This update provides the final 1.3.2 release (previously the package was 1.3.2 beta). It also includes the previously-omitted database schema directory (resolving [#1415753](https://bugzilla.redhat.com/show_bug.cgi?id=1415753)) and rddmarc tools, and backports proposed fixes for a [crasher bug](https://bugzilla.redhat.com/show_bug.cgi?id=1673293) and [security issue
Archive for October, 2019
It was reported that the apache2 update released as DSA 4509-1 incorrectly fixed CVE-2019-10092. Updated apache2 packages are now available to correct this issue. For reference, the relevant part of the original advisory text follows.
Several security issues were fixed in SDL.
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
An update for jss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Aspell could be made to expose sensitive information if it received a specially crafted input.
WordPress 5.2.4 is now available! This security release fixes 6 security issues. WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2. Security Updates Props to Evan Ricafort for finding an […]
Joe Vennix discovered that sudo, a program designed to provide limited super user privileges to specific users, when configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, allows to run commands as root by specifying the user ID
A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Red Hat Single Sign-On 7.3.4 adapters are now available for Red Hat JBoss Enterprise Application Platform 7.2 Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
Sudo could be made to run commands as root if it called with a specially crafted user ID.
The WordPress Project is on a mission to democratize publishing. As WordPress empowers more people to participate in the digital space, we have the opportunity to make sure that everyone can participate safely and responsibly. Today marks the start of Digital Citizenship Week. We are going to share how open source can be used as […]
The update for openssl released as DSA 4539-1 introduced a regression where AES-CBC-HMAC-SHA ciphers were not enabled. Updated openssl packages are now available to correct this issue.
Update to latest upstream version.
Backport security fixes from [PR#145](https://github.com/libming/libming/pull/145) Fixes: CVE-2018-7866, CVE-2018-7873, CVE-2018-7876, CVE-2018-9009, CVE-2018-9132
This update provides the final 1.3.2 release (previously the package was 1.3.2 beta). It also includes the previously-omitted database schema directory (resolving [#1415753](https://bugzilla.redhat.com/show_bug.cgi?id=1415753)) and rddmarc tools, and backports proposed fixes for a [crasher bug](https://bugzilla.redhat.com/show_bug.cgi?id=1673293) and [security issue
– Update jackson-parent to version 2.10. – Update jackson-bom to version 2.10.0. – Update jackson-annotations to version 2.10.0. – Update jackson-core to version 2.10.0. – Update jackson-databind to version 2.10.0. Resolves CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943.
– Update jackson-parent to version 2.10. – Update jackson-bom to version 2.10.0. – Update jackson-annotations to version 2.10.0. – Update jackson-core to version 2.10.0. – Update jackson-databind to version 2.10.0. Resolves CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943.
– Rebase radare2 to 3.9.0 – Rebase cutter-re to 1.9.0 – fix CVE-2019-14745 in radare2 on F30
– Rebase radare2 to 3.9.0 – Rebase cutter-re to 1.9.0 – fix CVE-2019-14745 in radare2 on F30
Patch CVE-2019-12412.
In the event you missed it, we published a blog post back in December of 2018, announcing the deprecation of MyDNS and NSD. Now that PowerDNS has been the choice DNS Management tool of cPanel & WHM for several versions, the request for DNSSEC (Domain Name System Security Extensions) clustering has become even more popular. Well, you’ve been asking for it, and we’re ready to deliver it. Coming with cPanel & WHM Version 84 …
Fix KDC crash when logging PKINIT enctypes (CVE-2019-14844) This is a purely denial-of-service issue, though it is unauthenticated, and is unlikely to trigger by accident.
Update to 2.0.10 to fix security issues.
An update for ovirt-web-ui is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
An update for ovirt-engine-ui-extensions is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
Several security issues were fixed in Python.
Octavia could allow unintended access to network services.
An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability