f6833aeaddd858d00786libreoffice-langpack-bg-4.3.7.2-2.el6_9.1.i686.rpm35e6aad0390d3ba1ce60f8caedb9b5ce91ba067de6a0ba3909ed92e08d572c86libreoffice-rhino-4.3.7.2-2.el6_9.1.i686.rpme38b5bbf23ad2176517dcc6a0c3ab7a874519244afd4881999f92a7e49062329libreoffice-langpack-ve-4.3.7.2-2.el6_9.1.i686.rpm889ba5638ad258e9d5ab55e7d9c451e6a52810369b6ce5e895ab854d7a802851libreoffice-langpack-de-4.3.7.2-2.el6_9.1.i686.rpm22ac22ffe71df390855a52b3cd2d80372039efd456e923495445f567ee660a4clibreoffice-langpack-ms-4.3.7.2-2.el6_9.1.i686.rpmc3be62d8426d3d79671c97576597ccba66bf1283edc5642589549826e3f3b243libreoffice-opensymbol-fonts-4.3.7.2-2.el6_9.1.noarch.rpm1191cc77a91c3df807a36005a7952c3118e995532ad8c13c3bdf9a657bf6c29blibreoffice-langpack-ko-4.3.7.2-2.el6_9.1.i686.rpmab563e813d17c535475338a13249a1e7b782d0bee93b40500e9288e6aaaddcb5autocorr-ja-4.3.7.2-2.el6_9.1.noarch.rpm5a67147b4e9dc4b93db0dbc20d581665ec9afa6c55ea51791afe6746fc4340edlibreoffice-writer-4.3.7.2-2.el6_9.1.i686.rpme32fb280c5ae23d052c461a533ce9d3d89371efb9798cca7378fe0b643331e81autocorr-pl-4.3.7.2-2.el6_9.1.noarch.rpmad322e797da44d9709da666b83e2f2ef764584bb76843a9b34b483c874245ae5libreoffice-langpack-el-4.3.7.2-2.el6_9.1.i686.rpm1f8ad3c7e05155b677963bfeaf63ee76218197ff2897190d059906f7753ea9edlibreoffice-langpack-sk-4.3.7.2-2.el6_9.1.i686.rpm3e9b2d48820ea7a025e61347111abf62cbf6d3b0d8e91019e43243d5a8bc5d02libreoffice-langpack-ts-4.3.7.2-2.el6_9.1.i686.rpm4564a01f7b8d1894c931e0ef2955ba73c48397594f9d154ab2dec58022d6fba4libreoffice-officebean-4.3.7.2-2.el6_9.1.i686.rpmead8d7682bcfb18d03b7251236afe54c0c964492d479f5c96444ffb5c47a1d95libreoffice-langpack-ml-4.3.7.2-2.el6_9.1.i686.rpme4e611cb58c411d76270264bfcbfd6552f8657500867f1383bc663e0ef47ea7flibreoffice-langpack-kn-4.3.7.2-2.el6_9.1.i686.rpmf6d8b0e34788696ca7fcde2561f8055f7455775e0e92539e4b6fdfd4c006ab20libreoffice-xsltfilter-4.3.7.2-2.el6_9.1.i686.rpm44663b9f70ea6f77da6eaa811f300ab51ee818fae08eef4603949cc12a7a2049autocorr-vi-4.3.7.2-2.el6_9.1.noarch.rpm3cfbf3b3afe292e05482014e9fc6b0f58da4f19389a6e9e1f78d58d8876149ealibreoffice-langpack-en-4.3.7.2-2.el6_9.1.i686.rpm97cc9544f72273ecccedf2605a6dc2a70e0345964ca8231d2c6afe17a9cff32bautocorr-it-4.3.7.2-2.el6_9.1.noarch.rpm95d95a26541b13ff8d4de01cde064a01164e5d6265fcd4e1e5122db096f95235libreoffice-draw-4.3.7.2-2.el6_9.1.i686.rpmec95e2ad8d67a5379dc3a19717d7807ed9a31a5c15498d2ad70f3264dcded3b5libreoffice-langpack-nb-4.3.7.2-2.el6_9.1.i686.rpm29f89de220ce22ff4c05c3489e7a548449ff8bc8519bfe402d22acb87844e0bblibreoffice-langpack-he-4.3.7.2-2.el6_9.1.i686.rpm4f68b571f6559763b3c1585463b3da983d0c47586ccf35467ef755a13cb8ea80autocorr-bg-4.3.7.2-2.el6_9.1.noarch.rpm64033fac639e2edd9b6c8e1a7e63c369cb1fff881df021472fe1c13b8aece486libreoffice-langpack-th-4.3.7.2-2.el6_9.1.i686.rpm87d45f2d0f80a5d7b90f2b5327b8139a22f289e444828a2b27220fad75f43fc3autocorr-ca-4.3.7.2-2.el6_9.1.noarch.rpmdf1032de82277a7a7101dc0d05ea1b97ec12bfd6b2d00652616a8036813401dclibreoffice-langpack-da-4.3.7.2-2.el6_9.1.i686.rpmd06c03f7d157e1ed60de245b132ec378c643514dca5391575d57226353d55b5fautocorr-pt-4.3.7.2-2.el6_9.1.noarch.rpm9b89a93a9d29b3701a96029d9193124271ca8bdaf1804d178daa5e96e329317elibreoffice-langpack-zh-Hant-4.3.7.2-2.el6_9.1.i686.rpmff6c7d4c9d5548932cecbe13f23d04ba578dee91606b2e96d1f84c7c3c900852libreoffice-langpack-mai-4.3.7.2-2.el6_9.1.i686.rpm8e1806ca0061348db2b7ed1b37fc86c011864ad0da2580941b7183931f1ec3cbautocorr-nl-4.3.7.2-2.el6_9.1.noarch.rpmd403e2cfdabfee3bc9c450bd3267c749cc020137a87b04cf69fb9f3fdecc98c1libreoffice-filters-4.3.7.2-2.el6_9.1.i686.rpmec5bfaf6aafe709e89451e8bb88d6095e4706c0c0538344be71203b559a36ebclibreoffice-langpack-pt-PT-4.3.7.2-2.el6_9.1.i686.rpm8963fd9f41cb62f119b31e361ed023cec73482e7dab4cb24aee7a143908dc6f0libreoffice-langpack-sv-4.3.7.2-2.el6_9.1.i686.rpm0009470cadd8d22fbe1c987995282c5d801ed4f4c4055fc239180a5b31557e9clibreoffice-langpack-gu-4.3.7.2-2.el6_9.1.i686.rpmf6e1a18fb10b7f8a2a8cf6bc61fe75af7c82e2c549780f828943a39154df6f5elibreoffice-langpack-cy-4.3.7.2-2.el6_9.1.i686.rpm75b47e0786a13523c8769b40a92e9fd9d04fe60cf6f94b3dd43908f68706e2f0autocorr-lb-4.3.7.2-2.el6_9.1.noarch.rpm6018a4afe121ba4d9ea2e037a3e9d0de4f9589c371e4aee331e28ab1d5a34ed9libreoffice-langpack-ar-4.3.7.2-2.el6_9.1.i686.rpme243a34f6f2161bfd9b25568f27476951e429db9a7b7f4f5362c93806bd9b2f0libreoffice-langpack-ca-4.3.7.2-2.el6_9.1.i686.rpm3eb28393aa22bf34c799fa59d19c0cf0d3aa055952f57518910cbc6765a8a0b8autocorr-da-4.3.7.2-2.el6_9.1.noarch.rpmfab318f93e0d14c5edbd33794e164d8c096cc181e914da77a15133b430fbb897libreoffice-langpack-et-4.3.7.2-2.el6_9.1.i686.rpm8ba11180c040b91f173febf2b6161c470499f713fd80ff7bced79dbf493408eblibreoffice-langpack-ru-4.3.7.2-2.el6_9.1.i686.rpm43eed43736f55d5ddf07827a6a740dc35aea9d4d8f8d8a8b95f3600971d3f231libreoffice-langpack-sr-4.3.7.2-2.el6_9.1.i686.rpm7ba12e4bd6be2a18772e408d4d13fdd9e1ac82ef53c56728d7670ae88b7f62calibreoffice-langpack-hu-4.3.7.2-2.el6_9.1.i686.rpmb3fe4dcd5eb26538971160e0cf33d5ca3de2ba6cd230e0967061bcb2e3ae3d70libreoffice-langpack-ur-4.3.7.2-2.el6_9.1.i686.rpmfa67fea17f5de8d483f6ba19df48216c322a02ca335b560c487c476e97c154bdautocorr-tr-4.3.7.2-2.el6_9.1.noarch.rpmce60697f8aaece914e0964d8254f1cfa0f9e6e7c39d0f5a65f5e31c9fbe11e07autocorr-fr-4.3.7.2-2.el6_9.1.noarch.rpma880ddb5e3a6293a08744d314f0bfea84d7cff371733b75b26003139b89f4961autocorr-sl-4.3.7.2-2.el6_9.1.noarch.rpm110df20e48f93c1eb7ee281e397c7318dac41bb9b473c4c36fe792af57844fd5libreoffice-langpack-tn-4.3.7.2-2.el6_9.1.i686.rpm787b7159afe2db92cff82bf4f0a379045f196063ef897ca86ee5f76c82ee4960autocorr-zh-4.3.7.2-2.el6_9.1.noarch.rpmb4e0ae19e5f630e77f41d06b2681c7475fadfb8fd100b6d36f55b4f17e95f8f3libreoffice-sdk-doc-4.3.7.2-2.el6_9.1.i686.rpmf6099fddf1ec8d1786e4aa2ec670f93d7518f342d7023c1510aa6b648f6029cblibreoffice-langpack-or-4.3.7.2-2.el6_9.1.i686.rpmf38709696b74c1e9a75fe76e43eefb2934dbe38e95d8ebc1db1abc90e6321154libreoffice-langpack-xh-4.3.7.2-2.el6_9.1.i686.rpm59bac6a9c6fe77c5b41422a9af522c9876d905da81fe477c43a88cb3f3c72a13libreoffice-langpack-hr-4.3.7.2-2.el6_9.1.i686.rpmb80c3dbe83eccc5524940aefbce38ad1059e45c25732f1363e1492a13a27ef3clibreoffice-wiki-publisher-4.3.7.2-2.el6_9.1.i686.rpm46735614d89ed654e29d3696e3fe26c25128a97f4958fac2775ecdf25d68cbf2libreoffice-langpack-dz-4.3.7.2-2.el6_9.1.i686.rpm29754b09cfa04fdda6c6b4d720123b0a7048b363d33a891ecfab21b563564e50libreoffice-langpack-pa-4.3.7.2-2.el6_9.1.i686.rpma2a56141d757d0bc2f0ab1659564ac8099845919db93210202aff5f39e394ff1autocorr-ga-4.3.7.2-2.el6_9.1.noarch.rpm2826ca3d0def0e03bda200f522eb61eec278b0ae1ab41c08c1c79f8cce9c6d70libreoffice-langpack-fi-4.3.7.2-2.el6_9.1.i686.rpm47752445b5ce6fffd2d54a9b3b89c4f5b9044870c6b83e957bfcca951cbbc5d2libreoffice-langpack-lt-4.3.7.2-2.el6_9.1.i686.rpmf82f926b1159de08d3ffd50fb3a235800b94f9326b510f8307bdb58a52afd1d9autocorr-de-4.3.7.2-2.el6_9.1.noarch.rpmd1abca34872ddcfe0084e55d8a3f7a6c4d7ab0878660c13d431e7b79cda60e5blibreoffice-ogltrans-4.3.7.2-2.el6_9.1.i686.rpmcf3d643475013177fe8f8a50d8728792b1d388f6b607b17eaebebcf5220fa7d7libreoffice-librelogo-4.3.7.2-2.el6_9.1.i686.rpmb963c58f4f347410ebd16c157208a3e2b3f18c840dfddc55f32c1b20d16eba5dautocorr-fa-4.3.7.2-2.el6_9.1.noarch.rpm0a1d3714cc91b7fd173dce175de1764c20777f40366f98fd21da67ade7e7b2b5autocorr-mn-4.3.7.2-2.el6_9.1.noarch.rpm9a10d7f1895eca409cd71ad0d0dbf8d841e86742804bd76d9fbe838d228fe850autocorr-ru-4.3.7.2-2.el6_9.1.noarch.rpmb49204e083a263ce3d1305c37d2fef050949010ac2cd81c47333a91bd375d659autocorr-en-4.3.7.2-2.el6_9.1.noarch.rpm75a7cd41c017f985b53a1b017955003d50aaa289b431cf8a017ce8e1c5ec441elibreoffice-langpack-nr-4.3.7.2-2.el6_9.1.i686.rpm106270a7da6420b6735d7715f8457b598e2ca95481d07e17051392b8aa12117blibreoffice-bsh-4.3.7.2-2.el6_9.1.i686.rpm831e9b18a7a65f37281dd3ed927fff65240e1a3d4c76a08237cd94c022023af5libreoffice-langpack-as-4.3.7.2-2.el6_9.1.i686.rpm89c8a06dc022745eab2a76f29427272193aca72f78c943a608cd6506ec2ef9f3libreoffice-langpack-bn-4.3.7.2-2.el6_9.1.i686.rpm4d902e97a51c8e4be2eaf927724856129c52bc87c25f959d024f6504ae80e7f6libreoffice-headless-4.3.7.2-2.el6_9.1.i686.rpm3a9aa3d3c76550b319e5d9e51697b8063717c15dd7debfe9d3abb12e700d7d74libreoffice-langpack-st-4.3.7.2-2.el6_9.1.i686.rpmea97f02ce661ea25819712058dfd30c42daedb86eb30cc1c4cabbad825f78d03autocorr-lt-4.3.7.2-2.el6_9.1.noarch.rpmefda3860a2142487504c79780d1654a0fe9bd3a3ffadfbe3cc381423930bb825libreoffice-langpack-nl-4.3.7.2-2.el6_9.1.i686.rpm8470e50801dc9ba0a209f5cd7182c1c2764b69f1bfed3483107ee22e0bb710f0autocorr-ko-4.3.7.2-2.el6_9.1.noarch.rpm9e235e3d7432cac5f596e789f12a399a0c5ad997c235e0a87aff692118c8aa29libreoffice-sdk-4.3.7.2-2.el6_9.1.i686.rpmb86e6ad376234b895910d3f2a764e8302eb4506c3113773e727f4f527df7320cautocorr-sr-4.3.7.2-2.el6_9.1.noarch.rpm398180ec0adc988cbe0d8151add86acd6c29c8a6db379ef56e20599b72f93164libreoffice-graphicfilter-4.3.7.2-2.el6_9.1.i686.rpm0df36ad3c998e237371ef76b63e18d071eb3842339d5b43df7f7894b1be5bcaeautocorr-es-4.3.7.2-2.el6_9.1.noarch.rpmad834f03e60d4aa6661daa0f2fc8e7b0de0e6de454712189d687f7ec08f8605dlibreoffice-langpack-af-4.3.7.2-2.el6_9.1.i686.rpmd19d7a3ea59106cb0de76167c421c1d5ef84b5c6e3e75ea47865de5faf8a9742libreoffice-impress-4.3.7.2-2.el6_9.1.i686.rpmc389d05be65ae587bcdfb95391960ce02833cc9918e328368c84b7c8011e9343libreoffice-pyuno-4.3.7.2-2.el6_9.1.i686.rpmf15ff2a6655d397442023863302a525424f7a830e338ffe7433e01cbbcdfdc7alibreoffice-langpack-ss-4.3.7.2-2.el6_9.1.i686.rpm131259f4da9cc13b87efbb59bd57a1c2af375785146d376d1921a7e7f7f51ef8autocorr-hr-4.3.7.2-2.el6_9.1.noarch.rpm3f2e3896b81581e93ab5df96850e9546c3a4021f047f079ff61d40503fc0575dlibreoffice-langpack-nn-4.3.7.2-2.el6_9.1.i686.rpme30a4f6d6087a713aa2441d68e379280bf37de03eafb165d7530b0a7501a8114SLSA-2017:1100-1The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.28.4), nss-util (3.28.4). Security Fix(es): * An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2017-5461)criticalScientific Linux FermiScientific Linux Fermi 6nss-pkcs11-devel-3.28.4-1.el6_9.i686.rpm61935696953f1d5b878e854c59245ded87a1bb771c82814cd6b617124c9c7641nss-util-devel-3.28.4-1.el6_9.i686.rpmd2bdde78314d6652a0966773abf7703510bb2f9d4efa53b2b91387d73c61347enss-sysinit-3.28.4-1.el6_9.i686.rpmc8ff4e583b62edc1ae770a1dc6b963cad8c0a38c02f83b5b232e62cabb0c55b0nss-3.28.4-1.el6_9.i686.rpm341424f107605e2efa56ea377f9da8108ae2db0ab0832e49c85ffc8568c9d84fnss-util-3.28.4-1.el6_9.i686.rpm03323817a4f703171f29d59953383e72e2347a8efdb81079716033b48f2a46dbnss-tools-3.28.4-1.el6_9.i686.rpm3869746474095c202e68aa8f8e593aa144ab2e37620ffc6d313e9c8e3e3ceee5nss-devel-3.28.4-1.el6_9.i686.rpm162d85a3cba111cacafb841c6c71583a0e5c191ef3737455bbe74252f607b210SLSA-2017:1104-1This update upgrades Firefox to version 52.1.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469)criticalScientific Linux FermiScientific Linux Fermi 6firefox-52.1.0-2.el6_9.i686.rpm49e7f0ff9785650d857af6d3a14a5975a41fcfaf412be3badebe9c7ee3d717b8SLSA-2017:1105-1Security Fix(es): * A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2017-3137) * A denial of service flaw was found in the way BIND handled query requests when using DNS64 with "break-dnssec yes" option. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3136)importantScientific Linux FermiScientific Linux Fermi 6bind-libs-9.8.2-0.62.rc1.el6_9.1.i686.rpm86e74bc8ea7ac4c4263bd4acaa823a3c3534eab4b69b09f6ff26a10c0d615473bind-sdb-9.8.2-0.62.rc1.el6_9.1.i686.rpm1621c0fa9e4e577fb13ebcdaf0d5e7e1a5fb300de044a59041d4bb3c5e6ed2e6bind-utils-9.8.2-0.62.rc1.el6_9.1.i686.rpm53982eb9292e15bfebfdc8aebf171ace192e033807b863d096c4312679192174bind-9.8.2-0.62.rc1.el6_9.1.i686.rpm52bb000e478933684d71a7df3fcb7ed3b01d615b9c74e1327c413db346d920a6bind-devel-9.8.2-0.62.rc1.el6_9.1.i686.rpm94cded554f19814271e13b43b5bfe065537432243caba3ea5635fc07c67c32d4bind-chroot-9.8.2-0.62.rc1.el6_9.1.i686.rpmc71ebb0e4ff130425534918ef31ec2d070a7fc7a43e3162d1aa24e5535912d6dSLSA-2017:1109-1Security Fix(es): * An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. (CVE-2017-3511) * It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory. (CVE-2017-3526) * It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with credentials of a different user. (CVE-2017-3509) Note: This update adds support for the "jdk.ntlm.cache" system property which, when set to false, prevents caching of NTLM connections and authentications and hence prevents this issue. However, caching remains enabled by default. * It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2017-3539) Note: This updates extends the fix for CVE-2016-5542 released as part of the SLSA-2016:2079 erratum to no longer allow the MD5 hash algorithm during the Jar integrity verification by adding it to the jdk.jar.disabledAlgorithms security property. * Newline injection flaws were discovered in FTP and SMTP client implementations in the Networking component in OpenJDK. A remote attacker could possibly use these flaws to manipulate FTP or SMTP connections established by a Java application. (CVE-2017-3533, CVE-2017-3544) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.moderateScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-demo-debug-1.8.0.131-0.b11.el6_9.i686.rpm8b3822aa200da0a4e1a83a59cc9ee1dbfe625e76561d8bebdba7670f02530ad3java-1.8.0-openjdk-src-debug-1.8.0.131-0.b11.el6_9.i686.rpm5df9c297e23cc2a465306ad053274f9d5806f164806fdb19805273c423df7033java-1.8.0-openjdk-javadoc-1.8.0.131-0.b11.el6_9.noarch.rpmce541104c6e4a6030f161c2d0ed33e3ff9ab496b53bd53cb24a2b42d1197a437java-1.8.0-openjdk-headless-1.8.0.131-0.b11.el6_9.i686.rpm1fde1b4287ed70209bd7581404b92c9616e294e2acb81b1eea09b2183b6efac9java-1.8.0-openjdk-javadoc-debug-1.8.0.131-0.b11.el6_9.noarch.rpm6792d0d9d325b69638e6f32bc56b5c0ba832df1026f52cb848665d423c566ff9java-1.8.0-openjdk-devel-debug-1.8.0.131-0.b11.el6_9.i686.rpm3d702b0e8a51cedfe93fb93ca33f288027dba99c97c200dbc29cc7b300b3dbc5java-1.8.0-openjdk-src-1.8.0.131-0.b11.el6_9.i686.rpm073e7c44133489586c6a4ba76c66ab5f46f1da4398213adb06d89b5d9666ed05java-1.8.0-openjdk-1.8.0.131-0.b11.el6_9.i686.rpmfba0a20c7de9529338be08d2aee126a38beed097201eef779b11dfe7f938fad2java-1.8.0-openjdk-debug-1.8.0.131-0.b11.el6_9.i686.rpm467b4d64e1a2c9dbe9e953988d37935e0afb4c4d115515bae294bc6357b4e7f7java-1.8.0-openjdk-devel-1.8.0.131-0.b11.el6_9.i686.rpma6d6bc6b9b25c5c3956e2eba20864fa01e593fcd63f2f04db5fde9538054147bjava-1.8.0-openjdk-headless-debug-1.8.0.131-0.b11.el6_9.i686.rpmf30ccd6770b2474262bde472a2b429e07ca9fc9efb79832b7abc21d626d2c8b5java-1.8.0-openjdk-demo-1.8.0.131-0.b11.el6_9.i686.rpm3af5575655df5104e7e603e04c6a91ef54d5f95a357e9c88124bf21ecefa26c0SLSA-2017:1201-1This update upgrades Thunderbird to version 52.1.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467, CVE-2016-10197)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-52.1.0-1.el6_9.i686.rpme51f525dca181e2d55be185e6dcdc04edb25571c48729d735176f1ebd62ed223SLSA-2017:1202-1Security Fix(es): * A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2017-3139) Note: This issue affected only the BIND versions as shipped with EL6.importantScientific Linux FermiScientific Linux Fermi 6bind-libs-9.8.2-0.62.rc1.el6_9.2.i686.rpma7ac26544dd1521f8ac8d263f72c4b50a630399195e924bd86a0b4aed772c76cbind-sdb-9.8.2-0.62.rc1.el6_9.2.i686.rpm9448963233b2f0351977de28b59fd7505db3b083f147483c2210633969d6f140bind-9.8.2-0.62.rc1.el6_9.2.i686.rpm7f6febd2f4ddfc0969f91faba176c82c28f1186e9b461e71112cdbbed65bfa54bind-devel-9.8.2-0.62.rc1.el6_9.2.i686.rpm28d60a8c90201a5af60ef07d087ca36b50a201ddcaedbc9d8a2124c1adbec37dbind-chroot-9.8.2-0.62.rc1.el6_9.2.i686.rpm205e358a4de03bde0c673ee0db5b0b923d7357333f6ab3a5b16235464c45e72abind-utils-9.8.2-0.62.rc1.el6_9.2.i686.rpmec4967a1a2055178c878ddf42fc6d2bc3495a2cecc0dca61421ddd1ac7357fa1SLSA-2017:1204-1Security Fix(es): * An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. (CVE-2017-3511) * It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory. (CVE-2017-3526) * It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with credentials of a different user. (CVE-2017-3509) Note: This update adds support for the "jdk.ntlm.cache" system property which, when set to false, prevents caching of NTLM connections and authentications and hence prevents this issue. However, caching remains enabled by default. * It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2017-3539) Note: This updates extends the fix for CVE-2016-5542 released as part of the SLSA-2016:2658 erratum to no longer allow the MD5 hash algorithm during the Jar integrity verification by adding it to the jdk.jar.disabledAlgorithms security property. * Newline injection flaws were discovered in FTP and SMTP client implementations in the Networking component in OpenJDK. A remote attacker could possibly use these flaws to manipulate FTP or SMTP connections established by a Java application. (CVE-2017-3533, CVE-2017-3544)moderateScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.el6_9.i686.rpm01b494851673e415901f52fd8ab1fb640172874b5ef9796c2f84d09620962c0ejava-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.el6_9.i686.rpm4fe521cd9af0c0f23c2dab0ee0342053917b78c69ce5b669506d1f44b3b9f8f7java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el6_9.i686.rpm65da98b6e133da9df3e7a279032cc6ccc7308919822d637b30be8861783d1f6fjava-1.7.0-openjdk-javadoc-1.7.0.141-2.6.10.1.el6_9.noarch.rpma93ef7cabb7ebfbce94b8018fadf4524e08de64d9b6ef3026e1d25e9f3b7a3b5java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.el6_9.i686.rpmbcbb50cf5f8b8152b9a49c8644fae8dc2426d9c9710b34ee466f662fb88f54d8SLSA-2017:1206-1Security Fix(es): * A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2016-9603) * An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980) * An out-of-bounds memory access issue was found in QEMU's VNC display driver support. The vulnerability could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user/process inside a guest could use this flaw to crash the QEMU process, resulting in a denial of service. (CVE-2017-2633) * An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718)importantScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.503.el6_9.3.i686.rpmdbe6f0b10e1c1a64cc5495c31598db49adf5f480627d3918af3516bf40bc25f6SLSA-2017:1208-1Security Fix(es): Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591) Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251)importantScientific Linux FermiScientific Linux Fermi 6jasper-utils-1.900.1-21.el6_9.i686.rpma903b19e73d265815d3a4826bf903c1ab86c73cf2d3492f86cff5491d63511d0jasper-1.900.1-21.el6_9.i686.rpmdd61590de97cdb910f7a797a86db00ebb675ec8ad927dcbcf5231d3d71e44266jasper-libs-1.900.1-21.el6_9.i686.rpmc0ee5699ea0363145c3c19a02b99d78b065e0d56a6089038977efc3b78d4d1bdjasper-devel-1.900.1-21.el6_9.i686.rpm65b167d8fc691b4a23358e74b4293733a7f713e6f490eb964281358ee83b21a7SLSA-2017:1230-1Security Fix(es): * It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. (CVE-2017-8291)importantScientific Linux FermiScientific Linux Fermi 6ghostscript-devel-8.70-23.el6_9.2.i686.rpm76c92134d302df9ecbb0d6b39a6d465823ddafbc64c785d4563eb4ded2a5e95aghostscript-gtk-8.70-23.el6_9.2.i686.rpm68e50d81c6845d573e8fcdb7703d263d20028ad06a725a09058855aa282ca54eghostscript-8.70-23.el6_9.2.i686.rpmedd23ed3c5c3160501c57a020fb028d50e6d96c10a9e6e99708696d5cd263edcghostscript-doc-8.70-23.el6_9.2.i686.rpmdc6c15627a769c6e2e93d6df3a762eeace7a09bbb4c2ce21e4bcbc0c39f05de0SLSA-2017:1267-1Security Fix(es): * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)importantScientific Linux FermiScientific Linux Fermi 6rpcbind-0.2.0-13.el6_9.i686.rpm70e6b9b92e071be36508fe9d6b12786659dfaeb6e5a9f424d65ea93fb7331345SLSA-2017:1268-1Security Fix(es): * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)importantScientific Linux FermiScientific Linux Fermi 6libtirpc-0.2.1-13.el6_9.i686.rpm673b0dd782da045e1e013bd47f73ad01f66d95aca5118e470dff63ea35c28311libtirpc-devel-0.2.1-13.el6_9.i686.rpm4da519285cdc69064862f451b80aad849653f092b821989e379548946bf293cdSLSA-2017:1270-1Security Fix(es): * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494)importantScientific Linux FermiScientific Linux Fermi 6samba-client-3.6.23-43.el6_9.i686.rpm5f1c7b3309eb348ec162beebd081ee2d9a324e48359bd43dffd1bc0ca795afa2libsmbclient-devel-3.6.23-43.el6_9.i686.rpm86e6d69a152889610144d8448772078da53bc421e15367aa3c36898f59b07fb7libsmbclient-3.6.23-43.el6_9.i686.rpm36045e2dd5b21702320d4b72e9f0af22ac29c5680250d06c54f192bd486f468esamba-doc-3.6.23-43.el6_9.i686.rpm799a44613aadd686dac2295234e740c26f536c5ea0af7a09c04cde91dbe78587samba-winbind-devel-3.6.23-43.el6_9.i686.rpm0c90057193778be53e1312e38c9dae2a58b52be4cd9431bd07c728e398d24901samba-winbind-clients-3.6.23-43.el6_9.i686.rpmd6511ed0b340ebf232c3281794612d3a49aa910654be491cc3a1f78d5953be08samba-winbind-3.6.23-43.el6_9.i686.rpm902dfd69d4ed34e7ce1ac6792185b3ec104b5a780af9879b2b03ca822599014bsamba-swat-3.6.23-43.el6_9.i686.rpm4bb61c3b8c5f8501a041c52b2f37f2903ca1655ac2cf50d2e2875d6fbfc8a84dsamba-domainjoin-gui-3.6.23-43.el6_9.i686.rpm35970965591e16829e0d70968acf8c375edc8e37f72fa9a17e18197940e7d4eesamba-common-3.6.23-43.el6_9.i686.rpm90aa765cb2dace8f239e9c44f1bab699480c37fcf63e55075c41687d8a8b4ccfsamba-3.6.23-43.el6_9.i686.rpm030f60620d9cfffa7f67aaad4b10656e36e7e80c46c03225754293116f5c71adsamba-winbind-krb5-locator-3.6.23-43.el6_9.i686.rpm9ef6e90fab6e0acfb66f675af09d6d592ae616afb3fe5cb037624aa0ccb5c141SLSA-2017:1271-1Security Fix(es): * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494)importantScientific Linux FermiScientific Linux Fermi 6samba4-4.2.10-10.el6_9.i686.rpm4377f5b38b8ee0ce57a0398b93817caf3c189de5496bf8bf66a4e83154c3702dsamba4-winbind-krb5-locator-4.2.10-10.el6_9.i686.rpmf6692c9b49ab7dc4fdb35a9186e5d636f07b50e6771ddf45ae929baf849143cbsamba4-test-4.2.10-10.el6_9.i686.rpm547be4dbd9a88b14efc668f51cce4792a466f2d2b1deb6aa3945b134c79af9f5samba4-python-4.2.10-10.el6_9.i686.rpmcf5c118683bd37173249e25f6308d57368d14270a079d1e616ac1da4c68b184esamba4-winbind-clients-4.2.10-10.el6_9.i686.rpmc159c1e5f3b38bd23530c4d18f0e69cf14eb3902b2e0a8ccdc25c2e8fdf8cf88samba4-pidl-4.2.10-10.el6_9.i686.rpm289a67f01af74975178be8aebcfff6ed84826282d1d35f1fed8b60950e4bd5d4samba4-libs-4.2.10-10.el6_9.i686.rpmb3e1b3dbb59837b5b576ae5286774e08dd18b93d160af26169b1f9f07380c5a8samba4-common-4.2.10-10.el6_9.i686.rpmf72de9dcdebf7f341c953114812c64f482140f24d0791a4ab612eee9141c6041samba4-devel-4.2.10-10.el6_9.i686.rpm55f529511e95ec0a9f7887358ddff78f7ba458c5f042eba316f1e466af776622samba4-client-4.2.10-10.el6_9.i686.rpm736535562d2104424b55a462b3bc7fd0405a0ee9031a67a30b99274485156a13samba4-dc-libs-4.2.10-10.el6_9.i686.rpm81e932f704735fe11d4cd17a84dbbe820851c94877d7ca2efa4d1918a5b57df6samba4-dc-4.2.10-10.el6_9.i686.rpm25186df70658c9a4b3080ee0bd3ea5875ca35ab9c12791765a8e317e81363138samba4-winbind-4.2.10-10.el6_9.i686.rpm94fa068a46a57bfaeed754d8e5d3091bf1dde189998ca1504d819cf536c6a96cSLSA-2017:1364-1Security Fix(es): * A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library. (CVE-2017-7502) Bug Fix(es): * The Network Security Services (NSS) code and Certificate Authority (CA) list have been updated to meet the recommendations as published with the latest Mozilla Firefox Extended Support Release (ESR). The updated CA list improves compatibility with the certificates that are used in the Internet Public Key Infrastructure (PKI). To avoid certificate validation refusals, consider installing the updated CA list on June 12, 2017.importantScientific Linux FermiScientific Linux Fermi 6nss-sysinit-3.28.4-3.el6_9.i686.rpm76888f7d23a7ac5398d73c3cebd65d294d2390e671e4fb10312f206506df2268nss-tools-3.28.4-3.el6_9.i686.rpm9f00aaa32d5c5205f713ce27b1b04b9dc069bb4b533a0ac65fcbff0415305424nss-devel-3.28.4-3.el6_9.i686.rpmb1866c36523619b7f0b6e2d01029b4102c185368fa29fcd9bf9fb5adab41956dnss-3.28.4-3.el6_9.i686.rpm940c84198fcb3cb475c933f37cde222d15063ac62f6d07ae2755573b1bc52a5anss-pkcs11-devel-3.28.4-3.el6_9.i686.rpm7e7b4c5e7627985d759cda289ab28108389fb43545d4192b9aaf41a3b282e939SLSA-2017:1372-1Security Fix(es): * A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality can allow a remote attacker to force the kernel to enter a condition in which it can loop indefinitely. (CVE-2017-6214, Moderate) Bug Fix(es): * When executing certain Hadoop jobs, a kernel panic occasionally occurred on multiple nodes of a cluster. This update fixes the kernel scheduler, and the kernel panic no longer occurs under the described circumstances. * Previously, memory leak of the struct cred data structure and related data structures occasionally occurred. Consequently, system performance was suboptimal with the symptoms of high I/O operations wait and small amount of free memory. This update fixes the reference counter of the struct slab cache to no longer cause imbalance between the calls to the get_cred() function and the put_cred() function. As a result, the memory leak no longer occurs under the described circumstances. * Previously, the be2net driver could not detect the link status properly on IBM Power Systems. Consequently, the link status was always reported as disconnected. With this update, be2net has been fixed, and the Network Interface Cards (NICs) now report the link status correctly. * Previously, the RFF_ID and RFT_ID commands in the lpfc driver were issued in an incorrect order. Consequently, users were not able to access Logical Unit Numbers (LUNs). With this update, lpfc has been fixed to issue RFT_ID before RFF_ID, which is the correct order. As a result, users can now access LUNs as expected. * Previously, the kdump mechanism was trying to get the lock by the vmalloc_sync_all() function during a kernel panic. Consequently, a deadlock occurred, and the crashkernel did not boot. This update fixes the vmalloc_sync_all() function to avoid synchronizing the vmalloc area on the crashing CPU. As a result, the crashkernel parameter now boots as expected, and the kernel dump is collected successfully under the described circumstances.moderateScientific Linux FermiScientific Linux Fermi 6kernel-devel-2.6.32-696.3.1.el6.i686.rpmfe84d543a616fd0806d5d472ff0039dd2ed4176e762b2a2ff30b8247bda06ccckernel-debug-devel-2.6.32-696.3.1.el6.i686.rpmacf128c56cf7a31c4fb9e4369501f3ebc1400e5332b0dbf6df235da8cf7bd4bfkernel-debug-2.6.32-696.3.1.el6.i686.rpmfa84aa1f9500eb9cbc0c4b1326e6f9b68e92a87583bda4967ed7ac3de6b7eaeckernel-abi-whitelists-2.6.32-696.3.1.el6.noarch.rpm683a058363b16779571de85ae065c7c60f5af8624324c1a70bb0f7fccd5f7852perf-2.6.32-696.3.1.el6.i686.rpm0c58648a8a10e85b96efb380fbb48356421746c501d12933f6a6bbba66f6a3c5kernel-doc-2.6.32-696.3.1.el6.noarch.rpm794b66a512de1cad923e8b0e7a37c67dd111a401da93a3f6b7ececed26226e15python-perf-2.6.32-696.3.1.el6.i686.rpm93c05ff0788783842c48718c347c2f740083eea31e549beee0b25b148c69a5e8kernel-headers-2.6.32-696.3.1.el6.i686.rpmb31a0adb99cd1f7386a71d491e52bbf7ee0001d45947619b9a43431ab0caf803kernel-2.6.32-696.3.1.el6.i686.rpm81cf763912419bc537bde6e030286f8fdca922e9501729fecba33dd2e74935bdkernel-firmware-2.6.32-696.3.1.el6.noarch.rpmf54db38dee3a387fb1dd12286c3ef1d803d4b04c3aabb8ed933dc8c1cc3bb536SLSA-2017:1382-1Security Fix(es): * A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. (CVE-2017-1000367)importantScientific Linux FermiScientific Linux Fermi 6sudo-1.8.6p3-28.el6_9.i686.rpm63fd474919aec0ebe90d6fe3a7614ab4d4ee72b1a098334faeb657b7811155a6sudo-devel-1.8.6p3-28.el6_9.i686.rpmd2c6c906d65f024de1d046ca8d7b74bc53dc6db16dd1975bf30eaeb67c08df46SLSA-2017:1440-1This update upgrades Firefox to version 52.2.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)criticalScientific Linux FermiScientific Linux Fermi 6firefox-52.2.0-1.el6_9.i686.rpmabe4597ec5e1d5972051d961c2278f4ca0ace5bd506fe20ab21dcdf7057b080cSLSA-2017:1480-1Security Fix(es): * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366)importantScientific Linux FermiScientific Linux Fermi 6glibc-utils-2.12-1.209.el6_9.2.i686.rpme91fb65fd6727f8136f7861131fb6fb81cf03aedf355b2de11e8503a047def41glibc-2.12-1.209.el6_9.2.i686.rpm2879a6d162ef5ee2ad14c6d2efd95e7bc52cecb037f2d5f49d9f20f61fdd3868glibc-static-2.12-1.209.el6_9.2.i686.rpm5600e76f459cbe3e393ae7a2c65ec1ca71135b4668f2f6245c45d1bf36987c85nscd-2.12-1.209.el6_9.2.i686.rpm8634c1b443b0338539739640f68b82b9d4b0214243df26dd1ec3f1710a02646bglibc-devel-2.12-1.209.el6_9.2.i686.rpm649668f2da4e931cc2faedfe0d2ec69dc6ce7ff4c752f74e794f97a8de066bbbglibc-headers-2.12-1.209.el6_9.2.i686.rpm86ade572b37d736164b78a465b9e574692d5d7f963d3e426eef19f6491a303a7glibc-common-2.12-1.209.el6_9.2.i686.rpmfef03c1d3efa043ec082f122500ca97247e2f52538a3ab4526bb09c012c31d73SLSA-2017:1486-1Security Fix(es): * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important)importantScientific Linux FermiScientific Linux Fermi 6kernel-doc-2.6.32-696.3.2.el6.noarch.rpmd4278db0a1770006bc79d268bec9eb12a67cde174c4956eb8bd1966f5dee59e0perf-2.6.32-696.3.2.el6.i686.rpm19012e0f3c828df4c239592fb10f6d27089d9e5527bde6e39275b9dde06fb81ekernel-2.6.32-696.3.2.el6.i686.rpm83228c8e226bd83a03c7048e1cbbc3e4ae166f2a409a37aa2e05a9262f4caecbkernel-abi-whitelists-2.6.32-696.3.2.el6.noarch.rpm3567a866bc5265483c14065a7f3d0b67dff9989351f1040f3c2ac4ed752324fdkernel-devel-2.6.32-696.3.2.el6.i686.rpmde6249215883c63f2847d57767cf2e33ebb132d75d77dc6c6751b2b7014b48cepython-perf-2.6.32-696.3.2.el6.i686.rpm52f93969bc508fd66cad9ae297f7c00783956a9817ee5dcf7faf1c60ff738575kernel-headers-2.6.32-696.3.2.el6.i686.rpma158e40a7c61184be95127decd7d2752ddfc5f91e896d3e32feb01d2ccc2061akernel-debug-devel-2.6.32-696.3.2.el6.i686.rpmc1ad349d10953758e9718cffacad19c3653ce42f0aaa8e0dc6b18c612d63a51ckernel-firmware-2.6.32-696.3.2.el6.noarch.rpmdfc8a64b1f5db453560506f2fc67d398d837cd5b8c46c9faaeb3d2762547ff6bkernel-debug-2.6.32-696.3.2.el6.i686.rpm609a6e40c21537c78beaf24c019c30d918fcddc87bff1d215d8cab0cae2a87e5SLSA-2017:1561-1This update upgrades Thunderbird to version 52.2.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-52.2.0-1.el6_9.i686.rpmbf32d2955720ddebbfaafac0afd13950376a6cef28f3ca73d9656ab59c375bebSLSA-2017:1574-1Security Fix(es): * It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. (CVE-2017-1000368)moderateScientific Linux FermiScientific Linux Fermi 6sudo-1.8.6p3-29.el6_9.i686.rpmda1448c6fbc12662216dcef1fe10419a28f4d6efa05b6fe27702ab8160659763sudo-devel-1.8.6p3-29.el6_9.i686.rpmefe6b03ba8feb43d659f2d2941094ee653b38a0014e0342c0e23f95a26c55594SLSA-2017:1576-1Security Fix(es): * A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use this flaw to execute arbitrary code on the Mercurial server by using specially crafted command-line options. (CVE-2017-9462)importantScientific Linux FermiScientific Linux Fermi 6mercurial-hgk-1.4-5.el6_9.i686.rpm885aa88d2c50a1c88031ed44bfd65788d5bf578032a8d9901508d3c735b758ecmercurial-1.4-5.el6_9.i686.rpm2bbe3999bc75c583f7ead09c59cf15dd53857ed9de842156fa3d88cc3e3afd86emacs-mercurial-el-1.4-5.el6_9.i686.rpm4d37415b35a3a54e006422454b1a089aeb821813c85671268d92e1d9f14b2d52emacs-mercurial-1.4-5.el6_9.i686.rpm7b17558627c71c7bba9990f00f3ef11036845a51dcc01e15db7583a747611449SLSA-2017:1679-1Security Fix(es): * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) * A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Bug Fix(es): * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover.importantScientific Linux FermiScientific Linux Fermi 6bind-libs-9.8.2-0.62.rc1.el6_9.4.i686.rpm2454c0d0285180ad8ca8372e62b55b07481136101654fda9188eeee5f0ec8873bind-sdb-9.8.2-0.62.rc1.el6_9.4.i686.rpmb41b7081a7726a0a97ed2c40f3aad22efad75a72c1866d876ec5eaf848e586cabind-9.8.2-0.62.rc1.el6_9.4.i686.rpmffb4a6d0e0565b8f7cd8814e1ccabd457e2cec1b242969d8ce65d9ee7ebc19f0bind-utils-9.8.2-0.62.rc1.el6_9.4.i686.rpmc26832e4d213b7e436064cb52d627d02569c609ebd2c9a3b5fd7702fb4c2d88abind-chroot-9.8.2-0.62.rc1.el6_9.4.i686.rpm65d0109e8e2f6710bde6477b284bf549457a5214fba9ad2e8a308f844948229fbind-devel-9.8.2-0.62.rc1.el6_9.4.i686.rpm82626875853d1935405e18ae07d07485c4c79eb7697f58bd76ecf02246e30e42SLSA-2017:1721-1Security Fix(es): * It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) Note: The fix for the CVE-2016-8743 issue causes httpd to return "400 Bad Request" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive "HttpProtocolOptions Unsafe" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue. Bug Fix(es): * Previously, httpd was unable to correctly check a boundary of an array, and in rare cases it attempted to access an element of an array that was out of bounds. Consequently, httpd terminated unexpectedly with a segmentation fault at proxy_util.c. With this update, bounds checking has been fixed, and httpd no longer crashes.moderateScientific Linux FermiScientific Linux Fermi 6httpd-manual-2.2.15-60.sl6.4.noarch.rpm7b92fb6e1e3f4c3c243d028da0aa8412d23b4dfcadc2c3ce6dc8b2aa328ff0dfhttpd-devel-2.2.15-60.sl6.4.i686.rpm03fa344fe3f011171803b6c899275a6f4e6b232b8dd4a78f346361a34ce90651httpd-2.2.15-60.sl6.4.i686.rpmae1bedb870abf3ba91f78c4175cbc3d9cc112cd49c02aa69c155b2b51697be7emod_ssl-2.2.15-60.sl6.4.i686.rpm3e1116894f8fee4c847c536cbe25668dc4b0d19f25e5af091c32352970aba046httpd-tools-2.2.15-60.sl6.4.i686.rpmeb74e0283ea84d04ebf76976e6e5c6359fea49c91157a53ba870fb8b091f18f0SLSA-2017:1723-1Security Fix(es): * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) Bug Fix(es): * If several file operations were started after a mounted NFS share had got idle and its Transmission Control Protocol (TCP) connection had therefore been terminated, these operations could cause multiple TCP SYN packets coming from the NFS client instead of one. With this update, the reconnection logic has been fixed, and only one TCP SYN packet is now sent in the described situation. * When the ixgbe driver was loaded for a backplane-connected network card, a kernel panic could occur, because the ops.setup_fc function pointer was used before the initialization. With this update, ops.setup_fc is initialized earlier. As a result, ixgbe no longer panics on load. * When setting an Access Control List (ACL) with 190 and more Access Control Entries (ACEs) on a NFSv4 directory, a kernel crash could previously occur. This update fixes the nfs4_getfacl() function, and the kernel no longer crashes under the described circumstances. * When upgrading to kernel with the fix for stack guard flaw, a crash could occur in Java Virtual Machine (JVM) environments, which attempted to implement their own stack guard page. With this update, the underlying source code has been fixed to consider the PROT_NONE mapping as a part of the stack, and the crash in JVM no longer occurs under the described circumstances. * When a program receives IPv6 packets using the raw socket, the ioctl(FIONREAD) and ioctl(SIOCINQ) functions can incorrectly return zero waiting bytes. This update fixes the ip6_input_finish() function to check the raw payload size properly. As a result, the ioctl() function now returns bytes waiting in the raw socket correctly. * Previously, listing a directory on a non-standard XFS filesystem (with non-default multi-fsb directory blocks) could lead to a soft lock up due to array index overrun in the xfs_dir2_leaf_readbuf() function. This update fixes xfs_dir2_leaf_readbuf(), and the soft lock up no longer occurs under the described circumstances. * Previously, aborts from the array after the Storage Area Network (SAN) fabric back-pressure led to premature reuse of still valid sequence with the same OX_ID. Consequently, an error message and data corruption could occur. This update fixes the libfc driver to isolate the timed out OX_IDs, thus fixing this bug. * Previously, a kernel panic occurred when the mcelog daemon executed a huge page memory offline. This update fixes the HugeTLB feature of the Linux kernel to check for the Page Table Entry (PTE) NULL pointer in the page_check_address() function. As a result, the kernel panic no longer occurs under the described circumstances.importantScientific Linux FermiScientific Linux Fermi 6kernel-doc-2.6.32-696.6.3.el6.noarch.rpm019f193d68652c61bc6b27688c42ea3351e25697123e80177f92d53d6205bb88python-perf-2.6.32-696.6.3.el6.i686.rpm9774db9a591f3b072fe0c9c5817c3e6ad5a205f7694756964c3352e1b910fbcbkernel-abi-whitelists-2.6.32-696.6.3.el6.noarch.rpm59740baee481bd15f0d3a56065838dee04694822d164aeacb8e941b2070ce96dkernel-devel-2.6.32-696.6.3.el6.i686.rpmfe233b043e42caa79d41e3589cd41788f030632487639b7429bb0ab7d3038620kernel-headers-2.6.32-696.6.3.el6.i686.rpmc54ab158e5643850b2a19f2ecd8eb54be9a763226f54a12cdf88cbf63d49b376kernel-debug-2.6.32-696.6.3.el6.i686.rpmcf061b4b97c869bc0f13d11fce7866d4ef2b083131028bc778aad39e161eb30bkernel-debug-devel-2.6.32-696.6.3.el6.i686.rpme365b975854fa172e36c48af77f3f1b1fb6bbcf67672b304b9d2b828fb1767f2perf-2.6.32-696.6.3.el6.i686.rpmea3885a7a617df7d58f1cd69ff32b91cfaa4d266f31e78fd28e0a52c5e38b7e6kernel-firmware-2.6.32-696.6.3.el6.noarch.rpm9b8bfe574c3d0ab35c79b62c1f70699b0e98d3e99f57bc15527ca8007bdae1dfkernel-2.6.32-696.6.3.el6.i686.rpme61899506074a752c7f248dcc4e015d1129596196d769bd02ccee3139136e77dSLSA-2017:1759-1Security Fix(es): * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. (CVE-2017-10979) * An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978) * Multiple memory leak flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leading to a crash due to memory exhaustion, by sending specially crafted DHCP packets. (CVE-2017-10980, CVE-2017-10981) * Multiple out-of-bounds read flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10982, CVE-2017-10983)importantScientific Linux FermiScientific Linux Fermi 6freeradius-mysql-2.2.6-7.el6_9.i686.rpme5352a6a8736a87b9b6bd796749ffee083a9242500a2a2210678611d0057b521freeradius-2.2.6-7.el6_9.i686.rpm7732bc91aaaf11471ed954c0737113b93d7ef355fbc71ca4326048b69c94a653freeradius-unixODBC-2.2.6-7.el6_9.i686.rpm4eb75ca5cbc241714e910607ad3ba57262dc6320c2d7f553678f00dc3a21d2cafreeradius-postgresql-2.2.6-7.el6_9.i686.rpm819d6d569ae175f15a218f0c22503c021c8588d01f5ad74c0aea26e9bfd3cc1cfreeradius-python-2.2.6-7.el6_9.i686.rpm407888fe6c67554ad0962e24fdf9a55bbad19bcd7e7afd1e1bb186dd76e175dafreeradius-utils-2.2.6-7.el6_9.i686.rpm9253defed9b20c2786ea4f90948204744059b15e15bde64a078e1d431cbee886freeradius-perl-2.2.6-7.el6_9.i686.rpm1ed319fee60103013eb655d20696747ab16d17b18018bd67b7fa7817e3fa3db2freeradius-ldap-2.2.6-7.el6_9.i686.rpm9db1fa384493446e7ef6af217f7b949b6b116ddef4ac2c276ad8b9d38ab2df76freeradius-krb5-2.2.6-7.el6_9.i686.rpmb909674e2c1d8c1ca636b4561e4c714c29191bbc31147a7af8d0c54bac2c9675SLSA-2017:1789-1Security Fix(es): * It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-10102) * Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101, CVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10111, CVE-2017-10110, CVE-2017-10074, CVE-2017-10067) * It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers. (CVE-2017-10116) * It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow scripts to access Java APIs even when access to Java APIs was disabled. An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions. (CVE-2017-10078) * It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms. (CVE-2017-10198) * A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2017-10115) * A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel. (CVE-2017-10135) * It was discovered that the BasicAttribute and CodeSource classes in OpenJDK did not limit the amount of memory allocated when creating object instances from a serialized form. A specially crafted serialized input stream could cause Java to consume an excessive amount of memory. (CVE-2017-10108, CVE-2017-10109) * Multiple flaws were found in the Hotspot and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-10081, CVE-2017-10193) * It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory. (CVE-2017-10053) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.criticalScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9.i686.rpm5e85bf7ba0ca9166e68c1801de726a6a70d9ff6a2b3fe28d8fd2f1fe251ee823java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9.i686.rpm786505669be18bfd313d5b1a74dea521bcabe4c4fbcdc44ebff44a3666702601java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9.i686.rpmb088af38fa3f68a6a3fa048891d8716a8f5a34ec29526ee5ccb782474e90ac58java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9.i686.rpm26a5786482b63bcb228185d77ce59413917ca13410094f3cc56a882d9d911261java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9.i686.rpmdaf9fc45b2d445e05f9c5ec9517151478cf4dbf07b9c70b06f6d5f5bacc20becjava-1.8.0-openjdk-javadoc-debug-1.8.0.141-2.b16.el6_9.noarch.rpm794ba7f05c7b6d58f930c97c5b28eaba76d889e7492726ce452fbc77fbcac6efjava-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9.i686.rpme3687536e4fb80e82f43cd0c112741360fa30506a41634b3e75c99f6496f81cajava-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9.i686.rpmce6beeff1a28c052e2d69553ba203d6da52f0cfaca9276cde3bbec0d774a1f80java-1.8.0-openjdk-javadoc-1.8.0.141-2.b16.el6_9.noarch.rpmf5276bae78af56c2eadfde442ab3f5f2859aac229815e8e7c507b381517a8eacjava-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9.i686.rpm1173ecc14be7e918c001f7b1862b85a1d52d0c165792043d486c2fd152475025java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9.i686.rpme5a9d4f35b616f8e7373b30898e4851e589d3025d2915c3e78b83680d5ee4b18java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9.i686.rpmdb2bf017b1b932002949939d83f36fe814eeb13c2feb1c01122c974a17ff9a30SLSA-2017:2424-1Security Fix(es): * It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-10102) * Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101, CVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10110, CVE-2017-10074, CVE-2017-10067) * It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers. (CVE-2017-10116) * It was discovered that the wsdlimport tool in the JAX-WS component of OpenJDK did not use secure XML parser settings when parsing WSDL XML documents. A specially crafted WSDL document could cause wsdlimport to use an excessive amount of CPU and memory, open connections to other hosts, or leak information. (CVE-2017-10243) * A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2017-10115) * A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel. (CVE-2017-10135) * It was discovered that the BasicAttribute and CodeSource classes in OpenJDK did not limit the amount of memory allocated when creating object instances from a serialized form. A specially crafted serialized input stream could cause Java to consume an excessive amount of memory. (CVE-2017-10108, CVE-2017-10109) * A flaw was found in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2017-10081) * It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory. (CVE-2017-10053)criticalScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-devel-1.7.0.151-2.6.11.0.el6_9.i686.rpm84a31728426441081d0c3b85746d99311e76dd96a8dece58e88fc552fc2cd89djava-1.7.0-openjdk-javadoc-1.7.0.151-2.6.11.0.el6_9.noarch.rpmd4d32441041b1eac71510bd2b9ad86ca681654ff613c2adfac682744786f4f18java-1.7.0-openjdk-demo-1.7.0.151-2.6.11.0.el6_9.i686.rpmac82aa057cec00b6e1b6a17ef8c73c551581425d8f4efa0fae9a4285b95e6dbdjava-1.7.0-openjdk-src-1.7.0.151-2.6.11.0.el6_9.i686.rpm7e0a8460601daa5b35073e96bcbff3cf77af456be802543bbfaa7de8ebfa7818java-1.7.0-openjdk-1.7.0.151-2.6.11.0.el6_9.i686.rpm254aa72830114eb329985c9a47c92eb8cebdbbac1c27e18fefc7a44029e805d2SLSA-2017:2456-1This update upgrades Firefox to version 52.3.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-7779, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, CVE-2017-7753, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7792, CVE-2017-7802, CVE-2017-7807, CVE-2017-7809, CVE-2017-7791, CVE-2017-7803)criticalScientific Linux FermiScientific Linux Fermi 6firefox-52.3.0-3.el6_9.i686.rpm08a111757cf923ec9a076cb91eddfa426e65197f4c7dc5878906ae04c2231008SLSA-2017:2478-1Security Fix(es): * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)importantScientific Linux FermiScientific Linux Fermi 6httpd-tools-2.2.15-60.sl6.5.i686.rpm5cdb65835dac3b685bd8c687ae9522cee454e21d9c646de5fbabf56bb64a3282httpd-2.2.15-60.sl6.5.i686.rpm40e6718daf1f000809a290586fb10a1e4018ac125d7fe957533d60aaf2f7dbd4mod_ssl-2.2.15-60.sl6.5.i686.rpm811cf2254cc49e3bccee085cfd681d4c6bf6ffc5fff1021122c5f546b6ddb776httpd-manual-2.2.15-60.sl6.5.noarch.rpmd03ca4fc6e03e40ea424387af2958d6ad01ef200f9436a9b5477c955c2caebc0httpd-devel-2.2.15-60.sl6.5.i686.rpm137c1093c87f3de665495ed007f85252257201e99dc9ebb20f62c3f0ae11cc51SLSA-2017:2485-1Security Fix(es): * A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117)importantScientific Linux FermiScientific Linux Fermi 6gitweb-1.7.1-9.el6_9.noarch.rpm156ee25ee26379f29336ae5169ac2eb6325953c7c644daaac89be7995925059cgitk-1.7.1-9.el6_9.noarch.rpm0816ee686d718b9a5c815cb3c562d16912734e395cdcfb1bc3cc05bfa30f065dperl-Git-1.7.1-9.el6_9.noarch.rpmafced2cc89763349fe540271abef9c11c526e6816c379c684dfbedec70a334f5git-svn-1.7.1-9.el6_9.noarch.rpm0ba3f49eabcf16e124bdec19b0744826068ef26b4f28fab8725551ed564c0745git-cvs-1.7.1-9.el6_9.noarch.rpm7d523d7dae6efd912fbe112c2fb6c626db4c7de003e8385b2fcee10b64927288git-gui-1.7.1-9.el6_9.noarch.rpmff376cf7dc5f042c35046d308767d7454f2e146741eb7a5e1c4add5600ffc1f3git-email-1.7.1-9.el6_9.noarch.rpm2f44f1162208c93efa13ca52caef5d27a33d3b5b022b02500983ed475831fa52git-1.7.1-9.el6_9.i686.rpm5d434593fee1e7074f853a9a48f0d2d2a1b9c7a534b7ef27bd19343d97c9b6c9emacs-git-el-1.7.1-9.el6_9.noarch.rpmd353cea62b28beb6d3cf2a1510b11c0d5be2c2f36a3cc42b7c1d7af8608a7caeemacs-git-1.7.1-9.el6_9.noarch.rpm6d0468a0928c6487bc078044232e1371c9c049b8e52ea992dce3f8c53a494528git-all-1.7.1-9.el6_9.noarch.rpmf57299c2664c0f172ac8c60ab6bb031f94aa4f0182a8597b997090fa5478ae4fgit-daemon-1.7.1-9.el6_9.i686.rpm80f136c28a3520bc453459829023c4ff1767dc031b25d87aaa38803f613d3730SLSA-2017:2534-1This update upgrades Thunderbird to version 52.3.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-7779, CVE-2017-7800, CVE-2017-7801, CVE-2017-7753, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7792, CVE-2017-7802, CVE-2017-7807, CVE-2017-7809, CVE-2017-7791, CVE-2017-7803)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-52.3.0-1.el6_9.i686.rpm1230539aba7166f60387175a58074520b8cbc4c2ec1a73d7b2af819fb606c66eSLSA-2017:2550-1Security Fix(es): * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776)moderateScientific Linux FermiScientific Linux Fermi 6poppler-qt4-devel-0.12.4-12.el6_9.i686.rpm484d59e0a9c448def0bf3855c845ceaa5c77b2c7b59cf1892305c3b6109124fbpoppler-qt4-0.12.4-12.el6_9.i686.rpmd2a4ffc5c89465dbe868e7f5965bdc62db441cd9ad7fa4afd058e6fbff0517a0poppler-devel-0.12.4-12.el6_9.i686.rpm4f4a0fad120358511b53a193d59ef9050645f3385e283e2fbbac621a583c263apoppler-0.12.4-12.el6_9.i686.rpm668c1d99c9731bc89b25f720a9047dc476e4e631606ffca9a6ca674fa39d5c04poppler-utils-0.12.4-12.el6_9.i686.rpm3ba65c017cb6a6befa3c550b0edea9ce3d2ba5085deae9f6eb5b5c73ac71ae16poppler-qt-devel-0.12.4-12.el6_9.i686.rpm6d4ac572510baa6b3efdb9f38e402da73bcfb84dfca4f68f4f6c1468d68b53bepoppler-glib-devel-0.12.4-12.el6_9.i686.rpm4b4ef472476fe5217c4fba49a60863914da0574aa881af681c89dec67002e371poppler-qt-0.12.4-12.el6_9.i686.rpm769553248ebd397368a8fe20322e95eac43403518c389abf8578b958dfc0bb64poppler-glib-0.12.4-12.el6_9.i686.rpm9957e273c5f421fd6b765380af4f7bd4a657f8765365ed5acfcf7b87e67f1ca9SLSA-2017:2563-1Security Fix(es): * A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210)moderateScientific Linux FermiScientific Linux Fermi 6openssh-5.3p1-123.el6_9.i686.rpm97f740105110feb2ce73b673f21c9317bbf4369cdf53b1a03d779d331608968fopenssh-ldap-5.3p1-123.el6_9.i686.rpmd68c23b33bba1319b979fabc1e863ca1762d681b6b9d0c7328e74ba8dbfcd6b9openssh-server-5.3p1-123.el6_9.i686.rpmda74fcb0fb1a37d77cd93cd4fd4523ed08a472fec06f48fab2102d1da3a18bfbopenssh-askpass-5.3p1-123.el6_9.i686.rpm9ebe578b10b675e75207ad8b7e4c294056c2b5b768257d9c0bbe4631ba168cffopenssh-clients-5.3p1-123.el6_9.i686.rpm157503a3564f8126bd3e0c24d2b9cf73bee3036259ab43438fe381e969b22701pam_ssh_agent_auth-0.9.3-123.el6_9.i686.rpm0d3b4f07827f28ab885f94552df147e81a91bf37a07e4c2068b95146c1df6cf9SLSA-2017:2681-1Security Fix(es): * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important)importantScientific Linux FermiScientific Linux Fermi 6python-perf-2.6.32-696.10.2.el6.i686.rpm310c93583392178b29690b57f509eb72de985bba541ff3fd1c2f8a870e7cd7d7kernel-devel-2.6.32-696.10.2.el6.i686.rpm1be0b4c2e9a21722cc20487273fc1aae31fc91ee61dc937e10331ad870c7a8c2perf-2.6.32-696.10.2.el6.i686.rpma2b37dc278ec53a27459d79db674ceedaaf9132abbdd5cda6ef29ae4129204c6kernel-doc-2.6.32-696.10.2.el6.noarch.rpm8ba9a17c87744ab3b5edd58b5a827b280655e1feb60f0c3eaf8298dc9774515dkernel-debug-2.6.32-696.10.2.el6.i686.rpm0334fd8d4a5e2194e8542500107633a44cf3fb846b648d0e1932ce3bc69a8811kernel-firmware-2.6.32-696.10.2.el6.noarch.rpm9594c4e6cc6c4d4945adf98516408763aac60dc405d8544f3b426cc0b9e7980ekernel-2.6.32-696.10.2.el6.i686.rpm0d6f59688f8a59a9082ccf442bb13d26e4174d2fbb71087be71c8ba8ed16f124kernel-abi-whitelists-2.6.32-696.10.2.el6.noarch.rpm611b9a684051af5e4cced48c671c88d2ea4df4a2470bfe2731e16436ef5c15bekernel-debug-devel-2.6.32-696.10.2.el6.i686.rpmb1270330476a39f015b90ca3f9766c5e06bf84385f307974f19d9c9dd4ac2bf1kernel-headers-2.6.32-696.10.2.el6.i686.rpm330def9aaa3f2fdc79200893a87e6494e95af4b16f3877eb565b1588b65e195aSLSA-2017:2685-1Security Fix(es): * An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys. (CVE-2017-1000250)moderateScientific Linux FermiScientific Linux Fermi 6bluez-alsa-4.66-2.el6_9.i686.rpm9ee76fcc7239a5ddbeb04c312ea0febb1c66bfac89fb041ffe87b481f3218f18bluez-4.66-2.el6_9.i686.rpm909d120dfb230e23e74720b37b7e0786b3da539b1ae6bf1f43f2ef2448d23562bluez-libs-devel-4.66-2.el6_9.i686.rpma4b907bab21cfb79ecba7c5c8bb54eaf57d5e16a4672f7ca36124e724bdc26c8bluez-libs-4.66-2.el6_9.i686.rpm7bcac087a22a9f93c8768c7001d23a15381831c3d2e61a666180f537f1294c46bluez-compat-4.66-2.el6_9.i686.rpm6ddf5d6b45d6bcda88c2085a8fd5e4b12a55bcd077e804068f5060fa3d58286abluez-cups-4.66-2.el6_9.i686.rpm891f22ff79778ef0256fbea6828723f19a6ca176cbff1b613e7c2039ed8b1bb3bluez-gstreamer-4.66-2.el6_9.i686.rpm40c417ebb3ee9e5367e06a606d0cad2ae5135297b04085d0916bd87964d3dfaeSLSA-2017:2789-1Security Fix(es): * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man- in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150) * An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163)moderateScientific Linux FermiScientific Linux Fermi 6libsmbclient-3.6.23-45.el6_9.i686.rpm9317c294344b61baeb5c01ab76b2c758ac63d957965a9734f31e72dad4c30fd9samba-client-3.6.23-45.el6_9.i686.rpm4a22a89ef6d238e2ff32cfc2e34935a60c2f0ed18721bb5b2c5fbaa8010e399asamba-winbind-krb5-locator-3.6.23-45.el6_9.i686.rpma0ca3180a494bfd3894fb1e5c05b94111548e1612c655ef92d5ae1f072534811samba-swat-3.6.23-45.el6_9.i686.rpm04ead7acd140e04a79218b23401db3fc43d438832eeb1301be6806bec32a0fb2libsmbclient-devel-3.6.23-45.el6_9.i686.rpmec930cec2f3b8b4eecda96b461ac66c07f9104bb93695d286c7f493cf1b87ca6samba-doc-3.6.23-45.el6_9.i686.rpmf03a0861f9e57f4b218997f007df391d044d82fecb0f52a99fe96233bfad4469samba-winbind-3.6.23-45.el6_9.i686.rpmaa2f1afd91ae79daa4d971a7a0ea091afe8d4d18be0ce381418fc2e203c69e80samba-winbind-devel-3.6.23-45.el6_9.i686.rpmdcbb0d8e0b1d6c3615aefd477c766189799bfe3739777c3b310c281d8c54d4absamba-common-3.6.23-45.el6_9.i686.rpm7246b1ba5729bc259b17e6a40cf5341ff442ab140bfa0944caa209fa77ef09a6samba-domainjoin-gui-3.6.23-45.el6_9.i686.rpmf837492c8088d888733568aceaf21dcce9a3cb6a101afaeae2dd33b70f93c3cbsamba-3.6.23-45.el6_9.i686.rpm0f55a6b2db254448466cd080f7b848382fe141f81b2081db2f827ea235aa5603samba-winbind-clients-3.6.23-45.el6_9.i686.rpm3598f4b0b89b863899ad5b262022f60cdd811fe7dbb6c44400c1c8ef4362caf7SLSA-2017:2791-1Security Fix(es): * It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man- in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150) * An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163)moderateScientific Linux FermiScientific Linux Fermi 6samba4-winbind-4.2.10-11.el6_9.i686.rpm792f6b96c354501a6e3ec848c168e09dea5632c802f8b24d2226eff1b95174fasamba4-winbind-clients-4.2.10-11.el6_9.i686.rpm8a272c871fd49308e4946a4f0597bf2fe2a6b417fdd46b7ed0f0daf9a6b8b3c9samba4-libs-4.2.10-11.el6_9.i686.rpma86ae50964615e5720d9d81d7501101d5ae011426d8cc6a42be3cd08b8b31d42samba4-winbind-krb5-locator-4.2.10-11.el6_9.i686.rpm09339fba1bc0c657c53340c13d41f89a9bea2c4441845ce02cb1112a2f7a5b48samba4-4.2.10-11.el6_9.i686.rpm7dca37e56e76be867d36556e9f1685c27387843c4d4ae21043ddc15f601c9748samba4-devel-4.2.10-11.el6_9.i686.rpmf464721f4dbd5beb629686ec6eb0a89edb4ce6571ad7cd7bd1c07a4cb84cd1fcsamba4-common-4.2.10-11.el6_9.i686.rpmdcf7a8ca7d903ef975ef77ff27e3376b44a0fb1a0b8094dff3d0f6ff65c80a0fsamba4-client-4.2.10-11.el6_9.i686.rpm99c6eef0a9e81fae45080c36abada09a4e8c88787f51bc9112ab9e9fe59332ccsamba4-dc-libs-4.2.10-11.el6_9.i686.rpm47544d853bda1a5d07a50c5dc23fc2d1885876873de354dde6a2c105f0d4b9efsamba4-python-4.2.10-11.el6_9.i686.rpme1aefeff220131130b3ddf77159d55166aad1b3cf3356b11718c07d1a73e9bccsamba4-dc-4.2.10-11.el6_9.i686.rpm520a1b7a9276ffdc0ece64d226d19d97bc7a2005c649cb2a1414217aa5530e8bsamba4-pidl-4.2.10-11.el6_9.i686.rpm01eed4dbb199e8b5b85e2d99f8e2b8f0dc3228ccd9a8c311242a9270eeb465aesamba4-test-4.2.10-11.el6_9.i686.rpm700721f6c6536473239d3ce98aaec683de49342b22e589e28981050ae88bec51SLSA-2017:2795-1Security Fix(es): * A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system. (CVE-2017-1000253, Important)importantScientific Linux FermiScientific Linux Fermi 6kernel-2.6.32-696.10.3.el6.i686.rpmbcbebde20e3cd9f56d8fc221d05ca95ab416cdb4b5e7336b2567f129c286cb08kernel-doc-2.6.32-696.10.3.el6.noarch.rpm60886710a0f0435284b4c641f536b5d8cc3600966355a67c88c7ddeb594c814fkernel-debug-2.6.32-696.10.3.el6.i686.rpmb36823c2494abf2750fe2d73daecb6840c057028acc5b381bf172755a898b8aakernel-firmware-2.6.32-696.10.3.el6.noarch.rpma371ac93bb7655a3a4772cf1b19c4c83a10c261516039d28d008b0383871ca49kernel-devel-2.6.32-696.10.3.el6.i686.rpmaf1886e5b6b67a3970abcf5c34466e19ebed1f00a0fbe1664f1078a32196599epython-perf-2.6.32-696.10.3.el6.i686.rpm5fe32859f8c934bebb020b757d8ced77540c5df159a855b3e9c65af26b83b79dkernel-headers-2.6.32-696.10.3.el6.i686.rpm32df2d4f38370551805bdb6f17c448f1f645656ad1a67baf3691db7b323c9322kernel-debug-devel-2.6.32-696.10.3.el6.i686.rpmca92d408a34683677e2f8ce7ec4639179a7786098705ad809aa090854516c9cdperf-2.6.32-696.10.3.el6.i686.rpmd4c9a873deaa5c6f0262731ee566d58de8eb289b8f5bedd71e32f99c5dd277b8kernel-abi-whitelists-2.6.32-696.10.3.el6.noarch.rpme34a595d77f857d0a722d324b850c209f41491244a41def1408ae4866dea6db4SLSA-2017:2831-1This update upgrades Firefox to version 52.4.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814, CVE-2017-7823)criticalScientific Linux FermiScientific Linux Fermi 6firefox-52.4.0-1.el6_9.i686.rpm6c8fe24f282e69deb493b438a7825f73e523c9b4ad8a0ba39a1efc7d60702065SLSA-2017:2832-1Security Fix(es): * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805)importantScientific Linux FermiScientific Linux Fermi 6nss-devel-3.28.4-4.el6_9.i686.rpm953584e75a9b917aa31170dd53aee2f08fdcf6e780ed443943db8c923eb4fe9enss-sysinit-3.28.4-4.el6_9.i686.rpm383490d0bc5c623aa7b85ef1aa9f432e20df7ee37b1fa2cce47613a5d1b70545nss-3.28.4-4.el6_9.i686.rpme2fa4797d2e8604936ee0cd028f74d80384fbbd2c33e1655aa39110c70fb212cnss-tools-3.28.4-4.el6_9.i686.rpm402a5886cc49ae448d07dbb3dce6c45cde9747ca5af67490554e6cace239292enss-pkcs11-devel-3.28.4-4.el6_9.i686.rpm42e593d054692a06568abb413b86d6fa3fa686520cd215efc4cc820bcbcf1df6SLSA-2017:2838-1Security Fix(es): * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491)criticalScientific Linux FermiScientific Linux Fermi 6dnsmasq-utils-2.48-18.el6_9.i686.rpm7b79cb62536f33ba8c1c0538f5fca9439cd0d6e6758086defa15d908e17f4721dnsmasq-2.48-18.el6_9.i686.rpm510bf5fdfa62c1ca987cd49006031323c0051405a0e3714d2d427ecdaa27e737SLSA-2017:2860-1Security Fix(es): * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords. (CVE-2017-7546)moderateScientific Linux FermiScientific Linux Fermi 6postgresql-test-8.4.20-8.el6_9.i686.rpm7037f608e89ede67910223ff9a1a43fdd6bea1c23a85edc5ea1644867a07d3c8postgresql-server-8.4.20-8.el6_9.i686.rpm35ec5c94580f563ed211657c0d217ec51fc6b30052b3cc557795f0922fb496e4postgresql-plperl-8.4.20-8.el6_9.i686.rpm5f322b4ab7300122da0b968b3f5307bb6f0442aa232072ead416cde9c844cd05postgresql-8.4.20-8.el6_9.i686.rpmbeef0ce70fa1450cdf658ec058a1b0393cde05b98729ae5b0d81abc528c85317postgresql-pltcl-8.4.20-8.el6_9.i686.rpmd2ba63a0b0622e52af2c65c24edb3bdc94fa2056bd35ddaa740e07b8081f062cpostgresql-plpython-8.4.20-8.el6_9.i686.rpme375acfc3a727cfc253024acdb69625c0ef2c13a785da1f52588fd40e3e627d5postgresql-docs-8.4.20-8.el6_9.i686.rpm093440380929590937e2be4de84c0e25142a8702845df4d96ad58dfe71332d0epostgresql-libs-8.4.20-8.el6_9.i686.rpmd3f2be0ffc5a570cc7a08eea2c18edc89b8864bda4721d4ad4cba9db1322d6b7postgresql-devel-8.4.20-8.el6_9.i686.rpm1cf596c4e3319289c9aed8a47cbe224ed4e14450fbbd2ccdcef6f64e45d292b6postgresql-contrib-8.4.20-8.el6_9.i686.rpm59cc67b59ae950a36a24f19ad1909936561e327f195accb7fb9c5f82cd655dc4SLSA-2017:2863-1Security Fix(es): * Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. (CVE-2017-7541, Moderate) Bug Fix(es): * Previously, removal of a rport during ISCSI target scanning could cause a kernel panic. This was happening because addition of STARGET_REMOVE to the rport state introduced a race condition to the SCSI code. This update adds the STARGET_CREATED_REMOVE state as a possible state of the rport and appropriate handling of that state, thus fixing the bug. As a result, the kernel panic no longer occurs under the described circumstances. * Previously, GFS2 contained multiple bugs where the wrong inode was assigned to GFS2 cluster-wide locks (glocks), or the assigned inode was cleared incorrectly. Consequently, kernel panic could occur when using GFS2. With this update, GFS2 has been fixed, and the kernel no longer panics due to those bugs. * Previously, VMs with memory larger than 64GB running on Hyper-V with Windows Server hosts reported potential memory size of 4TB and more, but could not use more than 64GB. This was happening because the Memory Type Range Register (MTRR) for memory above 64GB was omitted. With this update, the /proc/mtrr file has been fixed to show correct base/size if they are more than 44 bit wide. As a result, the whole size of memory is now available as expected under the described circumstances.moderateScientific Linux FermiScientific Linux Fermi 6perf-2.6.32-696.13.2.el6.i686.rpmae3d0fe22e96a9a579f02dc00d443d593257cb944904f990d1fe0e68bf3b33cakernel-debug-2.6.32-696.13.2.el6.i686.rpm5d8d17ce82607f7cfdcf1aaf6378b192a80545fa55022c37cca662cc55a2ecf2kernel-doc-2.6.32-696.13.2.el6.noarch.rpm50a672a034c33c8f2c70b5260c034c684df6e9138f0caf37d12ee517f654b001kernel-debug-devel-2.6.32-696.13.2.el6.i686.rpmf668a3121357d0228fb667495ce7618c2a204a9703856b81e55c6334519226cfkernel-devel-2.6.32-696.13.2.el6.i686.rpm7929bb46d8153ee44c519f5f995e62fd838ee497a7829af60efbaefac912ce2cpython-perf-2.6.32-696.13.2.el6.i686.rpm5c7b96132b3b991a79e41708a694b995bedc25f339b15b65f0491c6381c48518kernel-abi-whitelists-2.6.32-696.13.2.el6.noarch.rpmc94591d676e929fac6d314ff61c2c90146696b40ab75ba3ecd230d798daaa2f3kernel-2.6.32-696.13.2.el6.i686.rpm9ebb5ae6f28ed3ab5752a60214296dcf69c677c392baab7ff1b6959337711de2kernel-headers-2.6.32-696.13.2.el6.i686.rpma99a9b667f63c1546194acb98666c6ca6a364b42acd73917be2b21b34c77c5b3kernel-firmware-2.6.32-696.13.2.el6.noarch.rpm4aafa206050bfcd23af7a4e16e482a52c2e87dd3720204d08e8d1fd75e3d37f7SLSA-2017:2885-1This update upgrades Thunderbird to version 52.4.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814, CVE-2017-7823)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-52.4.0-2.el6_9.i686.rpmd10b549dad59571673d0e59e7afe68090e7f986636268ba78977470a8ac09f92SLSA-2017:2911-1Security Fix(es): * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087)importantScientific Linux FermiScientific Linux Fermi 6wpa_supplicant-0.7.3-9.el6_9.2.i686.rpm34880e862ab92cb9806c408c37343ec818af6780f46d0f0bff6c959e579dd2e3SLSA-2017:2972-1Security Fix(es): * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) * A regression was found in the Scientific Linux 6.9 version of httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171)moderateScientific Linux FermiScientific Linux Fermi 6httpd-devel-2.2.15-60.sl6.6.i686.rpma941364a85c9e9019cd612d4a201a9673ffc1102d71195db9cb7c4a22db27654httpd-tools-2.2.15-60.sl6.6.i686.rpmee0022c666f4648a60e84ab846debacb9cfebb4aec4e93e2c23263ed9c8caf9ehttpd-2.2.15-60.sl6.6.i686.rpma18a00e17af52e08bf8da96872337d3927d0662ea8b20f3246976e9a9f9a57ccmod_ssl-2.2.15-60.sl6.6.i686.rpme9221783af9d79298e80c8548d8aec60e493799bc5eaba6511f1bc1a57b7139bhttpd-manual-2.2.15-60.sl6.6.noarch.rpmf6a98b36d518261d39834d10f98d2d9b8c712ddeab2254d101807779104914a7SLSA-2017:2998-1Security Fix(es): * Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10285, CVE-2017-10346) * It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the- middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients. (CVE-2017-10388) * It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store. (CVE-2017-10356) * A flaw was found in the Smart Card IO component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2017-10274) * It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server. (CVE-2017-10355) * It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additional headers into the request. (CVE-2017-10295) * It was discovered that multiple classes in the JAXP, Serialization, Libraries, and JAX-WS components of OpenJDK did not limit the amount of memory allocated when creating object instances from the serialized form. A specially-crafted input could cause a Java application to use an excessive amount of memory when deserialized. (CVE-2017-10349, CVE-2017-10357, CVE-2017-10347, CVE-2017-10281, CVE-2017-10345, CVE-2017-10348, CVE-2017-10350) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.criticalScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el6_9.i686.rpmb36b3f65a059ddcc38b446de7c51039c2fd49ccc51252ca7bffb45f4f2cc92c2java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el6_9.i686.rpma43ac61be5fb3aa41870592d1227dc70b2f64097dc2d95d1c79ee68fb9bc2765java-1.8.0-openjdk-src-1.8.0.151-1.b12.el6_9.i686.rpm86ff55cd4b9308f86d5f47e80bc5ee9d7dcb07f387bc9fcb926dc3a4a5398adejava-1.8.0-openjdk-javadoc-debug-1.8.0.151-1.b12.el6_9.noarch.rpmcded3938597dd71d3b8447cd66192496c952a91d12b8422daa5973a25c69f5ccjava-1.8.0-openjdk-demo-1.8.0.151-1.b12.el6_9.i686.rpm6be117ded0f561f1a29e6676900daa47e6b640f98c0712280bbb1087424762adjava-1.8.0-openjdk-javadoc-1.8.0.151-1.b12.el6_9.noarch.rpm8db9cf01a9cf2b418d088b04ea6a5077a3be113b7cd1c4e77e6caf34c5e599e1java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el6_9.i686.rpma599262687aa327621cbcec8874d9c15b384d9b3c3678d846bd43dacbcf9dfdfjava-1.8.0-openjdk-devel-1.8.0.151-1.b12.el6_9.i686.rpm1fb857fd974d60a0d7c2cfd9b83ab6fd8b78fbe0ded03050b0a58a23f91aa0c9java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el6_9.i686.rpm60b9e207adcc91eb88fc588dc5af376efdc5d7bf8faf4a23d0d0ec3ae1b9f110java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el6_9.i686.rpm904cb03cdbcd05038aa7437cbfa2807af7fd00c2150db9460d81e602e31bf412java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el6_9.i686.rpm7c840173d3ad9c8a3684e34c79d1a8c7d331a61f8cb27199c35c22f68aa342ccjava-1.8.0-openjdk-1.8.0.151-1.b12.el6_9.i686.rpmff24600f03a627ec25fa8b9df6673940390bd403dbc2204265a5492f581465beSLSA-2017:3071-1Security Fix(es): * Two vulnerabilities were discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. (CVE-2017-6463, CVE-2017-6464) * A vulnerability was found in NTP, in the parsing of packets from the /dev/datum device. A malicious device could send crafted messages, causing ntpd to crash. (CVE-2017-6462)moderateScientific Linux FermiScientific Linux Fermi 6ntp-perl-4.2.6p5-12.el6_9.1.i686.rpm3d079faf9dd6adf901120946a9dbdb2aafbee290e51bfcd27a3fbc9044ca0bd6ntp-doc-4.2.6p5-12.el6_9.1.noarch.rpmc25d5ae9eb12cd8f5903eab7de6b201d70035b4343ddeaf5c3c6575899d780e9ntp-4.2.6p5-12.el6_9.1.i686.rpmab6bf26fec4bf1c0c88cdd89d8ae6899f50330b3a5e418f51fb99b36837d31d9ntpdate-4.2.6p5-12.el6_9.1.i686.rpm1a3f56f3bc02580ecd664ef6a87f1cb9616bc5df3bc45d3f675df6bf090ea381SLSA-2017:3080-1Security Fix(es): * A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)importantScientific Linux FermiScientific Linux Fermi 6tomcat6-el-2.1-api-6.0.24-111.el6_9.noarch.rpma242e04823176bb9a30a1932b0e9aa0f534faf13bdb9155fe66f2deebd27d227tomcat6-javadoc-6.0.24-111.el6_9.noarch.rpmd92cd24c3791076fe5d4220d3db6eec296de2fb0501e9935c0b672fc535bf7fctomcat6-lib-6.0.24-111.el6_9.noarch.rpm70df8a6bfa699bce9f5d0c0c61a70e9e862ffdca4465ecdb0da239bc54c43fa7tomcat6-docs-webapp-6.0.24-111.el6_9.noarch.rpm4801abedcb8a8aead259080473f95ce08a49dda6b960c1a66deeb17b7ad1c243tomcat6-servlet-2.5-api-6.0.24-111.el6_9.noarch.rpm4a24723c75d4f6e6db258de8fd76ed277395ed575fe955f6145da0f295a03dddtomcat6-webapps-6.0.24-111.el6_9.noarch.rpm9ebf33fcc9990522d5a4d32dbaa116cedbac8b40c04d01ff2922e9fd23e95750tomcat6-6.0.24-111.el6_9.noarch.rpmc26fdc8896543d7817670148450f37c6cfc3c25908a29dd8a794a38b423f7ae2tomcat6-admin-webapps-6.0.24-111.el6_9.noarch.rpm8708517cbfe8ee1077fb7ac81870a410274b8d6e94b4369a230186ec5255fcd2tomcat6-jsp-2.1-api-6.0.24-111.el6_9.noarch.rpm2cb699feacba802bd8b22e797994513874296ea630c508ce2efc3f3284641404SLSA-2017:3200-1Security Fix(es): * A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2017-1000111, Important) * An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges. (CVE-2017-1000112, Important) * A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service. (CVE-2017-14106, Moderate) Bug Fix(es): * When the operating system was booted with RHEV/oVirt, and the eh_deadline sysfs parameter was set to 10s, the Storage Area Network (SAN) issues caused eh_deadline to trigger with no handler. Consequently, a kernel panic occurred. This update fixes the lpfc driver, thus preventing the kernel panic under described circumstances. * When an NFS server returned the NFS4ERR_BAD_SEQID error to an OPEN request, the open-owner was removed from the state_owners rbtree. Consequently, NFS4 client infinite loop that required a reboot to recover occurred. This update changes NFS4ERR_BAD_SEQID handling to leave the open-owner in the state_owners rbtree by updating the create_time parameter so that it looks like a new open-owner. As a result, an NFS4 client is now able to recover without falling into the infinite recovery loop after receiving NFS4ERR_BAD_SEQID. * If an NFS client attempted to mount NFSv3 shares from an NFS server exported directly to the client's IP address, and this NFS client had already mounted other shares that originated from the same server but were exported to the subnetwork which this client was part of, the auth.unix.ip cache expiration was not handled correctly. Consequently, the client received the 'stale file handle' errors when trying to mount the share. This update fixes handling of the cache expiration, and the NFSv3 shares now mount as expected without producing the 'stale file handle' errors. * When running a script that raised the tx ring count to its maximum value supported by the Solarflare Network Interface Controller (NIC) driver, the EF10 family NICs allowed the settings exceeding the hardware's capability. Consequently, the Solarflare hardware became unusable with Scientific Linux 6. This update fixes the sfc driver, so that the tx ring can have maximum 2048 entries for all EF10 NICs. As a result, the Solarflare hardware no longer becomes unusable.importantScientific Linux FermiScientific Linux Fermi 6kernel-abi-whitelists-2.6.32-696.16.1.el6.noarch.rpm0af4b1ab5e56d14bd8d74131ac1e4a6014b577980ae7741af5f70544354792f0python-perf-2.6.32-696.16.1.el6.i686.rpm9d71a943c3413fe194ac41a7520920b7f16e27f8fc5e4a4c98faf193f8f76baakernel-headers-2.6.32-696.16.1.el6.i686.rpmdce0cec4a195aed8aa28b2b4ea36a103892a56f50dc4dce79dde5a332a6ac6ackernel-firmware-2.6.32-696.16.1.el6.noarch.rpm282cf7cf8d7501c367bda3adc1a4e44b35848ed17c9c1eb2eff1a63c946a13aakernel-doc-2.6.32-696.16.1.el6.noarch.rpm1f4f2c2a62a42d515e7ae0255c3f9a2a7d44a1751f93a4f93aacbd57c80eead0kernel-debug-2.6.32-696.16.1.el6.i686.rpm428a8a0073cf8dee843acf7221b8ab394fb0271a0db20fdcfed145932e72e6fckernel-devel-2.6.32-696.16.1.el6.i686.rpm7396cf8b5969ad0c26e3a1f63c9236944a3ece2fd710a54c6305fdb9fd0f258bperf-2.6.32-696.16.1.el6.i686.rpm93d77ae9f63cc95fe167ae8a988596c22bbfb38ba1b2e3c13fa906b7c00f03e7kernel-debug-devel-2.6.32-696.16.1.el6.i686.rpm12fce8b6da30a42427117e9b2cc36160cfba0ac2fcbc7b2744bac9dc5e33f81bkernel-2.6.32-696.16.1.el6.i686.rpmd587327842ada0f551a72b2d6eb8d3b446e14d71a45402cedfaade2d5b20e9acSLSA-2017:3247-1This update upgrades Firefox to version 52.5.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-7826, CVE-2017-7828, CVE-2017-7830)criticalScientific Linux FermiScientific Linux Fermi 6firefox-52.5.0-1.el6_9.i686.rpm0f6f5df535b0a99473466e27223d8e6acd0cb38be4b7ca5d5dea7230168438e9SLSA-2017:3270-1Security Fix(es): * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)importantScientific Linux FermiScientific Linux Fermi 6apr-devel-1.3.9-5.el6_9.1.i686.rpma9c97028a603580d611bb9017851234fc3fe7e13f205dba3ec79b1360004c6f4apr-1.3.9-5.el6_9.1.i686.rpmac520e8990617bfb66ac8eeb6d0eb4def426d90f5d722b7e61ef811083775d29SLSA-2017:3278-1Security Fix(es): * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746) * A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server. (CVE-2017-15275)importantScientific Linux FermiScientific Linux Fermi 6samba4-winbind-clients-4.2.10-12.el6_9.i686.rpm680e6f8b6a1a957341b46a999a9c4a04c0dcdbb488742fab27ce41c45a98d33csamba4-libs-4.2.10-12.el6_9.i686.rpm2526af8ea832eeec6c716025da9a2ae18c73d7c09e6ab3315676837486f372a7samba4-dc-4.2.10-12.el6_9.i686.rpm906e2cbaf54f583d3f8699b0d18ebf4943891ce46ee65e4307df3200b122ba84samba4-dc-libs-4.2.10-12.el6_9.i686.rpmac35cc446098f2927f4b27509194df763b942f73cd69dad0e50b80eafc640789samba4-winbind-krb5-locator-4.2.10-12.el6_9.i686.rpm9e0af30e8320585779022ce02b1a2055f1d9c1ef9fdae39e47117d58ec245dc3samba4-devel-4.2.10-12.el6_9.i686.rpmf0fb00e5f6b9dbdc54216975b000d378cf1e75d98212e0790a03b915c8899c1esamba4-pidl-4.2.10-12.el6_9.i686.rpm90b3353e3d49890ed70976909ba6b105bba414ed1314d2d370b0e6fadd4de1c0samba4-client-4.2.10-12.el6_9.i686.rpm7d51901809263de4969d753bc2ab55eba639b2a1ff62942265c5810b93cb6bc1samba4-common-4.2.10-12.el6_9.i686.rpme0761a78eea036b5722da561c902eb013869861487495bd04bc57eedaf1cfdebsamba4-4.2.10-12.el6_9.i686.rpmf7a7156987f43988bd9b8c6009e9ef2676de5ab28aa9ab111ce61388480eefa8samba4-python-4.2.10-12.el6_9.i686.rpm2cd6a76fab2374c662a71bf53f1e75d2ae16013c3660aec3e154b62dd209c22esamba4-test-4.2.10-12.el6_9.i686.rpm5ba8098ebe1c760245f0011d48c0d7631f2ccd14757927519ed228059b026958samba4-winbind-4.2.10-12.el6_9.i686.rpm1e79e159b915bbe2344bf8bc779edadcfc0364ffd579e67531203a79ae0ceb85SLSA-2017:3372-1This update upgrades Thunderbird to version 52.5.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-7826, CVE-2017-7828, CVE-2017-7830)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-52.5.0-1.el6_9.i686.rpm09984b81911042bbd30b68be77fd4027bbea11f63de42f818939607eabfbbc93SLSA-2017:3382-1This update upgrades Firefox to version 52.5.1 ESR. Security Fix(es): * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors. (CVE-2017-7843)importantScientific Linux FermiScientific Linux Fermi 6firefox-52.5.1-1.el6_9.i686.rpm9e71dc27fea2298deb8b2d4d285f2221def7abf3772c7c3993da937037251d5dSLSA-2017:3392-1Security Fix(es): * Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10285, CVE-2017-10346) * It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the- middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients. (CVE-2017-10388) * It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store. (CVE-2017-10356) * Multiple flaws were found in the Smart Card IO and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-10274, CVE-2017-10193) * It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server. (CVE-2017-10355) * It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additional headers into the request. (CVE-2017-10295) * It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms. (CVE-2017-10198) * It was discovered that multiple classes in the JAXP, Serialization, Libraries, and JAX-WS components of OpenJDK did not limit the amount of memory allocated when creating object instances from the serialized form. A specially-crafted input could cause a Java application to use an excessive amount of memory when deserialized. (CVE-2017-10349, CVE-2017-10357, CVE-2017-10347, CVE-2017-10281, CVE-2017-10345, CVE-2017-10348, CVE-2017-10350) Bug Fix(es): * Previously, OpenJDK could not handle situations when the kernel blocked on a read even when polling the socket indicated that a read is possible. As a consequence, OpenJDK could hang indefinitely. With this update, OpenJDK polls with a timeout and performs a non-blocking read on success, and it no longer hangs in these situations.importantScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-devel-1.7.0.161-2.6.12.0.el6_9.i686.rpm096e4e15785da91b48383f4350114509ac6094243d952c71a9070a60ae945624java-1.7.0-openjdk-javadoc-1.7.0.161-2.6.12.0.el6_9.noarch.rpm0546099399c7a1e7f1a31e39884d901b09a424aa4cfe1c778714a9e6e527e7b2java-1.7.0-openjdk-demo-1.7.0.161-2.6.12.0.el6_9.i686.rpmd499e30193daec1933b6b6cc60f849c0f1a70f5603b90ecb4ee54fd37ec804b5java-1.7.0-openjdk-src-1.7.0.161-2.6.12.0.el6_9.i686.rpm515ac72a5bde1be2d109f2c59e6d3bdd49bec5913df546dd682960a3f8a6c6d7java-1.7.0-openjdk-1.7.0.161-2.6.12.0.el6_9.i686.rpmdc2ab82e067e0d1f47ceeeec7087aaa6ae3f03ed8f25dcc83eaf2e4cfacc0f74SLSA-2018:0008-1Security Fix(es): An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. The performance impact of these patches may vary considerably based on workload and hardware configuration. In this update mitigations for x86-64 architecture are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important) Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.importantScientific Linux FermiScientific Linux Fermi 6kernel-devel-2.6.32-696.18.7.el6.i686.rpmd7f2d87a4f9490c74d02fd22a201a7793153c2423ef45c7d50d87e06cc9bdf05python-perf-2.6.32-696.18.7.el6.i686.rpmee42762154dbfa0c7f671597f8a2ece3cb3d60fc8c3d593606813a0141638bb3kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm960a36ac27e122c13b8571ad7752ffd6b830592219f1a2826155c1c8aac26f78kernel-doc-2.6.32-696.18.7.el6.noarch.rpm38165086edde4ebb7d2022909e3e4173c327f9870a69e788cb3e5cb54e6c2068kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpmea8f54717c1b946365f59c6c7dd52181bd0e9ec7328e4cb2a75454053e7c4d19kernel-debug-2.6.32-696.18.7.el6.i686.rpmf29d01a23e80e581aa493933bffcb80e8c1dce98db5ffd9e608ff3e1f399fed8kernel-firmware-2.6.32-696.18.7.el6.noarch.rpmf6a846095d12822036604909ee078ed1de46aa50ce5038e93335a868b331cc4aperf-2.6.32-696.18.7.el6.i686.rpm4775b7008ce9a920b0c17d7508cd6ef33f9f7b3f101838c8a12dd9c3b089cb0akernel-headers-2.6.32-696.18.7.el6.i686.rpme0f49a9c45e2820d6100ff031004034f2d8138ebc14ef8ba65aabde7e3197fe8kernel-2.6.32-696.18.7.el6.i686.rpm194101d24d5184c71d4ea92ec7a90060012c99ee08e032a0917f9087e577b552SLSA-2018:0013-1Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the microcode counterpart of the CVE-2017-5715 kernel mitigation.importantScientific Linux FermiScientific Linux Fermi 6microcode_ctl-1.17-25.2.el6_9.i686.rpmc4e884c935aa0e32ce622d763ee4493aeb114fcc28294005dc399f1e291096a2SLSA-2018:0024-1Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation.importantScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.503.el6_9.4.i686.rpmb5752f2118969b6e0a7ec8d9ce50c734b8540c9016035ba0249d9297e8d451ffSLSA-2018:0030-1Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the libvirt side of the CVE-2017-5715 mitigation.importantScientific Linux FermiScientific Linux Fermi 6libvirt-devel-0.10.2-62.el6_9.1.i686.rpm2c8093d006167a5a5603b0a421cd0c04fdac1f373a41396a829e1af085e95805libvirt-client-0.10.2-62.el6_9.1.i686.rpm0c214f9dc23f74366e7b81ec6a83481470a248fd63856b733fb3683515a4406blibvirt-python-0.10.2-62.el6_9.1.i686.rpm6e518479c26939c853c2820c72f1b45dadc08304413990e0e2cc9f83e118c590libvirt-0.10.2-62.el6_9.1.i686.rpmd9ddc6cf4c8bca41b9848026a68de52e4d2c698471b11de40e3476c69d13f0c3SLSA-2018:0061-1This update upgrades Thunderbird to version 52.5.2. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-7846, CVE-2017-7847, CVE-2017-7848, CVE-2017-7829)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-52.5.2-1.el6_9.i686.rpm81a1683292f9130eccb61da1b850d152f4721307a59264b91bba0bae3fc0ef4bSLSA-2018:0093-1This update supersedes the previous microcode update provided with the CVE-2017-5715 (Spectre) CPU branch injection vulnerability mitigation. Further testing has uncovered problems with the microcode provided along with the Spectre mitigation that could lead to system instabilities. As a result, this microcode update reverts to the last known good microcode version dated before 03 January 2018. You should contact your hardware provider for the latest microcode updates. IMPORTANT: If you are using Intel Skylake-, Broadwell-, and Haswell-based platforms, obtain and install updated microcode from your hardware vendor immediately. The "Spectre" mitigation requires both an updated kernel and updated microcode from your hardware vendor.importantScientific Linux FermiScientific Linux Fermi 6microcode_ctl-1.17-25.4.el6_9.i686.rpm36e24646eacef60e0cd5cd9ae50d417b189f9be72ccd460d46b07ab6037eaba4SLSA-2018:0095-1Security Fix(es): * Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2018-2582, CVE-2018-2641) * It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633) * The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634) * It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637) * It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class. (CVE-2018-2588) * It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599) * It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602) * It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603) * It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618) * It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629) * It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially-crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678) * It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.importantScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-devel-1.8.0.161-3.b14.el6_9.i686.rpm27859694f8a022017ea7a2ff46e3627d4baefe3bd1137582df8faa725b3a7c2bjava-1.8.0-openjdk-demo-debug-1.8.0.161-3.b14.el6_9.i686.rpme88c47edfef8392972976cff41332c0dc0221e8e9c0e7e2c8689c5876509e157java-1.8.0-openjdk-headless-debug-1.8.0.161-3.b14.el6_9.i686.rpmc87b152efa4ffde04a04d47dbbbc4f267c3d4de0af4b68b39c5a7ddbe9a8e02bjava-1.8.0-openjdk-debug-1.8.0.161-3.b14.el6_9.i686.rpmb2418fa8d02f22732f268dcad8f117693ad772ed25a80fe579c850cdc599b10fjava-1.8.0-openjdk-javadoc-1.8.0.161-3.b14.el6_9.noarch.rpmfcd6546b6a231dc626409c62df1f3ae0c9342ae9429f77162e7feb191b5f445cjava-1.8.0-openjdk-1.8.0.161-3.b14.el6_9.i686.rpm75c27a4325c23f932d5e1e55897728832784acc7d104a49c8af6acaa4a674216java-1.8.0-openjdk-src-debug-1.8.0.161-3.b14.el6_9.i686.rpm21ec2d326a01cbde6595ec5d50a7c82a4d4138921763c4e2ab0f485c3bc214c8java-1.8.0-openjdk-devel-debug-1.8.0.161-3.b14.el6_9.i686.rpmed6378e0750aadd21b412960a55a6ffeba0a1a06120e4a2e5c4b67f56e9156bbjava-1.8.0-openjdk-demo-1.8.0.161-3.b14.el6_9.i686.rpm057ee2984904346d3b0f14c954073804deb8bb8b691bfd996cb071aaa45ae8ccjava-1.8.0-openjdk-javadoc-debug-1.8.0.161-3.b14.el6_9.noarch.rpmc9a147b638abf5482928cb63bd2951ea59ba835e9952131bb37687043e9741f2java-1.8.0-openjdk-src-1.8.0.161-3.b14.el6_9.i686.rpm37fd1eb7be07bf0d24295020522776258efb907ddb13a2880110ad7803ba7057java-1.8.0-openjdk-headless-1.8.0.161-3.b14.el6_9.i686.rpmc75f4aa55d43fba2afa110813555520918a30d64cac2ad10d6e2fe8a0a9334f7SLSA-2018:0101-1Security Fix(es): * A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145)importantScientific Linux FermiScientific Linux Fermi 6bind-utils-9.8.2-0.62.rc1.el6_9.5.i686.rpm34b995e52f4dba4c7f03d1a602516a43a4c9c2569820d9978da7b93fe6e65032bind-libs-9.8.2-0.62.rc1.el6_9.5.i686.rpmb7adb73279c3161ea0cbcfbeb610fc17f115f56026c35c0768f68a0598cec7a0bind-9.8.2-0.62.rc1.el6_9.5.i686.rpm84b019fa6d67619886ef9aa506612fa03f97782aea65fad4fa796606be83880abind-devel-9.8.2-0.62.rc1.el6_9.5.i686.rpm9058d8aee3ab3f6558003d95fdb7fb54591e32e45845d816e4564714c3991457bind-chroot-9.8.2-0.62.rc1.el6_9.5.i686.rpm459e4d3d453be09c97ff2c5cb0fb0360279501d90b1d3cc2216f4f83138360bcbind-sdb-9.8.2-0.62.rc1.el6_9.5.i686.rpm39f0ee9b476aa256feecb250b8a16f12e56f45a41c13ef6ac46874f44b9f4949SLSA-2018:0122-1This update upgrades Firefox to version 52.6.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117) * To mitigate timing-based side-channel attacks similar to "Spectre" and "Meltdown", the resolution of performance.now() has been reduced from 5s to 20s.criticalScientific Linux FermiScientific Linux Fermi 6firefox-52.6.0-1.el6_9.i686.rpm5eaee715e80a9dd15bc26733071cca07e4eb56786c5ddc7853c3f33f6ed536ddSLSA-2018:0169-1Security Fix(es): * An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. (CVE-2017-7542, Moderate) * The IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9074, Moderate) * A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem. Due to the insufficient cleanup in the mq_notify function, a local attacker could potentially use this flaw to escalate their privileges on the system. (CVE-2017-11176, Moderate) Bug Fix(es): * Previously, the default timeout and retry settings in the VMBus driver were insufficient in some cases, for example when a Hyper-V host was under a significant load. Consequently, in Windows Server 2016, Hyper-V Server 2016, and Windows Azure Platform, when running a Scientific Linux Guest on the Hyper-V hypervisor, the guest failed to boot or booted with certain Hyper-V devices missing. This update alters the timeout and retry settings in VMBus, and Scientific Linux guests now boot as expected under the described conditions. * Previously, an incorrect external declaration in the be2iscsi driver caused a kernel panic when using the systool utility. With this update, the external declaration in be2iscsi has been fixed, and the kernel no longer panics when using systool. * Under high usage of the NFSD file system and memory pressure, if many tasks in the Linux kernel attempted to obtain the global spinlock to clean the Duplicate Reply Cache (DRC), these tasks stayed in an active wait in the nfsd_reply_cache_shrink() function for up to 99% of time. Consequently, a high load average occurred. This update fixes the bug by separating the DRC in several parts, each with an independent spinlock. As a result, the load and CPU utilization is no longer excessive under the described circumstances. * When attempting to attach multiple SCSI devices simultaneously, Scientific Linux 6.9 on IBM z Systems sometimes became unresponsive. This update fixes the zfcp device driver, and attaching multiple SCSI devices simultaneously now works as expected in the described scenario. * On IBM z Systems, the tiqdio_call_inq_handlers() function in the Linux kernel incorrectly cleared the device state change indicator (DSCI) for the af_iucv devices using the HiperSockets transport with multiple input queues. Consequently, queue stalls on such devices occasionally occurred. With this update, tiqdio_call_inq_handlers() has been fixed to clear the DSCI only once, prior to scanning the queues. As a result, queue stalls for af_iucv devices using the HiperSockets transport no longer occur under the described circumstances. * Previously, small data chunks caused the Stream Control Transmission Protocol (SCTP) to account the receiver_window (rwnd) values incorrectly when recovering from a "zero-window situation". As a consequence, window updates were not sent to the peer, and an artificial growth of rwnd could lead to packet drops. This update properly accounts such small data chunks and ignores the rwnd pressure values when reopening a window. As a result, window updates are now sent, and the announced rwnd reflects better the real state of the receive buffer.importantScientific Linux FermiScientific Linux Fermi 6kernel-firmware-2.6.32-696.20.1.el6.noarch.rpm98ebd887b572ae5f9cb3c3ce9459836e59fbacde6bfa2cc21ea0c874c00dce7akernel-debug-devel-2.6.32-696.20.1.el6.i686.rpmd7a56b2c86d150d20d3d149e0311bd675585062a572a8290c2ed9e8eae3966f2kernel-2.6.32-696.20.1.el6.i686.rpm003748bf35aa1261a50f35edf033d05e8e7d450f1ef6f1a93532a6b75b25cc30kernel-debug-2.6.32-696.20.1.el6.i686.rpm9b4107477ee0a108dbf7d4d8d870fbcc96ab46d1d9a1f431fce4bcf382e5124akernel-doc-2.6.32-696.20.1.el6.noarch.rpm98dcda697b4a49fa6e429456dc1f7cb4d66e4e9afeb255dda140d714073163dcpython-perf-2.6.32-696.20.1.el6.i686.rpm07868a190ce61bb67b0327b89aa50fd6bdc9d53b3a50deb72838a6133fdd9d86kernel-devel-2.6.32-696.20.1.el6.i686.rpm4bc39747ce7326d5a9ebbc3247b372931df564f309f62a38136f2d9cf35a9cc4kernel-headers-2.6.32-696.20.1.el6.i686.rpm6fc7b8e330840a3db69edb72f7b61a44729b8eadc2a69b51ce98a9b2993f92eakernel-abi-whitelists-2.6.32-696.20.1.el6.noarch.rpmebae57cf0e3745f917ff6c403181cd9f995ff43e0a46e4a8f70a1e000f2ad87aperf-2.6.32-696.20.1.el6.i686.rpm32ec81a576201cf8dc1dae15c78c8ef3f481705328cf4c2279f7b3bd517318acSLSA-2018:0262-1This update upgrades Thunderbird to version 52.6.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-52.6.0-1.el6_9.i686.rpmf9e9aae80c7fb6cd47b748f41ab7abb977a7d9769af227175b99dd821716afd4SLSA-2018:0349-1Security Fix(es): * A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2018-2641) * It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633) * The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634) * It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637) * It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class. (CVE-2018-2588) * It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599) * It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602) * It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603) * It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618) * It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629) * It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially-crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678) * It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)importantScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.el6_9.i686.rpm1d1b9c824c4a90d2cd43ef463b0692a65f2217e0b97c006b17a410cd23c09b6ejava-1.7.0-openjdk-javadoc-1.7.0.171-2.6.13.0.el6_9.noarch.rpm5c27343a2890e6dec0a67673878033699d26c2463f0b0cc8012219c70256ff31java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.el6_9.i686.rpmda10a92d2fbc9cb7be9a2b512ccd7ffe65b06dc374cf655b875bf97d6553848fjava-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.el6_9.i686.rpm98862eff8089afd21f8157e3688e4a5ebf8766219fdc2411822c3b1943848ddajava-1.7.0-openjdk-1.7.0.171-2.6.13.0.el6_9.i686.rpm082c1725e06a33b796b3491229e2681c0802d8151f3dd9dc203889f61f3ec6bdSLSA-2018:0469-1Security Fix(es): * dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server (CVE-2018-5732) * dhcp: Reference count overflow in dhcpd allows denial of service (CVE-2018-5733)importantScientific Linux FermiScientific Linux Fermi 6dhcp-devel-4.1.1-53.P1.el6_9.3.i686.rpm3a3ad35eef197bdb31d2155b6ed114088448c6e7ce63b6ef40124c2e1b81fbeadhclient-4.1.1-53.P1.el6_9.3.i686.rpm0fc62ec04cf0442e22344f8cf17f1393cc82b154b0b435349420a573e4b4aaffdhcp-common-4.1.1-53.P1.el6_9.3.i686.rpmf449e29bc84958ee062ad17201c93cfbb65308420a775d6b0806986fac0f7935dhcp-4.1.1-53.P1.el6_9.3.i686.rpm14b09f54c25fb18176f8c158be844fd62a0bef429e90fe3d8056c1f9ef31c207SLSA-2018:0504-1Security Fix(es): * mailman: Cross-site scripting (XSS) vulnerability in web UI (CVE-2018-5950)moderateScientific Linux FermiScientific Linux Fermi 6mailman-2.1.12-26.el6_9.3.i686.rpm6e4fdcb3aae07ec349978aeb14f8931720e94d0243a67cccf5d1ed1aeca93b80SLSA-2018:0512-1Security Fix(es): * hw: cpu: speculative execution branch target injection (s390-only) (CVE-2017-5715, Important) * hw: cpu: speculative execution bounds-check bypass (s390 and powerpc) (CVE-2017-5753, Important) * hw: cpu: speculative execution permission faults handling (powerpc-only) (CVE-2017-5754) Bug Fixes: * If a fibre channel (FC) switch was powered down and then powered on again, the SCSI device driver stopped permanently the SCSI device's request queue. Consequently, the FC port login failed, leaving the port state as "Bypassed" instead of "Online", and users had to reboot the operating system. This update fixes the driver to avoid the permanent stop of the request queue. As a result, SCSI device now continues working as expected after power cycling the FC switch. * Previously, on final close or unlink of a file, the find_get_pages() function in the memory management sometimes found no pages even if there were some pages left to save. Consequently, a kernel crash occurred when attempting to enter the unlink() function. This update fixes the find_get_pages() function in the memory management code to not return 0 too early. As a result, the kernel no longer crashes due to this behavior. * Using IPsec connections under a heavy load could previously lead to a network performance degradation, especially when using the aesni-intel module. This update fixes the issue by making the cryptd queue length configurable so that it can be increased to prevent an overflow and packet drop. As a result, using IPsec under a heavy load no longer reduces network performance. * Previously, a deadlock in the bnx2fc driver caused all adapters to block and the SCSI error handler to become unresponsive. As a result, data transferring through the adapter was sometimes blocked. This update fixes bnx2fc, and data transferring through the adapter is no longer blocked due to this behavior. * If an NFSv3 client mounted a subdirectory of an exported file system, a directory entry to the mount hosting the export was incorrectly held even after clearing the cache. Consequently, attempts to unmount the subdirectory with the umount command failed with the EBUSY error. With this update, the underlying source code has been fixed, and the unmount operation now succeeds as expected in the described situation. The system must be rebooted for this update to take effect.importantScientific Linux FermitrueScientific Linux Fermi 6kernel-doc-2.6.32-696.23.1.el6.noarch.rpma83b458e5aab21dc60e2b8d864343aa78eb60f7eedb1325a08c932ca825e6a1ckernel-debug-devel-2.6.32-696.23.1.el6.i686.rpmfde2f0cc19ac1cccfcdf15aad251c519b0e25ad3fb1b138bd5c02da24dad8452kernel-2.6.32-696.23.1.el6.i686.rpmdd6f942e00ca94c8a233958e21291eda816da61276647a4e16be211189572f9ekernel-debug-2.6.32-696.23.1.el6.i686.rpmbf6cc82eb435a6439922c5e830bcdf5d3a6f70626fda5d331341498734c033e1kernel-headers-2.6.32-696.23.1.el6.i686.rpm90e50b1c3f80f8dcd4bacc9c964157f86dd07df92f07248606b8a6597098abd1kernel-firmware-2.6.32-696.23.1.el6.noarch.rpm3b84545e6af8f07a12faf5f1655d90f9a92ffc91184849d0401a8eb586c216c3kernel-devel-2.6.32-696.23.1.el6.i686.rpm0c0fb702a7aa076b07014626a71d7fb25e4977146081ac7ddae71f723a3b363epython-perf-2.6.32-696.23.1.el6.i686.rpm1a3a88fabfaa560cb4f2dd4c577fb1bb57971fa7dc12f4652ec4cfa5341f7f4ckernel-abi-whitelists-2.6.32-696.23.1.el6.noarch.rpm37b3ae0497a465b631ccd3984a2a3e9cc798728ed94591faddb5a2a5154e75a3perf-2.6.32-696.23.1.el6.i686.rpm7c6f20eb7aa0a50f6069554e26d94830aa233a0569ee4ece6baaf8e46bb22b20SLSA-2018:0515-1Security Fix(es): * 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c (CVE-2018-1054) * 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c (CVE-2017-15135)importantScientific Linux FermiScientific Linux Fermi 6389-ds-base-1.2.11.15-94.el6_9.i686.rpma4ee6fe7c44e8bac7c779832663d6383946f2ca4625d1487e145bbcf04b14def389-ds-base-libs-1.2.11.15-94.el6_9.i686.rpme821576eb92d2d0421b1ce1d07a901ee4eab4f2b13b8c79da6b288eb2d70d686389-ds-base-devel-1.2.11.15-94.el6_9.i686.rpma870a25f0129f999de2c4038ff747b36272bcc38273ec4adf33f55f189b2c4c7SLSA-2018:0516-1Security Fix(es): * Qemu: cirrus: OOB access issue in mode4and5 write functions (CVE-2017-15289)moderateScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.503.el6_9.5.i686.rpm20bdddfd1aff77ca536a9ef0e76a9c485d9b794f4677097996481a47d3be1581SLSA-2018:0517-1Security Fix(es): * libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula (CVE-2018-6871)moderateScientific Linux FermiScientific Linux Fermi 6libreoffice-headless-4.3.7.2-2.el6_9.2.i686.rpmb9e1c7644ab7882b251063cced0cc0de4dd50e1e14acd262918acd2577bf671clibreoffice-langpack-ml-4.3.7.2-2.el6_9.2.i686.rpmcf12113da45a81098858af30ffb8e80d3802557774b0aa1f91177feb4d998e44libreoffice-xsltfilter-4.3.7.2-2.el6_9.2.i686.rpm7ebf077f1d96f0e9b9416ed6f8674a02ec6d3748f9e8ece13f88dbab58b477fflibreoffice-langpack-ga-4.3.7.2-2.el6_9.2.i686.rpmaf15f34516482826e0109fbffd9895eccfd303e5c411dade2b8a6fdfd2c2c1d5libreoffice-langpack-gu-4.3.7.2-2.el6_9.2.i686.rpmfe6cd2ee01eff4e43d0755ee39fa2250336467fa1b06c4b49918ef215fb88ae0libreoffice-math-4.3.7.2-2.el6_9.2.i686.rpmed502679f347fc93b1d6f5c1cf52be67e8d6a176281de76275a5ddc959a9421alibreoffice-langpack-ar-4.3.7.2-2.el6_9.2.i686.rpm206b8f7ed71769391c2e2535ca3767d38c9432cbc1f6e6e206b6a81b3914deaflibreoffice-langpack-nr-4.3.7.2-2.el6_9.2.i686.rpmd558c2645f4c241ce95aded9e72f6ba604edcb53c3c60656bd47c4de8f510510libreoffice-ogltrans-4.3.7.2-2.el6_9.2.i686.rpma0ec5181d3d9826b9ff648297bb736d11d0f5723586f7150600beb6df4f5493blibreoffice-langpack-hr-4.3.7.2-2.el6_9.2.i686.rpm386ae18cc457056345e36119871b9b55e41cdd2b49ba75f7f4da276e4828b297libreoffice-langpack-es-4.3.7.2-2.el6_9.2.i686.rpmb5d838eca3e8474bfe51b673d9de68fe3b5e559070d5efa8f05cdc1566844727autocorr-da-4.3.7.2-2.el6_9.2.noarch.rpmf28eddacdd774794afabc519000d144813a26dbf2c369060b74dab097e3c0a23libreoffice-langpack-kn-4.3.7.2-2.el6_9.2.i686.rpm20df4e3bbe3478ad782ce79fb596808fb21af72a5d87ea537d59cc3a26d50ff1libreoffice-langpack-el-4.3.7.2-2.el6_9.2.i686.rpm40e65c5e3d5182f493dfe86560feb11f53042dd0ea731c2c329f875d5a24af6alibreoffice-langpack-th-4.3.7.2-2.el6_9.2.i686.rpm4a1119a3720221cdf06a181f6c7798e3f2a27243695d395df1b1b33e91db7d95libreoffice-langpack-ca-4.3.7.2-2.el6_9.2.i686.rpm663bf89328b71f5796b5c912442077bfd52f795fee3eee279c9355b97b0e5bdelibreoffice-langpack-fr-4.3.7.2-2.el6_9.2.i686.rpm3d2636b9b787cdb08563dae304adad61361b0ccddd9101bfcee4edf2e372387fautocorr-zh-4.3.7.2-2.el6_9.2.noarch.rpmfa2d9941d28e6cb34e5a0bb598e8d641c6e9671a9e7d3b1080c29d487590dd45autocorr-en-4.3.7.2-2.el6_9.2.noarch.rpm5e8b3d4c8c4ecbb091b52384ef443c157d01b80375355017f98945af1a17cb1blibreoffice-langpack-ja-4.3.7.2-2.el6_9.2.i686.rpm256145229df59b80f51ed907f2072c4f8bec6d9fd8b30638ac3d001e156544a8libreoffice-filters-4.3.7.2-2.el6_9.2.i686.rpm4f64458f063eaa30a43ca5332a20d93d68058ee5267dd68de1ce31d9502ef80blibreoffice-calc-4.3.7.2-2.el6_9.2.i686.rpm995292e114e786dc17f78f1ec49085f215c34a5c99a062ad366f0e66e1a543e4libreoffice-opensymbol-fonts-4.3.7.2-2.el6_9.2.noarch.rpm02e0a9c46fa554aa4ef70ee9575008af88152c8fb9726eb6eafa92e44240bc34autocorr-ja-4.3.7.2-2.el6_9.2.noarch.rpmc5f940e92cb5cf5bd6a95aa33ae30984916d2d28d58ce1b26850c66bd400d4c5libreoffice-langpack-ta-4.3.7.2-2.el6_9.2.i686.rpm29d3bdc6b7bfcf1c71c198e280e849adbbfdeccb870569098930ad209a397286autocorr-hr-4.3.7.2-2.el6_9.2.noarch.rpm966c01897c9f59773e12e949df00f6931e4fc1c322f57ab0f0db43321168304clibreoffice-langpack-zh-Hant-4.3.7.2-2.el6_9.2.i686.rpme8891f4ae8007bf30027f047e0b39a0329d1ca9c54765cae983baeec4efe1467libreoffice-langpack-or-4.3.7.2-2.el6_9.2.i686.rpm67b1cda9ba58b696a41d98476fe0efdb9a4f243a8039c41aeffaa722dd030d6dlibreoffice-emailmerge-4.3.7.2-2.el6_9.2.i686.rpmc7f53d3f56d86c332efa49058ab2908569eb9e09c0565a97ebf79c6c5a1477f2libreoffice-langpack-zu-4.3.7.2-2.el6_9.2.i686.rpmfcaf645bcb19a826797c3e7dad5c1f9a56cb37bf59a123ea2cb15d9c4fce3d11autocorr-sk-4.3.7.2-2.el6_9.2.noarch.rpm2435c49dfacae726996d7cb99ae65ae58ca2a9799aa669fddd105c89d36af4a1autocorr-fa-4.3.7.2-2.el6_9.2.noarch.rpm0866460539d922b1b78168ab2fc3ce40a44fbb2740445811017741cdc41828c4autocorr-es-4.3.7.2-2.el6_9.2.noarch.rpm2cd0b0ffebe54ad00994e75d4119d006d2418fa103466b460a53888867764573libreoffice-langpack-en-4.3.7.2-2.el6_9.2.i686.rpm8bc1b29f6258524e117fbd8032b92548ef95f6a20910d76c42f976c02b8f9c3flibreoffice-gdb-debug-support-4.3.7.2-2.el6_9.2.i686.rpmbfb1bc193f33dd22c13450c5e948a53560880519420198b9c326ae1112c49248libreoffice-officebean-4.3.7.2-2.el6_9.2.i686.rpm1527277c4b281aeff0ea531fd576c171c0e085ec82916566ec1b5d51bbd1193clibreoffice-langpack-cy-4.3.7.2-2.el6_9.2.i686.rpm2ab06f8b8dc18515478dec8bbda31857e7d2371fd2fb35c38ebbe0b87c150945libreoffice-sdk-doc-4.3.7.2-2.el6_9.2.i686.rpm4c4bbfc748337f316051c4fc9f98d89d5f6e79667cc9038fb1feacf3546a1d28libreoffice-langpack-ss-4.3.7.2-2.el6_9.2.i686.rpm6dedcc049d7ab49dc482600fdf7813f4312123568ec3f7d730c50973f909059clibreoffice-langpack-hu-4.3.7.2-2.el6_9.2.i686.rpm867545533250dda3e51ecf38aff73b0cfe82a6e2401e38d96da0ed96278d3774libreoffice-langpack-ve-4.3.7.2-2.el6_9.2.i686.rpm1fb11db85766bb4271d25d3613288fa2e57548cad3aee024ea6d63e17d80d7d6libreoffice-langpack-ts-4.3.7.2-2.el6_9.2.i686.rpm08a38b5e38e8074c57895e9976624de909d01a7c38d60d82660f05aa345b68c7libreoffice-langpack-ro-4.3.7.2-2.el6_9.2.i686.rpm2aa12189700ba359310dd5f8f6b76d34c67ef2fac2412cee4c066066acec1c9eautocorr-mn-4.3.7.2-2.el6_9.2.noarch.rpm1e89ce10c05e0ef3bf34984e0b1a8b6848a586f91c0df2b185f36165c348ea66autocorr-ga-4.3.7.2-2.el6_9.2.noarch.rpm93b019125f117ab97b371211177f4c9cb9b8344abfff5f3fe79b5a2ae9987fb0autocorr-af-4.3.7.2-2.el6_9.2.noarch.rpm1779f02445472502c8dd0aba04c1f045c6fef5bbad42a191811ec0d059e5def4libreoffice-langpack-pa-4.3.7.2-2.el6_9.2.i686.rpm32ec33602fbe8442368cad3ff75bd5c4692cc339fc98b7a17baf8dbc3ccd5748autocorr-tr-4.3.7.2-2.el6_9.2.noarch.rpmce0648ee5cb5156b6ed08d63fa1bce12e41c667db9e718e25b7300b17f9ac8eblibreoffice-langpack-af-4.3.7.2-2.el6_9.2.i686.rpmbe68a6967b609c2c0cc519895ec74de2437986812d2b67bc18c6d7945f77825dlibreoffice-glade-4.3.7.2-2.el6_9.2.i686.rpm44011b279e699f7af2551db2ea402f935fd5154aac0679709051bbd9384919fflibreoffice-graphicfilter-4.3.7.2-2.el6_9.2.i686.rpm46a5f06fb2e2f1878d810761d6469e4da9c0fa1f263dfb55dd3a8d64b60bcbd5libreoffice-langpack-zh-Hans-4.3.7.2-2.el6_9.2.i686.rpm40905b4946f8a76a961556641f7eb9c38b0d6a90ba2958f0b71273c98363d3baautocorr-ro-4.3.7.2-2.el6_9.2.noarch.rpm3ec716faa7e738d98a9317ec32c9d6b5825dee13f4072918cb18f3b3f39b7596libreoffice-langpack-tn-4.3.7.2-2.el6_9.2.i686.rpm3c24754393a733d92b5b9c2c29ac275b0359f70cabe093ef39f694b144a5b89dlibreoffice-langpack-et-4.3.7.2-2.el6_9.2.i686.rpmefb2a028ca75efd09fd2f598dc181aed42bfa971b7aa40b11b5278c8c0e68ffeautocorr-de-4.3.7.2-2.el6_9.2.noarch.rpm8bbe98676251c1133100612384b5379108ceec52e64f0080f116baafbeb70d79libreoffice-langpack-sl-4.3.7.2-2.el6_9.2.i686.rpm537ad5628d85f12dccde04be1d8fc3dbc2ee4a5b6365b322c9f6e373446fcd09autocorr-ca-4.3.7.2-2.el6_9.2.noarch.rpm8a1e8d9bbd091699026e11ec9549b5d1c0a12c5d158c78e095c7092165c2436alibreoffice-langpack-ur-4.3.7.2-2.el6_9.2.i686.rpm92e34418623ee3b932af8349cd6995cbfe7a226b0f9fa22fc08544a93dc8aaa1libreoffice-langpack-ru-4.3.7.2-2.el6_9.2.i686.rpm6feb68c157a9cda83fc4cb9cf145acde9453a1e517792d566cf04b9da87fb562autocorr-sv-4.3.7.2-2.el6_9.2.noarch.rpm00e3eb4af210f5cc15bac4cdea98b586180608f10d9cfd7fb31fab14360f8cdfautocorr-fi-4.3.7.2-2.el6_9.2.noarch.rpm5c77988f644c65ccabc585552a5bce739a7e2e4d878231eda221f6682added82libreoffice-langpack-nb-4.3.7.2-2.el6_9.2.i686.rpmc96b8fbcd54999bf971ad19a0175caca74c6cc5cda65f36e3011ca2b12f5cdb8libreoffice-librelogo-4.3.7.2-2.el6_9.2.i686.rpm50ec8b64eefc3a31b994a61199263d2f5cf464e3286a3afd821c6512e7a173e8libreoffice-writer-4.3.7.2-2.el6_9.2.i686.rpm166cc31dea09562aa58f2cd9bade5b01581f4a745713a4ca81cc1fe11026007blibreoffice-rhino-4.3.7.2-2.el6_9.2.i686.rpm27229dfe50b61e52369126619e9b5309f971a58735be93bebb5bd548910039f8autocorr-cs-4.3.7.2-2.el6_9.2.noarch.rpm899318dab871b62869f0545ad4b623e7705c4d5050bdd936ba67e3c7f623c01elibreoffice-langpack-bg-4.3.7.2-2.el6_9.2.i686.rpmb432e5f12ca47b09b965e77a0dd4618f98635d48aedf38af78bc58ef5ec5d287libreoffice-langpack-ms-4.3.7.2-2.el6_9.2.i686.rpm913b48ea5b67d4020722cbc1a15ca628f07ec0cf8de7c4c9f86a894a4bc017daautocorr-nl-4.3.7.2-2.el6_9.2.noarch.rpmb9cd37beae376871174296dfca9fa1e5fdd1a27eef92357e6e2092fb919c1a2elibreoffice-langpack-lt-4.3.7.2-2.el6_9.2.i686.rpm5d67a010dc0c8467774164842917cf48ec04f68997229a1d811a75b8cfd5d5f8libreoffice-langpack-st-4.3.7.2-2.el6_9.2.i686.rpm210e1117a7ed27153c1b3c5fc3b8a544195a9e438b48cd2685146afefcae79a6autocorr-sr-4.3.7.2-2.el6_9.2.noarch.rpm9f7dfca069fb4910d291bcef31817de150c33c4411319bead5a0109bb65ee31flibreoffice-langpack-tr-4.3.7.2-2.el6_9.2.i686.rpm3d029dfed5456e47e5cda5918bfa51a563973c5d12121814e62d83577e6ed0fcautocorr-hu-4.3.7.2-2.el6_9.2.noarch.rpmfc3459db7defd86d9b3746aff76c5d03fd74202c732b0b9e4803bfa43e24f1edlibreoffice-ure-4.3.7.2-2.el6_9.2.i686.rpmeb6c1debdbc128c175689862271f6888527eb5592d944fad5173f3f9e2eedd0elibreoffice-langpack-da-4.3.7.2-2.el6_9.2.i686.rpm6d310df7505e6b473bfd5f7ddb875b81583a51847a72ebbd039d214662aee654autocorr-pl-4.3.7.2-2.el6_9.2.noarch.rpm87e5ca390955a352a38f4987a80419577ad6cbda41a434daf836093b0e70e7bclibreoffice-langpack-ko-4.3.7.2-2.el6_9.2.i686.rpma3844b10204cbfa130abfa09fd489306bf07b6adfc011af134676aa5315c29cdlibreoffice-langpack-mai-4.3.7.2-2.el6_9.2.i686.rpmbd83268090ed4685e400075b2917cf455ed417776a8ebff76a9ff53a748ced6alibreoffice-langpack-xh-4.3.7.2-2.el6_9.2.i686.rpma222365ccc0fe78627b9c5bbf9e22ce8efdf050381bb3513e65981b62de69278autocorr-ko-4.3.7.2-2.el6_9.2.noarch.rpmcdf61029bbdcca5094c5edcf105d5904e606e05c0d7acccd29b1e79da9714561libreoffice-langpack-te-4.3.7.2-2.el6_9.2.i686.rpm0f6313bfe366cceae2e895036f4ffaf9b38c67462451e8685336670cfe96529cautocorr-lt-4.3.7.2-2.el6_9.2.noarch.rpmca4a92227919a5711fff6b6db4a1d378d5fe7582e37fb945c4bfe65ab712b8e8autocorr-bg-4.3.7.2-2.el6_9.2.noarch.rpm92db82a8e8c950155b8571cbc7ebd26d0348972eaf7f4725b366201ad89d304blibreoffice-langpack-pt-PT-4.3.7.2-2.el6_9.2.i686.rpmfb023f05d767327b53cc0314a49fdf6eddd97456750c7d800c500f18e4a5d6f8libreoffice-langpack-nn-4.3.7.2-2.el6_9.2.i686.rpm2ee73aab71ea96dd7469b26ae2be1df128cbff6a6eb4e6b09c184403d583ffe1libreoffice-langpack-pl-4.3.7.2-2.el6_9.2.i686.rpmbd3beeccc300e5bf3488f2818757bd78fcf75e5f592e9e997f49a74045c20a93libreoffice-sdk-4.3.7.2-2.el6_9.2.i686.rpmccbdff46c569c37a30646367a23b3556d3558f5a3238796af321811d9397dff6autocorr-pt-4.3.7.2-2.el6_9.2.noarch.rpm0edb19bf9e8fb5c204fb417db185de2e01d6a8bdef07976cd612407d81b3564elibreoffice-langpack-uk-4.3.7.2-2.el6_9.2.i686.rpm1ce4c32e1d4d09758950ed3f13786b3d9d9189197993af685dae554529cca0bdlibreoffice-langpack-sk-4.3.7.2-2.el6_9.2.i686.rpm35dfeb61ea676c766938d08a5a30ac11b23eb4ab2ac91cf7fcc47db94ca00e70libreoffice-langpack-bn-4.3.7.2-2.el6_9.2.i686.rpma7d88246ecb9a38f792abd67dcaef6e8ed54d1b1abb87d5635ed1d8ca535c4aflibreoffice-langpack-sr-4.3.7.2-2.el6_9.2.i686.rpm601e0f4ec36d9556916c1e59e7b1e795a3371263d6d1d35471caacd8a9c0676elibreoffice-langpack-hi-4.3.7.2-2.el6_9.2.i686.rpm744fb93aacdf219e978ea0947242b64295f7225408d7489a5f10f07d44823c28libreoffice-base-4.3.7.2-2.el6_9.2.i686.rpmb1916d10e76b2031614dbef19548fd340623fcbce3befe3306dffb694d069899autocorr-is-4.3.7.2-2.el6_9.2.noarch.rpm771a4ce81d0cc1cd9c098e7cb4c9a19982f305d75a9032ad6c8dafe0cae08ee7libreoffice-core-4.3.7.2-2.el6_9.2.i686.rpmc5b8722f8eee0eacd8500041f7ca01b4854511b529134f4082fdeac2906eff36libreoffice-impress-4.3.7.2-2.el6_9.2.i686.rpm529382e8fd8607245e88a4011e5b69da5617e43b6c13943caa1e18bbeff6bba6libreoffice-pyuno-4.3.7.2-2.el6_9.2.i686.rpmc7ad50f549a2460a9ba7518b505205ad6feff63d457fae779d8434298dc06766libreoffice-langpack-nl-4.3.7.2-2.el6_9.2.i686.rpmeac140e8cf22500d24c8411b822c663ffc55547d0b44c70053acb928dfb993e4autocorr-vi-4.3.7.2-2.el6_9.2.noarch.rpme61e6e0bfa61c1660b319ba2cad568580874ecd1fd205cc7b4d9e4d36c0a539dlibreoffice-langpack-sv-4.3.7.2-2.el6_9.2.i686.rpma219d42842185d2a6ef76170afaea3706ca3c4cb36ca6410ea8e442348e0d47bautocorr-ru-4.3.7.2-2.el6_9.2.noarch.rpm5a9268a8d11cc4fab8c7354cbc0f259fbff7a7e4a54049d09d514d41c62e0f48libreoffice-langpack-gl-4.3.7.2-2.el6_9.2.i686.rpm471016054ba88d6cd28c3541a17aaecfb5e9c3894eb58777b769c4ad6ec4e0c5libreoffice-4.3.7.2-2.el6_9.2.i686.rpm92733745b32615067d8474bf2bf0b1c82096768b0e9cfe1d886b9899f2665afflibreoffice-langpack-eu-4.3.7.2-2.el6_9.2.i686.rpma6e9c0eed8317aa17f91e01cda9c7b2ef2656ee05ef2754c705afa21b90cc050libreoffice-langpack-it-4.3.7.2-2.el6_9.2.i686.rpmb1a51df76346478fa2ef61a6f9d0a17b5c5c7dd36ab412946409b80cbc3cbc68autocorr-lb-4.3.7.2-2.el6_9.2.noarch.rpme882fabad6bd7f861272db588eca579f183d33a4168c74d2f47543b7a3662462autocorr-it-4.3.7.2-2.el6_9.2.noarch.rpm9f3ec06d354e14d8a2abc5c9f701257791d90e2a2c87728d3fb103b46f937e00libreoffice-langpack-mr-4.3.7.2-2.el6_9.2.i686.rpm25f3229607abcd9c98b676a9c5df6f2958f8f21315e5a66451435847c1c187cclibreoffice-langpack-cs-4.3.7.2-2.el6_9.2.i686.rpmc11aef4980a4827b42fd979f7e0d991ee4bb623a97980e3b3414644fb5909d36libreoffice-langpack-dz-4.3.7.2-2.el6_9.2.i686.rpm024fa7aa51d32cff79e50a1c06c62f1b77dc16a717e8b5ef24aa692b8bcda95aautocorr-fr-4.3.7.2-2.el6_9.2.noarch.rpm5b3338887a92651835381ae29f0f3b6bd7d4ddd97c73ff91ed8be0e1e7aeb975libreoffice-langpack-as-4.3.7.2-2.el6_9.2.i686.rpma4962286cc9249773d62763531aae47e39ee59dcb0d8a9bc58e691262ce20375libreoffice-langpack-fi-4.3.7.2-2.el6_9.2.i686.rpm94139008223f4cf1661e7a42f9792c86ae3ea37db9b09c9ae407c4bfcbacf99dlibreoffice-pdfimport-4.3.7.2-2.el6_9.2.i686.rpmc0e9189960ac7a312c15443b53a93394135073a003273925818c8cef413af2delibreoffice-wiki-publisher-4.3.7.2-2.el6_9.2.i686.rpm9b92ca94fc82bfd809aa0a90469f467ff827e4eff01a7775f15cfe8d168d791blibreoffice-langpack-he-4.3.7.2-2.el6_9.2.i686.rpm1d10e373f54838f93bcab4ece038948bb060e4d5c6beaca95efd74c0a6c574a0libreoffice-langpack-pt-BR-4.3.7.2-2.el6_9.2.i686.rpm25516d99278610e61c1a292e1e850c3fb85b8661404e0e5e29892e079cdc3de5libreoffice-langpack-de-4.3.7.2-2.el6_9.2.i686.rpm12bccd3f93a6baeb209c7eb58eb7b9691c219083c17450b3317a246a5ee0bcd7libreoffice-bsh-4.3.7.2-2.el6_9.2.i686.rpmb0c27db0a357f92b6197acd0ea7fb93a1a88d1d95d930229295282c74d96985blibreoffice-draw-4.3.7.2-2.el6_9.2.i686.rpm0950ab181379d509c224df47845f534faae321025e8962a5b2efa2467d1b1703libreoffice-langpack-nso-4.3.7.2-2.el6_9.2.i686.rpm337e7012cc44f58eca846f9ed56d7a26dfe88909b527a7d93f31b611c10367ablibreoffice-nlpsolver-4.3.7.2-2.el6_9.2.i686.rpm089c653403b238d36ee1b88710592f2752a5a550fd4b54f391068eca4fe7b8e8autocorr-sl-4.3.7.2-2.el6_9.2.noarch.rpm3212c04e361fa5ea8766337dfecae30c980db089b83ff8a30b0ffc2472fa01d8SLSA-2018:0526-1This update upgrades Firefox to version 52.7.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5125) * Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07) (CVE-2018-5127) * Mozilla: Out-of-bounds write with malformed IPC messages (MFSA 2018-07) (CVE-2018-5129) * Mozilla: Mismatched RTP payload type can trigger memory corruption (MFSA 2018-07) (CVE-2018-5130) * Mozilla: Fetch API improperly returns cached copies of no-store/no-cache resources (MFSA 2018-07) (CVE-2018-5131) * Mozilla: Integer overflow during Unicode conversion (MFSA 2018-07) (CVE-2018-5144) * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5145)criticalScientific Linux FermiScientific Linux Fermi 6firefox-52.7.0-1.el6_9.i686.rpm4201d53f3c1a865a056ce4dafaea019acf711a771912664fb02ea4a350fddc60SLSA-2018:0549-1This update upgrades Firefox to version 52.7.2 ESR. Security Fix(es): * Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146)criticalScientific Linux FermiScientific Linux Fermi 6firefox-52.7.2-1.el6_9.i686.rpmfc5b3d8818d9055493251c433d07946942e3c7cd9ad2b604ed70172833bf7864SLSA-2018:0647-1This update upgrades Thunderbird to version 52.7.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5125) * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5145) * Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146) * Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07) (CVE-2018-5127) * Mozilla: Out-of-bounds write with malformed IPC messages (MFSA 2018-07) (CVE-2018-5129) * Mozilla: Integer overflow during Unicode conversion (MFSA 2018-07) (CVE-2018-5144)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-52.7.0-1.el6_9.i686.rpm8b76948facdf4acf79815fe8e793b02f3b0f4a50d8b3d87393934a29006de5d4SLSA-2018:0649-1Security Fix(es): * Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146)importantScientific Linux FermiScientific Linux Fermi 6libvorbis-1.2.3-5.el6_9.1.i686.rpm6bae94f8d08ae08fb3da67090ee61204e786c79ef6ea6425e22425ea31b424c6libvorbis-devel-docs-1.2.3-5.el6_9.1.noarch.rpme933d99a851c5f2e5b684c348d8c6d9936c3cf4bcb0a6b8feefaaafe2746e2a1libvorbis-devel-1.2.3-5.el6_9.1.i686.rpm800568f1205d4d9954c1b2fe6abf010836dc4482cd691dcf59da2c756bcb5664SLSA-2018:1098-1This update upgrades Firefox to version 52.7.3 ESR. Security Fix(es): * firefox: Use-after-free in compositor potentially allows code execution (CVE-2018-5148)importantScientific Linux FermiScientific Linux Fermi 6firefox-52.7.3-1.el6_9.i686.rpma09fca73677c6fe4c2b12be583ba6c92c7dba6a04d0ddf55b82d8247731509a9SLSA-2018:1124-1Security Fix(es): * python-paramiko: Authentication bypass in transport.py (CVE-2018-7750)criticalScientific Linux FermiScientific Linux Fermi 6python-paramiko-1.7.5-4.el6_9.noarch.rpm12b0d3f739598adc24cc4c8f3da4a5cd0e86de68fd66c22507a500a789df4690SLSA-2018:1188-1Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.criticalScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-javadoc-debug-1.8.0.171-3.b10.el6_9.noarch.rpm26836c5f40cf4d75552ded8f602f0e3da735ae21c0ad6c31536f9f28d921cfbdjava-1.8.0-openjdk-src-debug-1.8.0.171-3.b10.el6_9.i686.rpm8997e2d6bcd67e7480c80db3fb6dd24f6753e5616004ae591709988ae1455b60java-1.8.0-openjdk-devel-debug-1.8.0.171-3.b10.el6_9.i686.rpm1d23011ca87122cc6a54cf1f299bcc82d653a9ecce163b88314844050e92af3ejava-1.8.0-openjdk-headless-1.8.0.171-3.b10.el6_9.i686.rpmbf24fe03ad69b7d5b2ec943aaa0b2dd63433d80ef1ad708f31a20896f97d56f0java-1.8.0-openjdk-src-1.8.0.171-3.b10.el6_9.i686.rpm33c9182a0f11af141d8a0f75e087754d9f2736fb702970ecc4b38c00093e2086java-1.8.0-openjdk-1.8.0.171-3.b10.el6_9.i686.rpmf2ae7769e64035a501ea0814d5bc505ed076230c3fca3a8a03e5140acb16b58fjava-1.8.0-openjdk-demo-1.8.0.171-3.b10.el6_9.i686.rpm1e7d80ba45b7f095600c18c1213b212ed6b8c1505646236b8aff7ffe1dccee22java-1.8.0-openjdk-demo-debug-1.8.0.171-3.b10.el6_9.i686.rpmbaa4f738535049c5bda5ed7f69d347157d20f9b3bd219ba4ccdf67b5c12c4dfejava-1.8.0-openjdk-javadoc-1.8.0.171-3.b10.el6_9.noarch.rpm24b3f44d102792a3d5e5da9911924e5260175376124f67e6a2824271e01159d6java-1.8.0-openjdk-devel-1.8.0.171-3.b10.el6_9.i686.rpm957979891f83331f8c5b77d46406ea656c1dc4f058b812c0c4aa45612df6d111java-1.8.0-openjdk-headless-debug-1.8.0.171-3.b10.el6_9.i686.rpm7714ba4d195eee065a4bf38c87b4f4c6f56e293ba3f59d146ad14ed3cfad160ajava-1.8.0-openjdk-debug-1.8.0.171-3.b10.el6_9.i686.rpm80042ae7cceef019b44a388104d0fa9a04f97ad83f5f2dafdb7c72df7e574818SLSA-2018:1199-1Patch should be installed because it is a common way of upgrading applications. Security Fix(es): * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156)importantScientific Linux FermiScientific Linux Fermi 6patch-2.6-8.el6_9.i686.rpmdd96b7cd4823a5c8a9c6f9ffcfaa003bb3f1dec7d2cc9881cfcc2cf1017c83d2SLSA-2018:1225-1Security Fix(es): * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c (CVE-2018-1000140)criticalScientific Linux FermiScientific Linux Fermi 6librelp-devel-1.2.7-3.el6_9.1.i686.rpm9acda4ddbc02530ecfbc5e7a779fbf429b2fd0ea3ae728f8a85561e2d3fcff12librelp-1.2.7-3.el6_9.1.i686.rpmf010f33f7c239107289afc57ba1a727114df6ac8f0fcf11136ef9a0de49b19afSLSA-2018:1270-1Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)importantScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-src-1.7.0.181-2.6.14.1.el6_9.i686.rpmdad7428b6958bb1289c031fb3828397237ceed86fd0537968bfd85be3e28d62djava-1.7.0-openjdk-demo-1.7.0.181-2.6.14.1.el6_9.i686.rpmbf8c85e168297d4e560f38243f7dcbda527964e6d7f45af4d9f49e0e225dc78fjava-1.7.0-openjdk-devel-1.7.0.181-2.6.14.1.el6_9.i686.rpm8ef53cdedae667bb6112b15e841e5e74c7ea86024a1e8e65e205a6ff949da1fejava-1.7.0-openjdk-1.7.0.181-2.6.14.1.el6_9.i686.rpmf25a3b20a16e987256351ad9e4f4f99377ac3dd71c912453c76d2df8a3b0bc21java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.1.el6_9.noarch.rpma6fc3f473c1ba129b72cb00bfcd1763fe1ffa88a14cc68f030a8d1ab3bed5684SLSA-2018:1319-1Security Fix(es): * hw: cpu: speculative execution permission faults handling (CVE-2017-5754) * Kernel: error in exception handling leads to DoS (CVE-2018-8897) * kernel: nfsd: Incorrect handling of long RPC replies (CVE-2017-7645) * kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824) * kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166) * kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017) * kernel: Stack information leak in the EFS element (CVE-2017-1000410)importantScientific Linux FermiScientific Linux Fermi 6kernel-2.6.32-696.28.1.el6.i686.rpm30d71112b4eb7a6c813ce087362f526eda0a3295d8fe103837d3dc088cd91163kernel-doc-2.6.32-696.28.1.el6.noarch.rpm003c50cde22c363878d37d01366349a19d4acaa164be8a6d1146db6716312965kernel-headers-2.6.32-696.28.1.el6.i686.rpmd9279d0a9284211245e08b0fe093754b2bae853045452f16eaa5cd7b5ffc82abkernel-debug-devel-2.6.32-696.28.1.el6.i686.rpmd114698c004b569573741b86e6ce507f9d102383d71e35e05aa201411455aa74kernel-abi-whitelists-2.6.32-696.28.1.el6.noarch.rpmb87cc02e2060ed38c25bc43969183e3a1280510a55bff57d9adaa9847a7f426cperf-2.6.32-696.28.1.el6.i686.rpmfb75b65a47c7a16a3b48b261c8cd092830b31f288c42585a536a93af758eaa2ekernel-firmware-2.6.32-696.28.1.el6.noarch.rpm9fc57ca05209098a97c89b731751d8cd2b1bce16397550c932bb3d07b222611cpython-perf-2.6.32-696.28.1.el6.i686.rpm96e5c58547aca557c9fe504dad53393053736805941251f105bb46b729950789kernel-devel-2.6.32-696.28.1.el6.i686.rpm7b8d2e7acedb2a26cf856de4b3ee5f8667a9f612dc1303f16b4818c40623cc80kernel-debug-2.6.32-696.28.1.el6.i686.rpm5b1c07170408cca4108c4f1b5c560c01107783073a28e5093971c603a1ff94c1SLSA-2018:1364-1Security Fix(es): * 389-ds-base: ns-slapd crash via large filter value in ldapsearch (CVE-2018-1089)importantScientific Linux FermiScientific Linux Fermi 6389-ds-base-1.2.11.15-95.el6_9.i686.rpm97e5b1c37f5b08531284e9cbf285c626ff7cc5599fd2bcf3815fd3770377e3b2389-ds-base-devel-1.2.11.15-95.el6_9.i686.rpmc0cd6119beb9aa7e9846a5f34a021707f6eecd94ac7ce4416658e08c443e973d389-ds-base-libs-1.2.11.15-95.el6_9.i686.rpm8ba998d1ded9611278827da587eee7aa6bd26f943998ff7a476cc32d4b50980cSLSA-2018:1414-1This update upgrades Firefox to version 52.8.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (CVE-2018-5150) * Mozilla: Backport critical security fixes in Skia (CVE-2018-5183) * Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154) * Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155) * Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files (CVE-2018-5157) * Mozilla: Malicious PDF can inject JavaScript into PDF Viewer (CVE-2018-5158) * Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159) * Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168) * Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178)criticalScientific Linux FermiScientific Linux Fermi 6firefox-52.8.0-1.el6_9.i686.rpmb75131c0c26b4e995d2c4784f009bdb10e98f74fa1ccdfcfcd2d191f10b54e0cSLSA-2018:1454-1Security Fix(es): * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Scientific Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111)criticalScientific Linux FermiScientific Linux Fermi 6dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm10a54c59ebfe3895bc787bb77829e875a0cbfab53bd61f118f6793b0a17e6f7cdhcp-4.1.1-53.P1.el6_9.4.i686.rpm584aa328f63d171ec6906ce870dae48df4b036b476a1467433a3a495da6d1076dhclient-4.1.1-53.P1.el6_9.4.i686.rpm1c1ebdbc5cce13282e030a5ba4941522ae10de8d3ee6d047b4f2d92a887c82a0dhcp-common-4.1.1-53.P1.el6_9.4.i686.rpm190ad80c60d389f65643dc062c1f4812090a41203a432394d9510740fc5323e6SLSA-2018:1647-1Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the OpenJDK side of the CVE-2018-3639 mitigation.importantScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.i686.rpmb4a3a2c5803388d24bcf1dd446538ae952d9c412ff9dee5bcde3d6d301c384b6java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpmd618206ce0642907785f6d04977208dfc0ddf89ce50e08f2a1dc8d4171de651ajava-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.i686.rpm1dc582f7817231e97d8a2e393f011597ffa33203e9f10fe90c409f87e3201720java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.i686.rpmfea07046db1f3df49578f67e9785046989e3a1379e811e887145378ddf1aafd0java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.i686.rpm32a05c8941b5fe9cb3f9e1dd5b557ee77fd4156ff05fa135f001f721e23ca7a6SLSA-2018:1650-1Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the OpenJDK side of the CVE-2018-3639 mitigation.importantScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-1.8.0.171-8.b10.el6_9.i686.rpme577073c1777c451f4a525cca618b323253c3c74b25b5622f7fa5fefe4586e4ajava-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el6_9.i686.rpmc28568244620d84a61e570afb6def39f0071f389bac3d8d5d4571377b9fb080cjava-1.8.0-openjdk-devel-1.8.0.171-8.b10.el6_9.i686.rpm0ac136cf9569a2decb49cba52882c5074876ce80a8bc4bc2347a25d685b28865java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el6_9.i686.rpm5484f0db8c19c5121c104ff3bf506cf55da92d568efe12e974a7d22065f9492bjava-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el6_9.i686.rpm72bec5e7a69d42637f62aaf8dfa31da9856b0c8a79f523059b1716a29d8b8999java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el6_9.i686.rpm319b3022fc9ffedce416f8300be65d90aea948552db81c48c1509b5757253cb5java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el6_9.i686.rpm79bfa61eddd8de803fb82d60de4a926f340224b936c8cae45f43716228852e3ajava-1.8.0-openjdk-javadoc-debug-1.8.0.171-8.b10.el6_9.noarch.rpmd1c6cccbc93d9665b0cb82acfea1a3a0ac6bc07365e5332b63b89bc1aea35113java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el6_9.i686.rpm6afc4361d8d34ad8199eb6a743add68d28d3a7ce287175babb3e29764f20255ajava-1.8.0-openjdk-headless-1.8.0.171-8.b10.el6_9.i686.rpm8b81d2a5640a3055d8e97492d902b67e2625c45f505e3ae9cb0b94df93c63dc4java-1.8.0-openjdk-src-1.8.0.171-8.b10.el6_9.i686.rpm2f3951a1d7ac58e98c66752d269c81e4e8f70f2ca4b4a019fc28fc8aeb0d0469java-1.8.0-openjdk-javadoc-1.8.0.171-8.b10.el6_9.noarch.rpmb4635c1643c713287a9f1402e2a49489414ac01cb9114f8395e5636e9709499aSLSA-2018:1651-1Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system is required. In this update mitigations for x86 (both 32 and 64 bit) architecture are provided. Bug Fix(es): * Previously, an erroneous code in the x86 kexec system call path caused a memory corruption. As a consequence, the system became unresponsive with the following kernel stack trace: 'WARNING: CPU: 13 PID: 36409 at lib/list_debug.c:59 __list_del_entry+0xa1/0xd0 list_del corruption. prev->next should be ffffdd03fddeeca0, but was (null)' This update ensures that the code does not corrupt memory. As a result, the operating system no longer hangs.importantScientific Linux FermiScientific Linux Fermi 6kernel-doc-2.6.32-696.30.1.el6.noarch.rpm035109327ad79de0d63188a9f5fedd072e2901be667e75c609240155bea334dekernel-firmware-2.6.32-696.30.1.el6.noarch.rpme1e041051fd43c93d0ceea9d42b32ddf16016f7062b6c34bf7fa497780a0e92fkernel-debug-devel-2.6.32-696.30.1.el6.i686.rpm8d8fdb858b3f4cc2c9c580aa96a24eef82a4bfa77716468148791e3286256812kernel-debug-2.6.32-696.30.1.el6.i686.rpm02902d29c2093126a2ce17b644ea33ea1edd9ac1cd4fdd898bb57436f066643bkernel-headers-2.6.32-696.30.1.el6.i686.rpm58d08d1fafacee4ccfdfc4b46b1a0357900c3065db11d1fc2d565089003d156akernel-devel-2.6.32-696.30.1.el6.i686.rpm9cdcb4750a9f7d838b14659a4273352d1829e678af481df7d5062b3c8089001apython-perf-2.6.32-696.30.1.el6.i686.rpm618ba4f7c7c0745c55f3c878eb80685f049ce7cb302ef22f61f70b7e5fa95b29kernel-abi-whitelists-2.6.32-696.30.1.el6.noarch.rpm03931ad87cd7a18b1f355ea0b9865a6e6aa9f0a98756a15e95965ae86f2c07c9perf-2.6.32-696.30.1.el6.i686.rpmd7f3a91e470e693b6fa325d6c53be00f0fa4b3d567eae75e620c8a5a8a758464kernel-2.6.32-696.30.1.el6.i686.rpm131426da8f5986dcc22ff44ceefb9d6a931bfe68fee4a5cb90e75516d9440f97SLSA-2018:1660-1Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.importantScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.503.el6_9.6.i686.rpm9bb92ac1c368d7c2836d07f9e8c6718942e7fcd4886d23b3eb9cc72c90607290SLSA-2018:1669-1Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the libvirt side of the CVE-2018-3639 mitigation.importantScientific Linux FermiScientific Linux Fermi 6libvirt-python-0.10.2-62.el6_9.2.i686.rpm3acfaf532845b0271e6a32b8569909f21b8f3c103c5c1715bf38313f309cb7f0libvirt-client-0.10.2-62.el6_9.2.i686.rpm1c16b142cefa444632757eb3c83d9a1e0b58e0ecf0e25c85a8537c15afb040b4libvirt-0.10.2-62.el6_9.2.i686.rpm4dc835d3b744ec618c883f3356c99bc0b7bc6b4ba96080b137851ab1ab3690c6libvirt-devel-0.10.2-62.el6_9.2.i686.rpm383835676f08a1c3f7027d2e9f0e353724670baf70e920c34255ad9e48d94b3dSLSA-2018:1726-1This update upgrades Thunderbird to version 52.8.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (CVE-2018-5150) * Mozilla: Backport critical security fixes in Skia (CVE-2018-5183) * Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154) * Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155) * Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159) * Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack (CVE-2018-5184) * Mozilla: Hang via malformed headers (CVE-2018-5161) * Mozilla: Encrypted mail leaks plaintext through src attribute (CVE-2018-5162) * Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168) * Mozilla: Filename spoofing for external attachments (CVE-2018-5170) * Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178) * Mozilla: Leaking plaintext through HTML forms (CVE-2018-5185)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-52.8.0-2.el6_9.i686.rpm6735b2df606f06dcc95f199bd597208328567fb8c705ff257fee89b09a16a5c0SLSA-2018:1777-1Security Fix(es): * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) * procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)importantScientific Linux FermiScientific Linux Fermi 6procps-3.2.8-45.el6_9.3.i686.rpmb88c8138f44cf91edff2d1ea09b2f5de6bb73694d607ab3b84ca12b4ff0dc710procps-devel-3.2.8-45.el6_9.3.i686.rpm309227022a473b7ab01f647a7375eca48fe7e92650193b3cff540830cd652242SLSA-2018:1779-1Security Fix(es): * xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag (CVE-2016-5003)importantScientific Linux FermiScientific Linux Fermi 6xmlrpc3-javadoc-3.0-4.17.el6_9.noarch.rpm92394cf322f88556706316499fe137f282aa67a31252745d600d6eaae6413dfexmlrpc3-client-devel-3.0-4.17.el6_9.noarch.rpmfad43ed14d17c02069b65e51ce40fdbaf6ce4333cb659542d48f6a0b67f71cb9xmlrpc3-server-3.0-4.17.el6_9.noarch.rpm7134f5d218f3ee8468fd3224ec373172c78cf0051fb15b32329d7b25650066f0xmlrpc3-client-3.0-4.17.el6_9.noarch.rpm78813af9513e91f82e540b35f15d85ddd266daf6b9a02a0d5656d3c8d5984fcaxmlrpc3-common-3.0-4.17.el6_9.noarch.rpm5ab2504dae5743662d03fdb824cf5947aca23424a667951b1e0236eb7f1c3777xmlrpc3-common-devel-3.0-4.17.el6_9.noarch.rpma6a4631645e71b66da9d849fbe454a721fbb1cee550b624158b3c3ecdfac58a5xmlrpc3-server-devel-3.0-4.17.el6_9.noarch.rpmeb836512ef5a81cc550d7e8642663c429e7e049c06af9b6d7f4cfd7c2e8b7aeaSLSA-2018:1854-1Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC) * kernel: net/packet: overflow in check for priv area size (CVE-2017-7308) * kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access (CVE-2012-6701) * kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830) * kernel: Null pointer dereference via keyctl (CVE-2016-8650) * kernel: ping socket / AF_LLC connect() sin_family race (CVE-2017-2671) * kernel: Race condition between multiple sys_perf_event_open() calls (CVE-2017-6001) * kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c (CVE-2017-7616) * kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism (CVE-2017-7889) * kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c (CVE-2017-8890) * kernel: net: sctp_v6_create_accept_sk function mishandles inheritance (CVE-2017-9075) * kernel: net: IPv6 DCCP implementation mishandles inheritance (CVE-2017-9076) * kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance (CVE-2017-9077) * kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190) * kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121) * kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203) * kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash (CVE-2018-1130) * kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service (CVE-2018-5803)importantScientific Linux FermitrueScientific Linux Fermi 6kernel-debug-2.6.32-754.el6.i686.rpmb10dfeee3ffb87c191933375a29156630a1d21f5d5a77f5c8f1a1f041c97ded0perf-2.6.32-754.el6.i686.rpm58b1835a94afee8270b09901fcbcad8e14179a06d6610667b0e7d5b45fb72ecakernel-abi-whitelists-2.6.32-754.el6.noarch.rpmd17fc0ef81add36966c5ad1a52e1ac12d36f7779b6df5d691cc0a59a61415abekernel-firmware-2.6.32-754.el6.noarch.rpm7a17694fb784fd788cd409fd6cd60db8997f9977b902d1262403f61b797a7250kernel-debug-devel-2.6.32-754.el6.i686.rpmb6a454d1ace13f3472144a435b0cd76cdfe9e4724138cbef947085af70b77003kernel-2.6.32-754.el6.i686.rpm74bd3f08227282ab9dc1efb02b7ac2c2fcec8fe98f1f6a2b24717e041e4bf115kernel-headers-2.6.32-754.el6.i686.rpm13bc72f185ea22ce1d4d8a09c6d88154177801414afe2b015cb9e2ed47eb9a51python-perf-2.6.32-754.el6.i686.rpm06a42127f7a2eb8bed4cf884d8c794475005a5d9a35e3134de4d40fcc74a8d71kernel-doc-2.6.32-754.el6.noarch.rpmbcab6f050c1497c8639cff2e9864bcb1fb473d29ce480038cc4c713ee447b8b3kernel-devel-2.6.32-754.el6.i686.rpm035bc1d58f1d86ab2cc500d654c629b0e1a52846aa738cae3815b0992c30be4bSLSA-2018:1860-1Security Fix(es): * samba: Null pointer indirection in printer server process (CVE-2018-1050)lowScientific Linux FermiScientific Linux Fermi 6samba-swat-3.6.23-51.el6.i686.rpm86a2efb1930a333e909d399edef4958c937309c96c845178220e504c11159ba9libsmbclient-devel-3.6.23-51.el6.i686.rpmce2339c8bdb1b8d766c28a20286859134d906dbd8c337ede594227f78c5fc624libsmbclient-3.6.23-51.el6.i686.rpm67c3f47bb100258ea8f95f5e2d10aeb2e2debab02712eeaa5835835a580a8b14samba-winbind-clients-3.6.23-51.el6.i686.rpmdfdb41aede3e4d11b49ccf2ab720152da659e2f3c4c077230466a4729decf721samba-3.6.23-51.el6.i686.rpmea8654bd0ce8f574a8feebe8bd87d15e12acc8cdf83be27a754eee1ff2a78e0csamba-domainjoin-gui-3.6.23-51.el6.i686.rpm89515fe65fee034431dacc71aa642c113ba33744d4a94173d0f4d30f0b336fd4samba-winbind-krb5-locator-3.6.23-51.el6.i686.rpm17a88a60356c8cc93f7317f651c5906a4226a0a7f28b9628209fcfe9afaf4e4fsamba-doc-3.6.23-51.el6.i686.rpm144b9c35a095df88e9512782f886547f11b34be3806c3059c2d2705f38bedbc7samba-winbind-devel-3.6.23-51.el6.i686.rpme6bc473335acd0f7504939501ea8ee12219cc3114291da2dad44db70b03b663csamba-client-3.6.23-51.el6.i686.rpmb99c6ed4536833654ce55343d751356be19d9e36f5276eae2d787e8b77cd9eb1samba-common-3.6.23-51.el6.i686.rpmd69ce3ed23a672d751699e73b4f6d41a0f062771a5622a5eee8bd989f7d20359samba-winbind-3.6.23-51.el6.i686.rpmfdcb254527cceefc97990cadc9c0465a9034fb35bb553495829c78989401a9a1SLSA-2018:1877-1The ding-libs packages contain a set of libraries used by the System Security Services Daemon (SSSD) as well as other projects, and provide functions to manipulate file system path names (libpath_utils), a hash table to manage storage and access time properties (libdhash), a data type to collect data in a hierarchical structure (libcollection), a dynamically growing, reference-counted array (libref_array), and a library to process configuration files in initialization format (INI) into a library collection data structure (libini_config). Security Fix(es): * sssd: unsanitized input when searching in local cache database (CVE-2017-12173)moderateScientific Linux FermiScientific Linux Fermi 6sssd-krb5-common-1.13.3-60.el6.i686.rpm8eef220e5f768ca5959d10f17b0c5ab362f38210b0366883d1b17fca0be8d26fsssd-dbus-1.13.3-60.el6.i686.rpm2c072dc328c85264ff4222a22fcf427fb636314fd0f4c706590ce36904285d8dlibref_array-0.1.4-13.el6.i686.rpmd71021432eb17e2ef574e7cb0590d839d20d79087658c114dbf8b7067cffa2b1libsss_idmap-devel-1.13.3-60.el6.i686.rpmf5228b6ebacd741b0a3332e5342172611ebd46e86a40463548de537c6235919elibini_config-1.1.0-13.el6.i686.rpm01cef74903ff483de6c4500b261f04a95713f0c0d2bfa1bc22703ba6c76c272esssd-krb5-1.13.3-60.el6.i686.rpmfee2a9479045f2b8d89d298330ec6f0881b4b0a6787cf91fd03761ab097799e1libsss_idmap-1.13.3-60.el6.i686.rpmcdc10f09e6f423127d9488075ff911ba1b5003d9df1e8f7a642220697257edf0sssd-ipa-1.13.3-60.el6.i686.rpmcdb9b24677bf4b9a0dd73e30750c0f356ee30d758e2b83339ece2d55d9bb148alibcollection-0.6.2-13.el6.i686.rpmf08224d5daa0b4954a4859f875943889a12ce17510efd1106b452c3198a1cf2asssd-common-1.13.3-60.el6.i686.rpmb8eb00d6d2943e6fca6c9d1c5c280c2e2f187d877e602329e0aabdea3e7c4228sssd-proxy-1.13.3-60.el6.i686.rpme0d1c18f6f1e11eb1fa32dcf6469c8a531766a1379a1028fa8d533bf7198c187sssd-common-pac-1.13.3-60.el6.i686.rpm62e09549f3f58c830438f37d41676c1072c969763262eaf6073608262b45925clibipa_hbac-1.13.3-60.el6.i686.rpmb2ea9419477416c827a1455ddf43b38cfc856557241fe08e740f1831b3cdf329libsss_nss_idmap-1.13.3-60.el6.i686.rpmc5f12552619f7f16738987ea98eec9f98950df9efbe6f3e1ef36638c647b6965libini_config-devel-1.1.0-13.el6.i686.rpm768cab28447cc0e6b09607f85bb9d3ec386b76cd70112a4a3df10495c8922323sssd-ad-1.13.3-60.el6.i686.rpm4c0a2f6973b35b8560edcc10acc7967ec8dcbe1ac1975ae7e35a5ababed8e96flibsss_nss_idmap-devel-1.13.3-60.el6.i686.rpm7f4e769c220302573f0da9d326735ed8442241035778e4f776191d782f9f2a31python-libipa_hbac-1.13.3-60.el6.i686.rpm2b5dcfc16fcf0a7568fba46dfb37dfef96f31edee0670acbd893dee1cfc9be72python-sss-1.13.3-60.el6.i686.rpmf719d8931e6cee9d9ef976756cc0fadf8187eed4749e76fa9e72a91e12af502dpython-libsss_nss_idmap-1.13.3-60.el6.i686.rpmd706547a04477c8f78e2ae7cabc4e0ae82d5c1f564d680ce7a3d36c3c65cec52python-sss-murmur-1.13.3-60.el6.i686.rpm23c56c7516ee04f749da931f160120738baa52cbd271b31372882fdd1bc41327sssd-ldap-1.13.3-60.el6.i686.rpmbe5c001594692b64d23750ef8b8a3d93bc8ffa4b8d8c3e1ed76746203b482600libbasicobjects-0.1.1-13.el6.i686.rpmfee246e907116b83200a9581793848a9fbfd868413c345e03bc491bd8dc7a060libcollection-devel-0.6.2-13.el6.i686.rpm50d721a6318f8d3f60d56700a2a7166d1ac3e3b96500ab77c09f3acc61fddec0libsss_simpleifp-devel-1.13.3-60.el6.i686.rpm3606b9513e98189a575f0635e749688b1b558b9a475802531b359514c993442blibbasicobjects-devel-0.1.1-13.el6.i686.rpm5ebd0accaaac4bdb4152afb870fadac8d4f9c9f1a9bd7cffb5b9e0ff15903596libpath_utils-0.2.1-13.el6.i686.rpm72b48cfdcda7f1099ec1cc389bc25de0b447180d842933ead9c26fc0a9b45f92libdhash-devel-0.4.3-13.el6.i686.rpmaf8bc0fad701bbf1c52b18aaabe7cb47ded7d5fb465b7a00921f15480b287413sssd-tools-1.13.3-60.el6.i686.rpm1bcd8cb7160a7350542687548fec6b3028121feb39596a2a3a6ef0fd94efe35flibipa_hbac-devel-1.13.3-60.el6.i686.rpme7addd4a7e53765d1a51539fc7cd2d74ab19a36567a892b16f1fcf86db60f701python-sssdconfig-1.13.3-60.el6.noarch.rpm79638968776b02d9dc79e64fb23da603d9bdc4c868d8f8d658c60d74d5171d36sssd-1.13.3-60.el6.i686.rpm413006d68816da9dec1990641ab0d894273dc771b4a0af755aa6742cf4d9fa7blibpath_utils-devel-0.2.1-13.el6.i686.rpm4f1f22ca45e0cb670ff892f0404086918ffea02ccc4624b95845ed226af56d50libdhash-0.4.3-13.el6.i686.rpmede915479152cf110a58d829c14cb9b91d3c575fedaba1bdbb9e5879ce17401blibref_array-devel-0.1.4-13.el6.i686.rpm5aef64408024aee64de86cf459f7a6b18b054f90140844252116e5655fadb7e8libsss_simpleifp-1.13.3-60.el6.i686.rpmcd147312cd12904812e7bb40c1bbaf80efecb403675a55728b4b0a76171cfc26sssd-client-1.13.3-60.el6.i686.rpmeff75ce817bc89f6867bc1a1f74e401a15b3bc9702b72e890ce9544d116df78fSLSA-2018:1879-1Security Fix(es): * glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670) * glibc: Buffer overflow during unescaping of user names with the ~ operator (CVE-2017-15804)moderateScientific Linux FermitrueScientific Linux Fermi 6glibc-2.12-1.212.el6.i686.rpmb3a917a07554eeecfdba21b178d1065641520d2344fe959531764f4dd7c6b212glibc-static-2.12-1.212.el6.i686.rpm8ff061c5b0f08f533149e6b5865b3e4c757937bb2ca452cd5a442e1ff8ea746cglibc-utils-2.12-1.212.el6.i686.rpm1f015301e7fa8a744a8a65239287ceb0466083adedbf8da12936da63341eae1dglibc-headers-2.12-1.212.el6.i686.rpm5944467e1b2048b2929ec5ef4f3c7993d2172d3285568ce0b884000a4fcfb4b7glibc-common-2.12-1.212.el6.i686.rpm4e546935f424e433dd76ad1db46429b16fbf74381a0389de10f5c03c4107cde4nscd-2.12-1.212.el6.i686.rpm5a1aa01da3094a2054c728bf5a8031c158af12a1e85f3e0e63b879f0968a887dglibc-devel-2.12-1.212.el6.i686.rpmddce190c61321dd829b9ebd171d1c1da4ac0302162de96c44853ca793b48aaa7SLSA-2018:1883-1Security Fix(es): * samba: Null pointer indirection in printer server process (CVE-2018-1050)lowScientific Linux FermiScientific Linux Fermi 6samba4-python-4.2.10-15.el6.i686.rpm3184e47503ebfc8a81ab8b60e1b7cd370f4c6842a1e5553c882ede697102906esamba4-winbind-4.2.10-15.el6.i686.rpmddadbe3759556a8b187edf3b71009b0ac312abc96f07fe3e0182cdd589d325c7samba4-test-4.2.10-15.el6.i686.rpme6d92264185bfc73b483abd367b8343fd947a22692d52d03722bb144f196722fsamba4-winbind-clients-4.2.10-15.el6.i686.rpm99a7e730fffb472e6b428a010c6a92be65ea0572fa503bd3fb198fe691e5fdc8samba4-common-4.2.10-15.el6.i686.rpmd1fa4072b11f4f568f59c3a43ad3eeba500a314bffede9a495e460f3b8a7bbeasamba4-dc-libs-4.2.10-15.el6.i686.rpma58b90e133886d65d148ea48fd2e1f60de4b9b36c83b848861274eef7cad29desamba4-libs-4.2.10-15.el6.i686.rpm81f50fd64506025092260bca0785cbf2557977bd2b446d0f5868fb6916a0c73bsamba4-winbind-krb5-locator-4.2.10-15.el6.i686.rpmf9ecc52a17c105417cb8c41e45fb585a8bf3d1888c9a11cfb626485e4ecc2b2dsamba4-devel-4.2.10-15.el6.i686.rpmc53586437fd10c052ca45f3affe76266e6cedc218c8d769322184087de1fa8e5samba4-pidl-4.2.10-15.el6.i686.rpma78e311688ca714442488ee751f1c294fefd1c35aec4744136bfd6f03853137fsamba4-client-4.2.10-15.el6.i686.rpm73df029d8cada60ab50a55c578a926dd1ee3731c2e1494df02d0d4582df369afsamba4-dc-4.2.10-15.el6.i686.rpmb274f0773ba96eb1a9815093f3b7c911644a13f994afa3ed3483be3b99e75128samba4-4.2.10-15.el6.i686.rpm624a5c0c37038663930e52eb24cf51f2f7f1ad013280899a82937c864f9abfe8SLSA-2018:1927-1Security Fix(es): * pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086)moderateScientific Linux FermiScientific Linux Fermi 6pcs-0.9.155-3.el6.i686.rpmfc6fec09c87819ec6215d90a92fe5958bb39fdddf038cc25c98e3145228f545aSLSA-2018:1929-1Security Fix(es): * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064)lowScientific Linux FermiScientific Linux Fermi 6libvirt-0.10.2-64.el6.i686.rpm38374c6e826f0499bf9f979349733133fcc4d73821eec8b326244a97c87eea4elibvirt-devel-0.10.2-64.el6.i686.rpm267f287954964264c2736ab4d4b8a78f812c05af4b3cfe3ca374f230bb0e225clibvirt-client-0.10.2-64.el6.i686.rpm49866f2a628c34692feb0d8a43aad8ccb92aa31fdc5b296ffabc73e4afe3e63alibvirt-python-0.10.2-64.el6.i686.rpm3c627eb84744d57e9028021db5eaee4d2777f3a6c15a097792cf66a7ea3293e0SLSA-2018:1932-1Security Fix(es): * zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c (CVE-2018-1083) * zsh: buffer overflow when scanning very long directory paths for symbolic links (CVE-2014-10072) * zsh: buffer overrun in symlinks (CVE-2017-18206) * zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution (CVE-2018-1100)moderateScientific Linux FermiScientific Linux Fermi 6zsh-4.3.11-8.el6.i686.rpmd8943ef934e6dca3e57cd3d4d9f60a64f99e47471ef0ec06ab05b5efb4b36e9azsh-html-4.3.11-8.el6.i686.rpm3363c7ea898b4fe67673c9274e213e4f56dbd74c56d059066905a7fec92b52d6SLSA-2018:2112-1This update upgrades Firefox to version 60.1.0 ESR. Many older firefox extensions must be updated to work with this new release. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188) * Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359) * Mozilla: Use-after-free using focus() (CVE-2018-12360) * Mozilla: Media recorder segmentation fault when track type is changed during capture (CVE-2018-5156) * Skia: Heap buffer overflow rasterizing paths in SVG (CVE-2018-6126) * Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362) * Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363) * Mozilla: CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364) * Mozilla: address bar username and password spoofing in reader mode (CVE-2017-7762) * Mozilla: Compromised IPC child process can list local filenames (CVE-2018-12365) * Mozilla: Invalid data handling during QCMS transformations (CVE-2018-12366)criticalScientific Linux FermiScientific Linux Fermi 6sl-indexhtml-6-10.sl6.noarch.rpm0f82668f4f3c98b676cee0160a8cc705afac62e804119a22f492639b351ae5e3firefox-60.1.0-5.el6.i686.rpm52352fe1da4c80f585189ac6340a75ddc8cda3cb01ccc5767690c8d1f93604c4SLSA-2018:2162-1Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. * QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858) * QEMU: vga: OOB read access during display update (CVE-2017-13672) * Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683)importantScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.506.el6_10.1.i686.rpm7964eb4bc31a5a964a0865ace3f55d057945ca7432838fbf5302781b5504e147SLSA-2018:2164-1Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD) * kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy function allows local denial of service or other unspecified impact (CVE-2018-10675) * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) * kernel: error in exception handling leads to DoS (CVE-2018-8897 regression) (CVE-2018-10872) Bug Fix(es): * Previously, microcode updates on 32 and 64-bit AMD and Intel architectures were not synchronized. As a consequence, it was not possible to apply the microcode updates. This fix adds the synchronization to the microcode updates so that processors of the stated architectures receive updates at the same time. As a result, microcode updates are now synchronized.importantScientific Linux FermiScientific Linux Fermi 6kernel-abi-whitelists-2.6.32-754.2.1.el6.noarch.rpmfdc54d149663e61aca9ddf3d71cc911c62f56856622efa647788d5344231de07perf-2.6.32-754.2.1.el6.i686.rpmfcb15fe4a498200f975029fd8890401061aa1cfbcc292b4c73e245736aa3b5b3kernel-headers-2.6.32-754.2.1.el6.i686.rpm6b7edbf8da19506399d69b2e7a1b6196be4bb11c609ff8bc58492078d9967ecekernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm821b5d489d85af46b0385712904182a1012cdf892b079e77767c5c74150ea5adkernel-debug-2.6.32-754.2.1.el6.i686.rpm81fe8fc900be414caced241043c4ce8d4cf1283c8242f1e6618d0ab3de7d3251python-perf-2.6.32-754.2.1.el6.i686.rpma4d5ba0e43ca9db7ba6b85392788f473f0cd6285855f242decdd6a1879dfb464kernel-doc-2.6.32-754.2.1.el6.noarch.rpme29f995b78509d2d04f34728442ebb8c7ba9dc1f6a99b3c35086f2039082b75fkernel-devel-2.6.32-754.2.1.el6.i686.rpm6716fc6808e45137792c2a474c1fe304ba76b547665424e379c3eb92ced7871fkernel-2.6.32-754.2.1.el6.i686.rpmeaa748ffd16a65c4cd945ab45f6aa09e06244b3315a5114655e2c4c8eebf956bkernel-firmware-2.6.32-754.2.1.el6.noarch.rpm6f98f13f8960365ad13a81c46a408d7c40089e966c557c0ee8261ca2b27356e5SLSA-2018:2180-1Security Fix(es): * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020)importantScientific Linux FermiScientific Linux Fermi 6gnupg2-2.0.14-9.el6_10.i686.rpmab713e68d1dc5bbed95843f8bdf414a31e3cfda4a706111f9efe93481b3219eagnupg2-smime-2.0.14-9.el6_10.i686.rpm65e9884996d2de4808ea5b85b1b2ed17361e2785ab11e9ae942581a6ec47d9d3SLSA-2018:2241-1Security Fix(es): * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952)moderateScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-headless-debug-1.8.0.181-3.b13.el6_10.i686.rpmfabba38e04fcf91464f296f4cdcee7cbf3fd1b81f1617f4a5ed565b27fa97841java-1.8.0-openjdk-headless-1.8.0.181-3.b13.el6_10.i686.rpm4c81cbd3d0adc142d29177b338ce13d7c597c6048f8c9bbb8b1d15e70f46ad0bjava-1.8.0-openjdk-demo-1.8.0.181-3.b13.el6_10.i686.rpm3278a4573468a458a41401274b652b0816e571f87278e0169188ee31a8bde442java-1.8.0-openjdk-src-debug-1.8.0.181-3.b13.el6_10.i686.rpm049fe05cf6a232aeaabbf54732387da4e01c3842ff8ef60171e66b6fd554d042java-1.8.0-openjdk-debug-1.8.0.181-3.b13.el6_10.i686.rpma4db9ad2b549d666e8b03203b045f26021bce14f810f576e3d0a33d54c37e68bjava-1.8.0-openjdk-devel-debug-1.8.0.181-3.b13.el6_10.i686.rpm2012625afc27f05fce42afdfadaea8bb52e63d771fe618b4c4832e1ed2451bbejava-1.8.0-openjdk-demo-debug-1.8.0.181-3.b13.el6_10.i686.rpm7fc6d4e5df0de3d13a2d056b5d6481395b638b6cf9845a4b5dc78297ce2175bdjava-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.i686.rpm6ad4b5b151ab7deccd5f67055b1f5ebe9c8f772b1aa99bd8ae06321c9808b734java-1.8.0-openjdk-javadoc-debug-1.8.0.181-3.b13.el6_10.noarch.rpm2691bd4f9a84b729590e87d8b2c30540cefefd7b7e41908a4abb1b2c9b2a5702java-1.8.0-openjdk-devel-1.8.0.181-3.b13.el6_10.i686.rpm0298968352e5180b9ada35c7a1b8f806ca82f37cd8015f5b08c71f55ff09afb5java-1.8.0-openjdk-src-1.8.0.181-3.b13.el6_10.i686.rpmc2472e98bca1e3653fa7d128b1961e30282e3d5974e4288e153c1ecb2b64e13ejava-1.8.0-openjdk-javadoc-1.8.0.181-3.b13.el6_10.noarch.rpm62b560057b715e4ce12cf994734a899432bbc8cfc32a1f9f015c2c7777c38ad9SLSA-2018:2251-1This update upgrades Thunderbird to version 52.9.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188) * Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359) * Mozilla: Use-after-free using focus() (CVE-2018-12360) * Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362) * Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363) * Mozilla: CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364) * thunderbird: S/MIME and PGP decryption oracles can be built with HTML emails (CVE-2018-12372) * thunderbird: S/MIME plaintext can be leaked through HTML reply/forward (CVE-2018-12373) * Mozilla: Compromised IPC child process can list local filenames (CVE-2018-12365) * Mozilla: Invalid data handling during QCMS transformations (CVE-2018-12366) * thunderbird: Using form to exfiltrate encrypted mail part by pressing enter in form field (CVE-2018-12374)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-52.9.1-1.el6.i686.rpm9ff70a180e4178d9348d8abb9970e953c9cf4ff53773fcc4a7215c455765e8d5SLSA-2018:2283-1Security Fix(es): * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952)moderateScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-javadoc-1.7.0.191-2.6.15.4.el6_10.noarch.rpm1413de66858fffd7be69dd4f496177c1ee21b8875cc20df1bcf3a99c75a5c83ajava-1.7.0-openjdk-1.7.0.191-2.6.15.4.el6_10.i686.rpm4ff5d2e4d1290c3d8f66304dea20240712363cf0842b7795d54c90294db11f61java-1.7.0-openjdk-devel-1.7.0.191-2.6.15.4.el6_10.i686.rpmf347fdf19cef4e14dceaaad0360d7fbca6e6db33e80efd529c14c2a1cc93be85java-1.7.0-openjdk-src-1.7.0.191-2.6.15.4.el6_10.i686.rpm5efb45dd9343b65f2b96b3ec56a2036898d6b4328fd38884a1443d1a044cf4ccjava-1.7.0-openjdk-demo-1.7.0.191-2.6.15.4.el6_10.i686.rpm48f5af48c5381630e09350b844f7336d20f4e3a60902b99142a66280ef5495b7SLSA-2018:2284-1Security Fix(es): * yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897)importantScientific Linux FermiScientific Linux Fermi 6yum-plugin-show-leaves-1.1.30-42.el6_10.noarch.rpm4d6e9b1612c1a8a46b4024fdcd055cd17c3f6b727989bdaadac1a36a3c877845yum-plugin-rpm-warm-cache-1.1.30-42.el6_10.noarch.rpm204c3746eeb040ef109e09b076d07100c42f458a7297faed226effda8e9b441fyum-plugin-tmprepo-1.1.30-42.el6_10.noarch.rpme99f7e126faa01a980cada21f07895e5bd5d33784469e6fe9cd34bbd9cd932e3yum-plugin-verify-1.1.30-42.el6_10.noarch.rpm3594f07f96de23e75358d99dbed6b8ca651c3a2b17e263b177713874665ca69ayum-utils-1.1.30-42.el6_10.noarch.rpm18964c5dd295e7517a568d1ace3e4b04e9ce7fbb6edff47875a516137ed1017fyum-plugin-post-transaction-actions-1.1.30-42.el6_10.noarch.rpm0021690dfd14c3f7467073e75a1f3a819e7096facd6e31d52bfc3745e91461fdyum-plugin-list-data-1.1.30-42.el6_10.noarch.rpmadc02f3944c0b94cd4d6aae3317cb6bc768e57377b127c3e925946c1e4e8025dyum-plugin-fastestmirror-1.1.30-42.el6_10.noarch.rpm6035740076674b34195a8a0b8541cf3d6a8d05bd3f3b091cbe5558d753c6041dyum-plugin-aliases-1.1.30-42.el6_10.noarch.rpm23c0431eb9c10d6232b1a1d403ef164c46e86591565c6d0bc69f07178dccb3f4yum-plugin-ovl-1.1.30-42.el6_10.noarch.rpm945e680bb51d2c9613a3fa5917bc23de86a5185b24ca1d192440577f7244aa0eyum-plugin-tsflags-1.1.30-42.el6_10.noarch.rpmd88ad93aa065d7d0801b05d47667a6480a02b8150babb245d2d81276aeea1bf1yum-updateonboot-1.1.30-42.el6_10.noarch.rpm744439503c7cdd6fabcba5c8b3659c211493fcdc37200d43a378eeb7da68511ayum-plugin-local-1.1.30-42.el6_10.noarch.rpm5438236b802e01a19009fc09e8fca032e8c18fbabfd5ec531e95f844360fc301yum-plugin-versionlock-1.1.30-42.el6_10.noarch.rpmd5c89381cb35629175ca08ae3d9967109f67d8ace618a63da20448aef577245eyum-plugin-fs-snapshot-1.1.30-42.el6_10.noarch.rpmca64823750caeae7b80c25c339523a3cea8884fadb895d717888be1ef731bde9yum-NetworkManager-dispatcher-1.1.30-42.el6_10.noarch.rpmab14ca9d1d021286724d0690feb09a42d10824510d27e1c3b9956189739b8f37yum-plugin-security-1.1.30-42.el6_10.noarch.rpm536069961e8b456087d562ee5cd1ce95b948bd2194e8e27ee9b41a109941eb60yum-plugin-protectbase-1.1.30-42.el6_10.noarch.rpm840a8471f6157337b1eb3d5263f5c4723b189f56cdac886d5077775ba2b1dc76yum-plugin-auto-update-debug-info-1.1.30-42.el6_10.noarch.rpm461825b165262e31b7ac3cc738089bdf3b722fbea899e1350232cebb4fbea934yum-plugin-priorities-1.1.30-42.el6_10.noarch.rpm837d4a10ca94d64886123262f0b7f7d434ea42119c1203b2df0f8067ac0b81d6yum-plugin-changelog-1.1.30-42.el6_10.noarch.rpm88bdf6618ba1041b898fafd1a92a23dada85a1f912e211ac81f9ea983f2281f7yum-plugin-remove-with-leaves-1.1.30-42.el6_10.noarch.rpm8445db17196626778735605a35ad2feaead7a76acef3f5d118bae40fde566dceyum-plugin-merge-conf-1.1.30-42.el6_10.noarch.rpm7df9ba9a494a6fe20519be5845cbd5d60d05276737171caaa1a95a92a50a360cyum-plugin-upgrade-helper-1.1.30-42.el6_10.noarch.rpm14eb4dcd3bfe045e929c6a10d1540acc1857b5c1bed834079683d13d021770c5yum-plugin-ps-1.1.30-42.el6_10.noarch.rpm384f6815b3d7299017f9fcf07a7a6a96ffb18e66d414385548fc808342e0a472yum-plugin-filter-data-1.1.30-42.el6_10.noarch.rpm20b47fc4d9cde1c35fdd3555b7cd4737fa865e9ad0f4edeb53a391c083c31f39yum-plugin-keys-1.1.30-42.el6_10.noarch.rpm76b09d70a6e94ca3d894d2f8c4c97eee95fe118df28fd9a5f9d0598c593ddb9dSLSA-2018:2308-1Security Fix(es): * openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution (CVE-2017-17833)importantScientific Linux FermiScientific Linux Fermi 6openslp-2.0.0-3.el6.i686.rpm1e9cc6032c5455e42fb331cee2d74c8c458b74194292f926bb5baf6173c15181openslp-devel-2.0.0-3.el6.i686.rpmcad2281b0054d0180d87e9187643325f0bd1bc8e5695dbb1281f25c01049dea2openslp-server-2.0.0-3.el6.i686.rpm930886e865d07615b0934dfe523e129c08910633616040c77b3060b82cd3dd57SLSA-2018:2390-1Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side- channel attacks. (CVE-2018-3693) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) * kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) Bug Fix(es): * The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur.importantScientific Linux FermiScientific Linux Fermi 6kernel-devel-2.6.32-754.3.5.el6.i686.rpmdf01c079bde8ad24c52c5f41b45355f8748f6cfb094867989cf915d806baf94fkernel-doc-2.6.32-754.3.5.el6.noarch.rpm2d1d37b8b04c2b61f0c281324a1443f485fb142c57e294571ba002db7dc579e2perf-2.6.32-754.3.5.el6.i686.rpm9a7a4ae39c32a707adeb0dba678febcc60b8dff5087aab7808cfd64a90903f81python-perf-2.6.32-754.3.5.el6.i686.rpm2a719bd9a8ce0886a9bb592323184abcda5b34168e6bbe65c598f586022bdcdfkernel-firmware-2.6.32-754.3.5.el6.noarch.rpmea0a5bf9299f4878da671349438e1e1bcc90eeb8e49a93994345b5e7a9add988kernel-debug-2.6.32-754.3.5.el6.i686.rpmc9f5b2b43d56725ddc8fb30fa2cd0d464a1fa9c9bd17f19a96bb26196f12a9e9kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm3caaa45863cdd17ad054c15fe8bd32c7b1dae1a82bb3f7c7e95ec8ebc61b5e07kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm2645c0d03833a757032aaed00226b95613411d8e48bfb9ec0b169afde88e85e3kernel-2.6.32-754.3.5.el6.i686.rpm153895861d841ce1f6c1b08a31b88f320da6b124f7d282581a9c5662f61cf2a3kernel-headers-2.6.32-754.3.5.el6.i686.rpm821dd9df396184d8032980b2a33f6fdb8d69d4e46b6ebffde72e1e9679b9eb3fSLSA-2018:2526-1Security Fix(es): * mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354) * mutt: Remote Code Execution via backquote characters (CVE-2018-14357) * mutt: POP body caching path traversal vulnerability (CVE-2018-14362)importantScientific Linux FermiScientific Linux Fermi 6mutt-1.5.20-9.20091214hg736b6a.el6.i686.rpmb76f67314c3c2c9196470fce18312aa92c67ebfd27c901659808e637fb8f2d1aSLSA-2018:2571-1Security Fix(es): * bind: processing of certain records when "deny-answer-aliases" is in use may trigger an assert leading to a denial of service (CVE-2018-5740)importantScientific Linux FermiScientific Linux Fermi 6bind-sdb-9.8.2-0.68.rc1.el6_10.1.i686.rpm10bf6ccb00491852190c58295c9dc305d51b3558a6e4f1585aaa855827907fe4bind-chroot-9.8.2-0.68.rc1.el6_10.1.i686.rpm9838e53ccf22c9e2b3b076e727e7ec4778155d7aa39e86b9fc79dc4a55ba4882bind-libs-9.8.2-0.68.rc1.el6_10.1.i686.rpm20c898d58c1d3548fe3fc6e1401e5d3ed4354f0cbf1f8870afd6320fa8764562bind-devel-9.8.2-0.68.rc1.el6_10.1.i686.rpm8ce80c47c82c6fce7ca1492c1d901606ed4384cfc5a4e446e86ab5d2c4a60c55bind-9.8.2-0.68.rc1.el6_10.1.i686.rpmf1d9c5871f7d44dc5ce5253be2fa4c9b2d60fc14b1b9f48e6386d573baba3f3ebind-utils-9.8.2-0.68.rc1.el6_10.1.i686.rpm9d11b9ff6aea9a31f5118a4d9e22904c3f5026b1a19b4853bb080a5f1c3a7ecbSLSA-2018:2693-1This update upgrades Firefox to version 60.2.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376) * Mozilla: Use-after-free in driver timers (CVE-2018-12377) * Mozilla: Use-after-free in IndexedDB (CVE-2018-12378) * Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541) * Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-12379)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.2.0-1.el6.i686.rpmfc7e928e9c453e79c09e798b2caac48e04658f30ce9e92dbf677d37f223b5b1fSLSA-2018:2732-1The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Security Fix(es): * spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873) This issue was discovered by Frediano Ziglio (Red Hat).importantScientific Linux FermiScientific Linux Fermi 6spice-gtk-python-0.26-8.el6_10.1.i686.rpmfb9458c880bb1ff5049d72dfc26ab3e9f939ffa6d9eac264272a11e6ccc57f87spice-gtk-0.26-8.el6_10.1.i686.rpmf498ddff72f578e1f08d7f17a2920c61e628788b155890025e873091d083dbc4spice-glib-0.26-8.el6_10.1.i686.rpm11d26abf0cf2fb5589e1ee5a6a30d906ddfb559245e27792ac88a0f2852f7b7cspice-glib-devel-0.26-8.el6_10.1.i686.rpmd4c82853d9281db4f2e00e222c7ca23abe1d6f6ddee41ebc8b7280fa40ec3f10spice-gtk-tools-0.26-8.el6_10.1.i686.rpm7cd694edfa1e25ee8adfead3b9b27d0a46db74d379c7e045a27219c2fb76d1efspice-gtk-devel-0.26-8.el6_10.1.i686.rpm25694d9d13130b79f690f404deb9fdcedf976d0fea0735640398901b93ad8055SLSA-2018:2737-1Security Fix(es): * mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess (CVE-2011-2767)importantScientific Linux FermiScientific Linux Fermi 6mod_perl-devel-2.0.4-12.el6_10.i686.rpm998c1f690955ed5f658eff6d8d2da9c4b49b1684ca58a4096641a1bd30c920e7mod_perl-2.0.4-12.el6_10.i686.rpmb334f26ff0aac0d01ce66ce90e5b0a1636db50305012b734231e8878e4aef81bSLSA-2018:2834-1This update upgrades Firefox to version 60.2.1 ESR. Security Fix(es): * Mozilla: Crash in TransportSecurityInfo due to cached data (CVE-2018-12385) * Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords (CVE-2018-12383)moderateScientific Linux FermiScientific Linux Fermi 6firefox-60.2.1-1.el6.i686.rpm5a70c501ef2c715ba42dfd476980bd937d8ed361b3bf82350ec58c9dae40c048SLSA-2018:2846-1Security Fix(es): * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634)importantScientific Linux FermiScientific Linux Fermi 6kernel-2.6.32-754.6.3.el6.i686.rpm88acfa93e0371f194ad57716941e182af516c64d080639e8d3016fc3b4b98698kernel-doc-2.6.32-754.6.3.el6.noarch.rpm182217b470b386612c394ee7b2a7a50a8431b8d552728b89ad0ae1bcd7d7d2e2python-perf-2.6.32-754.6.3.el6.i686.rpm51a8dcbb87b40291b673491b23450c083842b035c5b5c10de12596a657d61ad5kernel-headers-2.6.32-754.6.3.el6.i686.rpm4ee79d035b77fdb76acb748837aeec3d33c0484a1ba91834ea234c932cae5339kernel-devel-2.6.32-754.6.3.el6.i686.rpma1159d9d6ae77eae110c907c34f5dc25f97cb4c2599097ab4e6020db0857359ckernel-abi-whitelists-2.6.32-754.6.3.el6.noarch.rpm5587939ade25cd387c7990abf181594c3f39b44be7e296cb0ec1a216d2b7ae6aperf-2.6.32-754.6.3.el6.i686.rpm74e3ce08137d5db72126bbea58e357459d166d77d9748665eaef0f351ede28abkernel-firmware-2.6.32-754.6.3.el6.noarch.rpme05690d00b11e3e32c33a30a04d257becd8c0c616f57233eb27840f3ae8b02fbkernel-debug-devel-2.6.32-754.6.3.el6.i686.rpm112065ba5c38cd113c9e5bbadccb95de839b11f00317bfa78039cb2bbc088c62kernel-debug-2.6.32-754.6.3.el6.i686.rpm7ca5bcfdbad86e7d5db92258ef0b51d4bb42ea2a93fa2ccaaa2cc30433f9ced8SLSA-2018:2881-1This update upgrades Firefox to version 60.2.2 ESR. Security Fix(es): * Mozilla: type confusion in JavaScript (CVE-2018-12386) * Mozilla: stack out-of-bounds read in Array.prototype.push (CVE-2018-12387)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.2.2-1.el6.i686.rpm1411366e742c9d32691a57851fac7eae3416623c65060256b2215f43fb56eb78SLSA-2018:2898-1Security Fix(es): * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384)moderateScientific Linux FermiScientific Linux Fermi 6nss-pkcs11-devel-3.36.0-9.el6_10.i686.rpm3955ebf933c501f7a77618de261c00ee4bff49630be140505a1914ab5cd7f869nss-3.36.0-9.el6_10.i686.rpm7653e2279deb2dca7db6a62952c1008fc94f45b10823b0f4f645c6b986e62d97nss-sysinit-3.36.0-9.el6_10.i686.rpm815ebece774b416cc306cb60fadc77b659a0925658e1cc2ce47b4e5927b8be02nss-tools-3.36.0-9.el6_10.i686.rpm908e36daccc04e1b280bc0f9532156d97d10ef7bb960731fc8a1ded586c1168enss-devel-3.36.0-9.el6_10.i686.rpm8a0df9c1531aeccfb5512a9380b92512e4d267f4af0f49e87015027b9b928758SLSA-2018:2943-1Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in singed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214)criticalScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-src-1.8.0.191.b12-0.el6_10.i686.rpm14190693fc0ab42521366bee15e3e7de4f70d5fefdafd1f409a1a0de8a3b1738java-1.8.0-openjdk-src-debug-1.8.0.191.b12-0.el6_10.i686.rpmefaf7715e0821de3511b7777b82a510b53a47ec331c37afe9ff86792372cc965java-1.8.0-openjdk-devel-1.8.0.191.b12-0.el6_10.i686.rpm597aa889fdddfe2c48d01fd0f2d0673c0b1224bffca90f1fa2a1b5d5630b6e62java-1.8.0-openjdk-headless-1.8.0.191.b12-0.el6_10.i686.rpmad37e112d8b13d34470ecf32c7767bb3ff36e53952b228a88197df953dfd52ffjava-1.8.0-openjdk-demo-1.8.0.191.b12-0.el6_10.i686.rpm2d84dc79bfd28b6f891ac917457778101c44d7ba0c4f4d0abba57c9c2cee3f46java-1.8.0-openjdk-javadoc-1.8.0.191.b12-0.el6_10.noarch.rpm566d959d6cee7821f83f70b8c39d850d2dc7ebfd76093a0e00ce142ad8e84f30java-1.8.0-openjdk-devel-debug-1.8.0.191.b12-0.el6_10.i686.rpmff6c8c1a9dba4acb70bf25b42d15c7a36615e19c9b867fb8689a2cd7af5328ebjava-1.8.0-openjdk-debug-1.8.0.191.b12-0.el6_10.i686.rpm0d6efd201b1b74dd80ec7393d353dd36823de9e624c16c43810ea96b432352f9java-1.8.0-openjdk-demo-debug-1.8.0.191.b12-0.el6_10.i686.rpmf66a41193d7e4a48db2475e56fce460aa886efc1fa199ba10c6cd871d6fa4cb1java-1.8.0-openjdk-javadoc-debug-1.8.0.191.b12-0.el6_10.noarch.rpm2ae2e357f0531a5499a250c905ef5de7f8094c0ead035a35554848a7ba03369ejava-1.8.0-openjdk-1.8.0.191.b12-0.el6_10.i686.rpmd960a3879055fc526d2aa2d6c41dba5e825a7cc4f719220124f110cdf87ea423java-1.8.0-openjdk-headless-debug-1.8.0.191.b12-0.el6_10.i686.rpm82026be6474351351fbb766636e9e068fa31c3815c5b12b4a957e9db8cdd30f1SLSA-2018:3006-1This update upgrades Firefox to version 60.3.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390) * Mozilla: Crash with nested event loops (CVE-2018-12392) * Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393) * Mozilla: WebExtension bypass of domain restrictions through header rewriting (CVE-2018-12395) * Mozilla: WebExtension content scripts can execute in disallowed contexts (CVE-2018-12396) * Mozilla: WebExtension local file permission check bypass (CVE-2018-12397) * Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.3.0-1.el6.i686.rpmede778eb071ce9650c5042c641e0759b5d32660591eb490b128a86fe88ee6db8SLSA-2018:3403-1This update upgrades Thunderbird to version 60.2.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376) * Mozilla: Use-after-free in driver timers (CVE-2018-12377) * Mozilla: Use-after-free in IndexedDB (CVE-2018-12378) * Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541) * Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-12379) * Mozilla: Crash in TransportSecurityInfo due to cached data (CVE-2018-12385) * Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords (CVE-2018-12383) Note: All of the above issues cannot be exploited in Thunderbird by a specially crafted HTML mail, as JavaScript is disabled for mail messages and cannot be enabled. They could be exploited another way in Thunderbird, for example, when viewing the remote content of an RSS feed.importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.2.1-5.el6.i686.rpm8aec597938c0b09a15aefb9276d545ad78529d53e14491607d4d3ca2f548da4aSLSA-2018:3406-1Security Fix(es): * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805)criticalScientific Linux FermiScientific Linux Fermi 6python-paramiko-1.7.5-5.el6_10.noarch.rpm2e9f7c86a90e9f28294513a3fd9189703ff0597aa1014af580528606a2938f30SLSA-2018:3409-1Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214)importantScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-src-1.7.0.201-2.6.16.0.el6_10.i686.rpm2023cae8abc619369126ae22052a08f967c630f8056b492b8a34d9f2951c8cffjava-1.7.0-openjdk-demo-1.7.0.201-2.6.16.0.el6_10.i686.rpmc4a07d817a7d4b11154163d727267be47760ceede25d0c995aa9a7adc4e6c1c7java-1.7.0-openjdk-javadoc-1.7.0.201-2.6.16.0.el6_10.noarch.rpm3a7a1024d765008366cde1ecbd58089d9d79f3bbe478ee161bf79d239f7f0cd4java-1.7.0-openjdk-devel-1.7.0.201-2.6.16.0.el6_10.i686.rpm1e46c05eab97512f40f138c296c916db29e0f0071b56d2693c76a8f6e1eca80djava-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10.i686.rpm82348ed91dc5f19783a498db48562486c3277492e2dc36d673c8a2da054ab146SLSA-2018:3531-1This update upgrades Thunderbird to version 60.3.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390) * Mozilla: Crash with nested event loops (CVE-2018-12392) * Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393) * Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.3.0-1.el6.i686.rpm2af08ab2baf1d50c7b58c959a2707d6b5b065095221f6d14e82dc29b77e54a6eSLSA-2018:3760-1Security Fix(es): * It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the - -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. (CVE-2018-16509)importantScientific Linux FermiScientific Linux Fermi 6ghostscript-devel-8.70-24.el6_10.2.i686.rpme6d50f05d18c2768306b1daa02c4639bff52828e0954b9b359d92e8aa0771390ghostscript-doc-8.70-24.el6_10.2.i686.rpmd6623d1e910f45b12d6902219879510e051c9660047ec6cff202617c0b3f249bghostscript-8.70-24.el6_10.2.i686.rpm19129067bd969ead4890e0d7385f09a971b91ca103df9f06c6250cfe105a0347ghostscript-gtk-8.70-24.el6_10.2.i686.rpm134e29149791bc6fb66574cdc78f2d63e2ecbc3fe9eee0eb2cc6d946809485deSLSA-2018:3831-1This update upgrades Firefox to version 60.4.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * Mozilla: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.4.0-1.el6.i686.rpm7e6a8856fa03774af2ede19dbb0e0e2ca404150ac76ce5cfec37b42bd0131003SLSA-2018:3854-1Security Fix(es): * ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327)lowScientific Linux FermiScientific Linux Fermi 6ntp-4.2.6p5-15.el6_10.i686.rpmd37d700d7f1fff5e1300f7b946324ae7754e5dd5909464cc89b9958e839b08e1ntpdate-4.2.6p5-15.el6_10.i686.rpmbc587e7aa78df780bfa5b22db3f9d7cca44f32a0c69ff2f85888c74c8d41e769ntp-doc-4.2.6p5-15.el6_10.noarch.rpmc82ee0772e881ec69ac19e51fb9e2360f223af9f4237a25309f13eed8ffae94dntp-perl-4.2.6p5-15.el6_10.i686.rpmba40c03eac5d98f0ab17d80289204015e238f6adaea1da94c1eb8b3d39afeba5SLSA-2019:0159-1This update upgrades Thunderbird to version 60.4.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.4.0-1.el6.i686.rpmb7ad2f390828354c97a2d2d17fcb4cc5043ebf4639f48bd6764a5783502b9a43SLSA-2019:0218-1This update upgrades Firefox to version 60.5.0 ESR. Security Fix(es): * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.5.0-2.el6.i686.rpmc249145e8254b9f684b3ad1c923e23d371deb91ce64390a5a4a8a73a997c30e6SLSA-2019:0269-1This update upgrades Thunderbird to version 60.5.0. Security Fix(es): * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) * libical: Multiple use-after-free vulnerabilities (CVE-2016-5824)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.5.0-1.el6_10.i686.rpm7d9fc59db28172c2a1a0d7ca5349ab4889280b7ff13af392a17da772ad6e24f4SLSA-2019:0373-1This update upgrades Firefox to version 60.5.1 ESR. Security Fix(es): * chromium-browser, mozilla: Use after free in Skia (CVE-2018-18356) * mozilla: Integer overflow in Skia (CVE-2019-5785)importantScientific Linux FermiScientific Linux Fermi 6firefox-60.5.1-1.el6_10.i686.rpm8bfd2157ce8a1ab01f51be795ec16e763cf09b3b56142705e67cf0ddd0a01d9cSLSA-2019:0415-1Security Fix(es): * kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) Bug Fix(es): * Previously backported upstream patch caused a change in the behavior of page fault handler. As a consequence, applications compiled through GNU Compiler Collection (GCC) version 4.4.7 sometimes generated stack access exceeding the 64K limit. Running such applications subsequently triggered a segmentation fault. With this update, the 64k limit check in the page fault handler has been removed. As a result, running the affected applications no longer triggers the segmentation fault in the described scenario. Note that removing the limit check does not impact the integrity of the kernel itself.importantScientific Linux FermiScientific Linux Fermi 6kernel-debug-2.6.32-754.11.1.el6.i686.rpmeb63e3cc4cd66e54c180428585458c372ac247eb03e09541d12c78ec19f81bdfkernel-abi-whitelists-2.6.32-754.11.1.el6.noarch.rpm6da6a9ef8b3191e30759860513dca99e2fc644f59c9afd6027e603e4aa905583perf-2.6.32-754.11.1.el6.i686.rpm29dc90e7e071a624e7cd1ef43735c6e34b95887e29393b26cd872d3316f9cd9fkernel-doc-2.6.32-754.11.1.el6.noarch.rpmd9cd89b5755552488aa295527afcdfafb0f25d456b87a9200463a95bb864aa91kernel-debug-devel-2.6.32-754.11.1.el6.i686.rpmda396184e8a0aedfc08fe4f9243afaea08ad5f54c1660dee3a073b6492166704kernel-headers-2.6.32-754.11.1.el6.i686.rpm57740db1a992a228a929a27f0dca0c7ce3d6979c2783b5ad681c55feb738cbe8kernel-devel-2.6.32-754.11.1.el6.i686.rpmf28e1d1e55d2b0ceb47689df0730f6118c65b9e29394e8a2976f80bfeebb6338python-perf-2.6.32-754.11.1.el6.i686.rpmdd5e479a997b99cf4bd7a0a529c0a30647c0ddffb4ca262ec4813b5411aaedcekernel-2.6.32-754.11.1.el6.i686.rpm25506f3d6fe7b7ddeadee6e2d819f2d73e6bbe46ca2c638e87073719aeccc664kernel-firmware-2.6.32-754.11.1.el6.noarch.rpm80afe0e5dbe79721c10b46ba211e4b4738b6af7cbe3834fff0f9ab456f91d044SLSA-2019:0416-1Security Fix(es): * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422)moderateScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-devel-debug-1.8.0.201.b09-1.el6_10.i686.rpm72f9a9a48e0716b5b45b279e0eabe99e480f064cf6a31a63e0f7107cb5f9fda6java-1.8.0-openjdk-javadoc-1.8.0.201.b09-1.el6_10.noarch.rpmb8a63a9bfb16fdf95ea239b84718079685034acb094344208834a3920928c079java-1.8.0-openjdk-headless-1.8.0.201.b09-1.el6_10.i686.rpmeffba4f2e783adb9ea01cb3905a9c27927d11337b86acefda346fc697ef18936java-1.8.0-openjdk-src-debug-1.8.0.201.b09-1.el6_10.i686.rpm4914ad0080e56778664b012107451e6c3f3830791073ee4d9b239a7236b57143java-1.8.0-openjdk-src-1.8.0.201.b09-1.el6_10.i686.rpm2a9cac425f68d951b17a56d9ea9bf9cc718b9f9f864f51d1b00ceea86132be13java-1.8.0-openjdk-headless-debug-1.8.0.201.b09-1.el6_10.i686.rpm9c76abb89a3863d4faa65c06f42cafdc7d3f6fcdb86451890bf452bc9a40ca69java-1.8.0-openjdk-1.8.0.201.b09-1.el6_10.i686.rpm6f7232080a975cc500633d4c6ea9c7c388fd56270190a9fca05f9d741579e93bjava-1.8.0-openjdk-devel-1.8.0.201.b09-1.el6_10.i686.rpmd78834b06e5b1486eb894d0e284a2263038e686810c1d8e22e5f109b6bd302d5java-1.8.0-openjdk-debug-1.8.0.201.b09-1.el6_10.i686.rpmd672da50aee63b45d677a7829bc42b3950feccf17722d93567f0234e4426e9ecjava-1.8.0-openjdk-demo-1.8.0.201.b09-1.el6_10.i686.rpm4da90a03f97d920766257b1c83ab2a37bc733435294edee44a12c735c7c3ae28java-1.8.0-openjdk-demo-debug-1.8.0.201.b09-1.el6_10.i686.rpma9a7477383d76ad09c090bbc8466f74832993ac3de518f5adb11f82e13a04348java-1.8.0-openjdk-javadoc-debug-1.8.0.201.b09-1.el6_10.noarch.rpm686fe9f40b9b7974ae00e73a7f9a08dcb962961d815734f2567ccf87889d0018SLSA-2019:0420-1Security Fix(es): * polkit: Temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133)importantScientific Linux FermiScientific Linux Fermi 6polkit-devel-0.96-11.el6_10.1.i686.rpmed349855c2dc321bc9394ddfa3a5ddfeb4d32ec04c6cbcd0f0e7e8eae36575e7polkit-0.96-11.el6_10.1.i686.rpm569f6e45bd66cc5d945a5dca4b8fcfff70032e44c7a937a416fe38d2778e7141polkit-desktop-policy-0.96-11.el6_10.1.noarch.rpm509556641a226de36aa3bd79158e79e8e14588a42a5c568566c0b959785fb2d4polkit-docs-0.96-11.el6_10.1.i686.rpme1bd35af79bcdbb4a99ca5495255fbd38190daf6754cb4b771899e410c3842c8SLSA-2019:0462-1Security Fix(es): * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422)moderateScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-javadoc-1.7.0.211-2.6.17.1.el6_10.noarch.rpm0d7fc07ee894fd26c35ae8e74cc26708df8cf01a326b86efd7806193b8a60f67java-1.7.0-openjdk-1.7.0.211-2.6.17.1.el6_10.i686.rpm613354b149b68e9aa5cfe4b84163c02d27f0412e86f0305b6369b7ef3eed74aajava-1.7.0-openjdk-demo-1.7.0.211-2.6.17.1.el6_10.i686.rpm0c37435953b36a7859ec2f38e034c2708730bd19a18007ba2bd04e4798596dc8java-1.7.0-openjdk-src-1.7.0.211-2.6.17.1.el6_10.i686.rpm4f27be557451956eb552fb98706203f7f2d83aaa65077758aa030bb5900d7febjava-1.7.0-openjdk-devel-1.7.0.211-2.6.17.1.el6_10.i686.rpm44b13aec0af6fc44e7fc8e98b705592165c7327f821714ceb19e8cbe68012f19SLSA-2019:0623-1This update upgrades Firefox to version 60.6.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792) * Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793) * Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795) * Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796) * Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.6.0-3.el6_10.i686.rpm6e7308e77335ae44c84d98147143d202fbfcffadbfa662aed531acf62f0f4db3SLSA-2019:0672-1This update upgrades Firefox to version 60.6.1 ESR. Security Fix(es): * Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810) * Mozilla: Ionmonkey type confusion with __proto__ mutations (CVE-2019-9813)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.6.1-1.el6_10.i686.rpm34a5d43d2f9fd082108b1f6e5494390bae27763b4bf1d27300d81a43265e5736SLSA-2019:0680-1Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792) * Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810) * Mozilla: Ionmonkey type confusion with __proto__ mutations (CVE-2019-9813) * Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793) * Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795) * Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796) * Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.6.1-1.el6_10.i686.rpm953972d870394e5149ca8a39e4d09b097f62a3b32c3f79eb196320061e925d23SLSA-2019:0711-1Security Fix(es): * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)lowScientific Linux FermiScientific Linux Fermi 6pam_ssh_agent_auth-0.9.3-124.el6_10.i686.rpmc5a4a171ed4c435001e686aa8986e8d9609c60c7e898524a2431e16b735a730dopenssh-5.3p1-124.el6_10.i686.rpmd8dba83443b4ee665dcf85dbe5d05568ac3f6aa448017ccac834a6a7c7f152d0openssh-askpass-5.3p1-124.el6_10.i686.rpmd2e12b7b43ea7f6f990f8b78cb1fd23fbb8b220c68ebd617fc9b2b191576f40copenssh-ldap-5.3p1-124.el6_10.i686.rpmc708206b081f1b3916fa432b951d5e06c6c5731c94f57330fd4ac0620cacf2caopenssh-clients-5.3p1-124.el6_10.i686.rpma55495d6c00cf449108441be51f1415892a817c0b53a909da543a634e6d79d49openssh-server-5.3p1-124.el6_10.i686.rpmb48d7d7bcbf1b91d4936846776ea0e064b8685103a0c595fa08e561dc00504e3SLSA-2019:0717-1Security Fix(es): * kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)importantScientific Linux FermiScientific Linux Fermi 6kernel-debug-2.6.32-754.12.1.el6.i686.rpm729005bff510f516777cd403d1c2e6bd47c2a8d81528ea5d939d2e65c32ec649kernel-debug-devel-2.6.32-754.12.1.el6.i686.rpm32dc06f0f09f8fc2ff4f92063a276c883c01d83a5b68f04c168d129cc9c82b0dkernel-headers-2.6.32-754.12.1.el6.i686.rpm31cef48ffa3fec6e9b5ac51d540fe609b8c3a5e4f59487e201eb486f810415e2kernel-firmware-2.6.32-754.12.1.el6.noarch.rpmee86cd43a1dd0122b2e726d8fe7f004c17c33156993e7fbfdc95e5ab8c231ae5kernel-doc-2.6.32-754.12.1.el6.noarch.rpma06acfb19b7f582876446695b744f6f1921ef89a21033acd79d355a5bb3dfb63perf-2.6.32-754.12.1.el6.i686.rpmb78b97e83988e3e3d7d16c6e9018c7f020219d883288e599d8d9fb36a6f6149akernel-2.6.32-754.12.1.el6.i686.rpm57de82fde0224756dafa2f514069f616e5fb7e103513f88697ecc33f533044ebpython-perf-2.6.32-754.12.1.el6.i686.rpmf77f55fd2782dd240dd4fa082698f58d6cb0dbf0179fc4b4d3752dd0f5527e60kernel-devel-2.6.32-754.12.1.el6.i686.rpm00d46d8f37325bb1e5404b431b6900ea0aba79271a9e83027bbca4c68374c425kernel-abi-whitelists-2.6.32-754.12.1.el6.noarch.rpmdc23144ede380cce63aac7b9a4e1d2d003a6a4461db292ec0e27b80cec4ea6f4SLSA-2019:0774-1Security Fix(es): * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) Bug Fix(es): * assert failure in coalesce.cpp: attempted to spill a non-spillable itemimportantScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-demo-1.8.0.212.b04-0.el6_10.i686.rpm1b0408e9c4c2c179f71622d939235acefed4efc280007708f98d8fede9a3cda5java-1.8.0-openjdk-src-1.8.0.212.b04-0.el6_10.i686.rpm04592ce61b4d667a7d937915af9ab04f4cd4ac1c07c0c12d334ae5f521f095d5java-1.8.0-openjdk-debug-1.8.0.212.b04-0.el6_10.i686.rpmff3f57c38cdfa99a6f5250e0bc204f54bdb7eb3f13ee3f0e5d3a9f208efdeee0java-1.8.0-openjdk-devel-debug-1.8.0.212.b04-0.el6_10.i686.rpm887a20657bf7b75edb423b9272b0f7f8e11839f9a1d938dcb0d5c4e33c027a85java-1.8.0-openjdk-javadoc-1.8.0.212.b04-0.el6_10.noarch.rpmb9e34add24aa6012a59e8fa5445fc73fb62574efe902c3f2be44db65af51e39djava-1.8.0-openjdk-headless-1.8.0.212.b04-0.el6_10.i686.rpme2c455f18289c7bb1bdadd4c14ed8a8cd732c7111169a0c2ccc7d38d9c04a4e8java-1.8.0-openjdk-headless-debug-1.8.0.212.b04-0.el6_10.i686.rpm301a8eacb6c2db51ac90354cbe4535ab9f69715acf93a7dd414dc2fbcadfeab3java-1.8.0-openjdk-javadoc-debug-1.8.0.212.b04-0.el6_10.noarch.rpmce2c81654331538cd7001842aebb8e0511f3ba871ed7ed27f3e4533510f652ebjava-1.8.0-openjdk-devel-1.8.0.212.b04-0.el6_10.i686.rpmc8f1c52c412115cba9eacb38445f22e10a25107a96c04bf85377d95a4c8a9347java-1.8.0-openjdk-src-debug-1.8.0.212.b04-0.el6_10.i686.rpmbb61da9e2afced3e1ce384f1c7d5bf266051ce0f2deb5fa9e17d6894e8a16e37java-1.8.0-openjdk-1.8.0.212.b04-0.el6_10.i686.rpm23ff2c4076e5012c65e1b342a4dbab9cf0b337cb3f7023f6ed723a4979f6f76djava-1.8.0-openjdk-demo-debug-1.8.0.212.b04-0.el6_10.i686.rpmc1fd6528591bac578a94b60ec49fbd9025a9955c0667cea8b806c49deea358d2SLSA-2019:0790-1Security Fix(es): * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)importantScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-javadoc-1.7.0.221-2.6.18.0.el6_10.noarch.rpmf1a9617fd9bfb764a9f48d351d70fe472c97c42d4bca1f9708466c2fc5302605java-1.7.0-openjdk-1.7.0.221-2.6.18.0.el6_10.i686.rpma3a08f8835de724760d09325ca15e3dbe22935b5a798c5a50675d17cb5e251d7java-1.7.0-openjdk-src-1.7.0.221-2.6.18.0.el6_10.i686.rpm1b1a87d44481db1a881e66e46409a250883ab49e3a95fcfba94c55448794f776java-1.7.0-openjdk-demo-1.7.0.221-2.6.18.0.el6_10.i686.rpmc5bee6fe0823b638b5482764099d1d77e930ead6fbb1a042c7c5efda44db9c8ejava-1.7.0-openjdk-devel-1.7.0.221-2.6.18.0.el6_10.i686.rpm1701547f1fa59ba1095077383400fb76932e4e7171a52c89f0d64509c0269664SLSA-2019:1169-1Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro- optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a load port subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPUs pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091) Bug Fix(es): * aio O_DIRECT writes to non-page-aligned file locations on ext4 can result in the overlapped portion of the page containing zeros * Tolerate new s390x crypto hardware for migrationimportantScientific Linux FermitrueScientific Linux Fermi 6kernel-firmware-2.6.32-754.14.2.el6.noarch.rpm95f00d7149fadae050b00249aea12b631ec171ca2c0cc8bff24a315623a627b7kernel-doc-2.6.32-754.14.2.el6.noarch.rpm9195910ccd4222d609c3ba9b0408915876688f2649237f41161c9824a7484f72kernel-headers-2.6.32-754.14.2.el6.i686.rpm8b61f10871e91d7390655f1926dff845665fee45a8d0df23e6d26e4e6ee2db6akernel-devel-2.6.32-754.14.2.el6.i686.rpm5609e5b3b5e22961a9e52c0a8d48282d84b4eb44b5c4d673404be438b87d1f1bpython-perf-2.6.32-754.14.2.el6.i686.rpm88398736335d20652c2af134e3c181b0d764f246c810ee1919796b333cb90998perf-2.6.32-754.14.2.el6.i686.rpmf35130477fd4406fcf226e89304de0954d1106b825eb1beb8b6ad4a93c00d98ckernel-debug-devel-2.6.32-754.14.2.el6.i686.rpm30029142d7213320a92ccf28d348669ded539d9a5e361c9ac95f4c8ab9f029f7kernel-debug-2.6.32-754.14.2.el6.i686.rpmcf1cf7ef98ffe519c9bbd2e37004a7d147fa7ee12f88f7e747be682a94d061cekernel-abi-whitelists-2.6.32-754.14.2.el6.noarch.rpm0bcc855f096a25fd1e07c9e070496a15965acc391856870436dc4d3c8d525960kernel-2.6.32-754.14.2.el6.i686.rpmd5e78dddcd7abae8b30676c6f8295dbc3f5284243e4277727ac82715fa9525e8SLSA-2019:1180-1Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro- optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a load port subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPUs pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)importantScientific Linux FermiScientific Linux Fermi 6libvirt-devel-0.10.2-64.el6_10.1.i686.rpm52a0b76a3c42f4f89feb1774130ba9c24c1b2586d708e52f6e93c9b7544c8415libvirt-0.10.2-64.el6_10.1.i686.rpm34b79cd26626f3e461dc6c4b08b7202210ae939825000d6e948aa267bd7d9f2elibvirt-client-0.10.2-64.el6_10.1.i686.rpm2db665f301963c18e699bf6de58d71d46d9b58615941f95892aaffd80705d476libvirt-python-0.10.2-64.el6_10.1.i686.rpm1b4d46a1290302b3bfc3122abb47bf406192f4304a82bfc3ad5fcc92b95690b4SLSA-2019:1181-1Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro- optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a load port subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPUs pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)importantScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.506.el6_10.3.i686.rpm57c128bd1b79e07752fbc5f94bbdfb5e0dc713c867abc2831569e0cf5e838aa6SLSA-2019:1267-1Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.7.0-1.el6_10.i686.rpmf9b6070513611a29f87cbaee4f54f91eb13ca6ed35c086d2896078e056b46c0cSLSA-2019:1310-1Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.7.0-1.el6_10.i686.rpm9cb51ee1aa6e8d33d5673030813a1a2c0121cfef9f46a58b3f52da36d38991edSLSA-2019:1467-1Security Fix(es): * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636)importantScientific Linux FermiScientific Linux Fermi 6python-test-2.6.6-68.el6_10.i686.rpmc4ad9f1f7b9fbd4964cdc3e02a6c44742e13bcb8e34c882a5b9c0a6c0fbdd31bpython-tools-2.6.6-68.el6_10.i686.rpmd5d6ed66f5e38435a798004235bc066793cb6d43a8496382f6adf0f9763c0ca8python-2.6.6-68.el6_10.i686.rpm2d4f74517c2184a4b67e00d75c93c273542f429a4658807dfec57f69c94cc6e3python-libs-2.6.6-68.el6_10.i686.rpm31002791d54f57f740486204cb5198c111cb893ba0b7745a995e32c48f59619fpython-devel-2.6.6-68.el6_10.i686.rpm72c2b019f40d91a9280ca52c10eac6fc8b2b6fd040e8e1c1b453f6bccccd530ctkinter-2.6.6-68.el6_10.i686.rpm719ce1438f433b68579f87f10c6915cf939f7108d6d627daa9a6192c1681ab7fSLSA-2019:1488-1Security Fix(es): * An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477) * kernel: Double free in lib/idr.c (CVE-2019-3896) * Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478) * Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479) Bug Fix(es): * MDS mitigations not enabled on Intel Skylake CPUs * kernel does not disable SMT with mds=full,nosmt * md_clear flag missing from /proc/cpuinfoimportantScientific Linux FermiScientific Linux Fermi 6kernel-doc-2.6.32-754.15.3.el6.noarch.rpmebc1974ea07e5755fbff09deae0fe3511b2e96901867d6021b82e0570b3ca9a6kernel-abi-whitelists-2.6.32-754.15.3.el6.noarch.rpma6bd088a6af90b68ba2988cb9577c87fd8f3c8e70587cff1a947bd9cb463c346perf-2.6.32-754.15.3.el6.i686.rpmaf054ea9d64b3b00c7a35623a02e951a9728b2d9bb737645dd9377c1e4c7fc63kernel-debug-2.6.32-754.15.3.el6.i686.rpmdadf38121cdc4fa9a3489d3d76f2a40fc48860f3d86aa90e1dd49d2ae359757fkernel-2.6.32-754.15.3.el6.i686.rpm863d24ed6b451558984cf14b45a66e8439819f7818e9602508427a81fc082e38kernel-devel-2.6.32-754.15.3.el6.i686.rpm42ea1110ed43a94692e36c117cb598b23f116b990ec6250e7e802097135ab5f1python-perf-2.6.32-754.15.3.el6.i686.rpmf2da8fd66b5caeaed63d349a6176a786a7977133d95c8cc1291b040df30ef875kernel-headers-2.6.32-754.15.3.el6.i686.rpm81de310adf30f19bc6d5fd8e314a875e77e40cc49bd2822918ab7a66bf1abf52kernel-firmware-2.6.32-754.15.3.el6.noarch.rpm6881f3ef3f48f6dfea8966f8b9c718ae4977ad23147944724c96415ba17ac068kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpmc2784c078288ec70c7e7c53b7e95b49e439fe6ab903231d09a223d345ed381c9SLSA-2019:1492-1Security Fix(es): * bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)importantScientific Linux FermiScientific Linux Fermi 6bind-9.8.2-0.68.rc1.el6_10.3.i686.rpm833b9203744ae02487069fa0649a456afd5479af1f017f7bfed0b58c0a597804bind-sdb-9.8.2-0.68.rc1.el6_10.3.i686.rpmf5a58b71102f2753ed25149fc02a9c6a7b7387187eaa72678533f0c620cc8fe2bind-devel-9.8.2-0.68.rc1.el6_10.3.i686.rpm81e8d339af4aee612849cbe1a162857657db5094cbfd905e339d3b621f835caabind-utils-9.8.2-0.68.rc1.el6_10.3.i686.rpm2cf114459dbaed866608e20d5b24bd64a3a6066c6fc4df7a4bad2a0592ee4198bind-libs-9.8.2-0.68.rc1.el6_10.3.i686.rpmb2bc7d8dd364662b9c9ec772603791be17092ecb3bcbbba8dd4d3088a967c928bind-chroot-9.8.2-0.68.rc1.el6_10.3.i686.rpmebcfa1760d953ae5b07da9a0e14a25c2d2982c2640e9793a1113b11148342b2bSLSA-2019:1578-1Security Fix(es): * libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) * libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) * libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168)moderateScientific Linux FermiScientific Linux Fermi 6libvirt-client-0.10.2-64.el6_10.2.i686.rpm615765410c7a433b2bcca369eb4185b0bcbca4778ab1cf17badd1437f92f329elibvirt-0.10.2-64.el6_10.2.i686.rpm4ae6f6b1427086b6e395279dc843779132799cedb047585a4048ec2250a97c88libvirt-devel-0.10.2-64.el6_10.2.i686.rpm7bae2df5101efc072b5dbe4af4e4f92796e251ca6be203da6416bedddab07232libvirt-python-0.10.2-64.el6_10.2.i686.rpm2284db6c51fec1aba765a7063a2040104e8131130b795db6ed0b64e2eba51732SLSA-2019:1604-1Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.7.2-1.el6_10.i686.rpm5762907e1106ae6354abc19222c247d1aedf8819e1e65e692af50549da91050aSLSA-2019:1624-1Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) * thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) * thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) * thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.7.2-2.el6_10.i686.rpmac3af04e22e919de7d6e00c1d98b762aaa1172b051bad624465fb574976e1ad5SLSA-2019:1650-1Security Fix(es): * QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)lowScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.506.el6_10.4.i686.rpm844de9309808e3fd28aee7df13f2ffe027fec6bd6fdf832db62224d9382ab036SLSA-2019:1652-1Security Fix(es): * libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) * libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) * libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) * libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)importantScientific Linux FermiScientific Linux Fermi 6libssh2-docs-1.4.2-3.el6_10.1.i686.rpm13b07846b877191a0bb18a81357594dcec0756249652645efb33e36cee8ed706libssh2-devel-1.4.2-3.el6_10.1.i686.rpmc24fbf4975007cbc746bf3617fff9ef4f142f50a62f7b4d47da518835c79a1aelibssh2-1.4.2-3.el6_10.1.i686.rpm237279527bd8da3b53a126e327aa5491f29e1ac8b0cd8f6ac37bbc1017ae4b63SLSA-2019:1726-1Security Fix(es): * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749)importantScientific Linux FermiScientific Linux Fermi 6dbus-libs-1.2.24-11.el6_10.i686.rpm27c22a404a473302373f7dcc4da626e06c39ca936278d9812a20631eb9e7048adbus-doc-1.2.24-11.el6_10.noarch.rpm7e9688be22663b7e530f0c2a1771ee68259e26b3844abb638b7b01cd0b9bf396dbus-1.2.24-11.el6_10.i686.rpmfe27d006724f2e6f6fa6db571fbc1456c3e372010bb60e96eabb60d54922df6ddbus-x11-1.2.24-11.el6_10.i686.rpma8637eb4b1a230f931296568cdaa81fd21debae20792a2c821d7ef164633e3dadbus-devel-1.2.24-11.el6_10.i686.rpmbb36e8baa228989d49c3fda19d44307151a34cbf14fedca4db2b0f266411a95fSLSA-2019:1765-1This update upgrades Firefox to version 60.8.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712) * Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713) * Mozilla: HTML parsing error can contribute to content XSS (CVE-2019-11715) * Mozilla: Caret character improperly escaped in origins (CVE-2019-11717) * Mozilla: Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.8.0-1.el6_10.i686.rpm2ab292bd861025002d2e6cf98cc65bec3154d5654cc07b18be7f005d43d6a3acSLSA-2019:1774-1Security Fix(es): * vim/neovim: ':source!' command allows arbitrary command execution via modelines (CVE-2019-12735)importantScientific Linux FermiScientific Linux Fermi 6vim-X11-7.4.629-5.el6_10.2.i686.rpm4ee1b687e857680f646d7e3226edada678cf8f14813eaa310d9e9c0dbc77e3f2vim-filesystem-7.4.629-5.el6_10.2.i686.rpm77d00d9a7676dd1307a49e2e349e3a52d83e371046824760d6754018fe58529dvim-minimal-7.4.629-5.el6_10.2.i686.rpm8787c09e59cf09600e5fbe74670bb67f69bcaa37b299d024d7a13ebdf141d5ccvim-common-7.4.629-5.el6_10.2.i686.rpmc907b4ae52e8e5a6ae795de4e6588e173b2e537708117c00b40f1693a7ba2cbdvim-enhanced-7.4.629-5.el6_10.2.i686.rpm6558adcd98049f02fd5f779bf8b88789053fb6c3c184ca831a349d84505ad594SLSA-2019:1777-1This update upgrades Thunderbird to version 60.8.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712) * Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713) * Mozilla: HTML parsing error can contribute to content XSS (CVE-2019-11715) * Mozilla: Caret character improperly escaped in origins (CVE-2019-11717) * Mozilla: Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.8.0-1.el6_10.i686.rpm39b18d2d214ff6523c311647a0bb19f6b561397a76594229b991bc3e7f0e3f9cSLSA-2019:1811-1Security Fix(es): * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)moderateScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-src-1.8.0.222.b10-0.el6_10.i686.rpm14d535dfc362e018a61f0930629b3ff67d2d7ddade2fd34b5785d503df3cdd30java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.el6_10.i686.rpm5bfccdc4544cc13d01dec213505fa468f9fc085d717770fdefb1559cc3b1279djava-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.el6_10.i686.rpm4c4391b51db4987d83787eebe464d3136c477db7bf1f32412dc3a1293372e628java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el6_10.i686.rpm6a53d989ad01f56c77a9be31427289868164482a9cbcefd0ec5934f1da86027ajava-1.8.0-openjdk-javadoc-debug-1.8.0.222.b10-0.el6_10.noarch.rpm7fcf1eab81210329d4ec323669b49cbb86320a0315e6fe9f00846ac538081cd2java-1.8.0-openjdk-1.8.0.222.b10-0.el6_10.i686.rpm8feda1829202c84b91c6591f97fa4e58cce69b8f4fa92e21b2b4e52318cd942ejava-1.8.0-openjdk-devel-1.8.0.222.b10-0.el6_10.i686.rpmd960a2f0da30118157de0f98b3bd0b83bf1edb7e3b63fc781fea67e0301b0470java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.el6_10.noarch.rpmfedb7e6431bb0d13c67dfc05556ad81b3a96f3df5baa7ee90f2cd87b474e042djava-1.8.0-openjdk-debug-1.8.0.222.b10-0.el6_10.i686.rpm8d28cf2d20ca5380e083529a1c8cdd2d8d7486537303835de59d7ba12efe3f74java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.el6_10.i686.rpm6552dac4588c66183c10d44d4a6cb295be0ff52dc774118b4416b4e216efec40java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.el6_10.i686.rpmae8542b128a63974c4c8329cfca1f7de4c42f87e32e06fb016a9e74095ff7e24java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el6_10.i686.rpm9fa34cdf6fb9e5cd25aaad6d8609e07030e947b3b46fb524d6eb163a2a53e206SLSA-2019:1840-1Security Fix(es): * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)moderateScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10.i686.rpm981a285c171ffaea4c02506d98175dfa93fd1fe7f3be30e3e15bcfca7890f9cejava-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10.i686.rpmf4ba1538b17e259fd1e0a4d9c89ad82cccde3c7943382bd24534f2fbbb0f2a3ejava-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10.noarch.rpm1deac5b3b6d3b2b55bdcb848981c61d8f4196eb01b23fdb2de3e5ee47e7a10f5java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.i686.rpmec8d8b808e972348e4f9a59030333e30cbe6ee8db4fe0e56f26347fe2556060ejava-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10.i686.rpm59565f0a4868c52f39609ba1fb68eb1656bfa1f8c4c4a98efc069439b129a27cSLSA-2019:2471-1Security Fix(es): * openssl: 0-byte record padding oracle (CVE-2019-1559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE moderateScientific Linux FermiScientific Linux Fermi 6openssl-1.0.1e-58.el6_10.i686.rpmf72d77100dd96a17ebac2a4f1c9dfebe87ddb6058c9c53ec5e0159a7563c0039openssl-static-1.0.1e-58.el6_10.i686.rpmf08d1b56a1609b65e9635dc374c4d1b426a411555b179423876ca079b47f157eopenssl-perl-1.0.1e-58.el6_10.i686.rpm32aea464a4560d5094a1ef28707b8ca45f375a3c2fa947f66238f21234a8d8dfopenssl-devel-1.0.1e-58.el6_10.i686.rpmd96d5fd130f2ef9e60e1959f2913cf9c1b77059ff37edd1b17afb10ad4ca1a7aSLSA-2019:2473-1Security Fix(es): * Kernel: page cache side channel attacks (CVE-2019-5489) * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service (CVE-2017-17805) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * OOPS with Null Pointer exception in v4l2_ctrl_query_menu when second arg of function is NULL * Another SL 6 hang in congestion_wait() * kernel crash after running user space script * SL-6.10: Don't report the use of retpoline on Skylake as vulnerable * Bad pagetable: 000f “*pdpt = 0000000000000000 *pde = 0000000000000000” SL 6 32bit * fs/binfmt_misc.c: do not allow offset overflow [6.10.z] * Wrong spectre backport causing linux headers to break compilation of 3rd party packagesimportantScientific Linux FermiScientific Linux Fermi 6kernel-abi-whitelists-2.6.32-754.18.2.el6.noarch.rpm40f7bc1add242616107d74280208eb47229e5b1cff19a8501290290d24201872kernel-firmware-2.6.32-754.18.2.el6.noarch.rpmb4249a50dc5aff45878a137f33c62879f22ff8466f84d3efe29106adb5725164python-perf-2.6.32-754.17.1.el6.i686.rpm56cd31f09a45cfc294fa717d701ed8caba46dfa3934348b232a4754bbe43024akernel-headers-2.6.32-754.18.2.el6.i686.rpm2b5b386b69a82aba9edb489fcbc9e3194719838fbf68f7225b7703a3df12e282kernel-2.6.32-754.18.2.el6.i686.rpmf027b508571aac5428f5d6241160d8293de7c9771d933ac155feafbbb45c6efakernel-debug-devel-2.6.32-754.18.2.el6.i686.rpmf76919575011397b851f03fb1e220b0ff25da5766707255f5c7de9fcacfb2f80kernel-debug-2.6.32-754.18.2.el6.i686.rpm36f1c6dcec10857ef981b0125855dc8a1a8f145f5b1bc38ee1270600d8112c1akernel-doc-2.6.32-754.18.2.el6.noarch.rpm8c87207a6731978c78d7cb69b184947d8e529594b3a2992a7c1569e930693d04perf-2.6.32-754.18.2.el6.i686.rpm6b5c776f334a1c64c2130c80c2f0d8657649cb19aafa728b237b1ad5771b3de3kernel-devel-2.6.32-754.18.2.el6.i686.rpme8bb0777b6ebbf3ea4e75ba9e90a881f78bd44163f6246243b1a27898bf7412fpython-perf-2.6.32-754.18.2.el6.i686.rpm6b1d5e88e100440d48100a870e78e23025e1d44d0d8f32090b669c66fbd298a0SLSA-2019:2694-1Security Fix(es): * Mozilla: Sandbox escape through Firefox Sync (CVE-2019-9812) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use-after-free while manipulating video (CVE-2019-11746) * Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) * firefox: stored passwords in 'Saved Logins' can be copied without master password entry (CVE-2019-11733) * Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.9.0-1.el6_10.i686.rpm18b7756ef97146864408131e251fc019c3d636f163f0a6abd317d9e5ae088605SLSA-2019:2736-1Security Fix(es): * kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810) Bug Fix(es): * fragmented packets timing out * Backport TCP follow-up for small buffersimportantScientific Linux FermiScientific Linux Fermi 6kernel-firmware-2.6.32-754.22.1.el6.noarch.rpmdbdc8a9cb94f0610c942238f40ca385f25a2c6ef786bb3ca740f3f334275739fkernel-doc-2.6.32-754.22.1.el6.noarch.rpmf6e8d330c588d48a1aea904943f917501bdad44202571e24def6df88cdde299ckernel-devel-2.6.32-754.22.1.el6.i686.rpmc37959c09ffe66d3f12f5a62a247c27c09c839f69246ad2f2caa773bd9e72ff7python-perf-2.6.32-754.22.1.el6.i686.rpm539ee3c08ebc1f4d2e72f2f87a5e47733e6474cbe992ced071fbcb1673929382kernel-debug-devel-2.6.32-754.22.1.el6.i686.rpm2ed5c02faaf280d97208fb8a5782976c9969eff337539a58d8ddf2da02107724perf-2.6.32-754.22.1.el6.i686.rpmb32fb02d145b3aee02c3cda9504ebc7dfc09f402f64a7c84d5c71fe44ae334d8kernel-headers-2.6.32-754.22.1.el6.i686.rpm3a841eb5009e084651a6a8d9407ed60047190cb26a6c81beae60f60e8a23167ckernel-2.6.32-754.22.1.el6.i686.rpm2f223785d70a1b72ba1598f2b34eb5d045ed79dfb380585fc5aa9666be9acdf9kernel-abi-whitelists-2.6.32-754.22.1.el6.noarch.rpm28a86a186d10f19e5545509ced59f132c75fc6e984ce77dcd7737d129d6b6264kernel-debug-2.6.32-754.22.1.el6.i686.rpm997d5cfa08e5dca2291079783fa2e32c00265a178989bea14da1395ca8615e87SLSA-2019:2807-1This update upgrades Thunderbird to version 60.9.0. Security Fix(es): * Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use-after-free while manipulating video (CVE-2019-11746) * Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) * Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.9.0-1.el6_10.i686.rpmbb2288bb57d83f968dc3fb13a99801f177fb32e97960b0b139b8d1cf1684afd6SLSA-2019:2863-1Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)importantScientific Linux FermiScientific Linux Fermi 6kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm30b641fcb0fac4e7afafe495efa54ce97cf00e08a8d20f4282d627cb4778bef3python-perf-2.6.32-754.23.1.el6.i686.rpm3e65c68a341849689c80c6829d9f3ae7cf335f24efe701f60c2c71115b7d11e3kernel-devel-2.6.32-754.23.1.el6.i686.rpm6b3f74d8fc41d4919249a54a0fbd4c5578a9ec3f8a07971ed5dd38f13a545e69kernel-2.6.32-754.23.1.el6.i686.rpm19cfc0bea5f926ceea4ce3d65c6b2528eb973d96a435209fa63af38fab19337fkernel-doc-2.6.32-754.23.1.el6.noarch.rpmfc5f56359a8e3dc1ed19f769803abccf8a3545537655b039d66bdf0bc1223dd4kernel-debug-2.6.32-754.23.1.el6.i686.rpm40401b857b09521489a885c6ab69c3d217014d290974a22aa04ce3641284aa22kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm287692bea8f530aa95d329c4c8c2e3f2ec62a408fa9ece7df2137e89d1bc7ad9perf-2.6.32-754.23.1.el6.i686.rpme14d73ace33d346d2a46927e1e45084f7084b609399e33deff7695fffe42438dkernel-headers-2.6.32-754.23.1.el6.i686.rpmeb965586179b5bc3771dc25587b96063e0a38ba9ea45e03c9db089c57cc838a7kernel-firmware-2.6.32-754.23.1.el6.noarch.rpmdbc6d52137509ae28af877af780e07dce4b2cc4d9f370bece38af6e7fb4fea54SLSA-2019:2885-1* dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500)importantScientific Linux FermiScientific Linux Fermi 6dovecot-pgsql-2.0.9-22.el6_10.1.i686.rpmf233fa50db9dfdc999738c695c3179b8ece95b46abedbf23ca15b39ab657714edovecot-mysql-2.0.9-22.el6_10.1.i686.rpm2eb5bc20770fb58ebbec94b4ba765a01ff4761e5175a07718462500dbb3d83fedovecot-devel-2.0.9-22.el6_10.1.i686.rpm340529dd18a0b2501de3b28273844ae10209573221d6a383334fdca4fdb8efa9dovecot-2.0.9-22.el6_10.1.i686.rpme181d5a3a17fdd37c0911bf8495ded4c46b035c7459ac38fdc2c7041c83fea23dovecot-pigeonhole-2.0.9-22.el6_10.1.i686.rpm26a62b652999aa2e24e612bacf0ec819266fb36d1cb4e4f364724c2758af9c6dSLSA-2019:2892-1Security Fix(es): * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806) * QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778) * QEMU: ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839) * QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962) * QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)importantScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.506.el6_10.5.i686.rpmf38b921cc09b9e2e8e64fbfddbd88dc631b6248e0715e338d984de571be1f8b8SLSA-2019:3136-1Security Fix(es): * OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) (CVE-2019-2975) * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) * OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) * OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962) * OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964) * OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973) * OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981) * OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983) * OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286) (CVE-2019-2987) * OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988) * OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992) * OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999)importantScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-javadoc-debug-1.8.0.232.b09-1.el6_10.noarch.rpmc8fdb685e302cef81cc332755ca32e0b51f62b01a23cae319b773fc4117fec52java-1.8.0-openjdk-1.8.0.232.b09-1.el6_10.i686.rpm2007cad8efe37311e983ee987dd861b47d2934b278a4f3b0f13b3cf0871c71f6java-1.8.0-openjdk-headless-1.8.0.232.b09-1.el6_10.i686.rpmb531763c1de2719a8c83559ba8e58382a58467500598b692c776305e105669ddjava-1.8.0-openjdk-src-debug-1.8.0.232.b09-1.el6_10.i686.rpm5b4b7394028a61809f0049a75e1f6b97840baa255e226fb4986a44c6269ff4bajava-1.8.0-openjdk-devel-1.8.0.232.b09-1.el6_10.i686.rpm737c8caec905172aeba999cdf551472f3225288715856d14dd218ce81504ef8ajava-1.8.0-openjdk-debug-1.8.0.232.b09-1.el6_10.i686.rpm3924ec110310bb56cbbe0b3544e942ae476ddfc769175bdc3a3ce578f5a94633java-1.8.0-openjdk-devel-debug-1.8.0.232.b09-1.el6_10.i686.rpm045a099afba1e44eb6d42c6dbb98455b692ea72c4fd79a4dd34847013c5df0f1java-1.8.0-openjdk-src-1.8.0.232.b09-1.el6_10.i686.rpm84bb568fe0166e35f5ff2713eddea867b1b640a077d5c21707f02504f8908a11java-1.8.0-openjdk-headless-debug-1.8.0.232.b09-1.el6_10.i686.rpmacf6e02aa153a0d701688d54dc3af6e194f7d6c3e71354d3653cee08243221b5java-1.8.0-openjdk-demo-debug-1.8.0.232.b09-1.el6_10.i686.rpm59fa924b04cc05ff9b171eb76d2ffb636026a81077a996d5e40a16597695092ejava-1.8.0-openjdk-demo-1.8.0.232.b09-1.el6_10.i686.rpm0f82488406606cf9f6bc40b8f8c82e538dac5e971b7cd8e72fa81c39cc70657bjava-1.8.0-openjdk-javadoc-1.8.0.232.b09-1.el6_10.noarch.rpm980bf7a6a1d786f686158f80532419d0bfbc7bfa4f1a441c956f96ae81670d31SLSA-2019:3158-1Security Fix(es): * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) * OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) * OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962) * OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964) * OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973) * OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981) * OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983) * OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286) (CVE-2019-2987) * OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988) * OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992) * OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999)moderateScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-1.7.0.241-2.6.20.0.el6_10.i686.rpmfe3953771bb0aa20098466f301e2f93b8a811c0081f959790f8249ef1c5bdf86java-1.7.0-openjdk-devel-1.7.0.241-2.6.20.0.el6_10.i686.rpmfd8e3b0d507c4db699df40b2a35324bd1bf627ed5e1c0d07ec049e26b1a92835java-1.7.0-openjdk-src-1.7.0.241-2.6.20.0.el6_10.i686.rpmea26a1e526355d46ec29e4531670dac4142555a92ea4443f6b55b9baa120afebjava-1.7.0-openjdk-demo-1.7.0.241-2.6.20.0.el6_10.i686.rpm895d609e7c10ec7303795c5a56847dcb3d1817848b95929d8841131a2564be1bjava-1.7.0-openjdk-javadoc-1.7.0.241-2.6.20.0.el6_10.noarch.rpmf11b5f289c40d212ad78b789e0c87076e9f30223cbe579418314a29139678cbbSLSA-2019:3281-1Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763)criticalScientific Linux FermiScientific Linux Fermi 6firefox-68.2.0-4.el6_10.i686.rpme2732af72e80e34ad78f7ff963c9f33d9ecccb956047d7fdeaa722cdb62360a7SLSA-2019:3287-1Security Fix(es): * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)criticalScientific Linux FermiScientific Linux Fermi 6php-fpm-5.3.3-50.el6_10.i686.rpmc80f5dcb5a5e835c221c0fe5038859bc787a83d5cf382fc156ea9048ab764b67php-embedded-5.3.3-50.el6_10.i686.rpm97f159d70745845e4c6c3576ec01225659f2369325d2dad82a9bc3463e47a401php-dba-5.3.3-50.el6_10.i686.rpm5497d597961e9ffe0189ef4ea376375fddcf1faeb93d5016e7f0020c844e5772php-imap-5.3.3-50.el6_10.i686.rpmf69cc1420b3ef56fb516db4dd5462df0d28f43cfe1cae692ed40ed770fbbbfbephp-enchant-5.3.3-50.el6_10.i686.rpm0f3efc2649cbe76bf8001a7a71496968e9cc8360396608210ab7cd8e84bc9ae0php-common-5.3.3-50.el6_10.i686.rpm6855813b28c2f4f67e152b6963d12c3473a46af27702031a335b838c812ea9c1php-bcmath-5.3.3-50.el6_10.i686.rpmbb4071d5dab61a65f9d70565d418c510f555978d26b0bc41efd5536cfac70240php-xmlrpc-5.3.3-50.el6_10.i686.rpm4bca393de2619333b9179251d3d22078c230ef0a2c1eb080f3b451f29ebc2ad0php-xml-5.3.3-50.el6_10.i686.rpme5b343a8932d7783aaaa018f06763c786b304843eb824dbadffaf7a4725822faphp-gd-5.3.3-50.el6_10.i686.rpme1fc16f1dc3046858966d6f860e39769044305ade0fd872859324baff229adfephp-tidy-5.3.3-50.el6_10.i686.rpm4519aa2d5f887a5b8b22ae1248ada8ab2de79062ab37e0f455e03849453f5655php-5.3.3-50.el6_10.i686.rpme26147a6c3f5c8879d7da765b4ce1b581f53ed5b002f320a0e6fecaf87d0ebfephp-recode-5.3.3-50.el6_10.i686.rpm049cbd575404dbcc69a1a99aeb288dde4d0e815ddf26f082ad28127f4cf2131aphp-cli-5.3.3-50.el6_10.i686.rpm4e857b05c31ea8da31257ac297cb4b8ce839c825f00f5d5afbd7b25b3398b97aphp-zts-5.3.3-50.el6_10.i686.rpm522c13c3f915a8eb9c7a52a27915785f2674c570444f1eebc21e8904d9b07f05php-devel-5.3.3-50.el6_10.i686.rpmc57284d61dba58928ddeacb0bc8932eddf042a5690d44323156bf67e1ff65994php-pgsql-5.3.3-50.el6_10.i686.rpm54fbf61bb3ec5a6214ee3364362ad66faf3970840d739fe877873eaaa385453ephp-mbstring-5.3.3-50.el6_10.i686.rpm3ff158e5eebe84e07e9c045c1d2869363a20e3a64dff9768ddeff71c0656eee3php-intl-5.3.3-50.el6_10.i686.rpmd8fefd6aa5d98a5c5f4524d1c84a7fe154732ca02b5f7a9eae28b9135a8e6b97php-ldap-5.3.3-50.el6_10.i686.rpmb86a2fea6a4e91c5657d75ede597b493b207c0d16796f9ccb51823265d9bb619php-mysql-5.3.3-50.el6_10.i686.rpm3e5587b702c4258b7314dcf81b92f293651ec8e442eb92da09438ad49fb3d7caphp-soap-5.3.3-50.el6_10.i686.rpm68f63d8d2ee6f18e8d309740813261bee597225ef5f79965bdce9cbc54d1404aphp-odbc-5.3.3-50.el6_10.i686.rpm0c2240dc7012473b8fbaefe21d8b63407aaf0a20b05baaa22754d362055f2e62php-process-5.3.3-50.el6_10.i686.rpmaabaf393322ce50bf06b017eba34b27d16db1d718d481197176c057b6532d637php-pspell-5.3.3-50.el6_10.i686.rpmbc7435a0491e8fdda3eae35d68feb7b71239e42f205b79fadd6e103d889a7e1cphp-pdo-5.3.3-50.el6_10.i686.rpm90ff9b29ee8ebdd2c19f0bdd0aa6b6b0202f86d7dbf9c6aae2317e9c0a059a0aphp-snmp-5.3.3-50.el6_10.i686.rpm15baa8b30eec5a2264a8032fcfad750cf0af1421b0b5f285b83fec421a682936SLSA-2019:3755-1Security Fix(es): * sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)importantScientific Linux FermiScientific Linux Fermi 6sudo-1.8.6p3-29.el6_10.2.i686.rpm03d0ead992d7d3888f84954eedc486818b58ecbb3e17cd1a466a6b776c8c78fasudo-devel-1.8.6p3-29.el6_10.2.i686.rpm62da827b90ab1c0cc3b28c1fa1eec0bd36c01c9491ee871e3d95a5317995e18aSLSA-2019:3756-1This update upgrades Thunderbird to version 68.2.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.2.0-2.el6_10.i686.rpm0126ff4bb78e62e5eb5abc89cd8ec1104e94d6f5fc113cd47a3196e21b0f2f2bSLSA-2019:3836-1Security Fix(es): * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * [Intel 6.10 Bug] With mWait/C-states disabled, HT on, ibrs enabled, performance impact observed on user space benchmark * kernel-2.6.32-573.60.2.el6 hangs/resets during boot in efi_enter_virtual_mode() on Xeon v2 E7-2870 * Slab leak: skbuff_head_cache slab object still allocated after mcast processes are stopped and "fragments dropped after timeout" errors are shownimportantScientific Linux FermiScientific Linux Fermi 6perf-2.6.32-754.24.2.el6.i686.rpmd398e9e0a5a0ece4be5500a7b9a1a8117590a490d0dfa09e4cb49e93b9ad979dkernel-2.6.32-754.24.2.el6.i686.rpm84a4098356783063b4c1fdc13a22574e27c917917f9fd7e4ad8c5223bcaefa7dkernel-abi-whitelists-2.6.32-754.24.2.el6.noarch.rpme93510bebf7ae8913e1e229ca397f89a99a334264c845106e2b3d91da5ca8275kernel-debug-devel-2.6.32-754.24.2.el6.i686.rpm0bf43100e7d596cc3977f8255e7deef06fd111310c234fe499fcdeb40a63a296kernel-firmware-2.6.32-754.24.2.el6.noarch.rpmeb0de1c5f5022dd369e4811d21203ec45af3e4f10fc031e66f3ec7a12556d466kernel-headers-2.6.32-754.24.2.el6.i686.rpmccb0956c7548198e34b4f14109d29b70bcbd6956ded52beb6341096d7833e9fepython-perf-2.6.32-754.24.2.el6.i686.rpm831d1f2b3bbc49da24896b83f2c8be871e31ad399690515649d3c16815f05e93kernel-devel-2.6.32-754.24.2.el6.i686.rpma9bd60a9fcda6ae3eabc4c462a9a995c4262ef423cbd7ad4cca4723d9446c5d8kernel-debug-2.6.32-754.24.2.el6.i686.rpm5daa4fd19c389666b1c8712b7125a14696c4d71ccd7cff5cb086c2f5c52c2c88kernel-doc-2.6.32-754.24.2.el6.noarch.rpmaed7222ef4ac7cb673f27d39609ce38a716e3c5201ffc13c08119e771c07de57SLSA-2019:3878-1Security Fix(es): * hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE importantScientific Linux FermiScientific Linux Fermi 6kernel-headers-2.6.32-754.24.3.el6.i686.rpm853f12cb57924e4a606ebbc024f5fd8be1be5d3d068ad41ae825d3c0d297258dkernel-debug-devel-2.6.32-754.24.3.el6.i686.rpm9aacbb5fabfee0e958cb74301576437f9251a53f553b5e6fc620331f2f8a474bkernel-firmware-2.6.32-754.24.3.el6.noarch.rpme548f8e9f393db3e2dd773ecd7670b4654fbc4008a41becdec8876c133399eb9perf-2.6.32-754.24.3.el6.i686.rpm6e74088f514c07c9417cd0342c264b8799698700dbfa0f7d050f8cda63679b5dkernel-debug-2.6.32-754.24.3.el6.i686.rpmb80cd6b04a2e5214ff6800f558ffccb47a9f897aecae5c980a5f2e539df5e77ekernel-abi-whitelists-2.6.32-754.24.3.el6.noarch.rpmed779305e6cd7a26cd34b413e9b5b4cbec4fba94750a4a358167acfc6741c4e3kernel-doc-2.6.32-754.24.3.el6.noarch.rpma86ec05a26576ff8c05d31335f8fcefbe0b42b7c93257472082a8466aff77643kernel-2.6.32-754.24.3.el6.i686.rpm6d2338214a3e374e3de75ac45fbe327af9ac600c06cfe74ea875f97834849e43kernel-devel-2.6.32-754.24.3.el6.i686.rpm8995eef581a61a563725bbfbe7f870cb4473dc296a4dcd6eca5c3b628ed6b4ffpython-perf-2.6.32-754.24.3.el6.i686.rpmf6027a0bd9b90bad4ce934d4379de0c310127f78e47338abadaca48792aecb4fSLSA-2019:4108-1Security Fix(es): * Mozilla: Use-after-free in worker destruction (CVE-2019-17008) * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012) * Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005) * Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010) * Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)criticalScientific Linux FermiScientific Linux Fermi 6firefox-68.3.0-1.el6_10.i686.rpm7feaa86c2116e03b1ff4f4fc7235405d8eaf1779d2ef6f508b6468785f23bdfbSLSA-2019:4152-1Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745)importantScientific Linux FermiScientific Linux Fermi 6nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm9fbf5c0a6e9c9cbc4f659846e88b70d70a4a73f63f16219baeb4659ff1cf98ddnss-softokn-freebl-3.44.0-6.el6_10.i686.rpm70b6a495b8b23ee84cd4b9edf0b604356763656b1bcd51c6d3da401b2c880e2dnss-softokn-devel-3.44.0-6.el6_10.i686.rpmf8e5626d1adbe04d2fdccf2581069434143452419c0079e25dc683f314fbf267nss-softokn-3.44.0-6.el6_10.i686.rpm5e0e936804b3227ebd8b2d9b32ee55a2ea10c21e7d5fed428fd5e237c95f5e51SLSA-2019:4205-1This update upgrades Thunderbird to version 68.3.0. Security Fix(es): * Mozilla: Use-after-free in worker destruction (CVE-2019-17008) * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012) * Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005) * Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010) * Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.3.0-3.el6_10.i686.rpm30bc8e5a09522ea8c29e705689241a95b497f4923aa03ba06d7dc5e443bad8cfSLSA-2019:4254-1Security Fix(es): * freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to information disclosure (CVE-2015-9381) * freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read (CVE-2015-9382)moderateScientific Linux FermiScientific Linux Fermi 6freetype-devel-2.3.11-19.el6_10.i686.rpm6d7fd44af78ce088694751c24e283bdd9341945079d176925056be232849226dfreetype-2.3.11-19.el6_10.i686.rpm77703831c5562ac717a917552eea79e91f347d95dcb199859225515c94320c97freetype-demos-2.3.11-19.el6_10.i686.rpmeb6b87edd988f7e1e7944864bdebb0113abc49f23995fb9d30ab29a16213daa9SLSA-2019:4256-1Security Fix(es): * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) Bug Fix(es): * KEYS: prevent creating a different user's keyrings SL-6.10 * BUG: unable to handle kernel NULL pointer dereference at (null) * long I/O stalls with bnx2fc from not masking off scope bits of retry delay valueimportantScientific Linux FermiScientific Linux Fermi 6kernel-firmware-2.6.32-754.25.1.el6.noarch.rpm34667f86a2fc275ba9f36d8f885840b5cff80bceeaaad217cb7768aff40cc203kernel-debug-devel-2.6.32-754.25.1.el6.i686.rpm67e02e07f25c5f91e034b860e440fe9f99e19538caca3aa5f8dd6c37f9385c4fkernel-debug-2.6.32-754.25.1.el6.i686.rpm91fb0467752bdd59047431042dc9d1a0d732808a939bdc302005c54584fe6735kernel-2.6.32-754.25.1.el6.i686.rpm2b75cf68c1736e2445f4d5c1b6bedbcde378803430354fa01e51f8177f695281kernel-devel-2.6.32-754.25.1.el6.i686.rpma2155801e7880a454a33b8117bbfcb725faa1085afd2d69cce81af74bb5102e0kernel-headers-2.6.32-754.25.1.el6.i686.rpm98f56c2064a15344857ed2d5ef910c0c12cf1d2d7817eb56d46c79f3b1d8fc88perf-2.6.32-754.25.1.el6.i686.rpm74a6eb4410147039c129b1254ffd0b34a343a0c2cf622c0e28c6c2c6ad5e1f88kernel-abi-whitelists-2.6.32-754.25.1.el6.noarch.rpm780620108cc86ba9634200fdc2155ffa65ed82cd0979795eeec0f4370ef73075kernel-doc-2.6.32-754.25.1.el6.noarch.rpm615fa351cd7986dafec501b533bc5891316d70d4728170b16447a59de9c8631dpython-perf-2.6.32-754.25.1.el6.i686.rpm36cb1206a16125b73675a7454981018c3e922686dd8d6fb05bb6d448c932f268SLSA-2020:0086-1This update upgrades Firefox to version 68.4.1 ESR. Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022)criticalScientific Linux FermiScientific Linux Fermi 6firefox-68.4.1-1.el6_10.i686.rpmb8ffce2947a42087edb763eb295b2ce65cb83ee7bf1da62113cebef59aa510a7SLSA-2020:0123-1Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.4.1-2.el6_10.i686.rpmd753f03d812a2ecad2a1581e886186b9ae14fe92451e50f5a9c442b4688941eeSLSA-2020:0157-1Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) * OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) * OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)importantScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-src-1.8.0.242.b07-1.el6_10.i686.rpm126fcfd3811c68f4f53cbb53ec28abbec9aaa73ba6660dbc2369480d9d39b808java-1.8.0-openjdk-headless-debug-1.8.0.242.b07-1.el6_10.i686.rpmb537b5ccf4643e75f3d98b25f4933b4bd3ed2e3e4127f929beb29058c349f046java-1.8.0-openjdk-headless-1.8.0.242.b07-1.el6_10.i686.rpm01965804c7b98cd2ef1da1d25d62cf590137794c2e84f04883b77f301a3a7a07java-1.8.0-openjdk-devel-debug-1.8.0.242.b07-1.el6_10.i686.rpm3ff14db3c1af7a9213b921c1b75d5bfdfceb59fa198a6063615a9898c58d48b8java-1.8.0-openjdk-1.8.0.242.b07-1.el6_10.i686.rpm40131a4374ebdc03084c87a5a7a87f681e9be5761a7eecb7f330f35a6a8dae37java-1.8.0-openjdk-demo-1.8.0.242.b07-1.el6_10.i686.rpmd3d6ec7097fee68e007e8118ca862b8275d00f9f25b2f9c9700942a6dcaac065java-1.8.0-openjdk-devel-1.8.0.242.b07-1.el6_10.i686.rpm658061bda1165b972c47063508e925a76da7fc4e301a0c0fa7251ae44d0bf327java-1.8.0-openjdk-javadoc-1.8.0.242.b07-1.el6_10.noarch.rpm9cdd1d70e628db2c241753201cffeca47340f741c0548dc678a830bc7e322567java-1.8.0-openjdk-src-debug-1.8.0.242.b07-1.el6_10.i686.rpmf6b8bdb8cc22b0d423d0aed4f7273b40496d1f4cad348991acd4095ee8adac4fjava-1.8.0-openjdk-javadoc-debug-1.8.0.242.b07-1.el6_10.noarch.rpmf25b6db5c691786c378a77fb790b1546af5f9434a0533fdeeb637f0a8145ca6djava-1.8.0-openjdk-demo-debug-1.8.0.242.b07-1.el6_10.i686.rpm8de54400d69d703ffa5486f599c56e57e96021c5abf7ee865ea6d8ecf93e4b8cjava-1.8.0-openjdk-debug-1.8.0.242.b07-1.el6_10.i686.rpm08ccbe02f249367e84bfe9d4670bc8e6dca28446d6e455c8e2fd2f7b611f8073SLSA-2020:0197-1Security Fix(es): * python-reportlab: code injection in colors.py allows attacker to execute code (CVE-2019-17626)importantScientific Linux FermiScientific Linux Fermi 6python-reportlab-2.3-3.el6_10.1.i686.rpm9122feaeca3ea41fc476988f2e06fa37d3ecf2663355f449b3622530fdc9c523python-reportlab-docs-2.3-3.el6_10.1.noarch.rpm6b3401b4a3265d0b2f86f0291bce38f1e05d99e2349774429f829346cf0345abSLSA-2020:0199-1Security Fix(es): * openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution (CVE-2019-5544)criticalScientific Linux FermiScientific Linux Fermi 6openslp-server-2.0.0-4.el6_10.i686.rpm8a87d636e46ac0a24aee8535d355e431832995b26aa2d19a2e798e6c0b0963e1openslp-devel-2.0.0-4.el6_10.i686.rpm1f3373a88c9ebe30aee90f957eb32c43d230b47ba1baf50a0b4879b603f69081openslp-2.0.0-4.el6_10.i686.rpm5b52a1b6835e7c3b194075334dc126747b0bbcaff2bbcc0e64f6ec97180312a6SLSA-2020:0316-1Security Fix(es): * git: arbitrary code execution via .gitmodules (CVE-2018-17456)importantScientific Linux FermiScientific Linux Fermi 6git-svn-1.7.1-10.el6_10.noarch.rpm0f507a011aad8db7cff3e86620b31781d5e519481e518437a185f766dade76ccgit-cvs-1.7.1-10.el6_10.noarch.rpmb8e082a5c273a8340ff1d8ae92ab732a755e57da3cbd67e9d0d998a5a96f8e24git-gui-1.7.1-10.el6_10.noarch.rpma2d8cc8bb16834ee5002b88443b5546f636beb65b8c5d1a2fb024aa065b875b4gitk-1.7.1-10.el6_10.noarch.rpm4e820bf7c778b4bdebc67ac640a42ebc6fd2a4a06f29e06082f20a5404a1a415gitweb-1.7.1-10.el6_10.noarch.rpmb7cdad0226d27a3422b16c2ba5d6ad38a1d41456fd9f278a5404966ed0edc0a0git-daemon-1.7.1-10.el6_10.i686.rpm12f436992543d6daa2834ec7fd4f5a5a6d5670a044b86960f785ee787e311d2eperl-Git-1.7.1-10.el6_10.noarch.rpm31d03187fdeb8ade325bcf18677794a75d3b3962b7c5c7fc77e7a0c4baf3ee14git-1.7.1-10.el6_10.i686.rpm160ed2dd5170d07ddabf6a7fd7f06b74f4861a02c3565c06f1958fcca8c0b0d4git-email-1.7.1-10.el6_10.noarch.rpm98bf71aa3ea11db0b4e173676775aca8fe26029da4b73fd9180d38be2827cb23emacs-git-el-1.7.1-10.el6_10.noarch.rpmb34c2c7022314573cdc713354dbb516b14e24e3617c991ad8a5567d30179edd7emacs-git-1.7.1-10.el6_10.noarch.rpma3f91a6e8abb6649c176ad4654abf2433136ece32a762652ed98d733474ff2abgit-all-1.7.1-10.el6_10.noarch.rpm3c2d43ecd8da11d50260f94bb334b0dc44d9457a30eed7ef6901791baa78b61eSLSA-2020:0471-1Security Fix(es): * spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows (CVE-2018-10893)moderateScientific Linux FermiScientific Linux Fermi 6spice-gtk-0.26-8.el6_10.2.i686.rpm150c7a4f9da15facdab9c1cec879d56d74c010d9cb4713d7384dd80ce67cae68spice-gtk-tools-0.26-8.el6_10.2.i686.rpm3aeb03bafdd3b566bdd3c29532488329a0541798d84256fad1fdff18324d7497spice-glib-devel-0.26-8.el6_10.2.i686.rpmbe2af02ed6b1bd65b96666c9ff2e356e655ecb3be7f1a89837013186a370d7ffspice-gtk-python-0.26-8.el6_10.2.i686.rpm41995586fdd7f09661104a460cd80deafa480d335401d47b24530a2e27daebd4spice-gtk-devel-0.26-8.el6_10.2.i686.rpm2ff61cf3350e2df213116e84bb0e2027a0d5547e37a29ef3f72deb1f28cb5965spice-glib-0.26-8.el6_10.2.i686.rpmabdb8e54d36de48d4c70945da85a0e5e7c78eb37962b9429c8c73dca13b7a5d4SLSA-2020:0515-1Security Fix(es): * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868)importantScientific Linux FermiScientific Linux Fermi 6ksh-20120801-38.el6_10.i686.rpm4573de948933989e13edd23b1db3a1037e13589ababdf9ba59688d91ac18c32dSLSA-2020:0521-1Security Fix(es): * Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796) * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800)importantScientific Linux FermiScientific Linux Fermi 6firefox-68.5.0-2.el6_10.i686.rpmeaa61eaccc640698a594708a192d899872c14fa31adef4cf6198d32e4c5abe0eSLSA-2020:0574-1Security Fix(es): Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) Mozilla: Out-of-bounds read when processing certain email messages (CVE-2020-6793) Mozilla: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords (CVE-2020-6794) Mozilla: Crash processing S/MIME messages with multiple signatures (CVE-2020-6795) Mozilla: Incorrect parsing of template tag could result in JavaScript injection (CVE-2020-6798) Mozilla: Message ID calculation was based on uninitialized data (CVE-2020-6792)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.5.0-1.el6_10.i686.rpmc0926310db6c871dada50f39e93fdb3fdc6ba4fdd76b43f00ae8a021004c505aSLSA-2020:0631-1Security Fix(es): * ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597)importantScientific Linux FermiScientific Linux Fermi 6ppp-2.4.5-11.el6_10.i686.rpm593502a484e86b62efebc73778ad61e9c99e8109dd6278395a56a266765465a9ppp-devel-2.4.5-11.el6_10.i686.rpmdbc8ac92000ed47d7c0e9f18cbf663640035f286226fa060f5e1411ed83e09bbSLSA-2020:0632-1Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) * OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) * OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)importantScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el6_10.i686.rpm53c8ed344688680d5689a0ed27e8ae8b53f552d169d5e648fdd78d75a95263a4java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el6_10.i686.rpmaf419a2c02991a045c55337485f140f6d2142a3a150f195eb808d238eb0e70ffjava-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el6_10.i686.rpm62615675de16c7aa87e357a5dca9d83db0dfdd9173e6a1a9ff15416dbd9a124fjava-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el6_10.i686.rpm95ce07c10622460032e590743934c04718a190bf58afa5efb48e28cee90fad78java-1.7.0-openjdk-javadoc-1.7.0.251-2.6.21.0.el6_10.noarch.rpma4fa4151a35710d667b1c09c3d00684f8d3c200b74e9075cfd08ddd15585e850SLSA-2020:0702-1Security Fix(es): * xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311)importantScientific Linux FermiScientific Linux Fermi 6xerces-c-devel-3.0.1-21.el6_10.i686.rpm299f5f4e4944cbd1b4b31bcf4287d85c7f4567477a07fbd7f7b4d7fa14959817xerces-c-doc-3.0.1-21.el6_10.noarch.rpmd992f681dce12e5cc47b634455037596ff101ad2eebc66d459708ce5ac4679e9xerces-c-3.0.1-21.el6_10.i686.rpmfe04f8540a3ed07b20d7c440a04b6cc71552b361b765125e13c7945342d22903SLSA-2020:0726-1Security Fix(es): * sudo: Stack based buffer overflow when pwfeedback is enabled (CVE-2019-18634)importantScientific Linux FermiScientific Linux Fermi 6sudo-devel-1.8.6p3-29.el6_10.3.i686.rpm37a0c40da8624c01ccbcc4844414f61276b85999256950bce83258c049606f2csudo-1.8.6p3-29.el6_10.3.i686.rpmd9b8368cc70fb32e27bd4d83f623991b0e3b2ef9be414623845491eee7ef7c9bSLSA-2020:0775-1Security Fix(es): * QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039) * QEMU: Slirp: use-after-free during packet reassembly (CVE-2019-15890)importantScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.506.el6_10.6.i686.rpm24f9e154a7b992a61e9d8054c08c1eaea48a23516d1e9a7f01d6378dba6a43c5SLSA-2020:0790-1Security Fix(es): * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless /wext-sme.c (CVE-2019-17133) * kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055) Bug Fix(es): * LACP bond does not function because bonding driver sees slave speed & duplex as Unknown * ixgbevf guess causes excessive interrupts in hypervisor due to get link settingsimportantScientific Linux FermiScientific Linux Fermi 6kernel-debug-devel-2.6.32-754.28.1.el6.i686.rpm7baeb69b0cce2467013a56c324072bf0d9511b897f882d4425c899cb70348d83kernel-debug-2.6.32-754.28.1.el6.i686.rpm08068b6652dfe516d1c0e9f006a7af1e0aa7b81e0f56d885ddcfbf3a0421c8ebkernel-doc-2.6.32-754.28.1.el6.noarch.rpmbd7fcc9e693f1122eb8f6474f3ec7117e8d1ef0610ae4d429284353c2742db1dkernel-devel-2.6.32-754.28.1.el6.i686.rpm83709e36a7d614ec5b27f6c328387c1a77c962ca082feece7f562db7f155f449kernel-2.6.32-754.28.1.el6.i686.rpm4a14d589f161cd8023fe9f048f52634e67613d3fd6c81fe5b808e15f07ca7000kernel-abi-whitelists-2.6.32-754.28.1.el6.noarch.rpmb49136d71faf2a416f07485e49c4a72e816c2b0c7f5a5a0c2f7b5bd8e9dc0ec8python-perf-2.6.32-754.28.1.el6.i686.rpm8d487df6ef77663826c2305db8f521ab815661c945ac2883378cfd9e248e71b6perf-2.6.32-754.28.1.el6.i686.rpmca3cce7406dff45b5e2043d3744e24e4eec4da774a3de6d412f7e1cc87fa80c0kernel-headers-2.6.32-754.28.1.el6.i686.rpm85c6fd176653526c0fe98d43e7a9106bca7757516af069c6cc14ac2e5821c537kernel-firmware-2.6.32-754.28.1.el6.noarch.rpm5a96c1d62011f5cc7044a4079ab4c4d4b805bf97094eebdc7075e330079dbda2SLSA-2020:0816-1This update upgrades Firefox to version 68.6.0 ESR. Security Fix(es): * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addresses_from_init (CVE-2019-20503) * Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website- controlled data, potentially leading to command injection (CVE-2020-6811) * Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission (CVE-2020-6812)importantScientific Linux FermiScientific Linux Fermi 6firefox-68.6.0-1.el6_10.i686.rpm42e3aa25d642495bf090dea0eb1deed36d4d7f308b62a6078d755ce3ebdb3b51SLSA-2020:0892-1Security Fix(es): * zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044)importantScientific Linux FermiScientific Linux Fermi 6zsh-html-4.3.11-11.el6_10.i686.rpm27365cb9a38fbd29d9bbb9fa6a220807ec6686d05f041386a95c96ab3ef14300zsh-4.3.11-11.el6_10.i686.rpmcbd3998d7afe51c1548e9ed32d6309f6bf03710eb4b60c28b47defc45b449ed4SLSA-2020:0896-1Security Fix(es): * ICU: Integer overflow in UnicodeString::doAppend() (CVE-2020-10531)importantScientific Linux FermiScientific Linux Fermi 6icu-4.2.1-15.el6_10.i686.rpmaae26cc6d13bfb6fd5d555802987184f416ef7f6105bcc171d172f74271cf745libicu-devel-4.2.1-15.el6_10.i686.rpm04b271467d8f55f0a0dd1dd8140c1339c5cf90defa0d44599d795095deac8b04libicu-doc-4.2.1-15.el6_10.noarch.rpmeb4363fa5c07c028aa3ef1c29c7b7b76c301338ea9ca9ce73eb140cceef386e0libicu-4.2.1-15.el6_10.i686.rpm9f6dd5d39417b489153c66e23c5aa4fc33766f5c6346715033feb549ce1bead0SLSA-2020:0898-1Security Fix(es): * python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312)importantScientific Linux FermiScientific Linux Fermi 6python-imaging-sane-1.1.6-20.el6_10.i686.rpm3f8e340ed49d98234b5f13477618a82cd0a23680c6f33f6a8333f2da6eaac276python-imaging-1.1.6-20.el6_10.i686.rpm73e0cf03c2fbf49793359a691b7399597a2a926da67aed07a9418fb52d76bb50python-imaging-tk-1.1.6-20.el6_10.i686.rpm50bc40dfab966b96c518021d9b6b4465f6859706cc5efbdace17b3450167ed8cpython-imaging-devel-1.1.6-20.el6_10.i686.rpm6a20bc6a2e92a182be18ddbb8a79fc2d53c829b4f8f1a0e92966386e2f23cdffSLSA-2020:0912-1Security Fix(es): * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)importantScientific Linux FermiScientific Linux Fermi 6tomcat6-6.0.24-114.el6_10.noarch.rpme67c6d4b8ff53161a4042eaf73db125e581793fef161651e13cb59988f1fc6dctomcat6-admin-webapps-6.0.24-114.el6_10.noarch.rpma05f1b783d85bc1f7f64e7bb59d7b43698f9bb368d31e16d36a3ee271d83fdaetomcat6-el-2.1-api-6.0.24-114.el6_10.noarch.rpm400c301bcb75cf7b39b7016f5e023c30efe45e3d25aa61236c63533edb733aaetomcat6-javadoc-6.0.24-114.el6_10.noarch.rpm5c1707db16c145ceb07eafe23966b012b420510d57599dd01709a2fb947c721btomcat6-webapps-6.0.24-114.el6_10.noarch.rpm4ce45e27aa33def8fbf9e9e7d2c6e87562ae1abbabd962b0130a07c4da5e3003tomcat6-servlet-2.5-api-6.0.24-114.el6_10.noarch.rpmbe3c60a3ba52795cf7a62ce5fb4a7ac8dc9f1dd2254b1af2dba4681bfd1fa6bbtomcat6-docs-webapp-6.0.24-114.el6_10.noarch.rpm7bc43c2a6010849c4a713e025c2ffe605601df8cd3f5af5027c978b8da6c7c6ftomcat6-jsp-2.1-api-6.0.24-114.el6_10.noarch.rpm26ce9c8aac1c86685dab7592ae4c24959f039e902114d6de2378052e97eb31e2tomcat6-lib-6.0.24-114.el6_10.noarch.rpme5f8748e8b5e9f488f39dc02b6fdcec0a2aaa655942fbb70bf83e2cc128fbaf5SLSA-2020:0914-1Security Fix(es): * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addresses_from_init (CVE-2019-20503) * Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection (CVE-2020-6811) * Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission (CVE-2020-6812)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.6.0-1.el6_10.i686.rpm5dc51156f7cfde9e7b4011ad5ac0b886f4bdff0babd05ad96c87e034146aafafSLSA-2020:1331-1Security Fix(es): * ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c (CVE-2020-5208)importantScientific Linux FermiScientific Linux Fermi 6ipmitool-1.8.15-3.el6_10.i686.rpmea1a33b9fa4c4c2aa724528aa35e92fabc4bd6e4c186b0677cc4ba9f2c7f83b9SLSA-2020:1335-1Security Fix(es): * telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code (CVE-2020-10188)importantScientific Linux FermiScientific Linux Fermi 6telnet-server-0.17-49.el6_10.i686.rpmd9cf7ab6b1b894a04bf4373cbb36aabf9df1884a5f4ad43940e15ce050ae43c7telnet-0.17-49.el6_10.i686.rpmbbd2194e19354b9a029e5ddd1fb360555ee95a050eb9aa981ebcd1a246765e55SLSA-2020:1339-1Security Fix(es): * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)criticalScientific Linux FermiScientific Linux Fermi 6firefox-68.6.1-1.el6_10.i686.rpm8ff4339baa2182e770b13ac184fd96c9931a1224cf68a4e9ed922a18184f0cedSLSA-2020:1349-1Security Fix(es): * telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code (CVE-2020-10188)importantScientific Linux FermiScientific Linux Fermi 6krb5-appl-clients-1.0.1-10.el6_10.i686.rpm1fcad7779c1fb41ea66bfdbe9efbd46f3e7b0c37674102358736a22c37c933bbkrb5-appl-servers-1.0.1-10.el6_10.i686.rpm6110f465790a6b096d571a3497a2984b45b83f99bd91e881a594f6bdfe71cc07SLSA-2020:1403-1Security Fix(es): * QEMU: Slirp: potential OOB access due to unsafe snprintf() usages Bug Fix(es): * QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-6]importantScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.506.el6_10.7.i686.rpm2c8d289e255beae0113cb13787b128b1b083189c718b369d269c0fc696074b02SLSA-2020:1429-1Security Fix(es): * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)importantScientific Linux FermiScientific Linux Fermi 6firefox-68.7.0-2.el6_10.i686.rpmad728bcd2c4f76fcf472c16c6a85db811b9c7f71628cc434bd804e0100a5de05SLSA-2020:1488-1Security Fix(es): * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.7.0-1.el6_10.i686.rpm983056da56ace25744770efbca29f16a2969af82b7ea88a13288c835d054f965SLSA-2020:1506-1Security Fix(es): * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) * OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) * OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) * OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) * OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) * OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) * OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757)importantScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-javadoc-debug-1.8.0.252.b09-2.el6_10.noarch.rpme19975268da987ac48575702799aead59f14f335ced187695be30aaec2cc5abbjava-1.8.0-openjdk-src-debug-1.8.0.252.b09-2.el6_10.i686.rpm3b7737a0afdd2eb7d3e8b352c03d09b887631f835f8f1c79dff29e72241c5b41java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el6_10.i686.rpm0b5a6f4e19fce4cdd9fc10d9d83a0a8170b87507e29474187ee0fb530acdcc75java-1.8.0-openjdk-demo-debug-1.8.0.252.b09-2.el6_10.i686.rpm143ba3d79fc10d85bee00cf4bab529cfde435cd0f56b7f7f8525797ca88a5c01java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el6_10.i686.rpmf682886302c8b4ac9abef5894ce93f3db480f6966065fc6d178f8cb773e2c741java-1.8.0-openjdk-devel-debug-1.8.0.252.b09-2.el6_10.i686.rpm0814bfe44d825a9c24f15971f33d9443edfb248b8f1df1c6cf2795b78107f441java-1.8.0-openjdk-debug-1.8.0.252.b09-2.el6_10.i686.rpmd7d1b71531d39de5ac508b165da20c45a3d2a32beffa28079deeb0174358fbe7java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el6_10.i686.rpm53be25fd0626e72c50e7d16bc3c8fffa707b559ad08260427dd702e250b27866java-1.8.0-openjdk-1.8.0.252.b09-2.el6_10.i686.rpmf32e6265854ef86415f1f2802fbdae64e922f7e44813549058b49f5654ac3f06java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el6_10.noarch.rpm135085ccb7581891eea423fd6ef4d02cbc030b48e790aa48781d56271a8434acjava-1.8.0-openjdk-headless-debug-1.8.0.252.b09-2.el6_10.i686.rpm6b7dbf93fe3989884843244c5ccce890faf6e787495e707476dbfbe92f800d2ajava-1.8.0-openjdk-src-1.8.0.252.b09-2.el6_10.i686.rpm007dc853d73cfa9f6b8b388473b8f019d8f5a65182b8d977f1714e5cffc09079SLSA-2020:1508-1Security Fix(es): * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) * OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) * OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) * OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) * OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757)importantScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-devel-1.7.0.261-2.6.22.1.el6_10.i686.rpm9354144a59e73c1737c53da9984f4cb8de09cffe0a281755f5d0abd878755f52java-1.7.0-openjdk-1.7.0.261-2.6.22.1.el6_10.i686.rpm9444c4f88cb0815d03f46b1f0cd647ba9fb929dce24a951e81e0c8394cac7732java-1.7.0-openjdk-src-1.7.0.261-2.6.22.1.el6_10.i686.rpm3ef2a31eca98086606607b07e38759d8f64f6d287732f2cbcbd9e7f7384fb974java-1.7.0-openjdk-javadoc-1.7.0.261-2.6.22.1.el6_10.noarch.rpm5b9f02ba2ad600fb3499389613ac77dc9176a41a7d9876768a59ed01fed443b1java-1.7.0-openjdk-demo-1.7.0.261-2.6.22.1.el6_10.i686.rpm97a630c706bb2d5d37e48a5300cc7ea735ecd4ca10c517602a7ef5240233607aSLSA-2020:1524-1Security Fix(es): * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: offset2lib allows for the stack guard page to be jumped over (CVE-2017-1000371)importantScientific Linux FermiScientific Linux Fermi 6perf-2.6.32-754.29.1.el6.i686.rpm7bfa51c01cdb3ad26e14b287d4fe65382637d0fb1771f76fdd7cad9cad73775ekernel-firmware-2.6.32-754.29.1.el6.noarch.rpmbd4c2ee33949073a2178159e42b89a1c8c00fa0a4138d734a972ef527ce91efdkernel-debug-devel-2.6.32-754.29.1.el6.i686.rpm6ba2d8062dfb47aa9fa2910f7981ef19987838a6c1a77143594b1c32a3909028kernel-debug-2.6.32-754.29.1.el6.i686.rpmae0e41c4b86dc18df50f93ffeca0b88c2f8b6c6df9103c5e66842e393adee431kernel-doc-2.6.32-754.29.1.el6.noarch.rpm2defbde25423ad053033684cde92f7e36331c7358e7cef50faaa60613aaccd70kernel-abi-whitelists-2.6.32-754.29.1.el6.noarch.rpm21415c036c175c1ff223d933f78794efdd9bd62777ea5b32533bbe853dfb1a39kernel-2.6.32-754.29.1.el6.i686.rpm70ddda91e0472a57452373b939be1c927fed72949f2c66d12bd29f87a4478b57kernel-headers-2.6.32-754.29.1.el6.i686.rpm2f794473871c2879d843c87283b748bead779813301d60791db9c82224a8f22fpython-perf-2.6.32-754.29.1.el6.i686.rpm413496762d84e9e429bede93968364b92ee9b4bca6d111d98a85eaded65b1c2bkernel-devel-2.6.32-754.29.1.el6.i686.rpm68bf2d7f23c8247d12053cb0ba3a604c3f1da61782a949c86f16eaa9f09fa301SLSA-2020:1962-1Security Fix(es): * python-twisted: HTTP request smuggling when presented with two Content-Length headers (CVE-2020-10108)importantScientific Linux FermiScientific Linux Fermi 6python-twisted-web-8.2.0-6.el6_10.i686.rpmc94f94f4682e6795108539c2136e9c9345b548430d531bd51e98f96d02a41a91SLSA-2020:2036-1Security Fix(es): * Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * Mozilla: Buffer overflow in SCTP chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392)criticalScientific Linux FermiScientific Linux Fermi 6firefox-68.8.0-1.el6_10.i686.rpmff969ec40b02b9b409cc49bc985aa45bcd464c72e5edee8463141ea0a97840b4SLSA-2020:2049-1Security Fix(es): * Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) * Mozilla: Sender Email Address Spoofing using encoded Unicode characters (CVE-2020-12397)criticalScientific Linux FermiScientific Linux Fermi 6thunderbird-68.8.0-1.el6_10.i686.rpm276f363d8ddc3552bf135342ffb2a4acd400cbc1e452e3b7edeffc0fd6a115f5SLSA-2020:2103-1Security Fix(es): * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711)importantScientific Linux FermiScientific Linux Fermi 6kernel-headers-2.6.32-754.29.2.el6.i686.rpm39ff3280d089ed98fa29b703636fcafa6851111551884f67357130ce5b031979kernel-doc-2.6.32-754.29.2.el6.noarch.rpmd5fc2eaa74a1164e87e0e4c89749626e01abb315781aa3723eef54d091cb717akernel-debug-2.6.32-754.29.2.el6.i686.rpmbd5c7284198005e6178785ebe8b45dd48f98d1bc66396e372267fce4932dd4b9kernel-2.6.32-754.29.2.el6.i686.rpmf06547b178b03475305bc2fc7c408c453e3255beee2269d1ee20e5781f91103fkernel-debug-devel-2.6.32-754.29.2.el6.i686.rpmc0253bd506d0754a0b06020c65c1c748b60f2bc25dfa40928e2d35b216dd414ckernel-abi-whitelists-2.6.32-754.29.2.el6.noarch.rpm0420598dca0abb270d088895439416fa07f685d4099807ee1b9683a815c292d6kernel-devel-2.6.32-754.29.2.el6.i686.rpm0186f1f6ec9a68ceea53d9c0cb87448d77586a38bc28e68d78780dbb40657393perf-2.6.32-754.29.2.el6.i686.rpm6abd7deef9c75e8656dd20b20e2f6a49b570019356373297a5e2c432a0156f76python-perf-2.6.32-754.29.2.el6.i686.rpm2c71e1625a87a8fcd1811394761018a9473965e54ac173069a5452369bdb8463kernel-firmware-2.6.32-754.29.2.el6.noarch.rpmc115cfac5d1f31547e415ce6299dd8df41c6a3343d6b1f45ed870a4098f1ecdbSLSA-2020:2378-1Security Fix(es): * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410)importantScientific Linux FermiScientific Linux Fermi 6firefox-68.9.0-1.el6_10.i686.rpmc8492bbae72bdea59eb209ed09fdce0979d34a4510a76da61befda5fda11146dSLSA-2020:2383-1Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617)importantScientific Linux FermiScientific Linux Fermi 6bind-sdb-9.8.2-0.68.rc1.el6_10.7.i686.rpm33102af0b5d55c548c380db640ec25d946b1223b2664359ce3c79097a0e72afcbind-chroot-9.8.2-0.68.rc1.el6_10.7.i686.rpm3f451e02ce43fab493a31c19d9f8f58c2e60a51c2db95f0f58053802da466542bind-9.8.2-0.68.rc1.el6_10.7.i686.rpmd9d6739f85bca6845a30b2c7e44f01b263fd260afc49f1b8982289bd4ceb0d84bind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpmbd5e29847f28c681d00071493941add2c30d9ae99f4eb0469a22b89ee6873acfbind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpm0260edc1e0c226c49f66583e3ca503f3c3976233210f54ae8139bbae52fe23afbind-utils-9.8.2-0.68.rc1.el6_10.7.i686.rpmc216753fb645a6b4eb5fd42fc9149adf6dc53196f4db99cd3841d7a291da4dc8SLSA-2020:2406-1Security Fix(es): * freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)importantScientific Linux FermiScientific Linux Fermi 6freerdp-libs-1.0.2-7.el6_10.i686.rpma5baa62e16352b5b2ecd546ee16daf3567c42ef094f83f7f466cc12fd2a8c4f9freerdp-devel-1.0.2-7.el6_10.i686.rpmeacfd27013b2bfdf41cd621abf469ac0aef2df7ad612db6da69bc6132b652730freerdp-1.0.2-7.el6_10.i686.rpm41b4e9d74d9563db5d64206664f105ff94cf79b306af69806f4901ced9094df2freerdp-plugins-1.0.2-7.el6_10.i686.rpm3eb480de66ea0e120ca561b2e5e65bbfc17ba3c4530c4101c4cdb7c07bafe763SLSA-2020:2430-1Security Fix(es): * kernel: NULL pointer dereference due to KEYCTL_READ on negative key (CVE-2017-12192)moderateScientific Linux FermiScientific Linux Fermi 6kernel-abi-whitelists-2.6.32-754.30.2.el6.noarch.rpm730770d4ce0c67828244447ebc39d11243b6bfe40ddcd34224ab246ca84833d5python-perf-2.6.32-754.30.2.el6.i686.rpm915ec613738fd37809f534d16ff60e6b3c631edf14c52b2161bf24d740f30b93kernel-2.6.32-754.30.2.el6.i686.rpm8f4b6a6357d346680675a4f6e6580535c51a7fb0856b7a92b30721446a3641a0kernel-debug-devel-2.6.32-754.30.2.el6.i686.rpmf7c3d857729cb095d06af86f69412a2744053ad84aa50859ddfd0aa2abac566dkernel-debug-2.6.32-754.30.2.el6.i686.rpm8be551c1fdc7d72df1c913333bdafadbf828cf46b612be5fcce28ad1d6ed7e42kernel-doc-2.6.32-754.30.2.el6.noarch.rpm176c75f8d19c75db7f1c00844acd6777c12c2b16caa608896f6a369cdd48a785perf-2.6.32-754.30.2.el6.i686.rpm16abaaed6779670b58522418db86108054da83a2b277028afa70096bcadb8a8ekernel-headers-2.6.32-754.30.2.el6.i686.rpm510a771f66e3c05cc7c14c62a0d53bfe7fe76fe67241d7f6346d404ba9a42ea1kernel-devel-2.6.32-754.30.2.el6.i686.rpm70c11214d3fd258dba85940511880b10273c71f053a0dfe5cbeec9660ea6858bkernel-firmware-2.6.32-754.30.2.el6.noarch.rpm8a9d803a8bf4395aa75086a462f5a2f75457ae2c2bd2c4bc07a40a3e648defb9SLSA-2020:2433-1Security Fix(es): * hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) * hw: L1D Cache Eviction Sampling (CVE-2020-0549) * hw: Vector Register Data Sampling (CVE-2020-0548)moderateScientific Linux FermiScientific Linux Fermi 6microcode_ctl-1.17-33.26.el6_10.i686.rpm2f47f6520509729b2db205f2bb9fb27da378323b451bd97a7892a28c19ce73a2SLSA-2020:2516-1Security Fix(es): * libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS (CVE-2020-13112)moderateScientific Linux FermiScientific Linux Fermi 6libexif-devel-0.6.21-6.el6_10.i686.rpm9879765aaf062b70cd05712af8a56585fe8b7183b876064046e3b52a00fb039blibexif-0.6.21-6.el6_10.i686.rpmace0d218fe2af9d4388e16cd74e56407fc84d7449c4734e5083f896cec0965a3SLSA-2020:2529-1* tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484)importantScientific Linux FermiScientific Linux Fermi 6tomcat6-admin-webapps-6.0.24-115.el6_10.noarch.rpmab7257bf316de7c76f7c6f94963b25b7249b67eab8917d60658271ad54656af8tomcat6-webapps-6.0.24-115.el6_10.noarch.rpmc91a7a99212042e51aa337f876498052253ab3e7c8b92122d9f4bf8e3e78dbedtomcat6-6.0.24-115.el6_10.noarch.rpmf1b3b894b412ff6b21743ec297617202a22eef5f2b1ef6e897d14e2d17e73306tomcat6-docs-webapp-6.0.24-115.el6_10.noarch.rpm1266db8f8dc17028c4ecf3a1e1ca909316d16467f2707a4d011c3a593f8ec9ddtomcat6-jsp-2.1-api-6.0.24-115.el6_10.noarch.rpmbefc720145865fd7c2c8212e17ff455424fa5deb7121938b6aaec3cdbc744dfctomcat6-javadoc-6.0.24-115.el6_10.noarch.rpm6125b1df82d8470a1194b539578bab6a5b579b82d48b292677120b3b04a791e6tomcat6-lib-6.0.24-115.el6_10.noarch.rpmd6c3b2b895ffbcb24ce3002b1f7ada3852ef24da299fc828750bc1eb1b930991tomcat6-servlet-2.5-api-6.0.24-115.el6_10.noarch.rpmd8c8a740ba3cc36e91a74d7bbae6901df18ebe696ea3bbbeab47b0b0b4571e7etomcat6-el-2.1-api-6.0.24-115.el6_10.noarch.rpm5ba010b035d1372221917d23a762d5138648fb2669b799bc0806d7f2102bbcf2SLSA-2020:2613-1Security Fix(es): * Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage (CVE-2020-12398) * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.9.0-1.el6_10.i686.rpm2c9535e4c563fe491472ccb4ba4be8e3ab7ce8363295b2d31a98855b1efb6072SLSA-2020:2640-1Security Fix(es): * unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662) * unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663)importantScientific Linux FermiScientific Linux Fermi 6unbound-python-1.4.20-29.el6_10.1.i686.rpm24ed8af56ac67370ba105e9d738d0ecc654fa687460e129adfdf21af68f24218unbound-devel-1.4.20-29.el6_10.1.i686.rpm1640c1c683df3635ae36acb42b5f14ecca4de9afafc02d2fc8ae56eec77367bfunbound-libs-1.4.20-29.el6_10.1.i686.rpm0be3da9d7576e4670c2a6779820fd9516c14d0be004c979b19adedae8eddead0unbound-1.4.20-29.el6_10.1.i686.rpmf58b96e6e3a3b79f5507a0e2950b8f940d8bc780522e16e01d246c3064105f24SLSA-2020:2824-1Security Fix(es): * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)importantScientific Linux FermiScientific Linux Fermi 6firefox-68.10.0-1.el6_10.i686.rpm1804805bd0e916dcf89e3589374aaf5d1f06020b57373970e2ad0e3f3f01c681SLSA-2020:2933-1Security Fix(es): * kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660)moderateScientific Linux FermiScientific Linux Fermi 6kernel-firmware-2.6.32-754.31.1.el6.noarch.rpm7d3a2a63f1a3e7bbc67de2f0ca9c68e7c3daaf0640e4835f9b060961a70b9095kernel-headers-2.6.32-754.31.1.el6.i686.rpm07bf93535171ce1064739a31be94c259a07a774e7188990b2d310473347b39b0kernel-debug-2.6.32-754.31.1.el6.i686.rpmf1fdf52d20afa0c1975918b11d7bf81bb8ae8dc65ef2f18996fc105a9ca2b7a0kernel-abi-whitelists-2.6.32-754.31.1.el6.noarch.rpm5a01513018c63477b395dfd3b566e36cb970039217f71703d35d01a9f49ef009kernel-debug-devel-2.6.32-754.31.1.el6.i686.rpm423a5bcbfe1c0407b211abc3598b2c387670f59a3379a7710c824a55ca920132python-perf-2.6.32-754.31.1.el6.i686.rpm183e7851ef5b87f579efe40162ee0a4de545f7585f3a1c1cb99a11a1f8059a89kernel-doc-2.6.32-754.31.1.el6.noarch.rpm6917b2ed40d0db1bd3b8c8df73aac89cfcaf899404b5a011eac2f809b50955f1kernel-devel-2.6.32-754.31.1.el6.i686.rpm44fe16721dc2c278aed128eac2073a1b4808b5bbd3f4a979b8815e5062f3b22fkernel-2.6.32-754.31.1.el6.i686.rpmc89fb86d08d16b8ab4ab3a93e10be14fa1b5d551073d3bf1306ce14ba73f21a3perf-2.6.32-754.31.1.el6.i686.rpm5e1bc4279f3d3cc73d560fbf4c8a6384991468480c9bcc92a282a54bcceb1445SLSA-2020:2966-1Security Fix(es): * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.10.0-1.el6_10.i686.rpmbced70b3e467495f91a0f3d97128ced58d3af61b150ed08cd787a8112aadba81SLSA-2020:2985-1Security Fix(es): * OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583) * OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593) * OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) (CVE-2020-14556) * OpenJDK: Unexpected exception raised by DerInputStream (Libraries, 8237731) (CVE-2020-14578) * OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736) (CVE-2020-14579) * OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621) * OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577)importantScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-headless-debug-1.8.0.262.b10-0.el6_10.i686.rpm0020cd1b9d979b42953c8462d6d8e1c317c6f735d5fb9cc1fb2248f72d0ab745java-1.8.0-openjdk-src-debug-1.8.0.262.b10-0.el6_10.i686.rpm838184c878241e601e86fcf53e2f5adbb6cf6a52534d5baeaed5dfcd26cbb589java-1.8.0-openjdk-devel-1.8.0.262.b10-0.el6_10.i686.rpm0e82ed94cb3557e38ab98cef3091102d05a4e15ec280bc6ca30eddf27c0e3cdbjava-1.8.0-openjdk-javadoc-debug-1.8.0.262.b10-0.el6_10.noarch.rpmd9add926a08b73c1a5202a99eacc399216cdeb39d52b5e2941285902e6bf4d58java-1.8.0-openjdk-headless-1.8.0.262.b10-0.el6_10.i686.rpm1c7205be5c8b27dbce0cdfc9d5bc7504c96344c6b9b332f48b01f4b77759dc4ejava-1.8.0-openjdk-devel-debug-1.8.0.262.b10-0.el6_10.i686.rpm8d31850fbd38536174b747f0a73da165b3522e2488643d627f1d2ce614db7272java-1.8.0-openjdk-src-1.8.0.262.b10-0.el6_10.i686.rpmc9b679cc63593d86fbef9ee570e77cac7587d249b4bd1513554f20d53d6586cejava-1.8.0-openjdk-1.8.0.262.b10-0.el6_10.i686.rpm37343f2f5374544fde41c18a3fc67e5c5c37e2cf6091ed5ad88591920b9b12e8java-1.8.0-openjdk-debug-1.8.0.262.b10-0.el6_10.i686.rpm5207a1282a0dc55be458421408bf0cb7c40f2a5f51593a4a9f676a0371d3b869java-1.8.0-openjdk-demo-debug-1.8.0.262.b10-0.el6_10.i686.rpm24edab90a5bc79a21656be1aadba722c8c00e819deb08e1469950879bb2f6027java-1.8.0-openjdk-demo-1.8.0.262.b10-0.el6_10.i686.rpmec82aae1ff72c99a759104dd639d1d7f7839b8274f458240dff7707ac3b10cfbjava-1.8.0-openjdk-javadoc-1.8.0.262.b10-0.el6_10.noarch.rpmf4bd52580595be5fb5245aed4860b1346bb6cb78963f1e7c4c0d896254c1b831SLSA-2020:3233-1Security Fix(es): * chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)importantScientific Linux FermiScientific Linux Fermi 6firefox-68.11.0-1.el6_10.i686.rpm17c09a311a7b229d3d205f635e6753b17d6da51e0fbc2f99264d5ca290d65323SLSA-2020:3284-1Security Fix(es): * postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692)importantScientific Linux FermiScientific Linux Fermi 6postgresql-jdbc-8.4.704-4.el6_10.noarch.rpm518995d76313e361af8511350b1dec10e78068f1851d168b4a8cda7456f71a39SLSA-2020:3345-1Security Fix(es): * chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.11.0-1.el6_10.i686.rpm3ab0f800b68a46147163fa9338f92b1b6d143eb92ec672778cc34a29cc1de347SLSA-2020:3548-1Security Fix(es): * kernel: Null pointer dereference in search_keyring (CVE-2017-2647) * kernel: heap-based buffer overflow in lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c (CVE-2019-14896)importantScientific Linux FermitrueScientific Linux Fermi 6kernel-doc-2.6.32-754.33.1.el6.noarch.rpm89b9afcd74bc9bf1d0602ab37023b48695e0cea186a4612afb5a0697fd92cafakernel-firmware-2.6.32-754.33.1.el6.noarch.rpmd760d7286eca3b52ddd6765fe10afa6d88eceeb4dc85f1ce020cae7e7cc040f3kernel-debug-devel-2.6.32-754.33.1.el6.i686.rpm52c94b1c7ab0197a72bef089969a663154c26bf7cd3c9f2ec945e1fd3b1e4a8apython-perf-2.6.32-754.33.1.el6.i686.rpm8d6cac4851344ae489f38a5a25fe15bcfc31f8bbb1b5ee84b6c5f4716d1a1fa5kernel-abi-whitelists-2.6.32-754.33.1.el6.noarch.rpm1c10f523013b858e8d2e5f087378a56c7f0794fd8d15df97649e51fc2e31fd1bkernel-devel-2.6.32-754.33.1.el6.i686.rpma8acd52591cfc2ad9e27086dab39253e12fe351b334a71969d7fc6ea895dab04kernel-2.6.32-754.33.1.el6.i686.rpmc9148fc1cc132e8300184b3466de3fc3500a022528f57f6238124344ec8622f8kernel-headers-2.6.32-754.33.1.el6.i686.rpma1a4ad2948aa054aa6fad6f798175bf118c73b49431b1560bc846020d71474c4kernel-debug-2.6.32-754.33.1.el6.i686.rpm9174a036b6abf890361d5c2b2092b29e39ab7b54da0ca7de49fa3a846a2a1699perf-2.6.32-754.33.1.el6.i686.rpm584c5b03bacd4f06762c6cd37e7762bf23661b95307d62ec9775fed3671fd97aSLSA-2020:3558-1Security Fix(es): * Mozilla: Attacker-induced prompt for extension installation (CVE-2020-15664) * Mozilla: Use-After-Free when aborting an operation (CVE-2020-15669)importantScientific Linux FermiScientific Linux Fermi 6firefox-68.12.0-1.el6_10.i686.rpm023f3bb22b3cfba3d49d8262c6c3f3da0bfa7d1900c684eee1b0a343a568bfa2SLSA-2020:3643-1Security Fix(es): * Mozilla: Attacker-induced prompt for extension installation (CVE-2020-15664) * Mozilla: Use-After-Free when aborting an operation (CVE-2020-15669)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.12.0-1.el6_10.i686.rpmfc8c1299420df9d20c220963de6dccba892777a75547c809f314a26993108e0fSLSA-2020:3835-1Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 (CVE-2020-15673) * Mozilla: XSS when pasting attacker-controlled data into a contenteditable element (CVE-2020-15676) * Mozilla: Download origin spoofing via redirect (CVE-2020-15677) * Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario (CVE-2020-15678)importantScientific Linux FermiScientific Linux Fermi 6firefox-78.3.0-1.el6_10.i686.rpm9aa64152a903a27623425043682949073834c68188e5a2f177ad87cbafbc645cSLSA-2020:4056-1Security Fix(es): * QEMU: usb: out-of-bounds r/w access issue while processing usb packets (CVE-2020-14364)importantScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.506.el6_10.8.i686.rpmcc2bed3761dddc19d959d87792bdffb2ec2b2aaa4a62050cafa6a8741bc5534bSLSA-2020:4158-1Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 (CVE-2020-15673) * Mozilla: XSS when pasting attacker-controlled data into a contenteditable element (CVE-2020-15676) * Mozilla: Download origin spoofing via redirect (CVE-2020-15677) * Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario (CVE-2020-15678)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-78.3.1-1.el6_10.i686.rpm253b05f073eee8471a5935e4cf64b850d9e8bcbf32c6435d75b9c3135a513f9aSLSA-2020:4182-1Security Fix(es): * kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)importantScientific Linux FermiScientific Linux Fermi 6kernel-abi-whitelists-2.6.32-754.35.1.el6.noarch.rpm100e6fd09800c19d354b45d101ee8acf435ff3747dd55fa7c540336e22fa2856kernel-2.6.32-754.35.1.el6.i686.rpme8df5b48ea18d798557b895a936a35d29dc2fe5ba2c9880194fb09d5e52f77b0kernel-doc-2.6.32-754.35.1.el6.noarch.rpm3d2c718136637743613cca4a746e3a2db77f754e1fb8641560311ed6a1bb0e00kernel-debug-2.6.32-754.35.1.el6.i686.rpmb4d7f1a164aba2b9933ea65ea970b2db5373dc55d33655634b79c16000217ae7kernel-devel-2.6.32-754.35.1.el6.i686.rpm16787ab91ba82e6fb8c62504067e4bc9a046d2ec8643e50059a734e0066af336python-perf-2.6.32-754.35.1.el6.i686.rpm27bfe458d147e4639c2049df8aad599780ef431ce5bca334393db49aef5ce0a7kernel-headers-2.6.32-754.35.1.el6.i686.rpmd2a44ac5b894962711bfab05af04598316ecbffbf65ce1256154432786d90ac5kernel-debug-devel-2.6.32-754.35.1.el6.i686.rpm82911fc16c01b77d9ab57dbbaaacdc21489aa6c96bd204fa4138779315283f16perf-2.6.32-754.35.1.el6.i686.rpm3d5446d78ae1a488458ab00aa5b6f5772520a55c2e11b0a27680cd69bbe2bb14kernel-firmware-2.6.32-754.35.1.el6.noarch.rpm261ebda42bb7b07feafe9a41c9cd6496388092ad274663bda175b38075a9778bSLSA-2020:4183-1Security Fix(es): * bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622)moderateScientific Linux FermiScientific Linux Fermi 6bind-devel-9.8.2-0.68.rc1.el6_10.8.i686.rpmf1d6c007de19e2138ddc190f7280255aec51331651f0077a2cb14883a9aaa193bind-utils-9.8.2-0.68.rc1.el6_10.8.i686.rpm6055789e22872ce53f2b88dca2039ebc83ef9b946335325847327b6848d2fb02bind-libs-9.8.2-0.68.rc1.el6_10.8.i686.rpm96e44f398115d84ccab20b597896f01bf83641a97ab85850348fb9c9882d8066bind-9.8.2-0.68.rc1.el6_10.8.i686.rpme78947b1dd48dacca07c5ac21d174e3568d3d1a27144fdd20f3aac9ae7ed951ebind-sdb-9.8.2-0.68.rc1.el6_10.8.i686.rpm3ab39050adf36857b15e65e472340815a178065508d1a6f5e504430f50b12985bind-chroot-9.8.2-0.68.rc1.el6_10.8.i686.rpmf57896e9974f7f9abaee4c4a8fe479edb434c8b6fa79e0eb75f2b2d6c0353edcSLSA-2020:4330-1Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969)importantScientific Linux FermiScientific Linux Fermi 6firefox-78.4.0-2.el6_10.i686.rpm2ba2f4ee0d42c5c8f1f5814a9c6a21354292c95a1abf09b4ae6c91018cf49e0eSLSA-2020:4348-1Security Fix(es): * OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781) * OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782) * OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792) * OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797) * OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803) * OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779) * OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)moderateScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-devel-1.8.0.272.b10-0.el6_10.i686.rpm96acc9d0abbb13e238ed3f0460dfac535a85ec9d961fc98c10a6c95cdc642ba6java-1.8.0-openjdk-javadoc-1.8.0.272.b10-0.el6_10.noarch.rpm3d848e9ca71e703304c558bb4843f6ac892c281d382699a33caf822871bc80a8java-1.8.0-openjdk-src-debug-1.8.0.272.b10-0.el6_10.i686.rpmb7fcffad62eea1cc9657f96830811bac76d0e06576b58d37dbdf0b28f9eb03dbjava-1.8.0-openjdk-demo-debug-1.8.0.272.b10-0.el6_10.i686.rpm8c99ae391cd937e1c063bddfcc5d910d5c9f8b6cd8be2f6fd18d5f97ce528ee1java-1.8.0-openjdk-headless-debug-1.8.0.272.b10-0.el6_10.i686.rpme1c4ad048405e160b29f472339b4a40eb50ad7edff8f5eb11a36e91d0155d834java-1.8.0-openjdk-debug-1.8.0.272.b10-0.el6_10.i686.rpm3e0f240d762b8848a767b68df2a5bf02b148a8222374021e332a970684de5d4bjava-1.8.0-openjdk-demo-1.8.0.272.b10-0.el6_10.i686.rpmbba8f56fed90539a23b5a413d4f8a52fd475e51d395437b94e22154a0d730dcejava-1.8.0-openjdk-devel-debug-1.8.0.272.b10-0.el6_10.i686.rpm7868832e53708921fabd2a3f5bfb0e40e33bb5b1a485011f55beb340c90d28d1java-1.8.0-openjdk-1.8.0.272.b10-0.el6_10.i686.rpm1fbb2d15316d9c7a1ef0e75726fefb7c074cb53d3a7fb3c3d5a0d2b140746648java-1.8.0-openjdk-javadoc-debug-1.8.0.272.b10-0.el6_10.noarch.rpmf80967b523dace32996e65a5aac40e1cfa2b2996f4f251493975e53c4f9620dbjava-1.8.0-openjdk-src-1.8.0.272.b10-0.el6_10.i686.rpmc04171219d66a2291b8ca4666839a124299977d337ef92daffb2cb5dc38c40ebjava-1.8.0-openjdk-headless-1.8.0.272.b10-0.el6_10.i686.rpm80f7d43c37ad3653f3550a583438162053432cace64b28e7b0b8281f3056e7e5SLSA-2020:4946-1importantScientific Linux FermiScientific Linux Fermi 6libX11-common-1.6.4-4.el6_10.noarch.rpmcc943401aa5342763c1624d94045f07d846bcf5ed5f93b752144769100b82d9dlibX11-devel-1.6.4-4.el6_10.i686.rpm68f1dfbc7ea52eaaa0793c63f6f2488bab061f0e21af1c8cd8f88ad67b030d5elibX11-1.6.4-4.el6_10.i686.rpmf7b2e35a4af10b8d9346697dba79dda970f079c7a77ce54198f3596db2926259SLSA-2020:4947-1Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-78.4.0-1.el6_10.i686.rpmb3bcfcbfbae87c3e35b9a3cb52cbf6886d567dc2168c3da16a6a730bfcd09be4SLSA-2020:4953-1Security Fix(es): * xorg-x11-server: Out-of-bounds access in XkbSetNames function (CVE-2020-14345) * xorg-x11-server: Integer underflow in the X input extension protocol (CVE-2020-14346) * xorg-x11-server: XkbSelectEvents integer underflow privilege escalation vulnerability (CVE-2020-14361) * xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability (CVE-2020-14362)importantScientific Linux FermiScientific Linux Fermi 6xorg-x11-server-common-1.17.4-18.sl6_10.i686.rpm8b94bbb9c9981e11716bb78fe5249345ec38440119ed87390e1edaa0d3975d55xorg-x11-server-devel-1.17.4-18.sl6_10.i686.rpm810b8bcc70516214184521857befce4baf6d3535e51e230b9c86140cd81517f7xorg-x11-server-source-1.17.4-18.sl6_10.noarch.rpm15077b6f04e8b424e017e80f2ec3e2a25ae54c3cf3de956181a6a66326b0af21xorg-x11-server-Xnest-1.17.4-18.sl6_10.i686.rpma312654461fe22a47c0e5b50eefd2b56b495b7a3031518ff7bf9d0ce0bed9957xorg-x11-server-Xephyr-1.17.4-18.sl6_10.i686.rpm624c3b62896112a07ed4036f05394392d4be75cb6c699abe1887783e7d14559axorg-x11-server-Xorg-1.17.4-18.sl6_10.i686.rpmea32ffe1a2dd143f1d68f8c64536d9d8a0eb064e704abd11bdc7c26fc73a9325xorg-x11-server-Xdmx-1.17.4-18.sl6_10.i686.rpmd5207cb787e7ce08d08fabc664eb2ab9acb8cf38c29b8b560c01e2f74d9e7b0cxorg-x11-server-Xvfb-1.17.4-18.sl6_10.i686.rpmf4431c410eaeb5d9ac2ea2786d1768b6e15b4f287cef9b4265b017f1a867d76aSLSA-2020:5084-1Security Fix(es): * hw: Vector Register Leakage-Active (CVE-2020-8696) * hw: Fast forward store predictor (CVE-2020-8698)moderateScientific Linux FermiScientific Linux Fermi 6microcode_ctl-1.17-33.31.el6_10.i686.rpma51bcc846e579faa86cbdc292e5a17f7d35632294b015f4fe151bd08ffe7d819SLSA-2020:5104-1Security Fix(es): * Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)criticalScientific Linux FermiScientific Linux Fermi 6firefox-78.4.1-1.el6_10.i686.rpmd7a694205e09cdeb988f2f1dda108aa3093beb84ee59a0f4561893f0fba1d5cdSLSA-2020:5129-1Security Fix(es): * net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution (CVE-2020-15862)importantScientific Linux FermiScientific Linux Fermi 6net-snmp-libs-5.5-60.el6_10.2.i686.rpmc0c3aad58e11ebd52cd0a15fe50b7096ba65f974ce4c1210c4eeeb8816f9cdd5net-snmp-5.5-60.el6_10.2.i686.rpmb0a6b185d46fc86ea9a0695fcf16f69761759e48e4a1dd20c53617f6f9496eb4net-snmp-perl-5.5-60.el6_10.2.i686.rpm78325e85f40ab64bd0dadbc492e7f10fc8b8a4f7259825976bfd305e1ead81acnet-snmp-python-5.5-60.el6_10.2.i686.rpm750c0fbab335a796dc1f774a2ab43f7bc0c60a07a9b1185727fc4f59a7907930net-snmp-devel-5.5-60.el6_10.2.i686.rpm963c5bce27f67b465c2db63793d574a1902c50438dc012fcf8fa1ba803b4e02anet-snmp-utils-5.5-60.el6_10.2.i686.rpmda403aaf1340ce50542256f9eb994c6fdff436e0c5011d4e23ba1b1a19dfefd3SLSA-2020:5164-1This update upgrades Thunderbird to version 78.4.3. Security Fix(es): * Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-78.4.3-1.el6_10.i686.rpmb4e05ca3c0a93aa6a41ca5b53619289362f9bf4a3d840b061867f5c803397a3aSLSA-2020:5238-1This update upgrades Thunderbird to version 78.5.0. Security Fix(es): * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968) * Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953) * Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956) * Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958) * Mozilla: Use-after-free in WebRequestService (CVE-2020-26959) * Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960) * Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961) * Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-78.5.0-1.el6_10.i686.rpm06e84507399c79309a7cd092f4a6883075dae537a3764e1de1de3fc81a0c0950SLSA-2020:5257-1This update upgrades Firefox to version 78.5.0 ESR. Security Fix(es): * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968) * Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953) * Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956) * Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958) * Mozilla: Use-after-free in WebRequestService (CVE-2020-26959) * Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960) * Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961) * Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)importantScientific Linux FermiScientific Linux Fermi 6firefox-78.5.0-1.el6_10.i686.rpm1360465ffe212a59eec9eaaac5f0a255aa23eef3f5743794bc49bfb8683ad898