<?xml-stylesheet type="text/xsl" href="updateinfo.xsl"?>
<updates><update from="SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" status="final" type="bugfix" version="1.4"><id>SLBA-2018:1857-1</id><title>Copy-Jdk-Configs Bug Fix Update</title><description /><severity>none</severity><release>Scientific Linux</release><issued date="2018-07-10 00:00:00" /><pkglist><collection short="SL6"><name>Scientific Linux 6</name><package arch="noarch" name="copy-jdk-configs" release="9.el6" src="copy-jdk-configs-3.3-9.el6.src.rpm" version="3.3"><filename>copy-jdk-configs-3.3-9.el6.noarch.rpm</filename><sum type="sha256">3265471cef84f21333bce8cf101268b52cc7f6fa5fdc136ecbf9de61dd9d02e9</sum></package></collection></pkglist><references><reference href="https://access.redhat.com/errata/RHBA-2018:1857" id="RHBA-2018:1857-1" title="Rhba-2018:1857-1" type="self" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1449315" id="1449315" title="Please Update C-J-C To 3.X" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1503666" id="1503666" title="New Policy Files Are Not Copied By C-J-C Older Then 3.3" type="bugzilla" /></references></update><update from="SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" status="final" type="security" version="1.4"><id>SLSA-2018:2112-1</id><title>Firefox</title><description>This update upgrades Firefox to version 60.1.0 ESR. 
Many older firefox extensions must be updated to work with this new release. 
Security Fix(es): 
* Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188) 
* Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359) 
* Mozilla: Use-after-free using focus() (CVE-2018-12360) 
* Mozilla: Media recorder segmentation fault when track type is changed during capture (CVE-2018-5156) 
* Skia: Heap buffer overflow rasterizing paths in SVG (CVE-2018-6126) 
* Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362) 
* Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363) 
* Mozilla: CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364) 
* Mozilla: address bar username and password spoofing in reader mode (CVE-2017-7762) 
* Mozilla: Compromised IPC child process can list local filenames (CVE-2018-12365) 
* Mozilla: Invalid data handling during QCMS transformations (CVE-2018-12366)</description><severity>critical</severity><release>Scientific Linux</release><issued date="2018-07-09 00:00:00" /><pkglist><collection short="SL6"><name>Scientific Linux 6</name><package arch="noarch" name="sl-indexhtml" release="10.sl6" src="sl-indexhtml-6-10.sl6.src.rpm" version="6"><filename>sl-indexhtml-6-10.sl6.noarch.rpm</filename><sum type="sha256">0f82668f4f3c98b676cee0160a8cc705afac62e804119a22f492639b351ae5e3</sum></package><package arch="i686" name="firefox" release="5.el6" src="firefox-60.1.0-5.el6.src.rpm" version="60.1.0"><filename>firefox-60.1.0-5.el6.i686.rpm</filename><sum type="sha256">52352fe1da4c80f585189ac6340a75ddc8cda3cb01ccc5767690c8d1f93604c4</sum></package><package arch="x86_64" name="firefox" release="5.el6" src="firefox-60.1.0-5.el6.src.rpm" version="60.1.0"><filename>firefox-60.1.0-5.el6.x86_64.rpm</filename><sum type="sha256">78b6cc1cd9de013f8ff351ff6bc096c58f402dfe233b8851ed4dd2ce28c448e4</sum></package></collection></pkglist><references><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7762" id="CVE-2017-7762" title="Mozilla: Address Bar Username And Password Spoofing In Reader Mode" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12359" id="CVE-2018-12359" title="Mozilla: Buffer Overflow Using Computed Size Of Canvas Element" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12360" id="CVE-2018-12360" title="Mozilla: Use-After-Free Using Focus()" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12362" id="CVE-2018-12362" title="Mozilla: Integer Overflow In Ssse3 Scaler" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12363" id="CVE-2018-12363" title="Mozilla: Use-After-Free When Appending Dom Nodes" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12364" id="CVE-2018-12364" title="Mozilla: Csrf Attacks Through 307 Redirects And Npapi Plugins" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12365" id="CVE-2018-12365" title="Mozilla: Compromised Ipc Child Process Can List Local Filenames" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12366" id="CVE-2018-12366" title="Mozilla: Invalid Data Handling During Qcms Transformations" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5156" id="CVE-2018-5156" title="Mozilla: Media Recorder Segmentation Fault When Track Type Is Changed During Capture" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5188" id="CVE-2018-5188" title="Mozilla: Memory Safety Bugs Fixed In Firefox 61, Firefox Esr 60.1, And Firefox Esr 52.9" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6126" id="CVE-2018-6126" title="Chromium-Browser: Heap Buffer Overflow In Skia" type="cve" /><reference href="https://access.redhat.com/errata/RHSA-2018:2112" id="RHSA-2018:2112-1" title="Rhsa-2018:2112-1" type="self" /><reference href="https://access.redhat.com/security/updates/classification/#critical" id="critical" title="Issue Severity Classification" type="other" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1584035" id="1584035" title="Chromium-Browser: Heap Buffer Overflow In Skia" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1590493" id="1590493" title="Mozilla: Address Bar Username And Password Spoofing In Reader Mode" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595024" id="1595024" title="Mozilla: Buffer Overflow Using Computed Size Of Canvas Element" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595025" id="1595025" title="Mozilla: Use-After-Free Using Focus()" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595027" id="1595027" title="Mozilla: Integer Overflow In Ssse3 Scaler" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595028" id="1595028" title="Mozilla: Use-After-Free When Appending Dom Nodes" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595029" id="1595029" title="Mozilla: Csrf Attacks Through 307 Redirects And Npapi Plugins" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595030" id="1595030" title="Mozilla: Compromised Ipc Child Process Can List Local Filenames" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595031" id="1595031" title="Mozilla: Invalid Data Handling During Qcms Transformations" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595037" id="1595037" title="Mozilla: Media Recorder Segmentation Fault When Track Type Is Changed During Capture" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595040" id="1595040" title="Mozilla: Memory Safety Bugs Fixed In Firefox 61, Firefox Esr 60.1, And Firefox Esr 52.9" type="bugzilla" /></references></update><update from="SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" status="final" type="security" version="1.4"><id>SLSA-2018:2162-1</id><title>Qemu-Kvm</title><description>Security Fix(es): 
* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) 
Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. 
* QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858) 
* QEMU: vga: OOB read access during display update (CVE-2017-13672) 
* Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683)</description><severity>important</severity><release>Scientific Linux</release><issued date="2018-07-10 00:00:00" /><pkglist><collection short="SL6"><name>Scientific Linux 6</name><package arch="x86_64" epoch="2" name="qemu-img" release="2.506.el6_10.1" src="qemu-kvm-0.12.1.2-2.506.el6_10.1.src.rpm" version="0.12.1.2"><filename>qemu-img-0.12.1.2-2.506.el6_10.1.x86_64.rpm</filename><sum type="sha256">3a4cf3e149a747a4464dfe61cf9c34c853e0f2de95aa061e1ffa50c4d44e463f</sum></package><package arch="x86_64" epoch="2" name="qemu-kvm-tools" release="2.506.el6_10.1" src="qemu-kvm-0.12.1.2-2.506.el6_10.1.src.rpm" version="0.12.1.2"><filename>qemu-kvm-tools-0.12.1.2-2.506.el6_10.1.x86_64.rpm</filename><sum type="sha256">5ac367817427426407bab1603875f38fff238afb96cb33013c8f8367c35db3b7</sum></package><package arch="x86_64" epoch="2" name="qemu-guest-agent" release="2.506.el6_10.1" src="qemu-kvm-0.12.1.2-2.506.el6_10.1.src.rpm" version="0.12.1.2"><filename>qemu-guest-agent-0.12.1.2-2.506.el6_10.1.x86_64.rpm</filename><sum type="sha256">a97a2d1e366e7b920dba687a09b4e70646f56d163976d7a4b2eabe924931728e</sum></package><package arch="x86_64" epoch="2" name="qemu-kvm" release="2.506.el6_10.1" src="qemu-kvm-0.12.1.2-2.506.el6_10.1.src.rpm" version="0.12.1.2"><filename>qemu-kvm-0.12.1.2-2.506.el6_10.1.x86_64.rpm</filename><sum type="sha256">2c73126b7f633b62b2990d749ba449a7debbbe70c752051ca35c2aa0ce3ab360</sum></package></collection></pkglist><references><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13672" id="CVE-2017-13672" title="Qemu: Vga: Oob Read Access During Display Update" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639" id="CVE-2018-3639" title="Hw: Cpu: Speculative Store Bypass" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5683" id="CVE-2018-5683" title="Qemu: Out-Of-Bounds Read In Vga_Draw_Text Routine" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7858" id="CVE-2018-7858" title="Qemu: Cirrus: Oob Access When Updating Vga Display" type="cve" /><reference href="https://access.redhat.com/errata/RHSA-2018:2162" id="RHSA-2018:2162-1" title="Rhsa-2018:2162-1" type="self" /><reference href="https://access.redhat.com/security/updates/classification/#important" id="important" title="Issue Severity Classification" type="other" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1486560" id="1486560" title="Qemu: Vga: Oob Read Access During Display Update" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1530356" id="1530356" title="Qemu: Out-Of-Bounds Read In Vga_Draw_Text Routine" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1553402" id="1553402" title="Qemu: Cirrus: Oob Access When Updating Vga Display" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1566890" id="1566890" title="Hw: Cpu: Speculative Store Bypass" type="bugzilla" /></references></update><update from="SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" status="final" type="security" version="1.4"><id>SLSA-2018:2164-1</id><title>Kernel</title><description>Security Fix(es): 
* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD) 
* kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy function allows local denial of service or other unspecified impact (CVE-2018-10675) 
* Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) 
* kernel: error in exception handling leads to DoS (CVE-2018-8897 regression) (CVE-2018-10872) 
Bug Fix(es): 
* Previously, microcode updates on 32 and 64-bit AMD and Intel architectures were not synchronized. As a consequence, it was not possible to apply the microcode updates. This fix adds the synchronization to the microcode updates so that processors of the stated architectures receive updates at the same time. As a result, microcode updates are now synchronized.</description><severity>important</severity><release>Scientific Linux</release><issued date="2018-07-10 00:00:00" /><pkglist><collection short="SL6"><name>Scientific Linux 6</name><package arch="noarch" name="kernel-abi-whitelists" release="754.2.1.el6" src="kernel-2.6.32-754.2.1.el6.src.rpm" version="2.6.32"><filename>kernel-abi-whitelists-2.6.32-754.2.1.el6.noarch.rpm</filename><sum type="sha256">fdc54d149663e61aca9ddf3d71cc911c62f56856622efa647788d5344231de07</sum></package><package arch="x86_64" name="perf" release="754.2.1.el6" src="kernel-2.6.32-754.2.1.el6.src.rpm" version="2.6.32"><filename>perf-2.6.32-754.2.1.el6.x86_64.rpm</filename><sum type="sha256">5af6b973ee645f37c07f71e09498f736b940d458a214646e3571b710fceb66d9</sum></package><package arch="x86_64" name="kernel-debug-devel" release="754.2.1.el6" src="kernel-2.6.32-754.2.1.el6.src.rpm" version="2.6.32"><filename>kernel-debug-devel-2.6.32-754.2.1.el6.x86_64.rpm</filename><sum type="sha256">9b96e28ef090e38151db7cab0aaec62a52d5037665bfc99727935f999c1588af</sum></package><package arch="x86_64" name="kernel" release="754.2.1.el6" src="kernel-2.6.32-754.2.1.el6.src.rpm" version="2.6.32"><filename>kernel-2.6.32-754.2.1.el6.x86_64.rpm</filename><sum type="sha256">2b3f8fa1f5defa180886a9c1cba2a251fe84d003932a19390117b7003928d6f1</sum></package><package arch="i686" name="kernel-debug-devel" release="754.2.1.el6" src="kernel-2.6.32-754.2.1.el6.src.rpm" version="2.6.32"><filename>kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm</filename><sum type="sha256">821b5d489d85af46b0385712904182a1012cdf892b079e77767c5c74150ea5ad</sum></package><package arch="x86_64" name="kernel-devel" release="754.2.1.el6" src="kernel-2.6.32-754.2.1.el6.src.rpm" version="2.6.32"><filename>kernel-devel-2.6.32-754.2.1.el6.x86_64.rpm</filename><sum type="sha256">f1bb4a841cf0ea4424ca109ef3b5ada0ddddaea6261ce443b87d5d8f2ee513c8</sum></package><package arch="x86_64" name="python-perf" release="754.2.1.el6" src="kernel-2.6.32-754.2.1.el6.src.rpm" version="2.6.32"><filename>python-perf-2.6.32-754.2.1.el6.x86_64.rpm</filename><sum type="sha256">7360a07e71cde6680c4791414e5412f84d768c800e2c9f4fd25fabf89dd85d0e</sum></package><package arch="x86_64" name="kernel-headers" release="754.2.1.el6" src="kernel-2.6.32-754.2.1.el6.src.rpm" version="2.6.32"><filename>kernel-headers-2.6.32-754.2.1.el6.x86_64.rpm</filename><sum type="sha256">8610ae061af63510629e221d5847c08b65af95076d0f41ea851f7e064e24f046</sum></package><package arch="noarch" name="kernel-firmware" release="754.2.1.el6" src="kernel-2.6.32-754.2.1.el6.src.rpm" version="2.6.32"><filename>kernel-firmware-2.6.32-754.2.1.el6.noarch.rpm</filename><sum type="sha256">6f98f13f8960365ad13a81c46a408d7c40089e966c557c0ee8261ca2b27356e5</sum></package><package arch="x86_64" name="kernel-debug" release="754.2.1.el6" src="kernel-2.6.32-754.2.1.el6.src.rpm" version="2.6.32"><filename>kernel-debug-2.6.32-754.2.1.el6.x86_64.rpm</filename><sum type="sha256">21ae885152f3e1b27d3a4e544b7232681e609b51da7679af4952314de30ac3c2</sum></package><package arch="noarch" name="kernel-doc" release="754.2.1.el6" src="kernel-2.6.32-754.2.1.el6.src.rpm" version="2.6.32"><filename>kernel-doc-2.6.32-754.2.1.el6.noarch.rpm</filename><sum type="sha256">e29f995b78509d2d04f34728442ebb8c7ba9dc1f6a99b3c35086f2039082b75f</sum></package></collection></pkglist><references><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10675" id="CVE-2018-10675" title="Kernel: Use-After-Free Vulnerability In " type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10872" id="CVE-2018-10872" title="Kernel: Error In Exception Handling Leads To " type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639" id="CVE-2018-3639" title="Hw: Cpu: Speculative Store Bypass" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3665" id="CVE-2018-3665" title="Kernel: Fpu State Information Leakage Via Lazy Fpu Restore" type="cve" /><reference href="https://access.redhat.com/errata/RHSA-2018:2164" id="RHSA-2018:2164-1" title="Rhsa-2018:2164-1" type="self" /><reference href="https://access.redhat.com/security/updates/classification/#important" id="important" title="Issue Severity Classification" type="other" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1566890" id="1566890" title="Hw: Cpu: Speculative Store Bypass" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1575065" id="1575065" title="Kernel: Use-After-Free Vulnerability In " type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1585011" id="1585011" title="Kernel: Fpu State Information Leakage Via Lazy Fpu Restore" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1596094" id="1596094" title="Kernel: Error In Exception Handling Leads To " type="bugzilla" /></references></update><update from="SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" status="final" type="security" version="1.4"><id>SLSA-2018:2180-1</id><title>Gnupg2</title><description>Security Fix(es): 
* gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020)</description><severity>important</severity><release>Scientific Linux</release><issued date="2018-07-12 00:00:00" /><pkglist><collection short="SL6"><name>Scientific Linux 6</name><package arch="x86_64" name="gnupg2-smime" release="9.el6_10" src="gnupg2-2.0.14-9.el6_10.src.rpm" version="2.0.14"><filename>gnupg2-smime-2.0.14-9.el6_10.x86_64.rpm</filename><sum type="sha256">33ad34ad370f24a36ad9b5bfcaaad85e800bbc5fb0613a1ae40e7805f6eca2d5</sum></package><package arch="x86_64" name="gnupg2" release="9.el6_10" src="gnupg2-2.0.14-9.el6_10.src.rpm" version="2.0.14"><filename>gnupg2-2.0.14-9.el6_10.x86_64.rpm</filename><sum type="sha256">aa359b0609cc8ca4efe000156ee36f83cd543eb2aee1b6cce359450627eb736f</sum></package></collection></pkglist><references><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020" id="CVE-2018-12020" title="Gnupg2: Improper Sanitization Of Filenames " type="cve" /><reference href="https://access.redhat.com/errata/RHSA-2018:2180" id="RHSA-2018:2180-1" title="Rhsa-2018:2180-1" type="self" /><reference href="https://access.redhat.com/security/updates/classification/#important" id="important" title="Issue Severity Classification" type="other" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1589620" id="1589620" title="Gnupg2: Improper Sanitization Of Filenames " type="bugzilla" /></references></update><update from="SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" status="final" type="security" version="1.4"><id>SLSA-2018:2241-1</id><title>Java-1.8.0-Openjdk</title><description>Security Fix(es): 
* OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952)</description><severity>moderate</severity><release>Scientific Linux</release><issued date="2018-07-23 00:00:00" /><pkglist><collection short="SL6"><name>Scientific Linux 6</name><package arch="x86_64" epoch="1" name="java-1.8.0-openjdk-debug" release="3.b13.el6_10" src="java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.src.rpm" version="1.8.0.181"><filename>java-1.8.0-openjdk-debug-1.8.0.181-3.b13.el6_10.x86_64.rpm</filename><sum type="sha256">537ec6960444885662b16b7e2f1c67f366a77ccc26f4f0b95dec188ef01827ee</sum></package><package arch="x86_64" epoch="1" name="java-1.8.0-openjdk-devel-debug" release="3.b13.el6_10" src="java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.src.rpm" version="1.8.0.181"><filename>java-1.8.0-openjdk-devel-debug-1.8.0.181-3.b13.el6_10.x86_64.rpm</filename><sum type="sha256">304007f8b36b0cb9ff426080dee80fbf94712a093cd81ca25b9d04b63dcfbdf0</sum></package><package arch="x86_64" epoch="1" name="java-1.8.0-openjdk-headless-debug" release="3.b13.el6_10" src="java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.src.rpm" version="1.8.0.181"><filename>java-1.8.0-openjdk-headless-debug-1.8.0.181-3.b13.el6_10.x86_64.rpm</filename><sum type="sha256">c4175f77615227e44bc4db494cff16abefc1025a02bdfb4edbe94321e75fcde3</sum></package><package arch="x86_64" epoch="1" name="java-1.8.0-openjdk-demo" release="3.b13.el6_10" src="java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.src.rpm" version="1.8.0.181"><filename>java-1.8.0-openjdk-demo-1.8.0.181-3.b13.el6_10.x86_64.rpm</filename><sum type="sha256">715e67847fb90b59857d555516fef7872f519d2a8eadd64896f8e03d817be4ac</sum></package><package arch="x86_64" epoch="1" name="java-1.8.0-openjdk-src-debug" release="3.b13.el6_10" src="java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.src.rpm" version="1.8.0.181"><filename>java-1.8.0-openjdk-src-debug-1.8.0.181-3.b13.el6_10.x86_64.rpm</filename><sum type="sha256">5b7a7af03c3969c262a11502c69c38649ac6e3e4fcd0e5fdf4a99f6ee3fb53b8</sum></package><package arch="x86_64" epoch="1" name="java-1.8.0-openjdk-src" release="3.b13.el6_10" src="java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.src.rpm" version="1.8.0.181"><filename>java-1.8.0-openjdk-src-1.8.0.181-3.b13.el6_10.x86_64.rpm</filename><sum type="sha256">895f6af65922cbcf542a0e3bc16a2c0672fcd7e7cb7e1802f1f4c3c28cdb4b99</sum></package><package arch="x86_64" epoch="1" name="java-1.8.0-openjdk-devel" release="3.b13.el6_10" src="java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.src.rpm" version="1.8.0.181"><filename>java-1.8.0-openjdk-devel-1.8.0.181-3.b13.el6_10.x86_64.rpm</filename><sum type="sha256">67877dbb6a0ef9e45e4c99cb4b825e23a9209433df0e53442112840a9a75b5c2</sum></package><package arch="x86_64" epoch="1" name="java-1.8.0-openjdk" release="3.b13.el6_10" src="java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.src.rpm" version="1.8.0.181"><filename>java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.x86_64.rpm</filename><sum type="sha256">237fba255dea7de8fd25c51a911f388b64ddb28e8ffb7fd7b4a4033491f5429c</sum></package><package arch="noarch" epoch="1" name="java-1.8.0-openjdk-javadoc-debug" release="3.b13.el6_10" src="java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.src.rpm" version="1.8.0.181"><filename>java-1.8.0-openjdk-javadoc-debug-1.8.0.181-3.b13.el6_10.noarch.rpm</filename><sum type="sha256">2691bd4f9a84b729590e87d8b2c30540cefefd7b7e41908a4abb1b2c9b2a5702</sum></package><package arch="x86_64" epoch="1" name="java-1.8.0-openjdk-demo-debug" release="3.b13.el6_10" src="java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.src.rpm" version="1.8.0.181"><filename>java-1.8.0-openjdk-demo-debug-1.8.0.181-3.b13.el6_10.x86_64.rpm</filename><sum type="sha256">78f95416d6c5f0adb9b758404f9762400a5ac627952ca3715512743c3f4ad51c</sum></package><package arch="x86_64" epoch="1" name="java-1.8.0-openjdk-headless" release="3.b13.el6_10" src="java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.src.rpm" version="1.8.0.181"><filename>java-1.8.0-openjdk-headless-1.8.0.181-3.b13.el6_10.x86_64.rpm</filename><sum type="sha256">f4b9ec708d180cbee338bfa1bdfc7cbb5d6716ae85a8a1fd0f7990f966b06d50</sum></package><package arch="noarch" epoch="1" name="java-1.8.0-openjdk-javadoc" release="3.b13.el6_10" src="java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.src.rpm" version="1.8.0.181"><filename>java-1.8.0-openjdk-javadoc-1.8.0.181-3.b13.el6_10.noarch.rpm</filename><sum type="sha256">62b560057b715e4ce12cf994734a899432bbc8cfc32a1f9f015c2c7777c38ad9</sum></package></collection></pkglist><references><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2952" id="CVE-2018-2952" title="Openjdk: Insufficient Index Validation In " type="cve" /><reference href="https://access.redhat.com/errata/RHSA-2018:2241" id="RHSA-2018:2241-1" title="Rhsa-2018:2241-1" type="self" /><reference href="https://access.redhat.com/security/updates/classification/#moderate" id="moderate" title="Issue Severity Classification" type="other" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1600925" id="1600925" title="Openjdk: Insufficient Index Validation In " type="bugzilla" /></references></update><update from="SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" status="final" type="security" version="1.4"><id>SLSA-2018:2251-1</id><title>Thunderbird</title><description>This update upgrades Thunderbird to version 52.9.1. 
Security Fix(es): 
* Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188) 
* Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359) 
* Mozilla: Use-after-free using focus() (CVE-2018-12360) 
* Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362) 
* Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363) 
* Mozilla: CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364) 
* thunderbird: S/MIME and PGP decryption oracles can be built with HTML emails (CVE-2018-12372) 
* thunderbird: S/MIME plaintext can be leaked through HTML reply/forward (CVE-2018-12373) 
* Mozilla: Compromised IPC child process can list local filenames (CVE-2018-12365) 
* Mozilla: Invalid data handling during QCMS transformations (CVE-2018-12366) 
* thunderbird: Using form to exfiltrate encrypted mail part by pressing enter in form field (CVE-2018-12374)</description><severity>important</severity><release>Scientific Linux</release><issued date="2018-07-25 00:00:00" /><pkglist><collection short="SL6"><name>Scientific Linux 6</name><package arch="x86_64" name="thunderbird" release="1.el6" src="thunderbird-52.9.1-1.el6.src.rpm" version="52.9.1"><filename>thunderbird-52.9.1-1.el6.x86_64.rpm</filename><sum type="sha256">e2046c829910549880bc2b05d25453f23186c9f3ddef01110f96014d3b98536e</sum></package></collection></pkglist><references><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12359" id="CVE-2018-12359" title="Mozilla: Buffer Overflow Using Computed Size Of Canvas Element" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12360" id="CVE-2018-12360" title="Mozilla: Use-After-Free Using Focus()" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12362" id="CVE-2018-12362" title="Mozilla: Integer Overflow In Ssse3 Scaler" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12363" id="CVE-2018-12363" title="Mozilla: Use-After-Free When Appending Dom Nodes" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12364" id="CVE-2018-12364" title="Mozilla: Csrf Attacks Through 307 Redirects And Npapi Plugins" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12365" id="CVE-2018-12365" title="Mozilla: Compromised Ipc Child Process Can List Local Filenames" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12366" id="CVE-2018-12366" title="Mozilla: Invalid Data Handling During Qcms Transformations" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12372" id="CVE-2018-12372" title="Thunderbird: S/Mime And Pgp Decryption Oracles " type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12373" id="CVE-2018-12373" title="Thunderbird: S/Mime Plaintext Can Be Leaked " type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12374" id="CVE-2018-12374" title="Thunderbird: Using Form To Exfiltrate Encrypted " type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5188" id="CVE-2018-5188" title="Mozilla: Memory Safety Bugs Fixed In Firefox 61, Firefox Esr 60.1, And Firefox Esr 52.9" type="cve" /><reference href="https://access.redhat.com/errata/RHSA-2018:2251" id="RHSA-2018:2251-1" title="Rhsa-2018:2251-1" type="self" /><reference href="https://access.redhat.com/security/updates/classification/#important" id="important" title="Issue Severity Classification" type="other" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595024" id="1595024" title="Mozilla: Buffer Overflow Using Computed Size Of Canvas Element" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595025" id="1595025" title="Mozilla: Use-After-Free Using Focus()" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595027" id="1595027" title="Mozilla: Integer Overflow In Ssse3 Scaler" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595028" id="1595028" title="Mozilla: Use-After-Free When Appending Dom Nodes" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595029" id="1595029" title="Mozilla: Csrf Attacks Through 307 Redirects And Npapi Plugins" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595030" id="1595030" title="Mozilla: Compromised Ipc Child Process Can List Local Filenames" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595031" id="1595031" title="Mozilla: Invalid Data Handling During Qcms Transformations" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1595040" id="1595040" title="Mozilla: Memory Safety Bugs Fixed In Firefox 61, Firefox Esr 60.1, And Firefox Esr 52.9" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1598529" id="1598529" title="Thunderbird: S/Mime Plaintext Can Be Leaked " type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1598538" id="1598538" title="Thunderbird: S/Mime And Pgp Decryption Oracles " type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1598543" id="1598543" title="Thunderbird: Using Form To Exfiltrate Encrypted " type="bugzilla" /></references></update><update from="SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" status="final" type="security" version="1.4"><id>SLSA-2018:2283-1</id><title>Java-1.7.0-Openjdk</title><description>Security Fix(es): 
* OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952)</description><severity>moderate</severity><release>Scientific Linux</release><issued date="2018-07-30 00:00:00" /><pkglist><collection short="SL6"><name>Scientific Linux 6</name><package arch="x86_64" epoch="1" name="java-1.7.0-openjdk-src" release="2.6.15.4.el6_10" src="java-1.7.0-openjdk-1.7.0.191-2.6.15.4.el6_10.src.rpm" version="1.7.0.191"><filename>java-1.7.0-openjdk-src-1.7.0.191-2.6.15.4.el6_10.x86_64.rpm</filename><sum type="sha256">04fe87af0fb65b2125472f2d3d87adea5d8a4c4e73411925cc41ccaa8f4442a7</sum></package><package arch="x86_64" epoch="1" name="java-1.7.0-openjdk" release="2.6.15.4.el6_10" src="java-1.7.0-openjdk-1.7.0.191-2.6.15.4.el6_10.src.rpm" version="1.7.0.191"><filename>java-1.7.0-openjdk-1.7.0.191-2.6.15.4.el6_10.x86_64.rpm</filename><sum type="sha256">d31014b96830853291293a6c81f2f03a5b0e31d49aea392d2abbb3f16be48f2b</sum></package><package arch="x86_64" epoch="1" name="java-1.7.0-openjdk-demo" release="2.6.15.4.el6_10" src="java-1.7.0-openjdk-1.7.0.191-2.6.15.4.el6_10.src.rpm" version="1.7.0.191"><filename>java-1.7.0-openjdk-demo-1.7.0.191-2.6.15.4.el6_10.x86_64.rpm</filename><sum type="sha256">277900ba0706f072b7dbf4cff360d60447164a33bca673a78a6fc0989cf657b9</sum></package><package arch="noarch" epoch="1" name="java-1.7.0-openjdk-javadoc" release="2.6.15.4.el6_10" src="java-1.7.0-openjdk-1.7.0.191-2.6.15.4.el6_10.src.rpm" version="1.7.0.191"><filename>java-1.7.0-openjdk-javadoc-1.7.0.191-2.6.15.4.el6_10.noarch.rpm</filename><sum type="sha256">1413de66858fffd7be69dd4f496177c1ee21b8875cc20df1bcf3a99c75a5c83a</sum></package><package arch="x86_64" epoch="1" name="java-1.7.0-openjdk-devel" release="2.6.15.4.el6_10" src="java-1.7.0-openjdk-1.7.0.191-2.6.15.4.el6_10.src.rpm" version="1.7.0.191"><filename>java-1.7.0-openjdk-devel-1.7.0.191-2.6.15.4.el6_10.x86_64.rpm</filename><sum type="sha256">0184f001f089e3fa8ddaceb92a0187789d704988fcb6b5d221ee34955eb28b25</sum></package></collection></pkglist><references><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2952" id="CVE-2018-2952" title="Openjdk: Insufficient Index Validation In " type="cve" /><reference href="https://access.redhat.com/errata/RHSA-2018:2283" id="RHSA-2018:2283-1" title="Rhsa-2018:2283-1" type="self" /><reference href="https://access.redhat.com/security/updates/classification/#moderate" id="moderate" title="Issue Severity Classification" type="other" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1600925" id="1600925" title="Openjdk: Insufficient Index Validation In " type="bugzilla" /></references></update><update from="SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" status="final" type="security" version="1.4"><id>SLSA-2018:2284-1</id><title>Yum-Utils</title><description>Security Fix(es): 
* yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897)</description><severity>important</severity><release>Scientific Linux</release><issued date="2018-07-30 00:00:00" /><pkglist><collection short="SL6"><name>Scientific Linux 6</name><package arch="noarch" name="yum-plugin-show-leaves" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-show-leaves-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">4d6e9b1612c1a8a46b4024fdcd055cd17c3f6b727989bdaadac1a36a3c877845</sum></package><package arch="noarch" name="yum-plugin-rpm-warm-cache" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-rpm-warm-cache-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">204c3746eeb040ef109e09b076d07100c42f458a7297faed226effda8e9b441f</sum></package><package arch="noarch" name="yum-plugin-tmprepo" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-tmprepo-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">e99f7e126faa01a980cada21f07895e5bd5d33784469e6fe9cd34bbd9cd932e3</sum></package><package arch="noarch" name="yum-plugin-verify" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-verify-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">3594f07f96de23e75358d99dbed6b8ca651c3a2b17e263b177713874665ca69a</sum></package><package arch="noarch" name="yum-utils" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-utils-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">18964c5dd295e7517a568d1ace3e4b04e9ce7fbb6edff47875a516137ed1017f</sum></package><package arch="noarch" name="yum-plugin-post-transaction-actions" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-post-transaction-actions-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">0021690dfd14c3f7467073e75a1f3a819e7096facd6e31d52bfc3745e91461fd</sum></package><package arch="noarch" name="yum-plugin-list-data" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-list-data-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">adc02f3944c0b94cd4d6aae3317cb6bc768e57377b127c3e925946c1e4e8025d</sum></package><package arch="noarch" name="yum-plugin-fastestmirror" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-fastestmirror-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">6035740076674b34195a8a0b8541cf3d6a8d05bd3f3b091cbe5558d753c6041d</sum></package><package arch="noarch" name="yum-plugin-aliases" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-aliases-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">23c0431eb9c10d6232b1a1d403ef164c46e86591565c6d0bc69f07178dccb3f4</sum></package><package arch="noarch" name="yum-plugin-ovl" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-ovl-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">945e680bb51d2c9613a3fa5917bc23de86a5185b24ca1d192440577f7244aa0e</sum></package><package arch="noarch" name="yum-plugin-tsflags" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-tsflags-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">d88ad93aa065d7d0801b05d47667a6480a02b8150babb245d2d81276aeea1bf1</sum></package><package arch="noarch" name="yum-updateonboot" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-updateonboot-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">744439503c7cdd6fabcba5c8b3659c211493fcdc37200d43a378eeb7da68511a</sum></package><package arch="noarch" name="yum-plugin-local" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-local-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">5438236b802e01a19009fc09e8fca032e8c18fbabfd5ec531e95f844360fc301</sum></package><package arch="noarch" name="yum-plugin-versionlock" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-versionlock-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">d5c89381cb35629175ca08ae3d9967109f67d8ace618a63da20448aef577245e</sum></package><package arch="noarch" name="yum-plugin-fs-snapshot" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-fs-snapshot-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">ca64823750caeae7b80c25c339523a3cea8884fadb895d717888be1ef731bde9</sum></package><package arch="noarch" name="yum-NetworkManager-dispatcher" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-NetworkManager-dispatcher-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">ab14ca9d1d021286724d0690feb09a42d10824510d27e1c3b9956189739b8f37</sum></package><package arch="noarch" name="yum-plugin-security" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-security-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">536069961e8b456087d562ee5cd1ce95b948bd2194e8e27ee9b41a109941eb60</sum></package><package arch="noarch" name="yum-plugin-protectbase" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-protectbase-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">840a8471f6157337b1eb3d5263f5c4723b189f56cdac886d5077775ba2b1dc76</sum></package><package arch="noarch" name="yum-plugin-auto-update-debug-info" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-auto-update-debug-info-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">461825b165262e31b7ac3cc738089bdf3b722fbea899e1350232cebb4fbea934</sum></package><package arch="noarch" name="yum-plugin-priorities" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-priorities-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">837d4a10ca94d64886123262f0b7f7d434ea42119c1203b2df0f8067ac0b81d6</sum></package><package arch="noarch" name="yum-plugin-changelog" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-changelog-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">88bdf6618ba1041b898fafd1a92a23dada85a1f912e211ac81f9ea983f2281f7</sum></package><package arch="noarch" name="yum-plugin-remove-with-leaves" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-remove-with-leaves-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">8445db17196626778735605a35ad2feaead7a76acef3f5d118bae40fde566dce</sum></package><package arch="noarch" name="yum-plugin-ps" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-ps-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">384f6815b3d7299017f9fcf07a7a6a96ffb18e66d414385548fc808342e0a472</sum></package><package arch="noarch" name="yum-plugin-upgrade-helper" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-upgrade-helper-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">14eb4dcd3bfe045e929c6a10d1540acc1857b5c1bed834079683d13d021770c5</sum></package><package arch="noarch" name="yum-plugin-merge-conf" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-merge-conf-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">7df9ba9a494a6fe20519be5845cbd5d60d05276737171caaa1a95a92a50a360c</sum></package><package arch="noarch" name="yum-plugin-filter-data" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-filter-data-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">20b47fc4d9cde1c35fdd3555b7cd4737fa865e9ad0f4edeb53a391c083c31f39</sum></package><package arch="noarch" name="yum-plugin-keys" release="42.el6_10" src="yum-utils-1.1.30-42.el6_10.src.rpm" version="1.1.30"><filename>yum-plugin-keys-1.1.30-42.el6_10.noarch.rpm</filename><sum type="sha256">76b09d70a6e94ca3d894d2f8c4c97eee95fe118df28fd9a5f9d0598c593ddb9d</sum></package></collection></pkglist><references><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10897" id="CVE-2018-10897" title="Yum-Utils: Reposync: Improper Path Validation" type="cve" /><reference href="https://access.redhat.com/errata/RHSA-2018:2284" id="RHSA-2018:2284-1" title="Rhsa-2018:2284-1" type="self" /><reference href="https://access.redhat.com/security/updates/classification/#important" id="important" title="Issue Severity Classification" type="other" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1600221" id="1600221" title="Yum-Utils: Reposync: Improper Path Validation" type="bugzilla" /></references></update><update from="SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" status="final" type="security" version="1.4"><id>SLSA-2018:2308-1</id><title>Openslp</title><description>Security Fix(es): 
* openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution (CVE-2017-17833)</description><severity>important</severity><release>Scientific Linux</release><issued date="2018-08-02 00:00:00" /><pkglist><collection short="SL6"><name>Scientific Linux 6</name><package arch="i686" epoch="1" name="openslp" release="3.el6" src="openslp-2.0.0-3.el6.src.rpm" version="2.0.0"><filename>openslp-2.0.0-3.el6.i686.rpm</filename><sum type="sha256">1e9cc6032c5455e42fb331cee2d74c8c458b74194292f926bb5baf6173c15181</sum></package><package arch="x86_64" epoch="1" name="openslp-server" release="3.el6" src="openslp-2.0.0-3.el6.src.rpm" version="2.0.0"><filename>openslp-server-2.0.0-3.el6.x86_64.rpm</filename><sum type="sha256">9c7007f3bd14abe5eb6a75348a03221ac5d23a8b6fd7178ad236f2e2b8fcc1b8</sum></package><package arch="i686" epoch="1" name="openslp-devel" release="3.el6" src="openslp-2.0.0-3.el6.src.rpm" version="2.0.0"><filename>openslp-devel-2.0.0-3.el6.i686.rpm</filename><sum type="sha256">cad2281b0054d0180d87e9187643325f0bd1bc8e5695dbb1281f25c01049dea2</sum></package><package arch="x86_64" epoch="1" name="openslp-devel" release="3.el6" src="openslp-2.0.0-3.el6.src.rpm" version="2.0.0"><filename>openslp-devel-2.0.0-3.el6.x86_64.rpm</filename><sum type="sha256">bef068007850f78d595a7a228fef89016e9f0e7d58d1ea0d270506408365c15a</sum></package><package arch="x86_64" epoch="1" name="openslp" release="3.el6" src="openslp-2.0.0-3.el6.src.rpm" version="2.0.0"><filename>openslp-2.0.0-3.el6.x86_64.rpm</filename><sum type="sha256">039f6d295b3f3f493ef618f73437ff3783eb647ae5ef5c754f71133d19cb9836</sum></package></collection></pkglist><references><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17833" id="CVE-2017-17833" title="Openslp: Heap Memory Corruption In " type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17833" id="CVE-2018-17833" title="Openslp: Heap Memory Corruption" type="cve" /><reference href="https://access.redhat.com/errata/RHSA-2018:2308" id="RHSA-2018:2308-1" title="Rhsa-2018:2308-1" type="self" /><reference href="https://access.redhat.com/security/updates/classification/#important" id="important" title="Issue Severity Classification" type="other" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1572116" id="1572116" title="Openslp: Heap Memory Corruption" type="bugzilla" /></references></update><update from="SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" status="final" type="security" version="1.4"><id>SLSA-2018:2390-1</id><title>Kernel</title><description>Security Fix(es): 
* Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) 
* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side- channel attacks. (CVE-2018-3693) 
* kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) 
* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) 
* kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) 
* kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) 
* kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) 
Bug Fix(es): 
* The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur.</description><severity>important</severity><release>Scientific Linux</release><issued date="2018-08-15 00:00:00" /><pkglist><collection short="SL6"><name>Scientific Linux 6</name><package arch="x86_64" name="kernel-debug-devel" release="754.3.5.el6" src="kernel-2.6.32-754.3.5.el6.src.rpm" version="2.6.32"><filename>kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm</filename><sum type="sha256">4c2d90b5c62123121c28c88eae5c8c9533d7789cf0c3b9919eb11ed492c0816a</sum></package><package arch="noarch" name="kernel-doc" release="754.3.5.el6" src="kernel-2.6.32-754.3.5.el6.src.rpm" version="2.6.32"><filename>kernel-doc-2.6.32-754.3.5.el6.noarch.rpm</filename><sum type="sha256">2d1d37b8b04c2b61f0c281324a1443f485fb142c57e294571ba002db7dc579e2</sum></package><package arch="x86_64" name="python-perf" release="754.3.5.el6" src="kernel-2.6.32-754.3.5.el6.src.rpm" version="2.6.32"><filename>python-perf-2.6.32-754.3.5.el6.x86_64.rpm</filename><sum type="sha256">925f9ed690fad6eca53ebf7116a50f93e0905186e68ae05dd7dfe6158471b7bd</sum></package><package arch="x86_64" name="kernel-devel" release="754.3.5.el6" src="kernel-2.6.32-754.3.5.el6.src.rpm" version="2.6.32"><filename>kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm</filename><sum type="sha256">539b998a2f7e7fa4ea0200fa101c635aabb8b285b269cfe4d01b11337e30d90a</sum></package><package arch="x86_64" name="kernel-headers" release="754.3.5.el6" src="kernel-2.6.32-754.3.5.el6.src.rpm" version="2.6.32"><filename>kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm</filename><sum type="sha256">4bc4cd93aea722c8864ed151f62d57779a2abfef021dd56290402d4b7cf9598f</sum></package><package arch="x86_64" name="kernel" release="754.3.5.el6" src="kernel-2.6.32-754.3.5.el6.src.rpm" version="2.6.32"><filename>kernel-2.6.32-754.3.5.el6.x86_64.rpm</filename><sum type="sha256">0f29163741889d87f463e528f951816afd8241c9f6737fa99a323169e66a8437</sum></package><package arch="noarch" name="kernel-firmware" release="754.3.5.el6" src="kernel-2.6.32-754.3.5.el6.src.rpm" version="2.6.32"><filename>kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm</filename><sum type="sha256">ea0a5bf9299f4878da671349438e1e1bcc90eeb8e49a93994345b5e7a9add988</sum></package><package arch="i686" name="kernel-debug-devel" release="754.3.5.el6" src="kernel-2.6.32-754.3.5.el6.src.rpm" version="2.6.32"><filename>kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm</filename><sum type="sha256">2645c0d03833a757032aaed00226b95613411d8e48bfb9ec0b169afde88e85e3</sum></package><package arch="x86_64" name="kernel-debug" release="754.3.5.el6" src="kernel-2.6.32-754.3.5.el6.src.rpm" version="2.6.32"><filename>kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm</filename><sum type="sha256">cb3356bb0be1ce7e4329b5e7ef3093d6b710866286d4f3a4bbf8418b3f434861</sum></package><package arch="x86_64" name="perf" release="754.3.5.el6" src="kernel-2.6.32-754.3.5.el6.src.rpm" version="2.6.32"><filename>perf-2.6.32-754.3.5.el6.x86_64.rpm</filename><sum type="sha256">af7e3d794268e9d5d0ff99d938ef17ea79bf1004cff5a2252bceca1621a98c59</sum></package><package arch="noarch" name="kernel-abi-whitelists" release="754.3.5.el6" src="kernel-2.6.32-754.3.5.el6.src.rpm" version="2.6.32"><filename>kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm</filename><sum type="sha256">3caaa45863cdd17ad054c15fe8bd32c7b1dae1a82bb3f7c7e95ec8ebc61b5e07</sum></package></collection></pkglist><references><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0861" id="CVE-2017-0861" title="Kernel: Use-After-Free In Snd_Pcm_Info Function " type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15265" id="CVE-2017-15265" title="Kernel: Use-After-Free In Snd_Seq_Ioctl_Create_Port()" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000004" id="CVE-2018-1000004" title="Kernel: Race Condition In Sound System Can Lead To Denial Of Service" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10901" id="CVE-2018-10901" title="Kernel: Kvm: Vmx: Host Gdt Limit Corruption" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646" id="CVE-2018-3646" title="Kernel: Hw: Cpu: L1 Terminal Fault (L1Tf)" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3693" id="CVE-2018-3693" title="Kernel: Speculative Bounds Check Bypass Store" type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7566" id="CVE-2018-7566" title="Kernel: Race Condition In Snd_Seq_Write() May " type="cve" /><reference href="https://access.redhat.com/errata/RHSA-2018:2390" id="RHSA-2018:2390-1" title="Rhsa-2018:2390-1" type="self" /><reference href="https://access.redhat.com/security/updates/classification/#important" id="important" title="Issue Severity Classification" type="other" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1501878" id="1501878" title="Kernel: Use-After-Free In Snd_Seq_Ioctl_Create_Port()" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1535315" id="1535315" title="Kernel: Race Condition In Sound System Can Lead To Denial Of Service" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1550142" id="1550142" title="Kernel: Race Condition In Snd_Seq_Write() May " type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1563994" id="1563994" title="Kernel: Use-After-Free In Snd_Pcm_Info Function " type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1581650" id="1581650" title="Kernel: Speculative Bounds Check Bypass Store" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1585005" id="1585005" title="Kernel: Hw: Cpu: L1 Terminal Fault (L1Tf)" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1601849" id="1601849" title="Kernel: Kvm: Vmx: Host Gdt Limit Corruption" type="bugzilla" /></references></update><update from="SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" status="final" type="security" version="1.4"><id>SLSA-2018:2526-1</id><title>Mutt</title><description>Security Fix(es): 
* mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354) 
* mutt: Remote Code Execution via backquote characters (CVE-2018-14357) 
* mutt: POP body caching path traversal vulnerability (CVE-2018-14362)</description><severity>important</severity><release>Scientific Linux</release><issued date="2018-08-21 00:00:00" /><pkglist><collection short="SL6"><name>Scientific Linux 6</name><package arch="x86_64" epoch="5" name="mutt" release="9.20091214hg736b6a.el6" src="mutt-1.5.20-9.20091214hg736b6a.el6.src.rpm" version="1.5.20"><filename>mutt-1.5.20-9.20091214hg736b6a.el6.x86_64.rpm</filename><sum type="sha256">fa902145c18aefb81117cbf466f54bd9079a539fbd92da11cdab0840c868516a</sum></package></collection></pkglist><references><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" id="CVE-2018-14354" title="Mutt: Remote Code Injection Vulnerability To An " type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" id="CVE-2018-14357" title="Mutt: Remote Code Execution Via Backquote " type="cve" /><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" id="CVE-2018-14362" title="Mutt: Pop Body Caching Path Traversal Vulnerability" type="cve" /><reference href="https://access.redhat.com/errata/RHSA-2018:2526" id="RHSA-2018:2526-1" title="Rhsa-2018:2526-1" type="self" /><reference href="https://access.redhat.com/security/updates/classification/#important" id="important" title="Issue Severity Classification" type="other" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1602069" id="1602069" title="Mutt: Remote Code Injection Vulnerability To An " type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1602079" id="1602079" title="Mutt: Pop Body Caching Path Traversal Vulnerability" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1602915" id="1602915" title="Mutt: Remote Code Execution Via Backquote " type="bugzilla" /></references></update><update from="SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" status="final" type="security" version="1.4"><id>SLSA-2018:2571-1</id><title>Bind</title><description>Security Fix(es): 
* bind: processing of certain records when "deny-answer-aliases" is in use may trigger an assert leading to a denial of service (CVE-2018-5740)</description><severity>important</severity><release>Scientific Linux</release><issued date="2018-08-27 00:00:00" /><pkglist><collection short="SL6"><name>Scientific Linux 6</name><package arch="x86_64" epoch="32" name="bind-sdb" release="0.68.rc1.el6_10.1" src="bind-9.8.2-0.68.rc1.el6_10.1.src.rpm" version="9.8.2"><filename>bind-sdb-9.8.2-0.68.rc1.el6_10.1.x86_64.rpm</filename><sum type="sha256">d0d0b46f15278e4c5a7b85763a9068b5b7ebcc185c4f37dd0de6ca376c59cc95</sum></package><package arch="x86_64" epoch="32" name="bind-utils" release="0.68.rc1.el6_10.1" src="bind-9.8.2-0.68.rc1.el6_10.1.src.rpm" version="9.8.2"><filename>bind-utils-9.8.2-0.68.rc1.el6_10.1.x86_64.rpm</filename><sum type="sha256">30d6f78ef1a742d40bd973ebe4e4c974dae0f7c08d3fe91287ce50d042a67157</sum></package><package arch="x86_64" epoch="32" name="bind-libs" release="0.68.rc1.el6_10.1" src="bind-9.8.2-0.68.rc1.el6_10.1.src.rpm" version="9.8.2"><filename>bind-libs-9.8.2-0.68.rc1.el6_10.1.x86_64.rpm</filename><sum type="sha256">e2ab23a24ad97f1b2b9c668eb029f429612ed3ac89103d7e0aa511abc918e862</sum></package><package arch="x86_64" epoch="32" name="bind-devel" release="0.68.rc1.el6_10.1" src="bind-9.8.2-0.68.rc1.el6_10.1.src.rpm" version="9.8.2"><filename>bind-devel-9.8.2-0.68.rc1.el6_10.1.x86_64.rpm</filename><sum type="sha256">2c0234bf1d22cd721f1ad4972f38767c736e95ed031d3f2b0de0b4122e95387a</sum></package><package arch="x86_64" epoch="32" name="bind" release="0.68.rc1.el6_10.1" src="bind-9.8.2-0.68.rc1.el6_10.1.src.rpm" version="9.8.2"><filename>bind-9.8.2-0.68.rc1.el6_10.1.x86_64.rpm</filename><sum type="sha256">ceee9f4b1da65dfc49721f936064f1681ccf5edcd106a612f14ea7b44986ca81</sum></package><package arch="i686" epoch="32" name="bind-libs" release="0.68.rc1.el6_10.1" src="bind-9.8.2-0.68.rc1.el6_10.1.src.rpm" version="9.8.2"><filename>bind-libs-9.8.2-0.68.rc1.el6_10.1.i686.rpm</filename><sum type="sha256">20c898d58c1d3548fe3fc6e1401e5d3ed4354f0cbf1f8870afd6320fa8764562</sum></package><package arch="i686" epoch="32" name="bind-devel" release="0.68.rc1.el6_10.1" src="bind-9.8.2-0.68.rc1.el6_10.1.src.rpm" version="9.8.2"><filename>bind-devel-9.8.2-0.68.rc1.el6_10.1.i686.rpm</filename><sum type="sha256">8ce80c47c82c6fce7ca1492c1d901606ed4384cfc5a4e446e86ab5d2c4a60c55</sum></package><package arch="x86_64" epoch="32" name="bind-chroot" release="0.68.rc1.el6_10.1" src="bind-9.8.2-0.68.rc1.el6_10.1.src.rpm" version="9.8.2"><filename>bind-chroot-9.8.2-0.68.rc1.el6_10.1.x86_64.rpm</filename><sum type="sha256">ca4535e8a75afed686936359e558abcb55c25dff9411d964ece5fa4a70690f2f</sum></package></collection></pkglist><references><reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5740" id="CVE-2018-5740" title="Bind: Processing Of Certain Records When " type="cve" /><reference href="https://access.redhat.com/errata/RHSA-2018:2571" id="RHSA-2018:2571-1" title="Rhsa-2018:2571-1" type="self" /><reference href="https://access.redhat.com/security/updates/classification/#important" id="important" title="Issue Severity Classification" type="other" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1613595" id="1613595" title="Bind: Processing Of Certain Records When " type="bugzilla" /></references></update></updates>