Security
May 30, 2012, 01:49 PM
openssl098
Version: 0.9.8d-alt4.M41.2
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changelog:
- 4.1 security update (fix CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2333)
Mar 14, 2012, 05:01 PM
icu
Version: 3.8.1-alt2.M41.2
Summary: International Components for Unicode
Changelog:
- 4.1 security update (fix CVE-2011-4599)
Mar 13, 2012, 05:57 PM
cups
Version: 1.3.10-alt0.M41.4
Summary: Common Unix Printing System - server package
Changelog:
- 4.1 security update (fix cups-CVE-2011-2896)
Mar 13, 2012, 03:32 PM
libXfont
Version: 1.3.3-alt0.M41.2
Summary: X font Library
Changelog:
- 4.1 security update (fix CVE-2011-2895)
Mar 13, 2012, 02:38 PM
avahi
Version: 0.6.22-alt6.M41.2
Summary: Local network service discovery
Changelog:
- 4.1 security update (fix CVE-2011-1002)
Mar 2, 2012, 04:17 PM
libfreetype
Version: 2.3.11-alt1.M41.1
Summary: The FreeType2 library
Changelog:
- 4.1 security update (fix CVE-2010-1797 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2805 CVE-2010-2806 CVE-2010-2808 CVE-2010-3311 CVE-2010-3855 CVE-2011-0226 CVE-2011-3256 CVE-2011-3439)
Dec 9, 2011, 04:09 PM
glibc
Version: 2.5.1-alt4.M41.2
Summary: The GNU libc libraries
Changelog:
- CVE-2010-0296 CVE-2011-1095 CVE-2011-0536
Dec 9, 2011, 12:21 PM
ghostscript
Version: 8.63-alt0.M41.4
Summary: PostScript interpreter and renderer, most printer drivers
Changelog:
- CVE-2008-0411
Dec 8, 2011, 04:42 PM
mailman
Version: 2.1.10-alt0.3.1.M41.1
Summary: Mailing list manager with built in web access
Changelog:
- CVE-2010-3089 CVE-2011-0707
Dec 8, 2011, 03:35 PM
libtiff
Version: 3.8.2-alt2.M41.4
Summary: A library of functions for manipulating TIFF format image files
Changelog:
- CVE-2010-2065 CVE-2011-0192 CVE-2011-1167
Dec 8, 2011, 03:13 PM
libtiff3
Version: 3.5.7-alt7.M41.2
Summary: A library of functions for manipulating TIFF format image files
Changelog:
- CVE-2009-2347 CVE-2010-2065 CVE-2011-0192
Dec 8, 2011, 12:45 PM
dhcp
Version: 3.0.6-alt2.M41.1
Summary: Dynamic Host Configuration Protocol (DHCP) distribution
Changelog:
- CVE-2009-0692 CVE-2011-0997 CVE-2011-2748-2749
Dec 2, 2011, 01:10 PM
curl
Version: 7.18.1-alt3.M41.3
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changelog:
- CVE-2011-2192
Dec 2, 2011, 12:21 PM
libneon0.25
Version: 0.25.5-alt1.1.M41.1
Summary: neon is an HTTP and WebDAV client library
Changelog:
- CVE-2009-2473
Dec 2, 2011, 12:04 PM
libneon
Version: 0.24.7-alt3.1.M41.1
Summary: neon is an HTTP and WebDAV client library
Changelog:
- CVE-2009-2473 CVE-2009-2474
Dec 1, 2011, 04:19 PM
newt
Version: 0.50.39-alt3.1.M41.1
Summary: A development library for text mode user interfaces.
Changelog:
- CVE-2009-2905
Dec 1, 2011, 12:49 PM
dstat
Version: 0.6.6-alt1.1.M41.1
Summary: Versatile vmstat, iostat and ifstat replacement
Changelog:
- CVE-2009-3894
Dec 1, 2011, 12:25 PM
expat
Version: 2.0.1-alt0.1.M41.1
Summary: An XML parser written in C
Changelog:
- CVE-2009-3560 CVE-2009-3720
Nov 30, 2011, 04:44 PM
gd2
Version: 2.0.35-alt1.M41.1
Summary: A graphics library for drawing image files in various formats
Changelog:
- CVE-2009-3546
Nov 30, 2011, 04:29 PM
krb5
Version: 1.6.3-alt3.M41.4
Summary: The Kerberos network authentication system
Changelog:
- CVE-2010-1321 CVE-2009-0846 CVE-2007-5971 CVE-2007-5901
Nov 30, 2011, 04:09 PM
gcc3.4
Version: 3.4.5-alt7.M41.1
Summary: GNU Compiler Collection
Changelog:
- CVE-2006-3619 CVE-2009-3736
Nov 30, 2011, 02:26 PM
libtool_1.5
Version: 1.5.26-alt2.M41.1
Summary: The GNU libtool, which simplifies the use of shared libraries
Changelog:
- CVE-2009-3736
Nov 28, 2011, 03:21 PM
bind
Version: 9.3.6-alt4.M41.2
Summary: ISC BIND - DNS server
Changelog:
- CVE-2009-4022 CVE-2010-0097 CVE-2010-3762 CVE-2011-4313
Nov 28, 2011, 12:09 PM
sudo
Version: 1.6.8p12-alt5.M41.1
Summary: Allows command execution as another user
Changelog:
- CVE-2010-0426 sudo: sudoedit option can possibly allow for arbitrary code execution
Nov 25, 2011, 03:18 PM
cpio
Version: 2.10-alt2.M41.2
Summary: A GNU archiving program
Changelog:
- CVE-2010-0624
Nov 17, 2011, 02:49 PM
tar
Version: 1.20-alt1.M41.1
Summary: A GNU file archiving program
Changelog:
- fixed CVE-2010-0624
Nov 16, 2011, 04:50 PM
ntp
Version: 4.2.4-alt3.p4.M41.2
Summary: The Network Time Protocol (NTP)
Changelog:
- fixed CVE-2009-3563
Nov 15, 2011, 04:33 PM
xmlsec1
Version: 1.2.10-alt1.M41.1
Summary: Library providing support for "XML Signature" and "XML Encryption" standards
Changelog:
- Fixed CVE-2009-0217
Nov 14, 2011, 03:41 PM
fetchmail
Version: 6.3.8-alt6.1.M41.1
Summary: Full-featured POP/IMAP/ETRN mail retrieval daemon
Changelog:
- Fixed: CVE-2008-2711, CVE-2009-2666
Apr 4, 2011, 02:53 PM
nss
Version: 3.12.1-alt0.20080628.M41.2
Summary: Netscape Network Security Services(NSS)
Changelog:
- Fixed CVE-2009-2408 - Fixed CVE-2009-2409
Apr 4, 2011, 01:50 PM
poppler08
Version: 0.8.7-alt1.M41.3
Summary: PDF rendering library
Changelog:
- Security fixes: - CVE-2009-0755 - CVE-2009-3603 - CVE-2009-3604 - CVE-2009-3608 - CVE-2009-3609 - CVE-2010-3702 - CVE-2010-3704 - Don't package utils
Apr 4, 2011, 11:12 AM
xpdf
Version: 3.02-alt4.M41.1
Summary: Portable Document Format (PDF) suite
Changelog:
- Apply xpdf-3.02pl3 security patch to fix: CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188. - Apply xpdf-3.02pl4 security patch to fix: CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609. - Security fixes: CVE-2010-3702, CVE-2010-3704.
Mar 22, 2011, 03:41 PM
libxml2
Version: 2.7.2-alt1.M41.2
Summary: The library for manipulating XML files
Changelog:
- fixed CVE-2009-2414, CVE-2009-2416
Mar 18, 2011, 03:50 PM
php
Version: 4.4.8-alt1.M41.1
Summary: The PHP4 scripting language
Changelog:
- Fixed: + CVE-2008-3658 + CVE-2008-3660 + CVE-2008-5498 + CVE-2008-5557 + CVE-2009-0754
Mar 17, 2011, 05:15 PM
acpid
Version: 1.0.6-alt2.M41.1
Summary: ACPI kernel daemon and control utility
Changelog:
- fixed CVE-2009-0798
Mar 17, 2011, 10:58 AM
libvorbis
Version: 1.2.0-alt3.M41.1
Summary: The Vorbis General Audio Compression Codec
Changelog:
- fixed CVE-2009-2663
Mar 17, 2011, 10:49 AM
subversion
Version: 1.4.4-alt2.1.M41.1
Summary: A version control system
Changelog:
- Fixed CVE-2009-2411
Mar 16, 2011, 02:49 PM
ruby
Version: 1.8.7-alt0.M41.5
Summary: Interpreter of object-oriented scripting language Ruby 1.8
Changelog:
- Fixed CVE-2007-1558 - Fixed CVE-2009-0642
Mar 15, 2011, 05:28 PM
aprutil1
Version: 1.2.12-alt1.M41.1
Summary: Apache Portable Runtime Utility shared library
Changelog:
- Fixed CVE-2009-0023 - Fixed CVE-2009-1955 - Fixed CVE-2009-1956
Mar 15, 2011, 01:34 PM
glib2
Version: 2.16.6-alt0.M41.2
Summary: A library of handy utility functions
Changelog:
- fixed CVE-2008-4316
Mar 15, 2011, 12:13 PM
libjasper
Version: 1.900.1-alt1.M41.1
Summary: JasPer -- implementation of the codec specified in the JPEG-2000 Part-1 standard
Changelog:
- fixed CVE-2007-2721 - fixed CVE-2008-3520
Mar 2, 2010, 01:50 PM
netpbm
Version: 10.35.32-alt1.M41.1
Summary: Tools for manipulating graphics files in netpbm supported formats
Changelog:
- fixed stack-based buffer overflow (CVE-2009-4274) - fixed build + netpbm-10.35-alt-fix-overflow-destination-buffer.patch
Mar 1, 2010, 08:36 PM
dnsmasq
Version: 2.41-alt4.M41.1
Summary: A lightweight caching nameserver
Changelog:
- fix TFTP server vulnerabilities (CVE-2009-2957, CVE-2009-2958).
Jan 20, 2010, 06:05 PM
gzip
Version: 1.3.5-alt4.M40.1
Summary: The GNU data compression program
Changelog:
- Applied upstream fix for integer underflow bug (CVE-2010-0001).
Aug 21, 2009, 11:53 AM
kernel-image-std-ll
Version: 2.6.25-alt8.M41.5
Summary: The Linux kernel (the core of the Linux operating system) low latency version
Changelog:
- [SECURITY] fix CVE-2009-2692
Aug 19, 2009, 06:11 PM
kernel-image-std-pae
Version: 2.6.25-alt8.M41.5
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
- [SECURITY] fix CVE-2009-2692
Aug 19, 2009, 11:51 AM
kernel-image-std-srv
Version: 2.6.25-alt8.M41.5
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
- [SECURITY] fix CVE-2009-2692
Aug 18, 2009, 04:10 PM
kernel-image-std-def
Version: 2.6.25-alt8.M41.5
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
- [SECURITY] fix CVE-2009-2692
Apr 21, 2009, 12:58 PM
poppler
Version: 0.6.4-alt2.M41.1
Summary: PDF rendering library
Changelog:
- Security fixes: - CVE-2009-0146 - CVE-2009-0147 - CVE-2009-0166 - CVE-2009-0799 - CVE-2009-0800 - CVE-2009-1179 - CVE-2009-1180 - CVE-2009-1181 - CVE-2009-1182 - CVE-2009-1183
Apr 9, 2009, 10:51 PM
udev
Version: 118-alt1.M41.2
Summary: udev - an userspace implementation of devfs
Changelog:
- fixed CVE-2009-1185
Feb 12, 2009, 05:22 PM
audiofile
Version: 0.2.6-alt2.M41.1
Summary: Library to handle various audio file formats
Changelog:
- Fix CVE-2008-5824.
Feb 12, 2009, 04:59 PM
ffmpeg
Version: 11656-alt1.M41.1
Summary: Hyper fast MPEG1/MPEG4/H263/RV and AC3/MPEG audio encoder
Changelog:
- Fix ffmpeg <r16846 Type conversion vulnerability (CVE-2009-0385). - Fix CVE-2008-2132.
Nov 21, 2008, 05:10 PM
imlib2
Version: 1.4.0-alt1.M41.2
Summary: Powerful image loading and rendering library
Changelog:
- Fix CVE-2008-5187.
Nov 11, 2008, 05:43 PM
vlc
Version: 0.8.7-alt0.M41.1
Summary: VLC Media Player
Changelog:
- Fixes from 0.8.6-bugfix git branch. - Fixes CVE-2008-4654, CVE-2008-4686, CVE-2008-3732, CVE-2008-3794.
Nov 10, 2008, 04:42 PM
net-snmp
Version: 5.4.1.1-alt0.M41.2
Summary: Tools and servers for the SNMP protocol
Changelog:
- Fix CVE-2008-4309.
Oct 17, 2008, 03:35 PM
nfs
Version: 1.1.2-alt1.M41.1
Summary: The Linux NFS clients, utilities and server
Changelog:
- CVE-2008-4552 fixed
Oct 13, 2008, 04:13 PM
awstats
Version: 6.9-alt0.0.b2008.08.05.M41.1
Summary: Real-time logfile analyzer to get advanced web statistics
Changelog:
- Rebuild for 4.1 - Security fix: CVE-2008-3714 (AWStats URL Cross-Site Scripting Vulnerability)
Aug 31, 2008, 02:28 PM
ipsec-tools
Version: 0.6.7-alt2.M41
Summary: IPsec-Tools package use the IPsec functionality in the linux-2.5+ kernels.
Changelog:
- CVE-2008-3651 and CVE-2008-3652 patches from RedHat package ipsec-tools-0.6.5-9.3: + for DoS through various memory leaks (rh#456660, rh#458846) - other patches from RH
May 10, 2008, 05:41 PM
rdesktop
Version: 1.5.0-alt7
Summary: Powerful tool for remote desktop connection
Changelog:
- CVE-2008-1801 - CVE-2008-1802 - CVE-2008-1803
May 6, 2008, 05:14 PM
kernel-image-ovz-smp
Version: 2.6.18-alt24
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
- CVE-2008-1669: add rcu_read_lock() to fs/locks.c and fix fcntl store/load - CVE-2008-1375: Race condition in the directory notification subsystem (dnotify) - CVE-2008-1294: does not check when a user attempts to set RLIMIT_CPU to 0 - update to std-smp-alt12.M40.1
Apr 30, 2008, 03:01 PM
perl-Imager
Version: 0.64-alt1
Summary: Perl module for generating 24 bit Images
Changelog:
- New version 0.64 -- fix buffer overflow in image fills (CVE-2008-1928) -- multiple improvements in image converting code -- several other bug fixes and improvements, see Changes for details
Apr 22, 2008, 10:15 AM
dbmail
Version: 2.2.9-alt1
Summary: DBMail is a POP3/IMAP server that enables email to be stored in and retrieved from a database
Changelog:
- move to 2.2.9 - fixed CVE-2007-6714 (thanks to mike@)
Mar 26, 2008, 04:38 AM
sqlite
Version: 2.8.17-alt1
Summary: An Embeddable SQL Database Engine, version 2
Changelog:
- 2.8.16 -> 2.8.17+cvs20070108 - fix for buffer overflow in sqlite_decode_binary (CVE-2007-1888) - split package sqlite-doc, renamed sqlite-devel to libsqlite-devel
Mar 18, 2008, 10:44 AM
unzip
Version: 5.52-alt5
Summary: An utility for unpacking zip archives
Changelog:
- fix CVE-2008-0888
Mar 16, 2008, 02:57 PM
MySQL
Version: 5.0.51-alt2.a
Summary: MySQL: A very fast and reliable SQL database engine
Changelog:
- 5.0.51a. - Security fixes: + CVE-2008-0226, CVE-2008-0227 (Three vulnerabilities in yaSSL versions 1.7.5 that could lead to a server crash or execution of unauthorized code.) + ALTER VIEW retained the original DEFINER value, even when altered by another user, which could allow that user to gain the access rights of the view (MySQL #29908). - Add glibc-locales to -server deps (ALT #13909 #14731). - Make links to mysqld_safe for backwards compatibility (ALT #14863). - Update html documentation to 10265 revsion.
Mar 12, 2008, 02:43 PM
smarty
Version: 2.6.19-alt1
Summary: Template engine for PHP
Changelog:
- 2.6.19. Security fixes: + CVE-2008-1066 (Smarty "regex_replace" Modifier Template Security Bypass)
Feb 29, 2008, 07:01 PM
apache2
Version: 2.2.8-alt1
Summary: The most widely used Web server on the Internet
Changelog:
- 2.2.8 - Adding SECURITY to upstream: + CVE-2007-6421 (cve.mitre.org) + CVE-2007-6422 (cve.mitre.org) + CVE-2007-6388 (cve.mitre.org) + CVE-2007-5000 (cve.mitre.org) + CVE-2008-0005 (cve.mitre.org) - Fix #14601: less-than-optimal examples in con/sites-available. (Thanks Mikhail Gusarov <dottedmag altlinux org>) + update apache2-2.2.6-alt-configs-0.1.patch to apache2-2.2.8-alt-configs-0.2.patch - Updating patchs for 2.2.6: + apache2-2.2.6-alt-debian.conf-0.1.patch to apache2-2.2.8-alt-debian.conf-0.1.patch + apache2-2.2.6-alt-default_https.conf.in-0.1.patch to apache2-2.2.8-alt-default_https.conf.in-0.1.patch + apache2-2.2.6-alt-cgi-0.1.patch to apache2-2.2.8-alt-cgi-0.1.patch
Feb 22, 2008, 06:29 PM
wyrd
Version: 1.4.4-alt1
Summary: Wyrd is a curses front-end for Remind
Changelog:
- 1.4.4: fixes CVE-2008-0806 (insecure tmpfile handling, see also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466382)
Feb 14, 2008, 09:57 AM
SDL_image
Version: 1.2.6-alt3
Summary: Simple DirectMedia Layer - image
Changelog:
- Buffer overflow fix in RLE decompression (CVE-2008-0544).
Feb 10, 2008, 10:16 PM
kernel-image-std-smp
Version: 2.6.18-alt12
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
- Security-related changes: + CVE-2008-0600: splice: fix user pointer access in get_iovec_page_array() + check iovec buffers in __bio_map_user_iov() (fixes issue with SG_IO) + guard against attempts to call get_user_pages() for 0 pages
Feb 5, 2008, 10:56 PM
tk8.4
Version: 8.4.17-alt1
Summary: A Tk toolkit fot Tcl scripting language
Changelog:
- 8.4.17 released - CVE-2006-4484 fixed
Feb 5, 2008, 10:56 AM
scponly
Version: 4.8-alt1
Summary: Limited shell for secure file transfers
Changelog:
- Updated to new version 4.8, fixes CVE-2007-6415 problem - Change source URL to SourceForge
Nov 30, 2007, 04:57 PM
ircservices
Version: 5.0.63-alt1
Summary: IRC Services is a system of services to be used with Internet Relay Chat networks
Changelog:
- Security fix: CVE-2007-6122
Sep 25, 2007, 09:03 PM
fvwm
Version: 2.5.23-alt1
Summary: F(?) Virtual Window Manager
Changelog:
- 2.5.23. - Removed cvs-CVE-2006-5969 patch (obsolete). - Enabled HTML documentation build (new in 2.5.22); added HTML docs to the fvwm-base package. - Added alt-configure-datarootdir patch: fake datarootdir for autoconf-2.59 (temporary build fix while autoconf >= 2.60 is not available). - Added alt-htmldoc patch: fix HTML documentation build and installation. - Updated BuildRequires.
Sep 14, 2007, 12:32 AM
id3lib
Version: 3.8.3-alt5
Summary: A software library for manipulating ID3v1 and ID3v2 tags
Changelog:
- Fixed CVE-2007-4460 (SA26536): Insecure temporary file privilege escalation.
Aug 2, 2007, 12:41 AM
tcpdump
Version: 3.9.7-alt1
Summary: A network traffic monitoring tool
Changelog:
- Updated to 3.9.7 (fixes CVE-2007-3798: BGP dissector integer overflow).
May 30, 2007, 05:25 PM
mutt
Version: 1.4.2.3-alt1
Summary: A text mode mail and news user agent
Changelog:
- Updated to 1.4.2.3 (fixes CVE-2007-1558).
May 22, 2007, 11:54 AM
file
Version: 4.20-alt5
Summary: A utility for determining file types
Changelog:
- Fixed integer overflow check (CVE-2007-1536), reported by Colin Percival.
May 3, 2007, 05:29 PM
pptpd
Version: 1.3.4-alt1
Summary: A PPTP server daemon
Changelog:
- 1.3.4: + Security fix - remote DoS - malformed GRE packets can terminate PPTP connections (CVE-2007-0244) + Fix two release critical packet reordering bugs + Some other (see NEWS) - Add dirty hack for fix wtmp work on x86_64 (re-Closes: #9817) - Update default options.pptpd
Apr 16, 2007, 12:14 AM
lha
Version: 1.14i-alt2
Summary: An archiving and compression utility for LHarc format archives
Changelog:
- ac20050924p1: security fixes for CVE-2006-4335, CVE-2006-4337, CVE-2006-4338 (DoS, system access) - removed patch1, patch2, patch4, patch5 (didn't apply)
Feb 14, 2007, 06:29 PM
libchm
Version: 0.39-alt1
Summary: chmlib is a small library designed for accessing MS ITSS files
Changelog:
- Security fix: CVE-2007-0619. - Update URL.
Nov 3, 2005, 11:34 PM
libungif
Version: 4.1.4-alt1
Summary: A library for manipulating GIF format image files
Changelog:
- Updated to 4.1.4 (fixes CVE-2005-2974 and CVE-2005-3350 but the code remains far from clean yet).