CHG000000016873Currently the krb5.conf file has SULLY as the first DC and this machine is located in Accelerator Division's server room. As a group, we have decided to move the servers around so that the first server is ELMO, which is located in FCC.Scientific Linux FermiScientific Linux Fermi 6krb5-fermi-krb5.conf-5.4-1.1.noarch.rpma420dcdb61417cddafa7d52d5a1eb994aaa078f316097e7cf5a915cbdac021b7krb5-fermi-config-5.4-1.1.noarch.rpmcac2ce2dc2a325cbac8afd178276cd2c745e67ad81f30b85d9219bca9efebe98CHG000000016874Scientific Linux FermiScientific Linux Fermi 6krb5-fermi-config-5.5-1.noarch.rpm9014eb7ad74684ebabf09a8464db9989bb561139cd497b9b825e0dd9ff0bae75krb5-fermi-krb5.conf-5.5-1.noarch.rpm4de82f88966cb22d714c6ea7bc248a21bd883b788f657fcbdd1b8d6d60b33594CHG000000017316In some instances the /etc/kdc.list entries were not automatically inserted into the correct place within /etc/krb5.confScientific Linux FermiScientific Linux Fermi 6krb5-fermi-config-5.5-2.noarch.rpmf5131ccf50fd9828d170160783a92079c52ffc2a2b0c5c133219d8dd0718dfbckrb5-fermi-krb5.conf-5.5-2.noarch.rpme30f6238343a490bf2298e9295c9de2a56b85cc897f37b92f8db4ff7819c6740ENHC0001404Scientific Linux FermiScientific Linux Fermi 6python-cups-1.9.72-22.el6.i686.rpm3397bca8296bd39cb5d0847faeba2ad58763fd841769b07da41894a157b0bd7epython-cups-doc-1.9.72-22.el6.noarch.rpm630dc10acd979646404830d81d8fdf6dd893b434772dfbc47f35af43d26c0a5bENHC0004153Authentication Services operates a non-accredited CA that is integrated with the FERMI and SERVICES domains.Scientific Linux FermiScientific Linux Fermi 6fermilab-conf_ca-certs-2019.01-2.sl6.noarch.rpmc08eac2053aaaa2ce047f54b41c6615bfbb67247fd0251000eaac3a90d66121cOPENAFS-SA-2018-001:2:3These releases include fixes for three security advisories, OPENAFS-SA-2018-001, OPENAFS-SA-2018-002, and OPENAFS-SA-2018-003. OPENAFS-SA-2018-001 only affects deployments that run the 'butc' utility as part of the in-tree backup system, but is of high severity for those sites which are affected -- an anonymous attacker could replace entire volumes with attacker-controlled contents. OPENAFS-SA-2018-002 is for information leakage over the network via uninitialized RPC output variables. A number of RPCs are affected, some of which require the caller to be authenticated, but in some cases hundreds of bytes of data can be leaked per call. Of note is that cache managers are also subject to (kernel) memory leakage via AFSCB_ RPCs. OPENAFS-SA-2018-003 is a denial of service whereby anonymous attackers can cause server processes to consume large quantities of memory for a sustained period of time. The changes to fix OPENAFS-SA-2018-001 require behavior change in both butc(8) and backup(8) to use authenticated connections; old and new versions of these utilities will not interoperate absent specific configuration of the new tool to use the old (insecure) behavior. These changes also are expected to cause backup(8)'s interactive mode to be limited to only butc connections requiring (or not requiring) authentication within a given interactive session, based on the initial arguments selected.moderateScientific Linux FermiScientific Linux Fermi 6openafs-authlibs-1.6.23-289.sl6.i686.rpm3b783270c6a8a50f544f5270a1b7ae809354ba0a56c2cfd17e2d0eec9d78c0bfopenafs-plumbing-tools-1.6.23-289.sl6.i686.rpm7a8e8fcbe4ab94497e0086db4edd7e12e6a1a0185779e14bb8bcc3cd0c698525openafs-devel-1.6.23-289.sl6.i686.rpmdc8f3f044a9de4e3a4046ccb055ffc92e9b633ecd8d3285992ee9895b725a806openafs-module-tools-1.6.23-289.sl6.i686.rpmdff95f310dcca400e1e7f8b6ca832d53132c88d7db56fd40ddf2259ccea35dffopenafs-client-1.6.23-289.sl6.i686.rpm3b263772cd504189257f5b5342deaba3b3ed24a7f6275be116b28bfa0182c52eopenafs-1.6.23-289.sl6.i686.rpmeea6a33ab3f6fcae8dd4cc823f7604933eae13432bcc29c1c6f6bf41777b9647openafs-compat-1.6.23-289.sl6.i686.rpm603d2670599485e838f984f51d93c0ebf5886c23d2bb2c35775f35b79e709c06openafs-kpasswd-1.6.23-289.sl6.i686.rpmcad75d48fc6a606bac2e2def7f6578b9836b8aabb8f826cf6fa1b65e59b012abopenafs-authlibs-devel-1.6.23-289.sl6.i686.rpmc5a506e3c5b84f45999986ff625b24ba7383efc42a791fb8a80c8a7d310d2999kmod-openafs-754-1.6.23-289.sl6.754.3.5.i686.rpm0d1e1c93acb3b84d24c0512577bcf65732757b96ecce21967d2722ed9969d21dopenafs-krb5-1.6.23-289.sl6.i686.rpmd3566565060384c0c4de2f26d66d5107b9813381192258ca3b8d3e2f6146fc26openafs-server-1.6.23-289.sl6.i686.rpmfd347282cda817cee871713c7f27139e26b98b2cf5a25157133a01d8de5e2dd9openafs-kernel-source-1.6.23-289.sl6.i686.rpm88c8bd96f451347aee4bfdf7c651cfa14ae8ff4826ae35fbd723d09a1bd89ec6RITM0891205Security Fixes: * Fix OPENAFS-SA-2019-001: information leakage in failed RPC output Generated RPC handler routines ran output variables through XDR encoding even when the call had failed and would shortly be aborted (and for which uninitialized output variables is common); any complete packets assembled in the process would be sent to the peer, leaking the contents of the uninitialized memory in question. * Fix OPENAFS-SA-2019-002: information leakage from uninitialized scalars Generated RPC handler routines did not initialize output variables of scalar (fixed-length) type, since they did not require dedicated logic to free. Such variables allocated on the stack could remain uninitialized in some cases (including those affected by OPENAFS-SA-2019-001), and the contents of uninitialized memory would be returned to the peer.importantScientific Linux FermiScientific Linux Fermi 6openafs-devel-1.6.24-290.sl6.i686.rpm27c3ba44661b415b3b678824e518075225a798a58a4cdf2b159310745f9a0380openafs-1.6.24-290.sl6.i686.rpm45c44a28c3759bb534b76e7082ff50099a8fe4815f7a79dddcbc38e2e502dbc7openafs-client-1.6.24-290.sl6.i686.rpm110b6df56bfd875af80024f30392d7f20204941962da01f53bdb0eff27ebb00bopenafs-module-tools-1.6.24-290.sl6.i686.rpmfd1ee25cc110d1dc290c6ef2d7b857625beb3a981e9156a1af399ef318ef47c3openafs-kernel-source-1.6.24-290.sl6.i686.rpm8eee0296180ba5e69073187ca8b89b9e00e190c46df10b7af8aa46b8fba79d2dopenafs-kpasswd-1.6.24-290.sl6.i686.rpmd5d45f52ab7c25fcece779c74ff045dab6bc4bb66756d1e5eeac2de097fcc8c2openafs-server-1.6.24-290.sl6.i686.rpm7dafd0f4af181dfb3a5f120bb55c8e155c9da79c4770382937587d0e123ed11eopenafs-krb5-1.6.24-290.sl6.i686.rpm6c473c28bcb1ccc9b3afc09669ae1df2e3d69a8a90868ba2bf7a5b98a55ae0b8openafs-plumbing-tools-1.6.24-290.sl6.i686.rpmb0c9ef40c73648cc448c087f18a1b7ba71084a103333b10a9b335ea7fe8a6506openafs-authlibs-1.6.24-290.sl6.i686.rpm3ef41e809ea7df3e25e1d77f3c68fdfac3f92ee9054d17021f0ac2b254f37d82openafs-compat-1.6.24-290.sl6.i686.rpmf59e9895af3f6a7a3d4bd1967899463517469759041f76d00b5c39ddffad1bffopenafs-authlibs-devel-1.6.24-290.sl6.i686.rpm54ba766d659e98361a2b16ac66d63c2f388d1f53e6782a117a5c765ea29e2dafkmod-openafs-754-1.6.24-290.sl6.754.23.1.i686.rpm41e199bbd199176515d412e05f24930e7a0de6c2e045906c8effb780eb3ce955SLBA-2017:1434-1* An updated version of libntirpc (1.4.3-4) that contains changes to the transport independent RPC (TI-RPC) library for NFS-Ganesha is included in this package. Since NFS-Ganesha consumes those functions, it is now recompiled against libntirpc-1.4.3.4.Scientific Linux FermiScientific Linux Fermi 6libntirpc-devel-1.4.3-4.el6.i686.rpm6db84c38548e80079fcbc259fb45bd999980f5d82cddf3aea8bda63ccace1ce5libntirpc-1.4.3-4.el6.i686.rpmd1d62919e0d32969404a6212e688bdcfe9f9063d722b99af9dab7673fa0ca818SLBA-2018:1857-1Scientific Linux FermiScientific Linux Fermi 6copy-jdk-configs-3.3-9.el6.noarch.rpm3265471cef84f21333bce8cf101268b52cc7f6fa5fdc136ecbf9de61dd9d02e9SLBA-2018:3013-1* The Pacific/Fiji time zone will end Daylight Saving Time (DST) on January 13, 2019 rather than January 20, 2019. * Most regions in Chile will end Daylight Saving Time (DST) on the first Sunday in April, 2019.Scientific Linux FermiScientific Linux Fermi 6tzdata-java-2018f-1.el6.noarch.rpm92b0d5fce4699b908a80d999f188607d82d1e284ec4e219ca1a1e840b31d4c00tzdata-2018f-1.el6.noarch.rpmf0da448a10ba632c51d202b7889cd86ee06d2fe891e30282e2b31d44c2b4fd7aSLBA-2018:3454-1Scientific Linux FermiScientific Linux Fermi 6tzdata-2018g-1.el6.noarch.rpmdd6914d95ecc991db1d1a76a6d8c6d831e1c6ca386ccc5189abe9e2399a5660atzdata-java-2018g-1.el6.noarch.rpm2fb8cb6851408affdaafa8881f9fdb109c22d10226edaa8bdae769523c025baeSLBA-2019:0037-1The tzdata packages have been updated to version 2018i, which addresses recent time zone changes. Notably: * Africa/São Tomé and Príncipe changed from UTC+01 to UTC+00 on January 01, 2019. * Asia/Qyzylorda, Kazakhstan changed from UTC+06 to UTC+05 on December 21, 2018. * A new time zone, Asia/Qostanay, has been created because Qostanay, Kazakhstan did not transition with the Asia/Qyzylorda change. * America/Metlakatla, Alaska will observe Pacific Standard Time (PST) for this winter only. * Updates to Asia/Casablanca have been implemented based on a prediction that Morocco will continue to adjust clocks around Ramadan. * Changes to Asia/Tehran have been made based on predictions for Iran from 2038 through 2090.Scientific Linux FermiScientific Linux Fermi 6tzdata-2018i-1.el6.noarch.rpm60e2001038dfb303134d64a9068f1544d239b0ddca9c382a09982fa4cbdf3775tzdata-java-2018i-1.el6.noarch.rpm5a741f8213fd65ad537f949d2006bf2878358e743726a8e5844316a62c35b0a9SLBA-2019:0689-1The tzdata packages have been updated to version 2019a, which addresses recent time zone changes. Notably: * The Asia/Hebron and Asia/Gaza zones will start DST on 2019-03-30, rather than 2019-03-23 as previously predicted. * Metlakatla rejoined Alaska time on 2019-01-20, ending its observances of Pacific standard time.Scientific Linux FermiScientific Linux Fermi 6tzdata-java-2019a-1.el6.noarch.rpm09657e7344eb2c6f84d4f463481576d59b7a5dc54c76f86057c8edbb3615ccd5tzdata-2019a-1.el6.noarch.rpm988fc743347abada03a088728a3e751d7e0577ef016442fdb16bda5480454228SLBA-2019:1227-1This update fixes the following bug: * The spice-vdagent is not starting and spice is opening thousands of unix sockets.Scientific Linux FermiScientific Linux Fermi 6spice-vdagent-0.14.0-13.el6_10.1.i686.rpmc1907296bab148b6cba00eadd989559db50cf7454f6704292d6ed4538007fc56SLBA-2019:1651-1* dentry with DCACHE_SHRINKING set but no task shrinking dcacheScientific Linux FermiScientific Linux Fermi 6kernel-2.6.32-754.17.1.el6.i686.rpm9a6e1248791f75edfc661cc64b83bbb8b9cb0baaafd7a727a60b5762c1af2ce5kernel-devel-2.6.32-754.17.1.el6.i686.rpmfb96ffab9ca2b76099de803a292da6e7588f38035bef72c241786b02b9b2d05akernel-headers-2.6.32-754.17.1.el6.i686.rpm33b6b5e829accc30db3d9450694e247933878abc0830b72e6a63cc0e20dfdcabkernel-firmware-2.6.32-754.17.1.el6.noarch.rpmd6eb649785de43e9eaabcc5b18bd4c9405cfd2ff40524467703ba5d63eb615f9kernel-debug-devel-2.6.32-754.17.1.el6.i686.rpm6d04b7de6f99a043663bf889f4f4a1f108bd72960e6ae60a25eb40a8ce5021a3kernel-doc-2.6.32-754.17.1.el6.noarch.rpmd93f41a04c12482def9428979c1111bbd32d3366de833f6af0269ee8e77d1f6bkernel-abi-whitelists-2.6.32-754.17.1.el6.noarch.rpm6c25ef94a9ebc45d194d41b66918917019c5f3d25e72eae9d72243f4ff902a38perf-2.6.32-754.17.1.el6.i686.rpmbd224abbd3720424b34322ee0d2f92a413e3a1ea0ebc1178f55b8748fd94a7dekernel-debug-2.6.32-754.17.1.el6.i686.rpm032ee282eaa3acee0fb34686f89f14704c1e6caab6fcce0aa7683bbbff5ca9e3SLBA-2019:1703-1* The 2019 spring DST transition for Palestine occurred on March 29, not March 30.Scientific Linux FermiScientific Linux Fermi 6tzdata-java-2019b-2.el6.noarch.rpm7008f8ae57c82cb201946f2fc12167249b4373a78bd8ffe548f9d63fb1099037tzdata-2019b-2.el6.noarch.rpm6f36b7d2cf5955cf97d56e2a64c64941cf74133b2f4425a9c97afdc037794563SLBA-2019:2871-1The tzdata packages have been updated to version 2019c, which addresses recent time zone changes. Notably: * Fiji will observe the daylight saving time (DST) from November 10, 2019 to January 12, 2020. * Norfolk Island will start to observe Australian-style DST on November 06, 2019.Scientific Linux FermiScientific Linux Fermi 6tzdata-java-2019c-1.el6.noarch.rpm6674b8c0d3301c748fe7b73ebfe17a14974cde36deb4d81ed6fa2742f85b868atzdata-2019c-1.el6.noarch.rpma39f2001bf8cfc0be237ccf50a9ace47f164e735c182ab8b5d999c2e637764eaSLBA-2020:1982-1The tzdata packages have been updated to version 2020a, which addresses recent time zone changes. Notably: In Morocco (the Africa/Casablanca time zone), daylight saving time starts on 2020-05-31 instead of on 2020-05-24. Canada's Yukon region (the America/Whitehorse and America/Dawson time zones) changed to a year-round UTC-07 time on 2020-03-08. The America/Godthab time zone has been renamed to America/Nuuk.Scientific Linux FermiScientific Linux Fermi 6tzdata-2020a-1.el6.noarch.rpm8b0c71c5689666a060de7b991d6d8c7ac2f5a903d8b42af4da0bef2812bcfe63tzdata-java-2020a-1.el6.noarch.rpmacc38f1677f866ea1fd1f115ecb9a4ed831d7a5b7ccda6b6effaf7a314659c4dSLBA-2020:4282-1The tzdata packages have been updated to version 2020b, which addresses recent time zone changes. Notably: * Yukon timezones represented by America/Whitehorse and America/Dawson will change time zone rules from -08/-07 to permanent -07 on November 01, 2020, not on August 03, 2020, contrary to what was in the version 2020a. * The most recent winter(+08)/summer(+11) transition for Casey Station, Antarctica was on April 04, 2020 at 00:01. * Obsolete pacificnew, systemv, and yearistype.sh files have been removed from the distribution.Scientific Linux FermiScientific Linux Fermi 6tzdata-2020b-2.el6.noarch.rpm45de9b5c05f500bb9f37ce3cf655437c91f107403bc843fe9ee441a5d2140d7etzdata-java-2020b-2.el6.noarch.rpm3c911a314eea6f7ab5633bbb68684d444288a2b595d69b2ff0bae0f9bf45fd34SLBA-2020:4329-1The tzdata packages have been updated to version 2020d, which addresses recent time zone changes. Notably: * Fiji starts the daylight saving time (DST) later than usual on December 20, 2020, rather than the predicted November O8, 2020. * Palestine will end summer time on October 24, 2020 rather than the predicted October 31, 2020.Scientific Linux FermiScientific Linux Fermi 6tzdata-java-2020d-1.el6.noarch.rpm4d2f476832375f815cf1b39ef3c4e03c526f6b188af7f71d12a3d7e94f222e3ctzdata-2020d-1.el6.noarch.rpm32d9a91f4702285b3295efd420d69823bbeeefa05251da72f3fbae6a61771a7cSLEA-2019:1212-1This update adds the following enhancement: * The Intel CPU microcode has been updated to the latest upstream version to mitigate CVE-2018-12126, CVE-2018-12126, CVE-2018-12126, and CVE-2019-11091.Scientific Linux FermiScientific Linux Fermi 6microcode_ctl-1.17-33.11.el6_10.i686.rpmcd817b19a6cfba4dcbe70b6a4628847ba3283d18b772001bb59a8efa1a28ac1eSLEA-2019:3280-1The nss, nss-softokn and nss-util packages have been upgraded to upstream versions 3.44, and the nspr packages have been upgraded to upstream version 4.21. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Notably, these upgrades allow users to upgrade to Mozilla Firefox 68 Extended Support Release.Scientific Linux FermiScientific Linux Fermi 6nss-devel-3.44.0-7.el6_10.i686.rpmf5cc0e653315b63ed8f33b022a23930206be9436d42ad2a4c3afe9bcc5bfe820nspr-4.21.0-1.el6_10.i686.rpm3ec55d700846f9f7e59f2203aed75413c3393a4518541e28d30eae1594d03b98nss-sysinit-3.44.0-7.el6_10.i686.rpmaf080881b84bb309f2007c6ac395e24a1a27f8e8dac4a2a1a05c12881ba322d0nss-softokn-3.44.0-5.el6_10.i686.rpm5f346059c0b817e31dd71c56b780c8c08f6d501a5bf6c5177eb8b72d91b7c83anss-softokn-freebl-3.44.0-5.el6_10.i686.rpm3ef47aa10369ef5e10b78e6e4d6871c8992140b3876acf2e67fda9822f68b021nss-softokn-freebl-devel-3.44.0-5.el6_10.i686.rpm9a5978576dc18065ac5080ce9c925d5ca9cca66e2d67e068daf38cbf70a4eaadnss-3.44.0-7.el6_10.i686.rpm7cbd70bef055e0a871668e47ae1776c67a1a03bd86da3ff2ed88c5186e374539nss-util-devel-3.44.0-1.el6_10.i686.rpm63024af655b77fc6ac02b9548d5808451204a6226a1c702118ed8dcf1ce701a6nss-softokn-devel-3.44.0-5.el6_10.i686.rpm7cd6baf9f77fe0889bd3df37ba0b69d1a8098718c9adda2cf6ab1d95f721602cnss-pkcs11-devel-3.44.0-7.el6_10.i686.rpmc9ec26643fab67c23805dacaeceab64d9677edd959e2876ca109ec12a6265ec7nspr-devel-4.21.0-1.el6_10.i686.rpm371c05559f0ebb77332c15478ef85f3febc3ab84a5cf77f08f1f3a6325985f33nss-util-3.44.0-1.el6_10.i686.rpm609f04ec4a2525a0d8d9a07b2ee809fea3ca69c1fc8344e4edf085c4eba37769nss-tools-3.44.0-7.el6_10.i686.rpm437c2a3d09adf393d984540d955d1c4f586548d7c31eec94f149dcc2284dee21SLSA-2018:2112-1This update upgrades Firefox to version 60.1.0 ESR. Many older firefox extensions must be updated to work with this new release. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188) * Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359) * Mozilla: Use-after-free using focus() (CVE-2018-12360) * Mozilla: Media recorder segmentation fault when track type is changed during capture (CVE-2018-5156) * Skia: Heap buffer overflow rasterizing paths in SVG (CVE-2018-6126) * Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362) * Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363) * Mozilla: CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364) * Mozilla: address bar username and password spoofing in reader mode (CVE-2017-7762) * Mozilla: Compromised IPC child process can list local filenames (CVE-2018-12365) * Mozilla: Invalid data handling during QCMS transformations (CVE-2018-12366)criticalScientific Linux FermiScientific Linux Fermi 6sl-indexhtml-6-10.sl6.noarch.rpm0f82668f4f3c98b676cee0160a8cc705afac62e804119a22f492639b351ae5e3firefox-60.1.0-5.el6.i686.rpm52352fe1da4c80f585189ac6340a75ddc8cda3cb01ccc5767690c8d1f93604c4SLSA-2018:2162-1Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. * QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858) * QEMU: vga: OOB read access during display update (CVE-2017-13672) * Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683)importantScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.506.el6_10.1.i686.rpm7964eb4bc31a5a964a0865ace3f55d057945ca7432838fbf5302781b5504e147SLSA-2018:2164-1Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD) * kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy function allows local denial of service or other unspecified impact (CVE-2018-10675) * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) * kernel: error in exception handling leads to DoS (CVE-2018-8897 regression) (CVE-2018-10872) Bug Fix(es): * Previously, microcode updates on 32 and 64-bit AMD and Intel architectures were not synchronized. As a consequence, it was not possible to apply the microcode updates. This fix adds the synchronization to the microcode updates so that processors of the stated architectures receive updates at the same time. As a result, microcode updates are now synchronized.importantScientific Linux FermiScientific Linux Fermi 6kernel-abi-whitelists-2.6.32-754.2.1.el6.noarch.rpmfdc54d149663e61aca9ddf3d71cc911c62f56856622efa647788d5344231de07perf-2.6.32-754.2.1.el6.i686.rpmfcb15fe4a498200f975029fd8890401061aa1cfbcc292b4c73e245736aa3b5b3kernel-headers-2.6.32-754.2.1.el6.i686.rpm6b7edbf8da19506399d69b2e7a1b6196be4bb11c609ff8bc58492078d9967ecekernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm821b5d489d85af46b0385712904182a1012cdf892b079e77767c5c74150ea5adkernel-debug-2.6.32-754.2.1.el6.i686.rpm81fe8fc900be414caced241043c4ce8d4cf1283c8242f1e6618d0ab3de7d3251python-perf-2.6.32-754.2.1.el6.i686.rpma4d5ba0e43ca9db7ba6b85392788f473f0cd6285855f242decdd6a1879dfb464kernel-firmware-2.6.32-754.2.1.el6.noarch.rpm6f98f13f8960365ad13a81c46a408d7c40089e966c557c0ee8261ca2b27356e5kernel-devel-2.6.32-754.2.1.el6.i686.rpm6716fc6808e45137792c2a474c1fe304ba76b547665424e379c3eb92ced7871fkernel-2.6.32-754.2.1.el6.i686.rpmeaa748ffd16a65c4cd945ab45f6aa09e06244b3315a5114655e2c4c8eebf956bkernel-doc-2.6.32-754.2.1.el6.noarch.rpme29f995b78509d2d04f34728442ebb8c7ba9dc1f6a99b3c35086f2039082b75fSLSA-2018:2180-1Security Fix(es): * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020)importantScientific Linux FermiScientific Linux Fermi 6gnupg2-2.0.14-9.el6_10.i686.rpmab713e68d1dc5bbed95843f8bdf414a31e3cfda4a706111f9efe93481b3219eagnupg2-smime-2.0.14-9.el6_10.i686.rpm65e9884996d2de4808ea5b85b1b2ed17361e2785ab11e9ae942581a6ec47d9d3SLSA-2018:2241-1Security Fix(es): * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952)moderateScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-headless-debug-1.8.0.181-3.b13.el6_10.i686.rpmfabba38e04fcf91464f296f4cdcee7cbf3fd1b81f1617f4a5ed565b27fa97841java-1.8.0-openjdk-headless-1.8.0.181-3.b13.el6_10.i686.rpm4c81cbd3d0adc142d29177b338ce13d7c597c6048f8c9bbb8b1d15e70f46ad0bjava-1.8.0-openjdk-demo-1.8.0.181-3.b13.el6_10.i686.rpm3278a4573468a458a41401274b652b0816e571f87278e0169188ee31a8bde442java-1.8.0-openjdk-src-debug-1.8.0.181-3.b13.el6_10.i686.rpm049fe05cf6a232aeaabbf54732387da4e01c3842ff8ef60171e66b6fd554d042java-1.8.0-openjdk-debug-1.8.0.181-3.b13.el6_10.i686.rpma4db9ad2b549d666e8b03203b045f26021bce14f810f576e3d0a33d54c37e68bjava-1.8.0-openjdk-devel-debug-1.8.0.181-3.b13.el6_10.i686.rpm2012625afc27f05fce42afdfadaea8bb52e63d771fe618b4c4832e1ed2451bbejava-1.8.0-openjdk-demo-debug-1.8.0.181-3.b13.el6_10.i686.rpm7fc6d4e5df0de3d13a2d056b5d6481395b638b6cf9845a4b5dc78297ce2175bdjava-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.i686.rpm6ad4b5b151ab7deccd5f67055b1f5ebe9c8f772b1aa99bd8ae06321c9808b734java-1.8.0-openjdk-javadoc-debug-1.8.0.181-3.b13.el6_10.noarch.rpm2691bd4f9a84b729590e87d8b2c30540cefefd7b7e41908a4abb1b2c9b2a5702java-1.8.0-openjdk-devel-1.8.0.181-3.b13.el6_10.i686.rpm0298968352e5180b9ada35c7a1b8f806ca82f37cd8015f5b08c71f55ff09afb5java-1.8.0-openjdk-src-1.8.0.181-3.b13.el6_10.i686.rpmc2472e98bca1e3653fa7d128b1961e30282e3d5974e4288e153c1ecb2b64e13ejava-1.8.0-openjdk-javadoc-1.8.0.181-3.b13.el6_10.noarch.rpm62b560057b715e4ce12cf994734a899432bbc8cfc32a1f9f015c2c7777c38ad9SLSA-2018:2251-1This update upgrades Thunderbird to version 52.9.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188) * Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359) * Mozilla: Use-after-free using focus() (CVE-2018-12360) * Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362) * Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363) * Mozilla: CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364) * thunderbird: S/MIME and PGP decryption oracles can be built with HTML emails (CVE-2018-12372) * thunderbird: S/MIME plaintext can be leaked through HTML reply/forward (CVE-2018-12373) * Mozilla: Compromised IPC child process can list local filenames (CVE-2018-12365) * Mozilla: Invalid data handling during QCMS transformations (CVE-2018-12366) * thunderbird: Using form to exfiltrate encrypted mail part by pressing enter in form field (CVE-2018-12374)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-52.9.1-1.el6.i686.rpm9ff70a180e4178d9348d8abb9970e953c9cf4ff53773fcc4a7215c455765e8d5SLSA-2018:2283-1Security Fix(es): * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952)moderateScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-javadoc-1.7.0.191-2.6.15.4.el6_10.noarch.rpm1413de66858fffd7be69dd4f496177c1ee21b8875cc20df1bcf3a99c75a5c83ajava-1.7.0-openjdk-1.7.0.191-2.6.15.4.el6_10.i686.rpm4ff5d2e4d1290c3d8f66304dea20240712363cf0842b7795d54c90294db11f61java-1.7.0-openjdk-devel-1.7.0.191-2.6.15.4.el6_10.i686.rpmf347fdf19cef4e14dceaaad0360d7fbca6e6db33e80efd529c14c2a1cc93be85java-1.7.0-openjdk-src-1.7.0.191-2.6.15.4.el6_10.i686.rpm5efb45dd9343b65f2b96b3ec56a2036898d6b4328fd38884a1443d1a044cf4ccjava-1.7.0-openjdk-demo-1.7.0.191-2.6.15.4.el6_10.i686.rpm48f5af48c5381630e09350b844f7336d20f4e3a60902b99142a66280ef5495b7SLSA-2018:2284-1Security Fix(es): * yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897)importantScientific Linux FermiScientific Linux Fermi 6yum-plugin-show-leaves-1.1.30-42.el6_10.noarch.rpm4d6e9b1612c1a8a46b4024fdcd055cd17c3f6b727989bdaadac1a36a3c877845yum-plugin-rpm-warm-cache-1.1.30-42.el6_10.noarch.rpm204c3746eeb040ef109e09b076d07100c42f458a7297faed226effda8e9b441fyum-plugin-tmprepo-1.1.30-42.el6_10.noarch.rpme99f7e126faa01a980cada21f07895e5bd5d33784469e6fe9cd34bbd9cd932e3yum-plugin-verify-1.1.30-42.el6_10.noarch.rpm3594f07f96de23e75358d99dbed6b8ca651c3a2b17e263b177713874665ca69ayum-utils-1.1.30-42.el6_10.noarch.rpm18964c5dd295e7517a568d1ace3e4b04e9ce7fbb6edff47875a516137ed1017fyum-plugin-post-transaction-actions-1.1.30-42.el6_10.noarch.rpm0021690dfd14c3f7467073e75a1f3a819e7096facd6e31d52bfc3745e91461fdyum-plugin-list-data-1.1.30-42.el6_10.noarch.rpmadc02f3944c0b94cd4d6aae3317cb6bc768e57377b127c3e925946c1e4e8025dyum-plugin-fastestmirror-1.1.30-42.el6_10.noarch.rpm6035740076674b34195a8a0b8541cf3d6a8d05bd3f3b091cbe5558d753c6041dyum-plugin-aliases-1.1.30-42.el6_10.noarch.rpm23c0431eb9c10d6232b1a1d403ef164c46e86591565c6d0bc69f07178dccb3f4yum-plugin-merge-conf-1.1.30-42.el6_10.noarch.rpm7df9ba9a494a6fe20519be5845cbd5d60d05276737171caaa1a95a92a50a360cyum-plugin-ovl-1.1.30-42.el6_10.noarch.rpm945e680bb51d2c9613a3fa5917bc23de86a5185b24ca1d192440577f7244aa0eyum-plugin-tsflags-1.1.30-42.el6_10.noarch.rpmd88ad93aa065d7d0801b05d47667a6480a02b8150babb245d2d81276aeea1bf1yum-plugin-priorities-1.1.30-42.el6_10.noarch.rpm837d4a10ca94d64886123262f0b7f7d434ea42119c1203b2df0f8067ac0b81d6yum-plugin-versionlock-1.1.30-42.el6_10.noarch.rpmd5c89381cb35629175ca08ae3d9967109f67d8ace618a63da20448aef577245eyum-plugin-fs-snapshot-1.1.30-42.el6_10.noarch.rpmca64823750caeae7b80c25c339523a3cea8884fadb895d717888be1ef731bde9yum-NetworkManager-dispatcher-1.1.30-42.el6_10.noarch.rpmab14ca9d1d021286724d0690feb09a42d10824510d27e1c3b9956189739b8f37yum-plugin-security-1.1.30-42.el6_10.noarch.rpm536069961e8b456087d562ee5cd1ce95b948bd2194e8e27ee9b41a109941eb60yum-plugin-protectbase-1.1.30-42.el6_10.noarch.rpm840a8471f6157337b1eb3d5263f5c4723b189f56cdac886d5077775ba2b1dc76yum-plugin-auto-update-debug-info-1.1.30-42.el6_10.noarch.rpm461825b165262e31b7ac3cc738089bdf3b722fbea899e1350232cebb4fbea934yum-plugin-local-1.1.30-42.el6_10.noarch.rpm5438236b802e01a19009fc09e8fca032e8c18fbabfd5ec531e95f844360fc301yum-plugin-changelog-1.1.30-42.el6_10.noarch.rpm88bdf6618ba1041b898fafd1a92a23dada85a1f912e211ac81f9ea983f2281f7yum-plugin-remove-with-leaves-1.1.30-42.el6_10.noarch.rpm8445db17196626778735605a35ad2feaead7a76acef3f5d118bae40fde566dceyum-plugin-ps-1.1.30-42.el6_10.noarch.rpm384f6815b3d7299017f9fcf07a7a6a96ffb18e66d414385548fc808342e0a472yum-plugin-upgrade-helper-1.1.30-42.el6_10.noarch.rpm14eb4dcd3bfe045e929c6a10d1540acc1857b5c1bed834079683d13d021770c5yum-updateonboot-1.1.30-42.el6_10.noarch.rpm744439503c7cdd6fabcba5c8b3659c211493fcdc37200d43a378eeb7da68511ayum-plugin-filter-data-1.1.30-42.el6_10.noarch.rpm20b47fc4d9cde1c35fdd3555b7cd4737fa865e9ad0f4edeb53a391c083c31f39yum-plugin-keys-1.1.30-42.el6_10.noarch.rpm76b09d70a6e94ca3d894d2f8c4c97eee95fe118df28fd9a5f9d0598c593ddb9dSLSA-2018:2308-1Security Fix(es): * openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution (CVE-2017-17833)importantScientific Linux FermiScientific Linux Fermi 6openslp-server-2.0.0-3.el6.i686.rpm930886e865d07615b0934dfe523e129c08910633616040c77b3060b82cd3dd57openslp-2.0.0-3.el6.i686.rpm1e9cc6032c5455e42fb331cee2d74c8c458b74194292f926bb5baf6173c15181openslp-devel-2.0.0-3.el6.i686.rpmcad2281b0054d0180d87e9187643325f0bd1bc8e5695dbb1281f25c01049dea2SLSA-2018:2390-1Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side- channel attacks. (CVE-2018-3693) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) * kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) Bug Fix(es): * The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur.importantScientific Linux FermiScientific Linux Fermi 6kernel-devel-2.6.32-754.3.5.el6.i686.rpmdf01c079bde8ad24c52c5f41b45355f8748f6cfb094867989cf915d806baf94fkernel-doc-2.6.32-754.3.5.el6.noarch.rpm2d1d37b8b04c2b61f0c281324a1443f485fb142c57e294571ba002db7dc579e2perf-2.6.32-754.3.5.el6.i686.rpm9a7a4ae39c32a707adeb0dba678febcc60b8dff5087aab7808cfd64a90903f81python-perf-2.6.32-754.3.5.el6.i686.rpm2a719bd9a8ce0886a9bb592323184abcda5b34168e6bbe65c598f586022bdcdfkernel-firmware-2.6.32-754.3.5.el6.noarch.rpmea0a5bf9299f4878da671349438e1e1bcc90eeb8e49a93994345b5e7a9add988kernel-debug-2.6.32-754.3.5.el6.i686.rpmc9f5b2b43d56725ddc8fb30fa2cd0d464a1fa9c9bd17f19a96bb26196f12a9e9kernel-headers-2.6.32-754.3.5.el6.i686.rpm821dd9df396184d8032980b2a33f6fdb8d69d4e46b6ebffde72e1e9679b9eb3fkernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm2645c0d03833a757032aaed00226b95613411d8e48bfb9ec0b169afde88e85e3kernel-2.6.32-754.3.5.el6.i686.rpm153895861d841ce1f6c1b08a31b88f320da6b124f7d282581a9c5662f61cf2a3kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm3caaa45863cdd17ad054c15fe8bd32c7b1dae1a82bb3f7c7e95ec8ebc61b5e07SLSA-2018:2526-1Security Fix(es): * mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354) * mutt: Remote Code Execution via backquote characters (CVE-2018-14357) * mutt: POP body caching path traversal vulnerability (CVE-2018-14362)importantScientific Linux FermiScientific Linux Fermi 6mutt-1.5.20-9.20091214hg736b6a.el6.i686.rpmb76f67314c3c2c9196470fce18312aa92c67ebfd27c901659808e637fb8f2d1aSLSA-2018:2571-1Security Fix(es): * bind: processing of certain records when "deny-answer-aliases" is in use may trigger an assert leading to a denial of service (CVE-2018-5740)importantScientific Linux FermiScientific Linux Fermi 6bind-sdb-9.8.2-0.68.rc1.el6_10.1.i686.rpm10bf6ccb00491852190c58295c9dc305d51b3558a6e4f1585aaa855827907fe4bind-chroot-9.8.2-0.68.rc1.el6_10.1.i686.rpm9838e53ccf22c9e2b3b076e727e7ec4778155d7aa39e86b9fc79dc4a55ba4882bind-libs-9.8.2-0.68.rc1.el6_10.1.i686.rpm20c898d58c1d3548fe3fc6e1401e5d3ed4354f0cbf1f8870afd6320fa8764562bind-devel-9.8.2-0.68.rc1.el6_10.1.i686.rpm8ce80c47c82c6fce7ca1492c1d901606ed4384cfc5a4e446e86ab5d2c4a60c55bind-utils-9.8.2-0.68.rc1.el6_10.1.i686.rpm9d11b9ff6aea9a31f5118a4d9e22904c3f5026b1a19b4853bb080a5f1c3a7ecbbind-9.8.2-0.68.rc1.el6_10.1.i686.rpmf1d9c5871f7d44dc5ce5253be2fa4c9b2d60fc14b1b9f48e6386d573baba3f3eSLSA-2018:2693-1This update upgrades Firefox to version 60.2.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376) * Mozilla: Use-after-free in driver timers (CVE-2018-12377) * Mozilla: Use-after-free in IndexedDB (CVE-2018-12378) * Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541) * Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-12379)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.2.0-1.el6.i686.rpmfc7e928e9c453e79c09e798b2caac48e04658f30ce9e92dbf677d37f223b5b1fSLSA-2018:2732-1The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Security Fix(es): * spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873) This issue was discovered by Frediano Ziglio (Red Hat).importantScientific Linux FermiScientific Linux Fermi 6spice-gtk-python-0.26-8.el6_10.1.i686.rpmfb9458c880bb1ff5049d72dfc26ab3e9f939ffa6d9eac264272a11e6ccc57f87spice-gtk-0.26-8.el6_10.1.i686.rpmf498ddff72f578e1f08d7f17a2920c61e628788b155890025e873091d083dbc4spice-glib-0.26-8.el6_10.1.i686.rpm11d26abf0cf2fb5589e1ee5a6a30d906ddfb559245e27792ac88a0f2852f7b7cspice-glib-devel-0.26-8.el6_10.1.i686.rpmd4c82853d9281db4f2e00e222c7ca23abe1d6f6ddee41ebc8b7280fa40ec3f10spice-gtk-tools-0.26-8.el6_10.1.i686.rpm7cd694edfa1e25ee8adfead3b9b27d0a46db74d379c7e045a27219c2fb76d1efspice-gtk-devel-0.26-8.el6_10.1.i686.rpm25694d9d13130b79f690f404deb9fdcedf976d0fea0735640398901b93ad8055SLSA-2018:2737-1Security Fix(es): * mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess (CVE-2011-2767)importantScientific Linux FermiScientific Linux Fermi 6mod_perl-devel-2.0.4-12.el6_10.i686.rpm998c1f690955ed5f658eff6d8d2da9c4b49b1684ca58a4096641a1bd30c920e7mod_perl-2.0.4-12.el6_10.i686.rpmb334f26ff0aac0d01ce66ce90e5b0a1636db50305012b734231e8878e4aef81bSLSA-2018:2834-1This update upgrades Firefox to version 60.2.1 ESR. Security Fix(es): * Mozilla: Crash in TransportSecurityInfo due to cached data (CVE-2018-12385) * Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords (CVE-2018-12383)moderateScientific Linux FermiScientific Linux Fermi 6firefox-60.2.1-1.el6.i686.rpm5a70c501ef2c715ba42dfd476980bd937d8ed361b3bf82350ec58c9dae40c048SLSA-2018:2846-1Security Fix(es): * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634)importantScientific Linux FermiScientific Linux Fermi 6kernel-2.6.32-754.6.3.el6.i686.rpm88acfa93e0371f194ad57716941e182af516c64d080639e8d3016fc3b4b98698kernel-doc-2.6.32-754.6.3.el6.noarch.rpm182217b470b386612c394ee7b2a7a50a8431b8d552728b89ad0ae1bcd7d7d2e2python-perf-2.6.32-754.6.3.el6.i686.rpm51a8dcbb87b40291b673491b23450c083842b035c5b5c10de12596a657d61ad5kernel-headers-2.6.32-754.6.3.el6.i686.rpm4ee79d035b77fdb76acb748837aeec3d33c0484a1ba91834ea234c932cae5339kernel-devel-2.6.32-754.6.3.el6.i686.rpma1159d9d6ae77eae110c907c34f5dc25f97cb4c2599097ab4e6020db0857359ckernel-abi-whitelists-2.6.32-754.6.3.el6.noarch.rpm5587939ade25cd387c7990abf181594c3f39b44be7e296cb0ec1a216d2b7ae6aperf-2.6.32-754.6.3.el6.i686.rpm74e3ce08137d5db72126bbea58e357459d166d77d9748665eaef0f351ede28abkernel-firmware-2.6.32-754.6.3.el6.noarch.rpme05690d00b11e3e32c33a30a04d257becd8c0c616f57233eb27840f3ae8b02fbkernel-debug-devel-2.6.32-754.6.3.el6.i686.rpm112065ba5c38cd113c9e5bbadccb95de839b11f00317bfa78039cb2bbc088c62kernel-debug-2.6.32-754.6.3.el6.i686.rpm7ca5bcfdbad86e7d5db92258ef0b51d4bb42ea2a93fa2ccaaa2cc30433f9ced8SLSA-2018:2881-1This update upgrades Firefox to version 60.2.2 ESR. Security Fix(es): * Mozilla: type confusion in JavaScript (CVE-2018-12386) * Mozilla: stack out-of-bounds read in Array.prototype.push (CVE-2018-12387)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.2.2-1.el6.i686.rpm1411366e742c9d32691a57851fac7eae3416623c65060256b2215f43fb56eb78SLSA-2018:2898-1Security Fix(es): * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384)moderateScientific Linux FermiScientific Linux Fermi 6nss-pkcs11-devel-3.36.0-9.el6_10.i686.rpm3955ebf933c501f7a77618de261c00ee4bff49630be140505a1914ab5cd7f869nss-devel-3.36.0-9.el6_10.i686.rpm8a0df9c1531aeccfb5512a9380b92512e4d267f4af0f49e87015027b9b928758nss-sysinit-3.36.0-9.el6_10.i686.rpm815ebece774b416cc306cb60fadc77b659a0925658e1cc2ce47b4e5927b8be02nss-tools-3.36.0-9.el6_10.i686.rpm908e36daccc04e1b280bc0f9532156d97d10ef7bb960731fc8a1ded586c1168enss-3.36.0-9.el6_10.i686.rpm7653e2279deb2dca7db6a62952c1008fc94f45b10823b0f4f645c6b986e62d97SLSA-2018:2943-1Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in singed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214)criticalScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-src-1.8.0.191.b12-0.el6_10.i686.rpm14190693fc0ab42521366bee15e3e7de4f70d5fefdafd1f409a1a0de8a3b1738java-1.8.0-openjdk-src-debug-1.8.0.191.b12-0.el6_10.i686.rpmefaf7715e0821de3511b7777b82a510b53a47ec331c37afe9ff86792372cc965java-1.8.0-openjdk-devel-1.8.0.191.b12-0.el6_10.i686.rpm597aa889fdddfe2c48d01fd0f2d0673c0b1224bffca90f1fa2a1b5d5630b6e62java-1.8.0-openjdk-headless-1.8.0.191.b12-0.el6_10.i686.rpmad37e112d8b13d34470ecf32c7767bb3ff36e53952b228a88197df953dfd52ffjava-1.8.0-openjdk-demo-1.8.0.191.b12-0.el6_10.i686.rpm2d84dc79bfd28b6f891ac917457778101c44d7ba0c4f4d0abba57c9c2cee3f46java-1.8.0-openjdk-javadoc-1.8.0.191.b12-0.el6_10.noarch.rpm566d959d6cee7821f83f70b8c39d850d2dc7ebfd76093a0e00ce142ad8e84f30java-1.8.0-openjdk-devel-debug-1.8.0.191.b12-0.el6_10.i686.rpmff6c8c1a9dba4acb70bf25b42d15c7a36615e19c9b867fb8689a2cd7af5328ebjava-1.8.0-openjdk-debug-1.8.0.191.b12-0.el6_10.i686.rpm0d6efd201b1b74dd80ec7393d353dd36823de9e624c16c43810ea96b432352f9java-1.8.0-openjdk-demo-debug-1.8.0.191.b12-0.el6_10.i686.rpmf66a41193d7e4a48db2475e56fce460aa886efc1fa199ba10c6cd871d6fa4cb1java-1.8.0-openjdk-javadoc-debug-1.8.0.191.b12-0.el6_10.noarch.rpm2ae2e357f0531a5499a250c905ef5de7f8094c0ead035a35554848a7ba03369ejava-1.8.0-openjdk-1.8.0.191.b12-0.el6_10.i686.rpmd960a3879055fc526d2aa2d6c41dba5e825a7cc4f719220124f110cdf87ea423java-1.8.0-openjdk-headless-debug-1.8.0.191.b12-0.el6_10.i686.rpm82026be6474351351fbb766636e9e068fa31c3815c5b12b4a957e9db8cdd30f1SLSA-2018:3006-1This update upgrades Firefox to version 60.3.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390) * Mozilla: Crash with nested event loops (CVE-2018-12392) * Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393) * Mozilla: WebExtension bypass of domain restrictions through header rewriting (CVE-2018-12395) * Mozilla: WebExtension content scripts can execute in disallowed contexts (CVE-2018-12396) * Mozilla: WebExtension local file permission check bypass (CVE-2018-12397) * Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.3.0-1.el6.i686.rpmede778eb071ce9650c5042c641e0759b5d32660591eb490b128a86fe88ee6db8SLSA-2018:3403-1This update upgrades Thunderbird to version 60.2.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376) * Mozilla: Use-after-free in driver timers (CVE-2018-12377) * Mozilla: Use-after-free in IndexedDB (CVE-2018-12378) * Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541) * Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-12379) * Mozilla: Crash in TransportSecurityInfo due to cached data (CVE-2018-12385) * Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords (CVE-2018-12383) Note: All of the above issues cannot be exploited in Thunderbird by a specially crafted HTML mail, as JavaScript is disabled for mail messages and cannot be enabled. They could be exploited another way in Thunderbird, for example, when viewing the remote content of an RSS feed.importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.2.1-5.el6.i686.rpm8aec597938c0b09a15aefb9276d545ad78529d53e14491607d4d3ca2f548da4aSLSA-2018:3406-1Security Fix(es): * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805)criticalScientific Linux FermiScientific Linux Fermi 6python-paramiko-1.7.5-5.el6_10.noarch.rpm2e9f7c86a90e9f28294513a3fd9189703ff0597aa1014af580528606a2938f30SLSA-2018:3409-1Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214)importantScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-src-1.7.0.201-2.6.16.0.el6_10.i686.rpm2023cae8abc619369126ae22052a08f967c630f8056b492b8a34d9f2951c8cffjava-1.7.0-openjdk-devel-1.7.0.201-2.6.16.0.el6_10.i686.rpm1e46c05eab97512f40f138c296c916db29e0f0071b56d2693c76a8f6e1eca80djava-1.7.0-openjdk-javadoc-1.7.0.201-2.6.16.0.el6_10.noarch.rpm3a7a1024d765008366cde1ecbd58089d9d79f3bbe478ee161bf79d239f7f0cd4java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.0.el6_10.i686.rpmc4a07d817a7d4b11154163d727267be47760ceede25d0c995aa9a7adc4e6c1c7java-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10.i686.rpm82348ed91dc5f19783a498db48562486c3277492e2dc36d673c8a2da054ab146SLSA-2018:3531-1This update upgrades Thunderbird to version 60.3.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390) * Mozilla: Crash with nested event loops (CVE-2018-12392) * Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393) * Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.3.0-1.el6.i686.rpm2af08ab2baf1d50c7b58c959a2707d6b5b065095221f6d14e82dc29b77e54a6eSLSA-2018:3760-1Security Fix(es): * It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the - -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. (CVE-2018-16509)importantScientific Linux FermiScientific Linux Fermi 6ghostscript-devel-8.70-24.el6_10.2.i686.rpme6d50f05d18c2768306b1daa02c4639bff52828e0954b9b359d92e8aa0771390ghostscript-doc-8.70-24.el6_10.2.i686.rpmd6623d1e910f45b12d6902219879510e051c9660047ec6cff202617c0b3f249bghostscript-8.70-24.el6_10.2.i686.rpm19129067bd969ead4890e0d7385f09a971b91ca103df9f06c6250cfe105a0347ghostscript-gtk-8.70-24.el6_10.2.i686.rpm134e29149791bc6fb66574cdc78f2d63e2ecbc3fe9eee0eb2cc6d946809485deSLSA-2018:3831-1This update upgrades Firefox to version 60.4.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * Mozilla: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.4.0-1.el6.i686.rpm7e6a8856fa03774af2ede19dbb0e0e2ca404150ac76ce5cfec37b42bd0131003SLSA-2018:3854-1Security Fix(es): * ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327)lowScientific Linux FermiScientific Linux Fermi 6ntp-4.2.6p5-15.el6_10.i686.rpmd37d700d7f1fff5e1300f7b946324ae7754e5dd5909464cc89b9958e839b08e1ntpdate-4.2.6p5-15.el6_10.i686.rpmbc587e7aa78df780bfa5b22db3f9d7cca44f32a0c69ff2f85888c74c8d41e769ntp-doc-4.2.6p5-15.el6_10.noarch.rpmc82ee0772e881ec69ac19e51fb9e2360f223af9f4237a25309f13eed8ffae94dntp-perl-4.2.6p5-15.el6_10.i686.rpmba40c03eac5d98f0ab17d80289204015e238f6adaea1da94c1eb8b3d39afeba5SLSA-2019:0159-1This update upgrades Thunderbird to version 60.4.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.4.0-1.el6.i686.rpmb7ad2f390828354c97a2d2d17fcb4cc5043ebf4639f48bd6764a5783502b9a43SLSA-2019:0218-1This update upgrades Firefox to version 60.5.0 ESR. Security Fix(es): * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.5.0-2.el6.i686.rpmc249145e8254b9f684b3ad1c923e23d371deb91ce64390a5a4a8a73a997c30e6SLSA-2019:0269-1This update upgrades Thunderbird to version 60.5.0. Security Fix(es): * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) * libical: Multiple use-after-free vulnerabilities (CVE-2016-5824)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.5.0-1.el6_10.i686.rpm7d9fc59db28172c2a1a0d7ca5349ab4889280b7ff13af392a17da772ad6e24f4SLSA-2019:0373-1This update upgrades Firefox to version 60.5.1 ESR. Security Fix(es): * chromium-browser, mozilla: Use after free in Skia (CVE-2018-18356) * mozilla: Integer overflow in Skia (CVE-2019-5785)importantScientific Linux FermiScientific Linux Fermi 6firefox-60.5.1-1.el6_10.i686.rpm8bfd2157ce8a1ab01f51be795ec16e763cf09b3b56142705e67cf0ddd0a01d9cSLSA-2019:0415-1Security Fix(es): * kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) Bug Fix(es): * Previously backported upstream patch caused a change in the behavior of page fault handler. As a consequence, applications compiled through GNU Compiler Collection (GCC) version 4.4.7 sometimes generated stack access exceeding the 64K limit. Running such applications subsequently triggered a segmentation fault. With this update, the 64k limit check in the page fault handler has been removed. As a result, running the affected applications no longer triggers the segmentation fault in the described scenario. Note that removing the limit check does not impact the integrity of the kernel itself.importantScientific Linux FermiScientific Linux Fermi 6kernel-debug-2.6.32-754.11.1.el6.i686.rpmeb63e3cc4cd66e54c180428585458c372ac247eb03e09541d12c78ec19f81bdfkernel-abi-whitelists-2.6.32-754.11.1.el6.noarch.rpm6da6a9ef8b3191e30759860513dca99e2fc644f59c9afd6027e603e4aa905583perf-2.6.32-754.11.1.el6.i686.rpm29dc90e7e071a624e7cd1ef43735c6e34b95887e29393b26cd872d3316f9cd9fkernel-doc-2.6.32-754.11.1.el6.noarch.rpmd9cd89b5755552488aa295527afcdfafb0f25d456b87a9200463a95bb864aa91kernel-devel-2.6.32-754.11.1.el6.i686.rpmf28e1d1e55d2b0ceb47689df0730f6118c65b9e29394e8a2976f80bfeebb6338kernel-headers-2.6.32-754.11.1.el6.i686.rpm57740db1a992a228a929a27f0dca0c7ce3d6979c2783b5ad681c55feb738cbe8kernel-debug-devel-2.6.32-754.11.1.el6.i686.rpmda396184e8a0aedfc08fe4f9243afaea08ad5f54c1660dee3a073b6492166704kernel-2.6.32-754.11.1.el6.i686.rpm25506f3d6fe7b7ddeadee6e2d819f2d73e6bbe46ca2c638e87073719aeccc664python-perf-2.6.32-754.11.1.el6.i686.rpmdd5e479a997b99cf4bd7a0a529c0a30647c0ddffb4ca262ec4813b5411aaedcekernel-firmware-2.6.32-754.11.1.el6.noarch.rpm80afe0e5dbe79721c10b46ba211e4b4738b6af7cbe3834fff0f9ab456f91d044SLSA-2019:0416-1Security Fix(es): * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422)moderateScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-devel-debug-1.8.0.201.b09-1.el6_10.i686.rpm72f9a9a48e0716b5b45b279e0eabe99e480f064cf6a31a63e0f7107cb5f9fda6java-1.8.0-openjdk-src-1.8.0.201.b09-1.el6_10.i686.rpm2a9cac425f68d951b17a56d9ea9bf9cc718b9f9f864f51d1b00ceea86132be13java-1.8.0-openjdk-src-debug-1.8.0.201.b09-1.el6_10.i686.rpm4914ad0080e56778664b012107451e6c3f3830791073ee4d9b239a7236b57143java-1.8.0-openjdk-headless-1.8.0.201.b09-1.el6_10.i686.rpmeffba4f2e783adb9ea01cb3905a9c27927d11337b86acefda346fc697ef18936java-1.8.0-openjdk-javadoc-1.8.0.201.b09-1.el6_10.noarch.rpmb8a63a9bfb16fdf95ea239b84718079685034acb094344208834a3920928c079java-1.8.0-openjdk-demo-debug-1.8.0.201.b09-1.el6_10.i686.rpma9a7477383d76ad09c090bbc8466f74832993ac3de518f5adb11f82e13a04348java-1.8.0-openjdk-headless-debug-1.8.0.201.b09-1.el6_10.i686.rpm9c76abb89a3863d4faa65c06f42cafdc7d3f6fcdb86451890bf452bc9a40ca69java-1.8.0-openjdk-1.8.0.201.b09-1.el6_10.i686.rpm6f7232080a975cc500633d4c6ea9c7c388fd56270190a9fca05f9d741579e93bjava-1.8.0-openjdk-devel-1.8.0.201.b09-1.el6_10.i686.rpmd78834b06e5b1486eb894d0e284a2263038e686810c1d8e22e5f109b6bd302d5java-1.8.0-openjdk-demo-1.8.0.201.b09-1.el6_10.i686.rpm4da90a03f97d920766257b1c83ab2a37bc733435294edee44a12c735c7c3ae28java-1.8.0-openjdk-javadoc-debug-1.8.0.201.b09-1.el6_10.noarch.rpm686fe9f40b9b7974ae00e73a7f9a08dcb962961d815734f2567ccf87889d0018java-1.8.0-openjdk-debug-1.8.0.201.b09-1.el6_10.i686.rpmd672da50aee63b45d677a7829bc42b3950feccf17722d93567f0234e4426e9ecSLSA-2019:0420-1Security Fix(es): * polkit: Temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133)importantScientific Linux FermiScientific Linux Fermi 6polkit-devel-0.96-11.el6_10.1.i686.rpmed349855c2dc321bc9394ddfa3a5ddfeb4d32ec04c6cbcd0f0e7e8eae36575e7polkit-0.96-11.el6_10.1.i686.rpm569f6e45bd66cc5d945a5dca4b8fcfff70032e44c7a937a416fe38d2778e7141polkit-desktop-policy-0.96-11.el6_10.1.noarch.rpm509556641a226de36aa3bd79158e79e8e14588a42a5c568566c0b959785fb2d4polkit-docs-0.96-11.el6_10.1.i686.rpme1bd35af79bcdbb4a99ca5495255fbd38190daf6754cb4b771899e410c3842c8SLSA-2019:0462-1Security Fix(es): * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422)moderateScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-javadoc-1.7.0.211-2.6.17.1.el6_10.noarch.rpm0d7fc07ee894fd26c35ae8e74cc26708df8cf01a326b86efd7806193b8a60f67java-1.7.0-openjdk-1.7.0.211-2.6.17.1.el6_10.i686.rpm613354b149b68e9aa5cfe4b84163c02d27f0412e86f0305b6369b7ef3eed74aajava-1.7.0-openjdk-devel-1.7.0.211-2.6.17.1.el6_10.i686.rpm44b13aec0af6fc44e7fc8e98b705592165c7327f821714ceb19e8cbe68012f19java-1.7.0-openjdk-src-1.7.0.211-2.6.17.1.el6_10.i686.rpm4f27be557451956eb552fb98706203f7f2d83aaa65077758aa030bb5900d7febjava-1.7.0-openjdk-demo-1.7.0.211-2.6.17.1.el6_10.i686.rpm0c37435953b36a7859ec2f38e034c2708730bd19a18007ba2bd04e4798596dc8SLSA-2019:0623-1This update upgrades Firefox to version 60.6.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792) * Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793) * Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795) * Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796) * Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.6.0-3.el6_10.i686.rpm6e7308e77335ae44c84d98147143d202fbfcffadbfa662aed531acf62f0f4db3SLSA-2019:0672-1This update upgrades Firefox to version 60.6.1 ESR. Security Fix(es): * Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810) * Mozilla: Ionmonkey type confusion with __proto__ mutations (CVE-2019-9813)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.6.1-1.el6_10.i686.rpm34a5d43d2f9fd082108b1f6e5494390bae27763b4bf1d27300d81a43265e5736SLSA-2019:0680-1Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792) * Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810) * Mozilla: Ionmonkey type confusion with __proto__ mutations (CVE-2019-9813) * Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793) * Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795) * Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796) * Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.6.1-1.el6_10.i686.rpm953972d870394e5149ca8a39e4d09b097f62a3b32c3f79eb196320061e925d23SLSA-2019:0711-1Security Fix(es): * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)lowScientific Linux FermiScientific Linux Fermi 6pam_ssh_agent_auth-0.9.3-124.el6_10.i686.rpmc5a4a171ed4c435001e686aa8986e8d9609c60c7e898524a2431e16b735a730dopenssh-5.3p1-124.el6_10.i686.rpmd8dba83443b4ee665dcf85dbe5d05568ac3f6aa448017ccac834a6a7c7f152d0openssh-askpass-5.3p1-124.el6_10.i686.rpmd2e12b7b43ea7f6f990f8b78cb1fd23fbb8b220c68ebd617fc9b2b191576f40copenssh-ldap-5.3p1-124.el6_10.i686.rpmc708206b081f1b3916fa432b951d5e06c6c5731c94f57330fd4ac0620cacf2caopenssh-clients-5.3p1-124.el6_10.i686.rpma55495d6c00cf449108441be51f1415892a817c0b53a909da543a634e6d79d49openssh-server-5.3p1-124.el6_10.i686.rpmb48d7d7bcbf1b91d4936846776ea0e064b8685103a0c595fa08e561dc00504e3SLSA-2019:0717-1Security Fix(es): * kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)importantScientific Linux FermiScientific Linux Fermi 6kernel-debug-2.6.32-754.12.1.el6.i686.rpm729005bff510f516777cd403d1c2e6bd47c2a8d81528ea5d939d2e65c32ec649kernel-debug-devel-2.6.32-754.12.1.el6.i686.rpm32dc06f0f09f8fc2ff4f92063a276c883c01d83a5b68f04c168d129cc9c82b0dkernel-headers-2.6.32-754.12.1.el6.i686.rpm31cef48ffa3fec6e9b5ac51d540fe609b8c3a5e4f59487e201eb486f810415e2kernel-firmware-2.6.32-754.12.1.el6.noarch.rpmee86cd43a1dd0122b2e726d8fe7f004c17c33156993e7fbfdc95e5ab8c231ae5kernel-doc-2.6.32-754.12.1.el6.noarch.rpma06acfb19b7f582876446695b744f6f1921ef89a21033acd79d355a5bb3dfb63perf-2.6.32-754.12.1.el6.i686.rpmb78b97e83988e3e3d7d16c6e9018c7f020219d883288e599d8d9fb36a6f6149akernel-abi-whitelists-2.6.32-754.12.1.el6.noarch.rpmdc23144ede380cce63aac7b9a4e1d2d003a6a4461db292ec0e27b80cec4ea6f4python-perf-2.6.32-754.12.1.el6.i686.rpmf77f55fd2782dd240dd4fa082698f58d6cb0dbf0179fc4b4d3752dd0f5527e60kernel-devel-2.6.32-754.12.1.el6.i686.rpm00d46d8f37325bb1e5404b431b6900ea0aba79271a9e83027bbca4c68374c425kernel-2.6.32-754.12.1.el6.i686.rpm57de82fde0224756dafa2f514069f616e5fb7e103513f88697ecc33f533044ebSLSA-2019:0774-1Security Fix(es): * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) Bug Fix(es): * assert failure in coalesce.cpp: attempted to spill a non-spillable itemimportantScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-demo-1.8.0.212.b04-0.el6_10.i686.rpm1b0408e9c4c2c179f71622d939235acefed4efc280007708f98d8fede9a3cda5java-1.8.0-openjdk-src-1.8.0.212.b04-0.el6_10.i686.rpm04592ce61b4d667a7d937915af9ab04f4cd4ac1c07c0c12d334ae5f521f095d5java-1.8.0-openjdk-debug-1.8.0.212.b04-0.el6_10.i686.rpmff3f57c38cdfa99a6f5250e0bc204f54bdb7eb3f13ee3f0e5d3a9f208efdeee0java-1.8.0-openjdk-devel-debug-1.8.0.212.b04-0.el6_10.i686.rpm887a20657bf7b75edb423b9272b0f7f8e11839f9a1d938dcb0d5c4e33c027a85java-1.8.0-openjdk-javadoc-1.8.0.212.b04-0.el6_10.noarch.rpmb9e34add24aa6012a59e8fa5445fc73fb62574efe902c3f2be44db65af51e39djava-1.8.0-openjdk-headless-1.8.0.212.b04-0.el6_10.i686.rpme2c455f18289c7bb1bdadd4c14ed8a8cd732c7111169a0c2ccc7d38d9c04a4e8java-1.8.0-openjdk-headless-debug-1.8.0.212.b04-0.el6_10.i686.rpm301a8eacb6c2db51ac90354cbe4535ab9f69715acf93a7dd414dc2fbcadfeab3java-1.8.0-openjdk-javadoc-debug-1.8.0.212.b04-0.el6_10.noarch.rpmce2c81654331538cd7001842aebb8e0511f3ba871ed7ed27f3e4533510f652ebjava-1.8.0-openjdk-devel-1.8.0.212.b04-0.el6_10.i686.rpmc8f1c52c412115cba9eacb38445f22e10a25107a96c04bf85377d95a4c8a9347java-1.8.0-openjdk-src-debug-1.8.0.212.b04-0.el6_10.i686.rpmbb61da9e2afced3e1ce384f1c7d5bf266051ce0f2deb5fa9e17d6894e8a16e37java-1.8.0-openjdk-1.8.0.212.b04-0.el6_10.i686.rpm23ff2c4076e5012c65e1b342a4dbab9cf0b337cb3f7023f6ed723a4979f6f76djava-1.8.0-openjdk-demo-debug-1.8.0.212.b04-0.el6_10.i686.rpmc1fd6528591bac578a94b60ec49fbd9025a9955c0667cea8b806c49deea358d2SLSA-2019:0790-1Security Fix(es): * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)importantScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-javadoc-1.7.0.221-2.6.18.0.el6_10.noarch.rpmf1a9617fd9bfb764a9f48d351d70fe472c97c42d4bca1f9708466c2fc5302605java-1.7.0-openjdk-1.7.0.221-2.6.18.0.el6_10.i686.rpma3a08f8835de724760d09325ca15e3dbe22935b5a798c5a50675d17cb5e251d7java-1.7.0-openjdk-src-1.7.0.221-2.6.18.0.el6_10.i686.rpm1b1a87d44481db1a881e66e46409a250883ab49e3a95fcfba94c55448794f776java-1.7.0-openjdk-devel-1.7.0.221-2.6.18.0.el6_10.i686.rpm1701547f1fa59ba1095077383400fb76932e4e7171a52c89f0d64509c0269664java-1.7.0-openjdk-demo-1.7.0.221-2.6.18.0.el6_10.i686.rpmc5bee6fe0823b638b5482764099d1d77e930ead6fbb1a042c7c5efda44db9c8eSLSA-2019:1169-1Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro- optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a load port subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPUs pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091) Bug Fix(es): * aio O_DIRECT writes to non-page-aligned file locations on ext4 can result in the overlapped portion of the page containing zeros * Tolerate new s390x crypto hardware for migrationimportantScientific Linux FermitrueScientific Linux Fermi 6kernel-firmware-2.6.32-754.14.2.el6.noarch.rpm95f00d7149fadae050b00249aea12b631ec171ca2c0cc8bff24a315623a627b7kernel-doc-2.6.32-754.14.2.el6.noarch.rpm9195910ccd4222d609c3ba9b0408915876688f2649237f41161c9824a7484f72kernel-headers-2.6.32-754.14.2.el6.i686.rpm8b61f10871e91d7390655f1926dff845665fee45a8d0df23e6d26e4e6ee2db6akernel-devel-2.6.32-754.14.2.el6.i686.rpm5609e5b3b5e22961a9e52c0a8d48282d84b4eb44b5c4d673404be438b87d1f1bpython-perf-2.6.32-754.14.2.el6.i686.rpm88398736335d20652c2af134e3c181b0d764f246c810ee1919796b333cb90998perf-2.6.32-754.14.2.el6.i686.rpmf35130477fd4406fcf226e89304de0954d1106b825eb1beb8b6ad4a93c00d98ckernel-debug-devel-2.6.32-754.14.2.el6.i686.rpm30029142d7213320a92ccf28d348669ded539d9a5e361c9ac95f4c8ab9f029f7kernel-debug-2.6.32-754.14.2.el6.i686.rpmcf1cf7ef98ffe519c9bbd2e37004a7d147fa7ee12f88f7e747be682a94d061cekernel-abi-whitelists-2.6.32-754.14.2.el6.noarch.rpm0bcc855f096a25fd1e07c9e070496a15965acc391856870436dc4d3c8d525960kernel-2.6.32-754.14.2.el6.i686.rpmd5e78dddcd7abae8b30676c6f8295dbc3f5284243e4277727ac82715fa9525e8SLSA-2019:1180-1Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro- optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a load port subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPUs pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)importantScientific Linux FermiScientific Linux Fermi 6libvirt-devel-0.10.2-64.el6_10.1.i686.rpm52a0b76a3c42f4f89feb1774130ba9c24c1b2586d708e52f6e93c9b7544c8415libvirt-0.10.2-64.el6_10.1.i686.rpm34b79cd26626f3e461dc6c4b08b7202210ae939825000d6e948aa267bd7d9f2elibvirt-client-0.10.2-64.el6_10.1.i686.rpm2db665f301963c18e699bf6de58d71d46d9b58615941f95892aaffd80705d476libvirt-python-0.10.2-64.el6_10.1.i686.rpm1b4d46a1290302b3bfc3122abb47bf406192f4304a82bfc3ad5fcc92b95690b4SLSA-2019:1181-1Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro- optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a load port subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPUs pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)importantScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.506.el6_10.3.i686.rpm57c128bd1b79e07752fbc5f94bbdfb5e0dc713c867abc2831569e0cf5e838aa6SLSA-2019:1267-1Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.7.0-1.el6_10.i686.rpmf9b6070513611a29f87cbaee4f54f91eb13ca6ed35c086d2896078e056b46c0cSLSA-2019:1310-1Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.7.0-1.el6_10.i686.rpm9cb51ee1aa6e8d33d5673030813a1a2c0121cfef9f46a58b3f52da36d38991edSLSA-2019:1467-1Security Fix(es): * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636)importantScientific Linux FermiScientific Linux Fermi 6python-test-2.6.6-68.el6_10.i686.rpmc4ad9f1f7b9fbd4964cdc3e02a6c44742e13bcb8e34c882a5b9c0a6c0fbdd31bpython-tools-2.6.6-68.el6_10.i686.rpmd5d6ed66f5e38435a798004235bc066793cb6d43a8496382f6adf0f9763c0ca8python-2.6.6-68.el6_10.i686.rpm2d4f74517c2184a4b67e00d75c93c273542f429a4658807dfec57f69c94cc6e3python-libs-2.6.6-68.el6_10.i686.rpm31002791d54f57f740486204cb5198c111cb893ba0b7745a995e32c48f59619fpython-devel-2.6.6-68.el6_10.i686.rpm72c2b019f40d91a9280ca52c10eac6fc8b2b6fd040e8e1c1b453f6bccccd530ctkinter-2.6.6-68.el6_10.i686.rpm719ce1438f433b68579f87f10c6915cf939f7108d6d627daa9a6192c1681ab7fSLSA-2019:1488-1Security Fix(es): * An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477) * kernel: Double free in lib/idr.c (CVE-2019-3896) * Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478) * Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479) Bug Fix(es): * MDS mitigations not enabled on Intel Skylake CPUs * kernel does not disable SMT with mds=full,nosmt * md_clear flag missing from /proc/cpuinfoimportantScientific Linux FermiScientific Linux Fermi 6kernel-doc-2.6.32-754.15.3.el6.noarch.rpmebc1974ea07e5755fbff09deae0fe3511b2e96901867d6021b82e0570b3ca9a6kernel-abi-whitelists-2.6.32-754.15.3.el6.noarch.rpma6bd088a6af90b68ba2988cb9577c87fd8f3c8e70587cff1a947bd9cb463c346perf-2.6.32-754.15.3.el6.i686.rpmaf054ea9d64b3b00c7a35623a02e951a9728b2d9bb737645dd9377c1e4c7fc63kernel-debug-2.6.32-754.15.3.el6.i686.rpmdadf38121cdc4fa9a3489d3d76f2a40fc48860f3d86aa90e1dd49d2ae359757fkernel-2.6.32-754.15.3.el6.i686.rpm863d24ed6b451558984cf14b45a66e8439819f7818e9602508427a81fc082e38kernel-devel-2.6.32-754.15.3.el6.i686.rpm42ea1110ed43a94692e36c117cb598b23f116b990ec6250e7e802097135ab5f1python-perf-2.6.32-754.15.3.el6.i686.rpmf2da8fd66b5caeaed63d349a6176a786a7977133d95c8cc1291b040df30ef875kernel-headers-2.6.32-754.15.3.el6.i686.rpm81de310adf30f19bc6d5fd8e314a875e77e40cc49bd2822918ab7a66bf1abf52kernel-firmware-2.6.32-754.15.3.el6.noarch.rpm6881f3ef3f48f6dfea8966f8b9c718ae4977ad23147944724c96415ba17ac068kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpmc2784c078288ec70c7e7c53b7e95b49e439fe6ab903231d09a223d345ed381c9SLSA-2019:1492-1Security Fix(es): * bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)importantScientific Linux FermiScientific Linux Fermi 6bind-9.8.2-0.68.rc1.el6_10.3.i686.rpm833b9203744ae02487069fa0649a456afd5479af1f017f7bfed0b58c0a597804bind-sdb-9.8.2-0.68.rc1.el6_10.3.i686.rpmf5a58b71102f2753ed25149fc02a9c6a7b7387187eaa72678533f0c620cc8fe2bind-devel-9.8.2-0.68.rc1.el6_10.3.i686.rpm81e8d339af4aee612849cbe1a162857657db5094cbfd905e339d3b621f835caabind-utils-9.8.2-0.68.rc1.el6_10.3.i686.rpm2cf114459dbaed866608e20d5b24bd64a3a6066c6fc4df7a4bad2a0592ee4198bind-libs-9.8.2-0.68.rc1.el6_10.3.i686.rpmb2bc7d8dd364662b9c9ec772603791be17092ecb3bcbbba8dd4d3088a967c928bind-chroot-9.8.2-0.68.rc1.el6_10.3.i686.rpmebcfa1760d953ae5b07da9a0e14a25c2d2982c2640e9793a1113b11148342b2bSLSA-2019:1578-1Security Fix(es): * libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) * libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) * libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168)moderateScientific Linux FermiScientific Linux Fermi 6libvirt-client-0.10.2-64.el6_10.2.i686.rpm615765410c7a433b2bcca369eb4185b0bcbca4778ab1cf17badd1437f92f329elibvirt-0.10.2-64.el6_10.2.i686.rpm4ae6f6b1427086b6e395279dc843779132799cedb047585a4048ec2250a97c88libvirt-devel-0.10.2-64.el6_10.2.i686.rpm7bae2df5101efc072b5dbe4af4e4f92796e251ca6be203da6416bedddab07232libvirt-python-0.10.2-64.el6_10.2.i686.rpm2284db6c51fec1aba765a7063a2040104e8131130b795db6ed0b64e2eba51732SLSA-2019:1604-1Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.7.2-1.el6_10.i686.rpm5762907e1106ae6354abc19222c247d1aedf8819e1e65e692af50549da91050aSLSA-2019:1624-1Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) * thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) * thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) * thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.7.2-2.el6_10.i686.rpmac3af04e22e919de7d6e00c1d98b762aaa1172b051bad624465fb574976e1ad5SLSA-2019:1650-1Security Fix(es): * QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)lowScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.506.el6_10.4.i686.rpm844de9309808e3fd28aee7df13f2ffe027fec6bd6fdf832db62224d9382ab036SLSA-2019:1652-1Security Fix(es): * libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) * libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) * libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) * libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)importantScientific Linux FermiScientific Linux Fermi 6libssh2-docs-1.4.2-3.el6_10.1.i686.rpm13b07846b877191a0bb18a81357594dcec0756249652645efb33e36cee8ed706libssh2-devel-1.4.2-3.el6_10.1.i686.rpmc24fbf4975007cbc746bf3617fff9ef4f142f50a62f7b4d47da518835c79a1aelibssh2-1.4.2-3.el6_10.1.i686.rpm237279527bd8da3b53a126e327aa5491f29e1ac8b0cd8f6ac37bbc1017ae4b63SLSA-2019:1726-1Security Fix(es): * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749)importantScientific Linux FermiScientific Linux Fermi 6dbus-libs-1.2.24-11.el6_10.i686.rpm27c22a404a473302373f7dcc4da626e06c39ca936278d9812a20631eb9e7048adbus-doc-1.2.24-11.el6_10.noarch.rpm7e9688be22663b7e530f0c2a1771ee68259e26b3844abb638b7b01cd0b9bf396dbus-devel-1.2.24-11.el6_10.i686.rpmbb36e8baa228989d49c3fda19d44307151a34cbf14fedca4db2b0f266411a95fdbus-x11-1.2.24-11.el6_10.i686.rpma8637eb4b1a230f931296568cdaa81fd21debae20792a2c821d7ef164633e3dadbus-1.2.24-11.el6_10.i686.rpmfe27d006724f2e6f6fa6db571fbc1456c3e372010bb60e96eabb60d54922df6dSLSA-2019:1765-1This update upgrades Firefox to version 60.8.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712) * Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713) * Mozilla: HTML parsing error can contribute to content XSS (CVE-2019-11715) * Mozilla: Caret character improperly escaped in origins (CVE-2019-11717) * Mozilla: Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.8.0-1.el6_10.i686.rpm2ab292bd861025002d2e6cf98cc65bec3154d5654cc07b18be7f005d43d6a3acSLSA-2019:1774-1Security Fix(es): * vim/neovim: ':source!' command allows arbitrary command execution via modelines (CVE-2019-12735)importantScientific Linux FermiScientific Linux Fermi 6vim-filesystem-7.4.629-5.el6_10.2.i686.rpm77d00d9a7676dd1307a49e2e349e3a52d83e371046824760d6754018fe58529dvim-X11-7.4.629-5.el6_10.2.i686.rpm4ee1b687e857680f646d7e3226edada678cf8f14813eaa310d9e9c0dbc77e3f2vim-minimal-7.4.629-5.el6_10.2.i686.rpm8787c09e59cf09600e5fbe74670bb67f69bcaa37b299d024d7a13ebdf141d5ccvim-common-7.4.629-5.el6_10.2.i686.rpmc907b4ae52e8e5a6ae795de4e6588e173b2e537708117c00b40f1693a7ba2cbdvim-enhanced-7.4.629-5.el6_10.2.i686.rpm6558adcd98049f02fd5f779bf8b88789053fb6c3c184ca831a349d84505ad594SLSA-2019:1777-1This update upgrades Thunderbird to version 60.8.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712) * Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713) * Mozilla: HTML parsing error can contribute to content XSS (CVE-2019-11715) * Mozilla: Caret character improperly escaped in origins (CVE-2019-11717) * Mozilla: Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.8.0-1.el6_10.i686.rpm39b18d2d214ff6523c311647a0bb19f6b561397a76594229b991bc3e7f0e3f9cSLSA-2019:1811-1Security Fix(es): * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)moderateScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-src-1.8.0.222.b10-0.el6_10.i686.rpm14d535dfc362e018a61f0930629b3ff67d2d7ddade2fd34b5785d503df3cdd30java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.el6_10.i686.rpm5bfccdc4544cc13d01dec213505fa468f9fc085d717770fdefb1559cc3b1279djava-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.el6_10.i686.rpm4c4391b51db4987d83787eebe464d3136c477db7bf1f32412dc3a1293372e628java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el6_10.i686.rpm6a53d989ad01f56c77a9be31427289868164482a9cbcefd0ec5934f1da86027ajava-1.8.0-openjdk-javadoc-debug-1.8.0.222.b10-0.el6_10.noarch.rpm7fcf1eab81210329d4ec323669b49cbb86320a0315e6fe9f00846ac538081cd2java-1.8.0-openjdk-1.8.0.222.b10-0.el6_10.i686.rpm8feda1829202c84b91c6591f97fa4e58cce69b8f4fa92e21b2b4e52318cd942ejava-1.8.0-openjdk-devel-1.8.0.222.b10-0.el6_10.i686.rpmd960a2f0da30118157de0f98b3bd0b83bf1edb7e3b63fc781fea67e0301b0470java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.el6_10.noarch.rpmfedb7e6431bb0d13c67dfc05556ad81b3a96f3df5baa7ee90f2cd87b474e042djava-1.8.0-openjdk-debug-1.8.0.222.b10-0.el6_10.i686.rpm8d28cf2d20ca5380e083529a1c8cdd2d8d7486537303835de59d7ba12efe3f74java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.el6_10.i686.rpm6552dac4588c66183c10d44d4a6cb295be0ff52dc774118b4416b4e216efec40java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.el6_10.i686.rpmae8542b128a63974c4c8329cfca1f7de4c42f87e32e06fb016a9e74095ff7e24java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el6_10.i686.rpm9fa34cdf6fb9e5cd25aaad6d8609e07030e947b3b46fb524d6eb163a2a53e206SLSA-2019:1840-1Security Fix(es): * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)moderateScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10.noarch.rpm1deac5b3b6d3b2b55bdcb848981c61d8f4196eb01b23fdb2de3e5ee47e7a10f5java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10.i686.rpm981a285c171ffaea4c02506d98175dfa93fd1fe7f3be30e3e15bcfca7890f9cejava-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10.i686.rpmf4ba1538b17e259fd1e0a4d9c89ad82cccde3c7943382bd24534f2fbbb0f2a3ejava-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.i686.rpmec8d8b808e972348e4f9a59030333e30cbe6ee8db4fe0e56f26347fe2556060ejava-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10.i686.rpm59565f0a4868c52f39609ba1fb68eb1656bfa1f8c4c4a98efc069439b129a27cSLSA-2019:2471-1Security Fix(es): * openssl: 0-byte record padding oracle (CVE-2019-1559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE moderateScientific Linux FermiScientific Linux Fermi 6openssl-1.0.1e-58.el6_10.i686.rpmf72d77100dd96a17ebac2a4f1c9dfebe87ddb6058c9c53ec5e0159a7563c0039openssl-static-1.0.1e-58.el6_10.i686.rpmf08d1b56a1609b65e9635dc374c4d1b426a411555b179423876ca079b47f157eopenssl-perl-1.0.1e-58.el6_10.i686.rpm32aea464a4560d5094a1ef28707b8ca45f375a3c2fa947f66238f21234a8d8dfopenssl-devel-1.0.1e-58.el6_10.i686.rpmd96d5fd130f2ef9e60e1959f2913cf9c1b77059ff37edd1b17afb10ad4ca1a7aSLSA-2019:2473-1Security Fix(es): * Kernel: page cache side channel attacks (CVE-2019-5489) * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service (CVE-2017-17805) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * OOPS with Null Pointer exception in v4l2_ctrl_query_menu when second arg of function is NULL * Another SL 6 hang in congestion_wait() * kernel crash after running user space script * SL-6.10: Don't report the use of retpoline on Skylake as vulnerable * Bad pagetable: 000f “*pdpt = 0000000000000000 *pde = 0000000000000000” SL 6 32bit * fs/binfmt_misc.c: do not allow offset overflow [6.10.z] * Wrong spectre backport causing linux headers to break compilation of 3rd party packagesimportantScientific Linux FermiScientific Linux Fermi 6kernel-abi-whitelists-2.6.32-754.18.2.el6.noarch.rpm40f7bc1add242616107d74280208eb47229e5b1cff19a8501290290d24201872kernel-firmware-2.6.32-754.18.2.el6.noarch.rpmb4249a50dc5aff45878a137f33c62879f22ff8466f84d3efe29106adb5725164python-perf-2.6.32-754.17.1.el6.i686.rpm56cd31f09a45cfc294fa717d701ed8caba46dfa3934348b232a4754bbe43024akernel-headers-2.6.32-754.18.2.el6.i686.rpm2b5b386b69a82aba9edb489fcbc9e3194719838fbf68f7225b7703a3df12e282kernel-2.6.32-754.18.2.el6.i686.rpmf027b508571aac5428f5d6241160d8293de7c9771d933ac155feafbbb45c6efakernel-debug-devel-2.6.32-754.18.2.el6.i686.rpmf76919575011397b851f03fb1e220b0ff25da5766707255f5c7de9fcacfb2f80kernel-debug-2.6.32-754.18.2.el6.i686.rpm36f1c6dcec10857ef981b0125855dc8a1a8f145f5b1bc38ee1270600d8112c1akernel-doc-2.6.32-754.18.2.el6.noarch.rpm8c87207a6731978c78d7cb69b184947d8e529594b3a2992a7c1569e930693d04perf-2.6.32-754.18.2.el6.i686.rpm6b5c776f334a1c64c2130c80c2f0d8657649cb19aafa728b237b1ad5771b3de3kernel-devel-2.6.32-754.18.2.el6.i686.rpme8bb0777b6ebbf3ea4e75ba9e90a881f78bd44163f6246243b1a27898bf7412fpython-perf-2.6.32-754.18.2.el6.i686.rpm6b1d5e88e100440d48100a870e78e23025e1d44d0d8f32090b669c66fbd298a0SLSA-2019:2694-1Security Fix(es): * Mozilla: Sandbox escape through Firefox Sync (CVE-2019-9812) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use-after-free while manipulating video (CVE-2019-11746) * Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) * firefox: stored passwords in 'Saved Logins' can be copied without master password entry (CVE-2019-11733) * Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743)criticalScientific Linux FermiScientific Linux Fermi 6firefox-60.9.0-1.el6_10.i686.rpm18b7756ef97146864408131e251fc019c3d636f163f0a6abd317d9e5ae088605SLSA-2019:2736-1Security Fix(es): * kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810) Bug Fix(es): * fragmented packets timing out * Backport TCP follow-up for small buffersimportantScientific Linux FermiScientific Linux Fermi 6kernel-firmware-2.6.32-754.22.1.el6.noarch.rpmdbdc8a9cb94f0610c942238f40ca385f25a2c6ef786bb3ca740f3f334275739fkernel-doc-2.6.32-754.22.1.el6.noarch.rpmf6e8d330c588d48a1aea904943f917501bdad44202571e24def6df88cdde299ckernel-devel-2.6.32-754.22.1.el6.i686.rpmc37959c09ffe66d3f12f5a62a247c27c09c839f69246ad2f2caa773bd9e72ff7python-perf-2.6.32-754.22.1.el6.i686.rpm539ee3c08ebc1f4d2e72f2f87a5e47733e6474cbe992ced071fbcb1673929382kernel-debug-devel-2.6.32-754.22.1.el6.i686.rpm2ed5c02faaf280d97208fb8a5782976c9969eff337539a58d8ddf2da02107724perf-2.6.32-754.22.1.el6.i686.rpmb32fb02d145b3aee02c3cda9504ebc7dfc09f402f64a7c84d5c71fe44ae334d8kernel-headers-2.6.32-754.22.1.el6.i686.rpm3a841eb5009e084651a6a8d9407ed60047190cb26a6c81beae60f60e8a23167ckernel-2.6.32-754.22.1.el6.i686.rpm2f223785d70a1b72ba1598f2b34eb5d045ed79dfb380585fc5aa9666be9acdf9kernel-abi-whitelists-2.6.32-754.22.1.el6.noarch.rpm28a86a186d10f19e5545509ced59f132c75fc6e984ce77dcd7737d129d6b6264kernel-debug-2.6.32-754.22.1.el6.i686.rpm997d5cfa08e5dca2291079783fa2e32c00265a178989bea14da1395ca8615e87SLSA-2019:2807-1This update upgrades Thunderbird to version 60.9.0. Security Fix(es): * Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use-after-free while manipulating video (CVE-2019-11746) * Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) * Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-60.9.0-1.el6_10.i686.rpmbb2288bb57d83f968dc3fb13a99801f177fb32e97960b0b139b8d1cf1684afd6SLSA-2019:2863-1Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)importantScientific Linux FermiScientific Linux Fermi 6kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm30b641fcb0fac4e7afafe495efa54ce97cf00e08a8d20f4282d627cb4778bef3python-perf-2.6.32-754.23.1.el6.i686.rpm3e65c68a341849689c80c6829d9f3ae7cf335f24efe701f60c2c71115b7d11e3kernel-devel-2.6.32-754.23.1.el6.i686.rpm6b3f74d8fc41d4919249a54a0fbd4c5578a9ec3f8a07971ed5dd38f13a545e69kernel-2.6.32-754.23.1.el6.i686.rpm19cfc0bea5f926ceea4ce3d65c6b2528eb973d96a435209fa63af38fab19337fkernel-doc-2.6.32-754.23.1.el6.noarch.rpmfc5f56359a8e3dc1ed19f769803abccf8a3545537655b039d66bdf0bc1223dd4kernel-debug-2.6.32-754.23.1.el6.i686.rpm40401b857b09521489a885c6ab69c3d217014d290974a22aa04ce3641284aa22kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm287692bea8f530aa95d329c4c8c2e3f2ec62a408fa9ece7df2137e89d1bc7ad9perf-2.6.32-754.23.1.el6.i686.rpme14d73ace33d346d2a46927e1e45084f7084b609399e33deff7695fffe42438dkernel-headers-2.6.32-754.23.1.el6.i686.rpmeb965586179b5bc3771dc25587b96063e0a38ba9ea45e03c9db089c57cc838a7kernel-firmware-2.6.32-754.23.1.el6.noarch.rpmdbc6d52137509ae28af877af780e07dce4b2cc4d9f370bece38af6e7fb4fea54SLSA-2019:2885-1* dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500)importantScientific Linux FermiScientific Linux Fermi 6dovecot-pgsql-2.0.9-22.el6_10.1.i686.rpmf233fa50db9dfdc999738c695c3179b8ece95b46abedbf23ca15b39ab657714edovecot-mysql-2.0.9-22.el6_10.1.i686.rpm2eb5bc20770fb58ebbec94b4ba765a01ff4761e5175a07718462500dbb3d83fedovecot-devel-2.0.9-22.el6_10.1.i686.rpm340529dd18a0b2501de3b28273844ae10209573221d6a383334fdca4fdb8efa9dovecot-pigeonhole-2.0.9-22.el6_10.1.i686.rpm26a62b652999aa2e24e612bacf0ec819266fb36d1cb4e4f364724c2758af9c6ddovecot-2.0.9-22.el6_10.1.i686.rpme181d5a3a17fdd37c0911bf8495ded4c46b035c7459ac38fdc2c7041c83fea23SLSA-2019:2892-1Security Fix(es): * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806) * QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778) * QEMU: ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839) * QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962) * QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)importantScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.506.el6_10.5.i686.rpmf38b921cc09b9e2e8e64fbfddbd88dc631b6248e0715e338d984de571be1f8b8SLSA-2019:3136-1Security Fix(es): * OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) (CVE-2019-2975) * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) * OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) * OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962) * OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964) * OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973) * OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981) * OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983) * OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286) (CVE-2019-2987) * OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988) * OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992) * OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999)importantScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-javadoc-debug-1.8.0.232.b09-1.el6_10.noarch.rpmc8fdb685e302cef81cc332755ca32e0b51f62b01a23cae319b773fc4117fec52java-1.8.0-openjdk-1.8.0.232.b09-1.el6_10.i686.rpm2007cad8efe37311e983ee987dd861b47d2934b278a4f3b0f13b3cf0871c71f6java-1.8.0-openjdk-src-debug-1.8.0.232.b09-1.el6_10.i686.rpm5b4b7394028a61809f0049a75e1f6b97840baa255e226fb4986a44c6269ff4bajava-1.8.0-openjdk-devel-1.8.0.232.b09-1.el6_10.i686.rpm737c8caec905172aeba999cdf551472f3225288715856d14dd218ce81504ef8ajava-1.8.0-openjdk-debug-1.8.0.232.b09-1.el6_10.i686.rpm3924ec110310bb56cbbe0b3544e942ae476ddfc769175bdc3a3ce578f5a94633java-1.8.0-openjdk-devel-debug-1.8.0.232.b09-1.el6_10.i686.rpm045a099afba1e44eb6d42c6dbb98455b692ea72c4fd79a4dd34847013c5df0f1java-1.8.0-openjdk-src-1.8.0.232.b09-1.el6_10.i686.rpm84bb568fe0166e35f5ff2713eddea867b1b640a077d5c21707f02504f8908a11java-1.8.0-openjdk-headless-1.8.0.232.b09-1.el6_10.i686.rpmb531763c1de2719a8c83559ba8e58382a58467500598b692c776305e105669ddjava-1.8.0-openjdk-headless-debug-1.8.0.232.b09-1.el6_10.i686.rpmacf6e02aa153a0d701688d54dc3af6e194f7d6c3e71354d3653cee08243221b5java-1.8.0-openjdk-demo-debug-1.8.0.232.b09-1.el6_10.i686.rpm59fa924b04cc05ff9b171eb76d2ffb636026a81077a996d5e40a16597695092ejava-1.8.0-openjdk-demo-1.8.0.232.b09-1.el6_10.i686.rpm0f82488406606cf9f6bc40b8f8c82e538dac5e971b7cd8e72fa81c39cc70657bjava-1.8.0-openjdk-javadoc-1.8.0.232.b09-1.el6_10.noarch.rpm980bf7a6a1d786f686158f80532419d0bfbc7bfa4f1a441c956f96ae81670d31SLSA-2019:3158-1Security Fix(es): * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) * OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) * OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962) * OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964) * OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973) * OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981) * OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983) * OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286) (CVE-2019-2987) * OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988) * OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992) * OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999)moderateScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-1.7.0.241-2.6.20.0.el6_10.i686.rpmfe3953771bb0aa20098466f301e2f93b8a811c0081f959790f8249ef1c5bdf86java-1.7.0-openjdk-devel-1.7.0.241-2.6.20.0.el6_10.i686.rpmfd8e3b0d507c4db699df40b2a35324bd1bf627ed5e1c0d07ec049e26b1a92835java-1.7.0-openjdk-src-1.7.0.241-2.6.20.0.el6_10.i686.rpmea26a1e526355d46ec29e4531670dac4142555a92ea4443f6b55b9baa120afebjava-1.7.0-openjdk-demo-1.7.0.241-2.6.20.0.el6_10.i686.rpm895d609e7c10ec7303795c5a56847dcb3d1817848b95929d8841131a2564be1bjava-1.7.0-openjdk-javadoc-1.7.0.241-2.6.20.0.el6_10.noarch.rpmf11b5f289c40d212ad78b789e0c87076e9f30223cbe579418314a29139678cbbSLSA-2019:3281-1Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763)criticalScientific Linux FermiScientific Linux Fermi 6firefox-68.2.0-4.el6_10.i686.rpme2732af72e80e34ad78f7ff963c9f33d9ecccb956047d7fdeaa722cdb62360a7SLSA-2019:3287-1Security Fix(es): * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)criticalScientific Linux FermiScientific Linux Fermi 6php-pspell-5.3.3-50.el6_10.i686.rpmbc7435a0491e8fdda3eae35d68feb7b71239e42f205b79fadd6e103d889a7e1cphp-5.3.3-50.el6_10.i686.rpme26147a6c3f5c8879d7da765b4ce1b581f53ed5b002f320a0e6fecaf87d0ebfephp-dba-5.3.3-50.el6_10.i686.rpm5497d597961e9ffe0189ef4ea376375fddcf1faeb93d5016e7f0020c844e5772php-imap-5.3.3-50.el6_10.i686.rpmf69cc1420b3ef56fb516db4dd5462df0d28f43cfe1cae692ed40ed770fbbbfbephp-enchant-5.3.3-50.el6_10.i686.rpm0f3efc2649cbe76bf8001a7a71496968e9cc8360396608210ab7cd8e84bc9ae0php-common-5.3.3-50.el6_10.i686.rpm6855813b28c2f4f67e152b6963d12c3473a46af27702031a335b838c812ea9c1php-bcmath-5.3.3-50.el6_10.i686.rpmbb4071d5dab61a65f9d70565d418c510f555978d26b0bc41efd5536cfac70240php-xmlrpc-5.3.3-50.el6_10.i686.rpm4bca393de2619333b9179251d3d22078c230ef0a2c1eb080f3b451f29ebc2ad0php-xml-5.3.3-50.el6_10.i686.rpme5b343a8932d7783aaaa018f06763c786b304843eb824dbadffaf7a4725822faphp-gd-5.3.3-50.el6_10.i686.rpme1fc16f1dc3046858966d6f860e39769044305ade0fd872859324baff229adfephp-tidy-5.3.3-50.el6_10.i686.rpm4519aa2d5f887a5b8b22ae1248ada8ab2de79062ab37e0f455e03849453f5655php-recode-5.3.3-50.el6_10.i686.rpm049cbd575404dbcc69a1a99aeb288dde4d0e815ddf26f082ad28127f4cf2131aphp-cli-5.3.3-50.el6_10.i686.rpm4e857b05c31ea8da31257ac297cb4b8ce839c825f00f5d5afbd7b25b3398b97aphp-zts-5.3.3-50.el6_10.i686.rpm522c13c3f915a8eb9c7a52a27915785f2674c570444f1eebc21e8904d9b07f05php-devel-5.3.3-50.el6_10.i686.rpmc57284d61dba58928ddeacb0bc8932eddf042a5690d44323156bf67e1ff65994php-pgsql-5.3.3-50.el6_10.i686.rpm54fbf61bb3ec5a6214ee3364362ad66faf3970840d739fe877873eaaa385453ephp-mbstring-5.3.3-50.el6_10.i686.rpm3ff158e5eebe84e07e9c045c1d2869363a20e3a64dff9768ddeff71c0656eee3php-embedded-5.3.3-50.el6_10.i686.rpm97f159d70745845e4c6c3576ec01225659f2369325d2dad82a9bc3463e47a401php-intl-5.3.3-50.el6_10.i686.rpmd8fefd6aa5d98a5c5f4524d1c84a7fe154732ca02b5f7a9eae28b9135a8e6b97php-ldap-5.3.3-50.el6_10.i686.rpmb86a2fea6a4e91c5657d75ede597b493b207c0d16796f9ccb51823265d9bb619php-mysql-5.3.3-50.el6_10.i686.rpm3e5587b702c4258b7314dcf81b92f293651ec8e442eb92da09438ad49fb3d7caphp-soap-5.3.3-50.el6_10.i686.rpm68f63d8d2ee6f18e8d309740813261bee597225ef5f79965bdce9cbc54d1404aphp-odbc-5.3.3-50.el6_10.i686.rpm0c2240dc7012473b8fbaefe21d8b63407aaf0a20b05baaa22754d362055f2e62php-process-5.3.3-50.el6_10.i686.rpmaabaf393322ce50bf06b017eba34b27d16db1d718d481197176c057b6532d637php-snmp-5.3.3-50.el6_10.i686.rpm15baa8b30eec5a2264a8032fcfad750cf0af1421b0b5f285b83fec421a682936php-pdo-5.3.3-50.el6_10.i686.rpm90ff9b29ee8ebdd2c19f0bdd0aa6b6b0202f86d7dbf9c6aae2317e9c0a059a0aphp-fpm-5.3.3-50.el6_10.i686.rpmc80f5dcb5a5e835c221c0fe5038859bc787a83d5cf382fc156ea9048ab764b67SLSA-2019:3755-1Security Fix(es): * sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)importantScientific Linux FermiScientific Linux Fermi 6sudo-1.8.6p3-29.el6_10.2.i686.rpm03d0ead992d7d3888f84954eedc486818b58ecbb3e17cd1a466a6b776c8c78fasudo-devel-1.8.6p3-29.el6_10.2.i686.rpm62da827b90ab1c0cc3b28c1fa1eec0bd36c01c9491ee871e3d95a5317995e18aSLSA-2019:3756-1This update upgrades Thunderbird to version 68.2.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.2.0-2.el6_10.i686.rpm0126ff4bb78e62e5eb5abc89cd8ec1104e94d6f5fc113cd47a3196e21b0f2f2bSLSA-2019:3836-1Security Fix(es): * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * [Intel 6.10 Bug] With mWait/C-states disabled, HT on, ibrs enabled, performance impact observed on user space benchmark * kernel-2.6.32-573.60.2.el6 hangs/resets during boot in efi_enter_virtual_mode() on Xeon v2 E7-2870 * Slab leak: skbuff_head_cache slab object still allocated after mcast processes are stopped and "fragments dropped after timeout" errors are shownimportantScientific Linux FermiScientific Linux Fermi 6perf-2.6.32-754.24.2.el6.i686.rpmd398e9e0a5a0ece4be5500a7b9a1a8117590a490d0dfa09e4cb49e93b9ad979dkernel-2.6.32-754.24.2.el6.i686.rpm84a4098356783063b4c1fdc13a22574e27c917917f9fd7e4ad8c5223bcaefa7dkernel-headers-2.6.32-754.24.2.el6.i686.rpmccb0956c7548198e34b4f14109d29b70bcbd6956ded52beb6341096d7833e9fekernel-debug-devel-2.6.32-754.24.2.el6.i686.rpm0bf43100e7d596cc3977f8255e7deef06fd111310c234fe499fcdeb40a63a296kernel-firmware-2.6.32-754.24.2.el6.noarch.rpmeb0de1c5f5022dd369e4811d21203ec45af3e4f10fc031e66f3ec7a12556d466kernel-abi-whitelists-2.6.32-754.24.2.el6.noarch.rpme93510bebf7ae8913e1e229ca397f89a99a334264c845106e2b3d91da5ca8275python-perf-2.6.32-754.24.2.el6.i686.rpm831d1f2b3bbc49da24896b83f2c8be871e31ad399690515649d3c16815f05e93kernel-devel-2.6.32-754.24.2.el6.i686.rpma9bd60a9fcda6ae3eabc4c462a9a995c4262ef423cbd7ad4cca4723d9446c5d8kernel-debug-2.6.32-754.24.2.el6.i686.rpm5daa4fd19c389666b1c8712b7125a14696c4d71ccd7cff5cb086c2f5c52c2c88kernel-doc-2.6.32-754.24.2.el6.noarch.rpmaed7222ef4ac7cb673f27d39609ce38a716e3c5201ffc13c08119e771c07de57SLSA-2019:3878-1Security Fix(es): * hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE importantScientific Linux FermiScientific Linux Fermi 6kernel-headers-2.6.32-754.24.3.el6.i686.rpm853f12cb57924e4a606ebbc024f5fd8be1be5d3d068ad41ae825d3c0d297258dkernel-debug-devel-2.6.32-754.24.3.el6.i686.rpm9aacbb5fabfee0e958cb74301576437f9251a53f553b5e6fc620331f2f8a474bkernel-firmware-2.6.32-754.24.3.el6.noarch.rpme548f8e9f393db3e2dd773ecd7670b4654fbc4008a41becdec8876c133399eb9perf-2.6.32-754.24.3.el6.i686.rpm6e74088f514c07c9417cd0342c264b8799698700dbfa0f7d050f8cda63679b5dkernel-debug-2.6.32-754.24.3.el6.i686.rpmb80cd6b04a2e5214ff6800f558ffccb47a9f897aecae5c980a5f2e539df5e77ekernel-abi-whitelists-2.6.32-754.24.3.el6.noarch.rpmed779305e6cd7a26cd34b413e9b5b4cbec4fba94750a4a358167acfc6741c4e3kernel-doc-2.6.32-754.24.3.el6.noarch.rpma86ec05a26576ff8c05d31335f8fcefbe0b42b7c93257472082a8466aff77643kernel-2.6.32-754.24.3.el6.i686.rpm6d2338214a3e374e3de75ac45fbe327af9ac600c06cfe74ea875f97834849e43kernel-devel-2.6.32-754.24.3.el6.i686.rpm8995eef581a61a563725bbfbe7f870cb4473dc296a4dcd6eca5c3b628ed6b4ffpython-perf-2.6.32-754.24.3.el6.i686.rpmf6027a0bd9b90bad4ce934d4379de0c310127f78e47338abadaca48792aecb4fSLSA-2019:4108-1Security Fix(es): * Mozilla: Use-after-free in worker destruction (CVE-2019-17008) * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012) * Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005) * Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010) * Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)criticalScientific Linux FermiScientific Linux Fermi 6firefox-68.3.0-1.el6_10.i686.rpm7feaa86c2116e03b1ff4f4fc7235405d8eaf1779d2ef6f508b6468785f23bdfbSLSA-2019:4152-1Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745)importantScientific Linux FermiScientific Linux Fermi 6nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm9fbf5c0a6e9c9cbc4f659846e88b70d70a4a73f63f16219baeb4659ff1cf98ddnss-softokn-freebl-3.44.0-6.el6_10.i686.rpm70b6a495b8b23ee84cd4b9edf0b604356763656b1bcd51c6d3da401b2c880e2dnss-softokn-devel-3.44.0-6.el6_10.i686.rpmf8e5626d1adbe04d2fdccf2581069434143452419c0079e25dc683f314fbf267nss-softokn-3.44.0-6.el6_10.i686.rpm5e0e936804b3227ebd8b2d9b32ee55a2ea10c21e7d5fed428fd5e237c95f5e51SLSA-2019:4205-1This update upgrades Thunderbird to version 68.3.0. Security Fix(es): * Mozilla: Use-after-free in worker destruction (CVE-2019-17008) * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012) * Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005) * Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010) * Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.3.0-3.el6_10.i686.rpm30bc8e5a09522ea8c29e705689241a95b497f4923aa03ba06d7dc5e443bad8cfSLSA-2019:4254-1Security Fix(es): * freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to information disclosure (CVE-2015-9381) * freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read (CVE-2015-9382)moderateScientific Linux FermiScientific Linux Fermi 6freetype-devel-2.3.11-19.el6_10.i686.rpm6d7fd44af78ce088694751c24e283bdd9341945079d176925056be232849226dfreetype-2.3.11-19.el6_10.i686.rpm77703831c5562ac717a917552eea79e91f347d95dcb199859225515c94320c97freetype-demos-2.3.11-19.el6_10.i686.rpmeb6b87edd988f7e1e7944864bdebb0113abc49f23995fb9d30ab29a16213daa9SLSA-2019:4256-1Security Fix(es): * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) Bug Fix(es): * KEYS: prevent creating a different user's keyrings SL-6.10 * BUG: unable to handle kernel NULL pointer dereference at (null) * long I/O stalls with bnx2fc from not masking off scope bits of retry delay valueimportantScientific Linux FermiScientific Linux Fermi 6kernel-firmware-2.6.32-754.25.1.el6.noarch.rpm34667f86a2fc275ba9f36d8f885840b5cff80bceeaaad217cb7768aff40cc203kernel-debug-devel-2.6.32-754.25.1.el6.i686.rpm67e02e07f25c5f91e034b860e440fe9f99e19538caca3aa5f8dd6c37f9385c4fkernel-debug-2.6.32-754.25.1.el6.i686.rpm91fb0467752bdd59047431042dc9d1a0d732808a939bdc302005c54584fe6735kernel-2.6.32-754.25.1.el6.i686.rpm2b75cf68c1736e2445f4d5c1b6bedbcde378803430354fa01e51f8177f695281kernel-devel-2.6.32-754.25.1.el6.i686.rpma2155801e7880a454a33b8117bbfcb725faa1085afd2d69cce81af74bb5102e0kernel-headers-2.6.32-754.25.1.el6.i686.rpm98f56c2064a15344857ed2d5ef910c0c12cf1d2d7817eb56d46c79f3b1d8fc88perf-2.6.32-754.25.1.el6.i686.rpm74a6eb4410147039c129b1254ffd0b34a343a0c2cf622c0e28c6c2c6ad5e1f88kernel-abi-whitelists-2.6.32-754.25.1.el6.noarch.rpm780620108cc86ba9634200fdc2155ffa65ed82cd0979795eeec0f4370ef73075kernel-doc-2.6.32-754.25.1.el6.noarch.rpm615fa351cd7986dafec501b533bc5891316d70d4728170b16447a59de9c8631dpython-perf-2.6.32-754.25.1.el6.i686.rpm36cb1206a16125b73675a7454981018c3e922686dd8d6fb05bb6d448c932f268SLSA-2020:0086-1This update upgrades Firefox to version 68.4.1 ESR. Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022)criticalScientific Linux FermiScientific Linux Fermi 6firefox-68.4.1-1.el6_10.i686.rpmb8ffce2947a42087edb763eb295b2ce65cb83ee7bf1da62113cebef59aa510a7SLSA-2020:0123-1Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.4.1-2.el6_10.i686.rpmd753f03d812a2ecad2a1581e886186b9ae14fe92451e50f5a9c442b4688941eeSLSA-2020:0157-1Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) * OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) * OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)importantScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-headless-debug-1.8.0.242.b07-1.el6_10.i686.rpmb537b5ccf4643e75f3d98b25f4933b4bd3ed2e3e4127f929beb29058c349f046java-1.8.0-openjdk-javadoc-1.8.0.242.b07-1.el6_10.noarch.rpm9cdd1d70e628db2c241753201cffeca47340f741c0548dc678a830bc7e322567java-1.8.0-openjdk-devel-debug-1.8.0.242.b07-1.el6_10.i686.rpm3ff14db3c1af7a9213b921c1b75d5bfdfceb59fa198a6063615a9898c58d48b8java-1.8.0-openjdk-debug-1.8.0.242.b07-1.el6_10.i686.rpm08ccbe02f249367e84bfe9d4670bc8e6dca28446d6e455c8e2fd2f7b611f8073java-1.8.0-openjdk-demo-1.8.0.242.b07-1.el6_10.i686.rpmd3d6ec7097fee68e007e8118ca862b8275d00f9f25b2f9c9700942a6dcaac065java-1.8.0-openjdk-devel-1.8.0.242.b07-1.el6_10.i686.rpm658061bda1165b972c47063508e925a76da7fc4e301a0c0fa7251ae44d0bf327java-1.8.0-openjdk-headless-1.8.0.242.b07-1.el6_10.i686.rpm01965804c7b98cd2ef1da1d25d62cf590137794c2e84f04883b77f301a3a7a07java-1.8.0-openjdk-src-1.8.0.242.b07-1.el6_10.i686.rpm126fcfd3811c68f4f53cbb53ec28abbec9aaa73ba6660dbc2369480d9d39b808java-1.8.0-openjdk-src-debug-1.8.0.242.b07-1.el6_10.i686.rpmf6b8bdb8cc22b0d423d0aed4f7273b40496d1f4cad348991acd4095ee8adac4fjava-1.8.0-openjdk-javadoc-debug-1.8.0.242.b07-1.el6_10.noarch.rpmf25b6db5c691786c378a77fb790b1546af5f9434a0533fdeeb637f0a8145ca6djava-1.8.0-openjdk-demo-debug-1.8.0.242.b07-1.el6_10.i686.rpm8de54400d69d703ffa5486f599c56e57e96021c5abf7ee865ea6d8ecf93e4b8cjava-1.8.0-openjdk-1.8.0.242.b07-1.el6_10.i686.rpm40131a4374ebdc03084c87a5a7a87f681e9be5761a7eecb7f330f35a6a8dae37SLSA-2020:0197-1Security Fix(es): * python-reportlab: code injection in colors.py allows attacker to execute code (CVE-2019-17626)importantScientific Linux FermiScientific Linux Fermi 6python-reportlab-2.3-3.el6_10.1.i686.rpm9122feaeca3ea41fc476988f2e06fa37d3ecf2663355f449b3622530fdc9c523python-reportlab-docs-2.3-3.el6_10.1.noarch.rpm6b3401b4a3265d0b2f86f0291bce38f1e05d99e2349774429f829346cf0345abSLSA-2020:0199-1Security Fix(es): * openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution (CVE-2019-5544)criticalScientific Linux FermiScientific Linux Fermi 6openslp-server-2.0.0-4.el6_10.i686.rpm8a87d636e46ac0a24aee8535d355e431832995b26aa2d19a2e798e6c0b0963e1openslp-devel-2.0.0-4.el6_10.i686.rpm1f3373a88c9ebe30aee90f957eb32c43d230b47ba1baf50a0b4879b603f69081openslp-2.0.0-4.el6_10.i686.rpm5b52a1b6835e7c3b194075334dc126747b0bbcaff2bbcc0e64f6ec97180312a6SLSA-2020:0316-1Security Fix(es): * git: arbitrary code execution via .gitmodules (CVE-2018-17456)importantScientific Linux FermiScientific Linux Fermi 6git-svn-1.7.1-10.el6_10.noarch.rpm0f507a011aad8db7cff3e86620b31781d5e519481e518437a185f766dade76ccgit-email-1.7.1-10.el6_10.noarch.rpm98bf71aa3ea11db0b4e173676775aca8fe26029da4b73fd9180d38be2827cb23git-all-1.7.1-10.el6_10.noarch.rpm3c2d43ecd8da11d50260f94bb334b0dc44d9457a30eed7ef6901791baa78b61egitk-1.7.1-10.el6_10.noarch.rpm4e820bf7c778b4bdebc67ac640a42ebc6fd2a4a06f29e06082f20a5404a1a415gitweb-1.7.1-10.el6_10.noarch.rpmb7cdad0226d27a3422b16c2ba5d6ad38a1d41456fd9f278a5404966ed0edc0a0git-daemon-1.7.1-10.el6_10.i686.rpm12f436992543d6daa2834ec7fd4f5a5a6d5670a044b86960f785ee787e311d2eperl-Git-1.7.1-10.el6_10.noarch.rpm31d03187fdeb8ade325bcf18677794a75d3b3962b7c5c7fc77e7a0c4baf3ee14git-1.7.1-10.el6_10.i686.rpm160ed2dd5170d07ddabf6a7fd7f06b74f4861a02c3565c06f1958fcca8c0b0d4git-cvs-1.7.1-10.el6_10.noarch.rpmb8e082a5c273a8340ff1d8ae92ab732a755e57da3cbd67e9d0d998a5a96f8e24emacs-git-el-1.7.1-10.el6_10.noarch.rpmb34c2c7022314573cdc713354dbb516b14e24e3617c991ad8a5567d30179edd7emacs-git-1.7.1-10.el6_10.noarch.rpma3f91a6e8abb6649c176ad4654abf2433136ece32a762652ed98d733474ff2abgit-gui-1.7.1-10.el6_10.noarch.rpma2d8cc8bb16834ee5002b88443b5546f636beb65b8c5d1a2fb024aa065b875b4SLSA-2020:0471-1Security Fix(es): * spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows (CVE-2018-10893)moderateScientific Linux FermiScientific Linux Fermi 6spice-gtk-0.26-8.el6_10.2.i686.rpm150c7a4f9da15facdab9c1cec879d56d74c010d9cb4713d7384dd80ce67cae68spice-gtk-tools-0.26-8.el6_10.2.i686.rpm3aeb03bafdd3b566bdd3c29532488329a0541798d84256fad1fdff18324d7497spice-glib-devel-0.26-8.el6_10.2.i686.rpmbe2af02ed6b1bd65b96666c9ff2e356e655ecb3be7f1a89837013186a370d7ffspice-gtk-python-0.26-8.el6_10.2.i686.rpm41995586fdd7f09661104a460cd80deafa480d335401d47b24530a2e27daebd4spice-gtk-devel-0.26-8.el6_10.2.i686.rpm2ff61cf3350e2df213116e84bb0e2027a0d5547e37a29ef3f72deb1f28cb5965spice-glib-0.26-8.el6_10.2.i686.rpmabdb8e54d36de48d4c70945da85a0e5e7c78eb37962b9429c8c73dca13b7a5d4SLSA-2020:0515-1Security Fix(es): * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868)importantScientific Linux FermiScientific Linux Fermi 6ksh-20120801-38.el6_10.i686.rpm4573de948933989e13edd23b1db3a1037e13589ababdf9ba59688d91ac18c32dSLSA-2020:0521-1Security Fix(es): * Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796) * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800)importantScientific Linux FermiScientific Linux Fermi 6firefox-68.5.0-2.el6_10.i686.rpmeaa61eaccc640698a594708a192d899872c14fa31adef4cf6198d32e4c5abe0eSLSA-2020:0574-1Security Fix(es): Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) Mozilla: Out-of-bounds read when processing certain email messages (CVE-2020-6793) Mozilla: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords (CVE-2020-6794) Mozilla: Crash processing S/MIME messages with multiple signatures (CVE-2020-6795) Mozilla: Incorrect parsing of template tag could result in JavaScript injection (CVE-2020-6798) Mozilla: Message ID calculation was based on uninitialized data (CVE-2020-6792)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.5.0-1.el6_10.i686.rpmc0926310db6c871dada50f39e93fdb3fdc6ba4fdd76b43f00ae8a021004c505aSLSA-2020:0631-1Security Fix(es): * ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597)importantScientific Linux FermiScientific Linux Fermi 6ppp-2.4.5-11.el6_10.i686.rpm593502a484e86b62efebc73778ad61e9c99e8109dd6278395a56a266765465a9ppp-devel-2.4.5-11.el6_10.i686.rpmdbc8ac92000ed47d7c0e9f18cbf663640035f286226fa060f5e1411ed83e09bbSLSA-2020:0632-1Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) * OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) * OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)importantScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el6_10.i686.rpm53c8ed344688680d5689a0ed27e8ae8b53f552d169d5e648fdd78d75a95263a4java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el6_10.i686.rpm62615675de16c7aa87e357a5dca9d83db0dfdd9173e6a1a9ff15416dbd9a124fjava-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el6_10.i686.rpm95ce07c10622460032e590743934c04718a190bf58afa5efb48e28cee90fad78java-1.7.0-openjdk-javadoc-1.7.0.251-2.6.21.0.el6_10.noarch.rpma4fa4151a35710d667b1c09c3d00684f8d3c200b74e9075cfd08ddd15585e850java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el6_10.i686.rpmaf419a2c02991a045c55337485f140f6d2142a3a150f195eb808d238eb0e70ffSLSA-2020:0702-1Security Fix(es): * xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311)importantScientific Linux FermiScientific Linux Fermi 6xerces-c-devel-3.0.1-21.el6_10.i686.rpm299f5f4e4944cbd1b4b31bcf4287d85c7f4567477a07fbd7f7b4d7fa14959817xerces-c-doc-3.0.1-21.el6_10.noarch.rpmd992f681dce12e5cc47b634455037596ff101ad2eebc66d459708ce5ac4679e9xerces-c-3.0.1-21.el6_10.i686.rpmfe04f8540a3ed07b20d7c440a04b6cc71552b361b765125e13c7945342d22903SLSA-2020:0726-1Security Fix(es): * sudo: Stack based buffer overflow when pwfeedback is enabled (CVE-2019-18634)importantScientific Linux FermiScientific Linux Fermi 6sudo-devel-1.8.6p3-29.el6_10.3.i686.rpm37a0c40da8624c01ccbcc4844414f61276b85999256950bce83258c049606f2csudo-1.8.6p3-29.el6_10.3.i686.rpmd9b8368cc70fb32e27bd4d83f623991b0e3b2ef9be414623845491eee7ef7c9bSLSA-2020:0775-1Security Fix(es): * QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039) * QEMU: Slirp: use-after-free during packet reassembly (CVE-2019-15890)importantScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.506.el6_10.6.i686.rpm24f9e154a7b992a61e9d8054c08c1eaea48a23516d1e9a7f01d6378dba6a43c5SLSA-2020:0790-1Security Fix(es): * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless /wext-sme.c (CVE-2019-17133) * kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055) Bug Fix(es): * LACP bond does not function because bonding driver sees slave speed & duplex as Unknown * ixgbevf guess causes excessive interrupts in hypervisor due to get link settingsimportantScientific Linux FermiScientific Linux Fermi 6kernel-debug-devel-2.6.32-754.28.1.el6.i686.rpm7baeb69b0cce2467013a56c324072bf0d9511b897f882d4425c899cb70348d83kernel-debug-2.6.32-754.28.1.el6.i686.rpm08068b6652dfe516d1c0e9f006a7af1e0aa7b81e0f56d885ddcfbf3a0421c8ebkernel-doc-2.6.32-754.28.1.el6.noarch.rpmbd7fcc9e693f1122eb8f6474f3ec7117e8d1ef0610ae4d429284353c2742db1dkernel-devel-2.6.32-754.28.1.el6.i686.rpm83709e36a7d614ec5b27f6c328387c1a77c962ca082feece7f562db7f155f449kernel-2.6.32-754.28.1.el6.i686.rpm4a14d589f161cd8023fe9f048f52634e67613d3fd6c81fe5b808e15f07ca7000kernel-abi-whitelists-2.6.32-754.28.1.el6.noarch.rpmb49136d71faf2a416f07485e49c4a72e816c2b0c7f5a5a0c2f7b5bd8e9dc0ec8python-perf-2.6.32-754.28.1.el6.i686.rpm8d487df6ef77663826c2305db8f521ab815661c945ac2883378cfd9e248e71b6perf-2.6.32-754.28.1.el6.i686.rpmca3cce7406dff45b5e2043d3744e24e4eec4da774a3de6d412f7e1cc87fa80c0kernel-headers-2.6.32-754.28.1.el6.i686.rpm85c6fd176653526c0fe98d43e7a9106bca7757516af069c6cc14ac2e5821c537kernel-firmware-2.6.32-754.28.1.el6.noarch.rpm5a96c1d62011f5cc7044a4079ab4c4d4b805bf97094eebdc7075e330079dbda2SLSA-2020:0816-1This update upgrades Firefox to version 68.6.0 ESR. Security Fix(es): * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addresses_from_init (CVE-2019-20503) * Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website- controlled data, potentially leading to command injection (CVE-2020-6811) * Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission (CVE-2020-6812)importantScientific Linux FermiScientific Linux Fermi 6firefox-68.6.0-1.el6_10.i686.rpm42e3aa25d642495bf090dea0eb1deed36d4d7f308b62a6078d755ce3ebdb3b51SLSA-2020:0892-1Security Fix(es): * zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044)importantScientific Linux FermiScientific Linux Fermi 6zsh-html-4.3.11-11.el6_10.i686.rpm27365cb9a38fbd29d9bbb9fa6a220807ec6686d05f041386a95c96ab3ef14300zsh-4.3.11-11.el6_10.i686.rpmcbd3998d7afe51c1548e9ed32d6309f6bf03710eb4b60c28b47defc45b449ed4SLSA-2020:0896-1Security Fix(es): * ICU: Integer overflow in UnicodeString::doAppend() (CVE-2020-10531)importantScientific Linux FermiScientific Linux Fermi 6icu-4.2.1-15.el6_10.i686.rpmaae26cc6d13bfb6fd5d555802987184f416ef7f6105bcc171d172f74271cf745libicu-devel-4.2.1-15.el6_10.i686.rpm04b271467d8f55f0a0dd1dd8140c1339c5cf90defa0d44599d795095deac8b04libicu-doc-4.2.1-15.el6_10.noarch.rpmeb4363fa5c07c028aa3ef1c29c7b7b76c301338ea9ca9ce73eb140cceef386e0libicu-4.2.1-15.el6_10.i686.rpm9f6dd5d39417b489153c66e23c5aa4fc33766f5c6346715033feb549ce1bead0SLSA-2020:0898-1Security Fix(es): * python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312)importantScientific Linux FermiScientific Linux Fermi 6python-imaging-sane-1.1.6-20.el6_10.i686.rpm3f8e340ed49d98234b5f13477618a82cd0a23680c6f33f6a8333f2da6eaac276python-imaging-1.1.6-20.el6_10.i686.rpm73e0cf03c2fbf49793359a691b7399597a2a926da67aed07a9418fb52d76bb50python-imaging-devel-1.1.6-20.el6_10.i686.rpm6a20bc6a2e92a182be18ddbb8a79fc2d53c829b4f8f1a0e92966386e2f23cdffpython-imaging-tk-1.1.6-20.el6_10.i686.rpm50bc40dfab966b96c518021d9b6b4465f6859706cc5efbdace17b3450167ed8cSLSA-2020:0912-1Security Fix(es): * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)importantScientific Linux FermiScientific Linux Fermi 6tomcat6-6.0.24-114.el6_10.noarch.rpme67c6d4b8ff53161a4042eaf73db125e581793fef161651e13cb59988f1fc6dctomcat6-admin-webapps-6.0.24-114.el6_10.noarch.rpma05f1b783d85bc1f7f64e7bb59d7b43698f9bb368d31e16d36a3ee271d83fdaetomcat6-el-2.1-api-6.0.24-114.el6_10.noarch.rpm400c301bcb75cf7b39b7016f5e023c30efe45e3d25aa61236c63533edb733aaetomcat6-javadoc-6.0.24-114.el6_10.noarch.rpm5c1707db16c145ceb07eafe23966b012b420510d57599dd01709a2fb947c721btomcat6-webapps-6.0.24-114.el6_10.noarch.rpm4ce45e27aa33def8fbf9e9e7d2c6e87562ae1abbabd962b0130a07c4da5e3003tomcat6-jsp-2.1-api-6.0.24-114.el6_10.noarch.rpm26ce9c8aac1c86685dab7592ae4c24959f039e902114d6de2378052e97eb31e2tomcat6-docs-webapp-6.0.24-114.el6_10.noarch.rpm7bc43c2a6010849c4a713e025c2ffe605601df8cd3f5af5027c978b8da6c7c6ftomcat6-servlet-2.5-api-6.0.24-114.el6_10.noarch.rpmbe3c60a3ba52795cf7a62ce5fb4a7ac8dc9f1dd2254b1af2dba4681bfd1fa6bbtomcat6-lib-6.0.24-114.el6_10.noarch.rpme5f8748e8b5e9f488f39dc02b6fdcec0a2aaa655942fbb70bf83e2cc128fbaf5SLSA-2020:0914-1Security Fix(es): * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addresses_from_init (CVE-2019-20503) * Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection (CVE-2020-6811) * Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission (CVE-2020-6812)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.6.0-1.el6_10.i686.rpm5dc51156f7cfde9e7b4011ad5ac0b886f4bdff0babd05ad96c87e034146aafafSLSA-2020:1331-1Security Fix(es): * ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c (CVE-2020-5208)importantScientific Linux FermiScientific Linux Fermi 6ipmitool-1.8.15-3.el6_10.i686.rpmea1a33b9fa4c4c2aa724528aa35e92fabc4bd6e4c186b0677cc4ba9f2c7f83b9SLSA-2020:1335-1Security Fix(es): * telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code (CVE-2020-10188)importantScientific Linux FermiScientific Linux Fermi 6telnet-server-0.17-49.el6_10.i686.rpmd9cf7ab6b1b894a04bf4373cbb36aabf9df1884a5f4ad43940e15ce050ae43c7telnet-0.17-49.el6_10.i686.rpmbbd2194e19354b9a029e5ddd1fb360555ee95a050eb9aa981ebcd1a246765e55SLSA-2020:1339-1Security Fix(es): * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)criticalScientific Linux FermiScientific Linux Fermi 6firefox-68.6.1-1.el6_10.i686.rpm8ff4339baa2182e770b13ac184fd96c9931a1224cf68a4e9ed922a18184f0cedSLSA-2020:1349-1Security Fix(es): * telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code (CVE-2020-10188)importantScientific Linux FermiScientific Linux Fermi 6krb5-appl-clients-1.0.1-10.el6_10.i686.rpm1fcad7779c1fb41ea66bfdbe9efbd46f3e7b0c37674102358736a22c37c933bbkrb5-appl-servers-1.0.1-10.el6_10.i686.rpm6110f465790a6b096d571a3497a2984b45b83f99bd91e881a594f6bdfe71cc07SLSA-2020:1403-1Security Fix(es): * QEMU: Slirp: potential OOB access due to unsafe snprintf() usages Bug Fix(es): * QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-6]importantScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.506.el6_10.7.i686.rpm2c8d289e255beae0113cb13787b128b1b083189c718b369d269c0fc696074b02SLSA-2020:1429-1Security Fix(es): * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)importantScientific Linux FermiScientific Linux Fermi 6firefox-68.7.0-2.el6_10.i686.rpmad728bcd2c4f76fcf472c16c6a85db811b9c7f71628cc434bd804e0100a5de05SLSA-2020:1488-1Security Fix(es): * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.7.0-1.el6_10.i686.rpm983056da56ace25744770efbca29f16a2969af82b7ea88a13288c835d054f965SLSA-2020:1506-1Security Fix(es): * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) * OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) * OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) * OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) * OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) * OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) * OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757)importantScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el6_10.i686.rpm0b5a6f4e19fce4cdd9fc10d9d83a0a8170b87507e29474187ee0fb530acdcc75java-1.8.0-openjdk-src-debug-1.8.0.252.b09-2.el6_10.i686.rpm3b7737a0afdd2eb7d3e8b352c03d09b887631f835f8f1c79dff29e72241c5b41java-1.8.0-openjdk-javadoc-debug-1.8.0.252.b09-2.el6_10.noarch.rpme19975268da987ac48575702799aead59f14f335ced187695be30aaec2cc5abbjava-1.8.0-openjdk-demo-debug-1.8.0.252.b09-2.el6_10.i686.rpm143ba3d79fc10d85bee00cf4bab529cfde435cd0f56b7f7f8525797ca88a5c01java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el6_10.i686.rpmf682886302c8b4ac9abef5894ce93f3db480f6966065fc6d178f8cb773e2c741java-1.8.0-openjdk-devel-debug-1.8.0.252.b09-2.el6_10.i686.rpm0814bfe44d825a9c24f15971f33d9443edfb248b8f1df1c6cf2795b78107f441java-1.8.0-openjdk-debug-1.8.0.252.b09-2.el6_10.i686.rpmd7d1b71531d39de5ac508b165da20c45a3d2a32beffa28079deeb0174358fbe7java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el6_10.i686.rpm53be25fd0626e72c50e7d16bc3c8fffa707b559ad08260427dd702e250b27866java-1.8.0-openjdk-1.8.0.252.b09-2.el6_10.i686.rpmf32e6265854ef86415f1f2802fbdae64e922f7e44813549058b49f5654ac3f06java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el6_10.noarch.rpm135085ccb7581891eea423fd6ef4d02cbc030b48e790aa48781d56271a8434acjava-1.8.0-openjdk-headless-debug-1.8.0.252.b09-2.el6_10.i686.rpm6b7dbf93fe3989884843244c5ccce890faf6e787495e707476dbfbe92f800d2ajava-1.8.0-openjdk-src-1.8.0.252.b09-2.el6_10.i686.rpm007dc853d73cfa9f6b8b388473b8f019d8f5a65182b8d977f1714e5cffc09079SLSA-2020:1508-1Security Fix(es): * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) * OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) * OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) * OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) * OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757)importantScientific Linux FermiScientific Linux Fermi 6java-1.7.0-openjdk-demo-1.7.0.261-2.6.22.1.el6_10.i686.rpm97a630c706bb2d5d37e48a5300cc7ea735ecd4ca10c517602a7ef5240233607ajava-1.7.0-openjdk-1.7.0.261-2.6.22.1.el6_10.i686.rpm9444c4f88cb0815d03f46b1f0cd647ba9fb929dce24a951e81e0c8394cac7732java-1.7.0-openjdk-src-1.7.0.261-2.6.22.1.el6_10.i686.rpm3ef2a31eca98086606607b07e38759d8f64f6d287732f2cbcbd9e7f7384fb974java-1.7.0-openjdk-javadoc-1.7.0.261-2.6.22.1.el6_10.noarch.rpm5b9f02ba2ad600fb3499389613ac77dc9176a41a7d9876768a59ed01fed443b1java-1.7.0-openjdk-devel-1.7.0.261-2.6.22.1.el6_10.i686.rpm9354144a59e73c1737c53da9984f4cb8de09cffe0a281755f5d0abd878755f52SLSA-2020:1524-1Security Fix(es): * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: offset2lib allows for the stack guard page to be jumped over (CVE-2017-1000371)importantScientific Linux FermiScientific Linux Fermi 6perf-2.6.32-754.29.1.el6.i686.rpm7bfa51c01cdb3ad26e14b287d4fe65382637d0fb1771f76fdd7cad9cad73775ekernel-firmware-2.6.32-754.29.1.el6.noarch.rpmbd4c2ee33949073a2178159e42b89a1c8c00fa0a4138d734a972ef527ce91efdkernel-debug-devel-2.6.32-754.29.1.el6.i686.rpm6ba2d8062dfb47aa9fa2910f7981ef19987838a6c1a77143594b1c32a3909028kernel-debug-2.6.32-754.29.1.el6.i686.rpmae0e41c4b86dc18df50f93ffeca0b88c2f8b6c6df9103c5e66842e393adee431kernel-doc-2.6.32-754.29.1.el6.noarch.rpm2defbde25423ad053033684cde92f7e36331c7358e7cef50faaa60613aaccd70kernel-abi-whitelists-2.6.32-754.29.1.el6.noarch.rpm21415c036c175c1ff223d933f78794efdd9bd62777ea5b32533bbe853dfb1a39kernel-2.6.32-754.29.1.el6.i686.rpm70ddda91e0472a57452373b939be1c927fed72949f2c66d12bd29f87a4478b57kernel-headers-2.6.32-754.29.1.el6.i686.rpm2f794473871c2879d843c87283b748bead779813301d60791db9c82224a8f22fpython-perf-2.6.32-754.29.1.el6.i686.rpm413496762d84e9e429bede93968364b92ee9b4bca6d111d98a85eaded65b1c2bkernel-devel-2.6.32-754.29.1.el6.i686.rpm68bf2d7f23c8247d12053cb0ba3a604c3f1da61782a949c86f16eaa9f09fa301SLSA-2020:1962-1Security Fix(es): * python-twisted: HTTP request smuggling when presented with two Content-Length headers (CVE-2020-10108)importantScientific Linux FermiScientific Linux Fermi 6python-twisted-web-8.2.0-6.el6_10.i686.rpmc94f94f4682e6795108539c2136e9c9345b548430d531bd51e98f96d02a41a91SLSA-2020:2036-1Security Fix(es): * Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * Mozilla: Buffer overflow in SCTP chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392)criticalScientific Linux FermiScientific Linux Fermi 6firefox-68.8.0-1.el6_10.i686.rpmff969ec40b02b9b409cc49bc985aa45bcd464c72e5edee8463141ea0a97840b4SLSA-2020:2049-1Security Fix(es): * Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) * Mozilla: Sender Email Address Spoofing using encoded Unicode characters (CVE-2020-12397)criticalScientific Linux FermiScientific Linux Fermi 6thunderbird-68.8.0-1.el6_10.i686.rpm276f363d8ddc3552bf135342ffb2a4acd400cbc1e452e3b7edeffc0fd6a115f5SLSA-2020:2103-1Security Fix(es): * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711)importantScientific Linux FermiScientific Linux Fermi 6kernel-doc-2.6.32-754.29.2.el6.noarch.rpmd5fc2eaa74a1164e87e0e4c89749626e01abb315781aa3723eef54d091cb717akernel-headers-2.6.32-754.29.2.el6.i686.rpm39ff3280d089ed98fa29b703636fcafa6851111551884f67357130ce5b031979kernel-debug-2.6.32-754.29.2.el6.i686.rpmbd5c7284198005e6178785ebe8b45dd48f98d1bc66396e372267fce4932dd4b9kernel-2.6.32-754.29.2.el6.i686.rpmf06547b178b03475305bc2fc7c408c453e3255beee2269d1ee20e5781f91103fkernel-debug-devel-2.6.32-754.29.2.el6.i686.rpmc0253bd506d0754a0b06020c65c1c748b60f2bc25dfa40928e2d35b216dd414ckernel-abi-whitelists-2.6.32-754.29.2.el6.noarch.rpm0420598dca0abb270d088895439416fa07f685d4099807ee1b9683a815c292d6kernel-devel-2.6.32-754.29.2.el6.i686.rpm0186f1f6ec9a68ceea53d9c0cb87448d77586a38bc28e68d78780dbb40657393python-perf-2.6.32-754.29.2.el6.i686.rpm2c71e1625a87a8fcd1811394761018a9473965e54ac173069a5452369bdb8463perf-2.6.32-754.29.2.el6.i686.rpm6abd7deef9c75e8656dd20b20e2f6a49b570019356373297a5e2c432a0156f76kernel-firmware-2.6.32-754.29.2.el6.noarch.rpmc115cfac5d1f31547e415ce6299dd8df41c6a3343d6b1f45ed870a4098f1ecdbSLSA-2020:2378-1Security Fix(es): * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410)importantScientific Linux FermiScientific Linux Fermi 6firefox-68.9.0-1.el6_10.i686.rpmc8492bbae72bdea59eb209ed09fdce0979d34a4510a76da61befda5fda11146dSLSA-2020:2383-1Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617)importantScientific Linux FermiScientific Linux Fermi 6bind-sdb-9.8.2-0.68.rc1.el6_10.7.i686.rpm33102af0b5d55c548c380db640ec25d946b1223b2664359ce3c79097a0e72afcbind-chroot-9.8.2-0.68.rc1.el6_10.7.i686.rpm3f451e02ce43fab493a31c19d9f8f58c2e60a51c2db95f0f58053802da466542bind-9.8.2-0.68.rc1.el6_10.7.i686.rpmd9d6739f85bca6845a30b2c7e44f01b263fd260afc49f1b8982289bd4ceb0d84bind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpmbd5e29847f28c681d00071493941add2c30d9ae99f4eb0469a22b89ee6873acfbind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpm0260edc1e0c226c49f66583e3ca503f3c3976233210f54ae8139bbae52fe23afbind-utils-9.8.2-0.68.rc1.el6_10.7.i686.rpmc216753fb645a6b4eb5fd42fc9149adf6dc53196f4db99cd3841d7a291da4dc8SLSA-2020:2406-1Security Fix(es): * freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)importantScientific Linux FermiScientific Linux Fermi 6freerdp-libs-1.0.2-7.el6_10.i686.rpma5baa62e16352b5b2ecd546ee16daf3567c42ef094f83f7f466cc12fd2a8c4f9freerdp-devel-1.0.2-7.el6_10.i686.rpmeacfd27013b2bfdf41cd621abf469ac0aef2df7ad612db6da69bc6132b652730freerdp-1.0.2-7.el6_10.i686.rpm41b4e9d74d9563db5d64206664f105ff94cf79b306af69806f4901ced9094df2freerdp-plugins-1.0.2-7.el6_10.i686.rpm3eb480de66ea0e120ca561b2e5e65bbfc17ba3c4530c4101c4cdb7c07bafe763SLSA-2020:2430-1Security Fix(es): * kernel: NULL pointer dereference due to KEYCTL_READ on negative key (CVE-2017-12192)moderateScientific Linux FermiScientific Linux Fermi 6kernel-abi-whitelists-2.6.32-754.30.2.el6.noarch.rpm730770d4ce0c67828244447ebc39d11243b6bfe40ddcd34224ab246ca84833d5python-perf-2.6.32-754.30.2.el6.i686.rpm915ec613738fd37809f534d16ff60e6b3c631edf14c52b2161bf24d740f30b93kernel-2.6.32-754.30.2.el6.i686.rpm8f4b6a6357d346680675a4f6e6580535c51a7fb0856b7a92b30721446a3641a0kernel-debug-devel-2.6.32-754.30.2.el6.i686.rpmf7c3d857729cb095d06af86f69412a2744053ad84aa50859ddfd0aa2abac566dkernel-debug-2.6.32-754.30.2.el6.i686.rpm8be551c1fdc7d72df1c913333bdafadbf828cf46b612be5fcce28ad1d6ed7e42kernel-doc-2.6.32-754.30.2.el6.noarch.rpm176c75f8d19c75db7f1c00844acd6777c12c2b16caa608896f6a369cdd48a785perf-2.6.32-754.30.2.el6.i686.rpm16abaaed6779670b58522418db86108054da83a2b277028afa70096bcadb8a8ekernel-firmware-2.6.32-754.30.2.el6.noarch.rpm8a9d803a8bf4395aa75086a462f5a2f75457ae2c2bd2c4bc07a40a3e648defb9kernel-devel-2.6.32-754.30.2.el6.i686.rpm70c11214d3fd258dba85940511880b10273c71f053a0dfe5cbeec9660ea6858bkernel-headers-2.6.32-754.30.2.el6.i686.rpm510a771f66e3c05cc7c14c62a0d53bfe7fe76fe67241d7f6346d404ba9a42ea1SLSA-2020:2433-1Security Fix(es): * hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) * hw: L1D Cache Eviction Sampling (CVE-2020-0549) * hw: Vector Register Data Sampling (CVE-2020-0548)moderateScientific Linux FermiScientific Linux Fermi 6microcode_ctl-1.17-33.26.el6_10.i686.rpm2f47f6520509729b2db205f2bb9fb27da378323b451bd97a7892a28c19ce73a2SLSA-2020:2516-1Security Fix(es): * libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS (CVE-2020-13112)moderateScientific Linux FermiScientific Linux Fermi 6libexif-devel-0.6.21-6.el6_10.i686.rpm9879765aaf062b70cd05712af8a56585fe8b7183b876064046e3b52a00fb039blibexif-0.6.21-6.el6_10.i686.rpmace0d218fe2af9d4388e16cd74e56407fc84d7449c4734e5083f896cec0965a3SLSA-2020:2529-1* tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484)importantScientific Linux FermiScientific Linux Fermi 6tomcat6-servlet-2.5-api-6.0.24-115.el6_10.noarch.rpmd8c8a740ba3cc36e91a74d7bbae6901df18ebe696ea3bbbeab47b0b0b4571e7etomcat6-webapps-6.0.24-115.el6_10.noarch.rpmc91a7a99212042e51aa337f876498052253ab3e7c8b92122d9f4bf8e3e78dbedtomcat6-6.0.24-115.el6_10.noarch.rpmf1b3b894b412ff6b21743ec297617202a22eef5f2b1ef6e897d14e2d17e73306tomcat6-docs-webapp-6.0.24-115.el6_10.noarch.rpm1266db8f8dc17028c4ecf3a1e1ca909316d16467f2707a4d011c3a593f8ec9ddtomcat6-jsp-2.1-api-6.0.24-115.el6_10.noarch.rpmbefc720145865fd7c2c8212e17ff455424fa5deb7121938b6aaec3cdbc744dfctomcat6-javadoc-6.0.24-115.el6_10.noarch.rpm6125b1df82d8470a1194b539578bab6a5b579b82d48b292677120b3b04a791e6tomcat6-el-2.1-api-6.0.24-115.el6_10.noarch.rpm5ba010b035d1372221917d23a762d5138648fb2669b799bc0806d7f2102bbcf2tomcat6-admin-webapps-6.0.24-115.el6_10.noarch.rpmab7257bf316de7c76f7c6f94963b25b7249b67eab8917d60658271ad54656af8tomcat6-lib-6.0.24-115.el6_10.noarch.rpmd6c3b2b895ffbcb24ce3002b1f7ada3852ef24da299fc828750bc1eb1b930991SLSA-2020:2613-1Security Fix(es): * Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage (CVE-2020-12398) * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.9.0-1.el6_10.i686.rpm2c9535e4c563fe491472ccb4ba4be8e3ab7ce8363295b2d31a98855b1efb6072SLSA-2020:2640-1Security Fix(es): * unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662) * unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663)importantScientific Linux FermiScientific Linux Fermi 6unbound-devel-1.4.20-29.el6_10.1.i686.rpm1640c1c683df3635ae36acb42b5f14ecca4de9afafc02d2fc8ae56eec77367bfunbound-1.4.20-29.el6_10.1.i686.rpmf58b96e6e3a3b79f5507a0e2950b8f940d8bc780522e16e01d246c3064105f24unbound-python-1.4.20-29.el6_10.1.i686.rpm24ed8af56ac67370ba105e9d738d0ecc654fa687460e129adfdf21af68f24218unbound-libs-1.4.20-29.el6_10.1.i686.rpm0be3da9d7576e4670c2a6779820fd9516c14d0be004c979b19adedae8eddead0SLSA-2020:2824-1Security Fix(es): * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)importantScientific Linux FermiScientific Linux Fermi 6firefox-68.10.0-1.el6_10.i686.rpm1804805bd0e916dcf89e3589374aaf5d1f06020b57373970e2ad0e3f3f01c681SLSA-2020:2933-1Security Fix(es): * kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660)moderateScientific Linux FermiScientific Linux Fermi 6kernel-firmware-2.6.32-754.31.1.el6.noarch.rpm7d3a2a63f1a3e7bbc67de2f0ca9c68e7c3daaf0640e4835f9b060961a70b9095kernel-headers-2.6.32-754.31.1.el6.i686.rpm07bf93535171ce1064739a31be94c259a07a774e7188990b2d310473347b39b0kernel-debug-2.6.32-754.31.1.el6.i686.rpmf1fdf52d20afa0c1975918b11d7bf81bb8ae8dc65ef2f18996fc105a9ca2b7a0kernel-abi-whitelists-2.6.32-754.31.1.el6.noarch.rpm5a01513018c63477b395dfd3b566e36cb970039217f71703d35d01a9f49ef009kernel-debug-devel-2.6.32-754.31.1.el6.i686.rpm423a5bcbfe1c0407b211abc3598b2c387670f59a3379a7710c824a55ca920132python-perf-2.6.32-754.31.1.el6.i686.rpm183e7851ef5b87f579efe40162ee0a4de545f7585f3a1c1cb99a11a1f8059a89kernel-doc-2.6.32-754.31.1.el6.noarch.rpm6917b2ed40d0db1bd3b8c8df73aac89cfcaf899404b5a011eac2f809b50955f1kernel-devel-2.6.32-754.31.1.el6.i686.rpm44fe16721dc2c278aed128eac2073a1b4808b5bbd3f4a979b8815e5062f3b22fkernel-2.6.32-754.31.1.el6.i686.rpmc89fb86d08d16b8ab4ab3a93e10be14fa1b5d551073d3bf1306ce14ba73f21a3perf-2.6.32-754.31.1.el6.i686.rpm5e1bc4279f3d3cc73d560fbf4c8a6384991468480c9bcc92a282a54bcceb1445SLSA-2020:2966-1Security Fix(es): * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.10.0-1.el6_10.i686.rpmbced70b3e467495f91a0f3d97128ced58d3af61b150ed08cd787a8112aadba81SLSA-2020:2985-1Security Fix(es): * OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583) * OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593) * OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) (CVE-2020-14556) * OpenJDK: Unexpected exception raised by DerInputStream (Libraries, 8237731) (CVE-2020-14578) * OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736) (CVE-2020-14579) * OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621) * OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577)importantScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-headless-debug-1.8.0.262.b10-0.el6_10.i686.rpm0020cd1b9d979b42953c8462d6d8e1c317c6f735d5fb9cc1fb2248f72d0ab745java-1.8.0-openjdk-src-debug-1.8.0.262.b10-0.el6_10.i686.rpm838184c878241e601e86fcf53e2f5adbb6cf6a52534d5baeaed5dfcd26cbb589java-1.8.0-openjdk-devel-1.8.0.262.b10-0.el6_10.i686.rpm0e82ed94cb3557e38ab98cef3091102d05a4e15ec280bc6ca30eddf27c0e3cdbjava-1.8.0-openjdk-javadoc-debug-1.8.0.262.b10-0.el6_10.noarch.rpmd9add926a08b73c1a5202a99eacc399216cdeb39d52b5e2941285902e6bf4d58java-1.8.0-openjdk-headless-1.8.0.262.b10-0.el6_10.i686.rpm1c7205be5c8b27dbce0cdfc9d5bc7504c96344c6b9b332f48b01f4b77759dc4ejava-1.8.0-openjdk-devel-debug-1.8.0.262.b10-0.el6_10.i686.rpm8d31850fbd38536174b747f0a73da165b3522e2488643d627f1d2ce614db7272java-1.8.0-openjdk-src-1.8.0.262.b10-0.el6_10.i686.rpmc9b679cc63593d86fbef9ee570e77cac7587d249b4bd1513554f20d53d6586cejava-1.8.0-openjdk-1.8.0.262.b10-0.el6_10.i686.rpm37343f2f5374544fde41c18a3fc67e5c5c37e2cf6091ed5ad88591920b9b12e8java-1.8.0-openjdk-debug-1.8.0.262.b10-0.el6_10.i686.rpm5207a1282a0dc55be458421408bf0cb7c40f2a5f51593a4a9f676a0371d3b869java-1.8.0-openjdk-demo-debug-1.8.0.262.b10-0.el6_10.i686.rpm24edab90a5bc79a21656be1aadba722c8c00e819deb08e1469950879bb2f6027java-1.8.0-openjdk-demo-1.8.0.262.b10-0.el6_10.i686.rpmec82aae1ff72c99a759104dd639d1d7f7839b8274f458240dff7707ac3b10cfbjava-1.8.0-openjdk-javadoc-1.8.0.262.b10-0.el6_10.noarch.rpmf4bd52580595be5fb5245aed4860b1346bb6cb78963f1e7c4c0d896254c1b831SLSA-2020:3233-1Security Fix(es): * chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)importantScientific Linux FermiScientific Linux Fermi 6firefox-68.11.0-1.el6_10.i686.rpm17c09a311a7b229d3d205f635e6753b17d6da51e0fbc2f99264d5ca290d65323SLSA-2020:3284-1Security Fix(es): * postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692)importantScientific Linux FermiScientific Linux Fermi 6postgresql-jdbc-8.4.704-4.el6_10.noarch.rpm518995d76313e361af8511350b1dec10e78068f1851d168b4a8cda7456f71a39SLSA-2020:3345-1Security Fix(es): * chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.11.0-1.el6_10.i686.rpm3ab0f800b68a46147163fa9338f92b1b6d143eb92ec672778cc34a29cc1de347SLSA-2020:3548-1Security Fix(es): * kernel: Null pointer dereference in search_keyring (CVE-2017-2647) * kernel: heap-based buffer overflow in lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c (CVE-2019-14896)importantScientific Linux FermitrueScientific Linux Fermi 6kernel-doc-2.6.32-754.33.1.el6.noarch.rpm89b9afcd74bc9bf1d0602ab37023b48695e0cea186a4612afb5a0697fd92cafakernel-firmware-2.6.32-754.33.1.el6.noarch.rpmd760d7286eca3b52ddd6765fe10afa6d88eceeb4dc85f1ce020cae7e7cc040f3kernel-devel-2.6.32-754.33.1.el6.i686.rpma8acd52591cfc2ad9e27086dab39253e12fe351b334a71969d7fc6ea895dab04kernel-debug-2.6.32-754.33.1.el6.i686.rpm9174a036b6abf890361d5c2b2092b29e39ab7b54da0ca7de49fa3a846a2a1699kernel-abi-whitelists-2.6.32-754.33.1.el6.noarch.rpm1c10f523013b858e8d2e5f087378a56c7f0794fd8d15df97649e51fc2e31fd1bkernel-debug-devel-2.6.32-754.33.1.el6.i686.rpm52c94b1c7ab0197a72bef089969a663154c26bf7cd3c9f2ec945e1fd3b1e4a8akernel-2.6.32-754.33.1.el6.i686.rpmc9148fc1cc132e8300184b3466de3fc3500a022528f57f6238124344ec8622f8kernel-headers-2.6.32-754.33.1.el6.i686.rpma1a4ad2948aa054aa6fad6f798175bf118c73b49431b1560bc846020d71474c4python-perf-2.6.32-754.33.1.el6.i686.rpm8d6cac4851344ae489f38a5a25fe15bcfc31f8bbb1b5ee84b6c5f4716d1a1fa5perf-2.6.32-754.33.1.el6.i686.rpm584c5b03bacd4f06762c6cd37e7762bf23661b95307d62ec9775fed3671fd97aSLSA-2020:3558-1Security Fix(es): * Mozilla: Attacker-induced prompt for extension installation (CVE-2020-15664) * Mozilla: Use-After-Free when aborting an operation (CVE-2020-15669)importantScientific Linux FermiScientific Linux Fermi 6firefox-68.12.0-1.el6_10.i686.rpm023f3bb22b3cfba3d49d8262c6c3f3da0bfa7d1900c684eee1b0a343a568bfa2SLSA-2020:3643-1Security Fix(es): * Mozilla: Attacker-induced prompt for extension installation (CVE-2020-15664) * Mozilla: Use-After-Free when aborting an operation (CVE-2020-15669)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-68.12.0-1.el6_10.i686.rpmfc8c1299420df9d20c220963de6dccba892777a75547c809f314a26993108e0fSLSA-2020:3835-1Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 (CVE-2020-15673) * Mozilla: XSS when pasting attacker-controlled data into a contenteditable element (CVE-2020-15676) * Mozilla: Download origin spoofing via redirect (CVE-2020-15677) * Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario (CVE-2020-15678)importantScientific Linux FermiScientific Linux Fermi 6firefox-78.3.0-1.el6_10.i686.rpm9aa64152a903a27623425043682949073834c68188e5a2f177ad87cbafbc645cSLSA-2020:4056-1Security Fix(es): * QEMU: usb: out-of-bounds r/w access issue while processing usb packets (CVE-2020-14364)importantScientific Linux FermiScientific Linux Fermi 6qemu-guest-agent-0.12.1.2-2.506.el6_10.8.i686.rpmcc2bed3761dddc19d959d87792bdffb2ec2b2aaa4a62050cafa6a8741bc5534bSLSA-2020:4158-1Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 (CVE-2020-15673) * Mozilla: XSS when pasting attacker-controlled data into a contenteditable element (CVE-2020-15676) * Mozilla: Download origin spoofing via redirect (CVE-2020-15677) * Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario (CVE-2020-15678)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-78.3.1-1.el6_10.i686.rpm253b05f073eee8471a5935e4cf64b850d9e8bcbf32c6435d75b9c3135a513f9aSLSA-2020:4182-1Security Fix(es): * kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)importantScientific Linux FermiScientific Linux Fermi 6kernel-abi-whitelists-2.6.32-754.35.1.el6.noarch.rpm100e6fd09800c19d354b45d101ee8acf435ff3747dd55fa7c540336e22fa2856kernel-2.6.32-754.35.1.el6.i686.rpme8df5b48ea18d798557b895a936a35d29dc2fe5ba2c9880194fb09d5e52f77b0kernel-doc-2.6.32-754.35.1.el6.noarch.rpm3d2c718136637743613cca4a746e3a2db77f754e1fb8641560311ed6a1bb0e00kernel-debug-2.6.32-754.35.1.el6.i686.rpmb4d7f1a164aba2b9933ea65ea970b2db5373dc55d33655634b79c16000217ae7kernel-devel-2.6.32-754.35.1.el6.i686.rpm16787ab91ba82e6fb8c62504067e4bc9a046d2ec8643e50059a734e0066af336python-perf-2.6.32-754.35.1.el6.i686.rpm27bfe458d147e4639c2049df8aad599780ef431ce5bca334393db49aef5ce0a7kernel-headers-2.6.32-754.35.1.el6.i686.rpmd2a44ac5b894962711bfab05af04598316ecbffbf65ce1256154432786d90ac5kernel-debug-devel-2.6.32-754.35.1.el6.i686.rpm82911fc16c01b77d9ab57dbbaaacdc21489aa6c96bd204fa4138779315283f16perf-2.6.32-754.35.1.el6.i686.rpm3d5446d78ae1a488458ab00aa5b6f5772520a55c2e11b0a27680cd69bbe2bb14kernel-firmware-2.6.32-754.35.1.el6.noarch.rpm261ebda42bb7b07feafe9a41c9cd6496388092ad274663bda175b38075a9778bSLSA-2020:4183-1Security Fix(es): * bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622)moderateScientific Linux FermiScientific Linux Fermi 6bind-devel-9.8.2-0.68.rc1.el6_10.8.i686.rpmf1d6c007de19e2138ddc190f7280255aec51331651f0077a2cb14883a9aaa193bind-utils-9.8.2-0.68.rc1.el6_10.8.i686.rpm6055789e22872ce53f2b88dca2039ebc83ef9b946335325847327b6848d2fb02bind-libs-9.8.2-0.68.rc1.el6_10.8.i686.rpm96e44f398115d84ccab20b597896f01bf83641a97ab85850348fb9c9882d8066bind-9.8.2-0.68.rc1.el6_10.8.i686.rpme78947b1dd48dacca07c5ac21d174e3568d3d1a27144fdd20f3aac9ae7ed951ebind-sdb-9.8.2-0.68.rc1.el6_10.8.i686.rpm3ab39050adf36857b15e65e472340815a178065508d1a6f5e504430f50b12985bind-chroot-9.8.2-0.68.rc1.el6_10.8.i686.rpmf57896e9974f7f9abaee4c4a8fe479edb434c8b6fa79e0eb75f2b2d6c0353edcSLSA-2020:4330-1Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969)importantScientific Linux FermiScientific Linux Fermi 6firefox-78.4.0-2.el6_10.i686.rpm2ba2f4ee0d42c5c8f1f5814a9c6a21354292c95a1abf09b4ae6c91018cf49e0eSLSA-2020:4348-1Security Fix(es): * OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781) * OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782) * OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792) * OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797) * OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803) * OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779) * OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)moderateScientific Linux FermiScientific Linux Fermi 6java-1.8.0-openjdk-devel-1.8.0.272.b10-0.el6_10.i686.rpm96acc9d0abbb13e238ed3f0460dfac535a85ec9d961fc98c10a6c95cdc642ba6java-1.8.0-openjdk-javadoc-1.8.0.272.b10-0.el6_10.noarch.rpm3d848e9ca71e703304c558bb4843f6ac892c281d382699a33caf822871bc80a8java-1.8.0-openjdk-javadoc-debug-1.8.0.272.b10-0.el6_10.noarch.rpmf80967b523dace32996e65a5aac40e1cfa2b2996f4f251493975e53c4f9620dbjava-1.8.0-openjdk-demo-debug-1.8.0.272.b10-0.el6_10.i686.rpm8c99ae391cd937e1c063bddfcc5d910d5c9f8b6cd8be2f6fd18d5f97ce528ee1java-1.8.0-openjdk-headless-debug-1.8.0.272.b10-0.el6_10.i686.rpme1c4ad048405e160b29f472339b4a40eb50ad7edff8f5eb11a36e91d0155d834java-1.8.0-openjdk-debug-1.8.0.272.b10-0.el6_10.i686.rpm3e0f240d762b8848a767b68df2a5bf02b148a8222374021e332a970684de5d4bjava-1.8.0-openjdk-demo-1.8.0.272.b10-0.el6_10.i686.rpmbba8f56fed90539a23b5a413d4f8a52fd475e51d395437b94e22154a0d730dcejava-1.8.0-openjdk-devel-debug-1.8.0.272.b10-0.el6_10.i686.rpm7868832e53708921fabd2a3f5bfb0e40e33bb5b1a485011f55beb340c90d28d1java-1.8.0-openjdk-1.8.0.272.b10-0.el6_10.i686.rpm1fbb2d15316d9c7a1ef0e75726fefb7c074cb53d3a7fb3c3d5a0d2b140746648java-1.8.0-openjdk-src-debug-1.8.0.272.b10-0.el6_10.i686.rpmb7fcffad62eea1cc9657f96830811bac76d0e06576b58d37dbdf0b28f9eb03dbjava-1.8.0-openjdk-src-1.8.0.272.b10-0.el6_10.i686.rpmc04171219d66a2291b8ca4666839a124299977d337ef92daffb2cb5dc38c40ebjava-1.8.0-openjdk-headless-1.8.0.272.b10-0.el6_10.i686.rpm80f7d43c37ad3653f3550a583438162053432cace64b28e7b0b8281f3056e7e5SLSA-2020:4946-1importantScientific Linux FermiScientific Linux Fermi 6libX11-common-1.6.4-4.el6_10.noarch.rpmcc943401aa5342763c1624d94045f07d846bcf5ed5f93b752144769100b82d9dlibX11-devel-1.6.4-4.el6_10.i686.rpm68f1dfbc7ea52eaaa0793c63f6f2488bab061f0e21af1c8cd8f88ad67b030d5elibX11-1.6.4-4.el6_10.i686.rpmf7b2e35a4af10b8d9346697dba79dda970f079c7a77ce54198f3596db2926259SLSA-2020:4947-1Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-78.4.0-1.el6_10.i686.rpmb3bcfcbfbae87c3e35b9a3cb52cbf6886d567dc2168c3da16a6a730bfcd09be4SLSA-2020:4953-1Security Fix(es): * xorg-x11-server: Out-of-bounds access in XkbSetNames function (CVE-2020-14345) * xorg-x11-server: Integer underflow in the X input extension protocol (CVE-2020-14346) * xorg-x11-server: XkbSelectEvents integer underflow privilege escalation vulnerability (CVE-2020-14361) * xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability (CVE-2020-14362)importantScientific Linux FermiScientific Linux Fermi 6xorg-x11-server-common-1.17.4-18.sl6_10.i686.rpm8b94bbb9c9981e11716bb78fe5249345ec38440119ed87390e1edaa0d3975d55xorg-x11-server-devel-1.17.4-18.sl6_10.i686.rpm810b8bcc70516214184521857befce4baf6d3535e51e230b9c86140cd81517f7xorg-x11-server-source-1.17.4-18.sl6_10.noarch.rpm15077b6f04e8b424e017e80f2ec3e2a25ae54c3cf3de956181a6a66326b0af21xorg-x11-server-Xnest-1.17.4-18.sl6_10.i686.rpma312654461fe22a47c0e5b50eefd2b56b495b7a3031518ff7bf9d0ce0bed9957xorg-x11-server-Xephyr-1.17.4-18.sl6_10.i686.rpm624c3b62896112a07ed4036f05394392d4be75cb6c699abe1887783e7d14559axorg-x11-server-Xorg-1.17.4-18.sl6_10.i686.rpmea32ffe1a2dd143f1d68f8c64536d9d8a0eb064e704abd11bdc7c26fc73a9325xorg-x11-server-Xdmx-1.17.4-18.sl6_10.i686.rpmd5207cb787e7ce08d08fabc664eb2ab9acb8cf38c29b8b560c01e2f74d9e7b0cxorg-x11-server-Xvfb-1.17.4-18.sl6_10.i686.rpmf4431c410eaeb5d9ac2ea2786d1768b6e15b4f287cef9b4265b017f1a867d76aSLSA-2020:5084-1Security Fix(es): * hw: Vector Register Leakage-Active (CVE-2020-8696) * hw: Fast forward store predictor (CVE-2020-8698)moderateScientific Linux FermiScientific Linux Fermi 6microcode_ctl-1.17-33.31.el6_10.i686.rpma51bcc846e579faa86cbdc292e5a17f7d35632294b015f4fe151bd08ffe7d819SLSA-2020:5104-1Security Fix(es): * Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)criticalScientific Linux FermiScientific Linux Fermi 6firefox-78.4.1-1.el6_10.i686.rpmd7a694205e09cdeb988f2f1dda108aa3093beb84ee59a0f4561893f0fba1d5cdSLSA-2020:5129-1Security Fix(es): * net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution (CVE-2020-15862)importantScientific Linux FermiScientific Linux Fermi 6net-snmp-libs-5.5-60.el6_10.2.i686.rpmc0c3aad58e11ebd52cd0a15fe50b7096ba65f974ce4c1210c4eeeb8816f9cdd5net-snmp-5.5-60.el6_10.2.i686.rpmb0a6b185d46fc86ea9a0695fcf16f69761759e48e4a1dd20c53617f6f9496eb4net-snmp-perl-5.5-60.el6_10.2.i686.rpm78325e85f40ab64bd0dadbc492e7f10fc8b8a4f7259825976bfd305e1ead81acnet-snmp-python-5.5-60.el6_10.2.i686.rpm750c0fbab335a796dc1f774a2ab43f7bc0c60a07a9b1185727fc4f59a7907930net-snmp-devel-5.5-60.el6_10.2.i686.rpm963c5bce27f67b465c2db63793d574a1902c50438dc012fcf8fa1ba803b4e02anet-snmp-utils-5.5-60.el6_10.2.i686.rpmda403aaf1340ce50542256f9eb994c6fdff436e0c5011d4e23ba1b1a19dfefd3SLSA-2020:5164-1This update upgrades Thunderbird to version 78.4.3. Security Fix(es): * Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-78.4.3-1.el6_10.i686.rpmb4e05ca3c0a93aa6a41ca5b53619289362f9bf4a3d840b061867f5c803397a3aSLSA-2020:5238-1This update upgrades Thunderbird to version 78.5.0. Security Fix(es): * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968) * Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953) * Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956) * Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958) * Mozilla: Use-after-free in WebRequestService (CVE-2020-26959) * Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960) * Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961) * Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)importantScientific Linux FermiScientific Linux Fermi 6thunderbird-78.5.0-1.el6_10.i686.rpm06e84507399c79309a7cd092f4a6883075dae537a3764e1de1de3fc81a0c0950SLSA-2020:5257-1This update upgrades Firefox to version 78.5.0 ESR. Security Fix(es): * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968) * Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953) * Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956) * Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958) * Mozilla: Use-after-free in WebRequestService (CVE-2020-26959) * Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960) * Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961) * Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)importantScientific Linux FermiScientific Linux Fermi 6firefox-78.5.0-1.el6_10.i686.rpm1360465ffe212a59eec9eaaac5f0a255aa23eef3f5743794bc49bfb8683ad898