Security

glibc Jan 28, 2015, 07:06 PMJan 28, 2015, 07:06 PM
Version: 2.11.2-alt1.M51.2
Summary: The GNU libc libraries
Changelog:
- Backported upstream fix for Sourceware#15014 (CVE-2015-0235).
strongswan Apr 30, 2013, 07:04 PMApr 30, 2013, 07:04 PM
Version: 4.3.7-alt1.M51.1
Summary: StrongSWAN IPSEC implementation
Changelog:
- applied the upstream provided patch to fix CVE-2013-2944
  (ECDSA signature vulnerability if openssl backend is loaded)
samba Apr 11, 2012, 10:28 AMApr 11, 2012, 10:28 AM
Version: 3.0.37-alt5.M50P.1
Summary: Samba SMB/CIFS server
Changelog:
- CVE-2012-1182
libtiff Sep 29, 2011, 08:17 PMSep 29, 2011, 08:17 PM
Version: 3.9.5-alt1.M50P.1
Summary: A library of functions for manipulating TIFF format image files
Changelog:
- Backport to p5 branch (CVE-2010-3087 CVE-2010-2595 CVE-2011-0192 CVE-2011-1167)
- no libtiffxx subpackage
exim May 16, 2011, 06:24 PMMay 16, 2011, 06:24 PM
Version: 4.76-alt0.M50P.1
Summary: Exim Mail Transport Agent
Changelog:
- Backport to p5 (fixes CVE-2011-1764)
postfix May 16, 2011, 02:44 PMMay 16, 2011, 02:44 PM
Version: 2.5.13-alt0.M50P.1
Summary: Postfix Mail Transport Agent
Changelog:
- Backport to p5 (fixes CVE-2011-1720)
pidgin-mini Mar 30, 2011, 09:16 PMMar 30, 2011, 09:16 PM
Version: 2.7.11-alt0.M50P.1
Summary: A GTK+ based multiprotocol instant messaging client
Changelog:
- Backport to p5 branch (fixes CVE-2011-1091)
libxml2 Jan 20, 2011, 01:13 PMJan 20, 2011, 01:13 PM
Version: 2.7.8-alt3.M50P.1
Summary: The library for manipulating XML files
Changelog:
- backport to p5 branch (fixes CVE-2010-4494)
cvs Dec 5, 2010, 01:02 PMDec 5, 2010, 01:02 PM
Version: 1.11.23-alt3.M50P.1
Summary: A version control system
Changelog:
- backport to p5 branch (fixed CVE-2010-3846)
vlc Nov 19, 2010, 04:49 PMNov 19, 2010, 04:49 PM
Version: 1.1.4-alt0.M50P.1
Summary: VLC media player
Changelog:
- backport to p5 (new version with CVE-2010-2937 fix)
- disable services_discovery/libudev_plugin.so
- disable SDL_image support
gnome-vfs Nov 13, 2010, 06:39 PMNov 13, 2010, 06:39 PM
Version: 2.24.4-alt0.M50P.1
Summary: The GNOME virtual file-system libraries
Changelog:
- backport to p5 branch (fixed CVE-2009-2473)
vips Nov 12, 2010, 08:58 PMNov 12, 2010, 08:58 PM
Version: 7.22.4-alt0.M50P.1
Summary: Large image processing library
Changelog:
- backport to p5 branch (fixed CVE-2010-3364)
subversion Nov 12, 2010, 07:40 PMNov 12, 2010, 07:40 PM
Version: 1.6.13-alt0.M50P.1
Summary: A version control system
Changelog:
- backport to p5 branch (fixed CVE-2010-3315)
poppler5 Oct 20, 2010, 02:18 PMOct 20, 2010, 02:18 PM
Version: 0.12.4-alt0.M51.3
Summary: PDF rendering library
Changelog:
- fix CVE-2010-3703
kernel-image-el-smp Oct 12, 2010, 08:06 PMOct 12, 2010, 08:06 PM
Version: 2.6.32-alt10
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
- CVE-2010-2962
- build af_packet as module
libesmtp Oct 5, 2010, 11:49 PMOct 5, 2010, 11:49 PM
Version: 1.0.4-alt2.1.0.M51.1
Summary: LibESMTP is a library to manage posting email using SMTP
Changelog:
- Fixed CVE-2010-1192, CVE-2010-1194 (certificate validation flaws).
  Fix backported from 1.0.6
python-module-mako Oct 2, 2010, 06:06 PMOct 2, 2010, 06:06 PM
Version: 0.2.5-alt1.M51.1
Summary: template library written in Python
Changelog:
- Fixed CVE-2010-2480 - XSS via inadequate escaping (patch from ubuntu)
  + lib/mako/filters.py: use xml.sax.saxutils.escape instead of
  cgi.escape so we can escape single quotes.
bzip2 Sep 20, 2010, 10:07 PMSep 20, 2010, 10:07 PM
Version: 1.0.6-alt1
Summary: Extremely powerful file compression utility
Changelog:
- Updated to 1.0.6 (fixes CVE-2010-0405).
libmikmod Aug 26, 2010, 01:53 PMAug 26, 2010, 01:53 PM
Version: 3.1.11-alt0.8
Summary: A portable sound library for Unix
Changelog:
- imported security fixes from openSUSE 3.1.11a-84.5 package:
  + CVE-2007-6720:
    denial of service (crash) by loading multiple MOD files
    with different numbers of channels
  + CVE-2009-0179:
    denial of service (crash) by loading an XM file
  + CVE-2009-3995:
    arbitrary code execution via (1) crafted samples
    or (2) crafted instrument definitions in an Impulse Tracker file
  + CVE-2009-3996:
    arbitrary code execution via an Ultratracker file
socat Aug 4, 2010, 08:40 PMAug 4, 2010, 08:40 PM
Version: 1.7.1.3-alt1
Summary: 'socket cat' - multipurpose relay for bidirectional data transfer
Changelog:
- New version: CVE-2010-2799 fixed (closes #23839).
openldap2.4 Jul 1, 2010, 03:22 PMJul 1, 2010, 03:22 PM
Version: 2.4.23-alt0.M50P.1
Summary: LDAP libraries and sample clients
Changelog:
- backport to p5 branch (security fixes: CVE-2010-0212 and CVE-2010-0211)
libpng Jun 29, 2010, 07:53 PMJun 29, 2010, 07:53 PM
Version: 1.2.44-alt1
Summary: A library of functions for manipulating PNG image format files
Changelog:
- Updated to 1.2.44 (fixes: CVE-2010-1205, CVE-2010-2249).
tomcat5 Mar 19, 2010, 04:42 PMMar 19, 2010, 04:42 PM
Version: 5.5.27-alt4_7.4jpp5
Summary: Apache Servlet/JSP Engine, RI for Servlet 2.4/JSP 2.0 API
Changelog:
- updated to fc 7.4
- CVE-2009-0033, CVE-2009-0580 (closes: 20311, 20314)
- su -s /bin/sh -c instead of su - (closes: #23073)
netpbm Mar 2, 2010, 07:55 AMMar 2, 2010, 07:55 AM
Version: 10.35.32-alt1.M51.1
Summary: Tools for manipulating graphics files in netpbm supported formats
Changelog:
- fixed stack-based buffer overflow (CVE-2009-4274)
- fixed build
  + netpbm-10.35-alt-fix-overflow-destination-buffer.patch
  + netpbm-10.35-fix-gcc43.patch (backported fix)
dnsmasq Mar 1, 2010, 08:30 PMMar 1, 2010, 08:30 PM
Version: 2.46-alt1.1.M51.2
Summary: A lightweight caching nameserver
Changelog:
- fix TFTP server vulnerabilities (CVE-2009-2957, CVE-2009-2958).
sudo Feb 23, 2010, 06:23 PMFeb 23, 2010, 06:23 PM
Version: 1.6.8p12-alt7
Summary: Allows command execution as another user
Changelog:
- Backported upstream fix for CVE-2010-0426 (a flaw in sudoedit could
  give a user with permission to run sudoedit the ability to run
  arbitrary commands).
chrony Feb 8, 2010, 12:09 PMFeb 8, 2010, 12:09 PM
Version: 1.24-alt1
Summary: Chrony clock synchronization program
Changelog:
- 1.24. Contains security fixes for CVE-2010-0292, CVE-2010-0293, CVE-2010-0294.
fuse Jan 27, 2010, 01:26 PMJan 27, 2010, 01:26 PM
Version: 2.8.2-alt1
Summary: tool for creating virtual filesystems
Changelog:
- 2.8.2
- CVE-2009-3297 (ALT #22834)
MySQL Jan 27, 2010, 01:26 AMJan 27, 2010, 01:26 AM
Version: 5.0.89-alt1
Summary: MySQL: A very fast and reliable SQL database engine
Changelog:
- new version (closes #18943)
- fixed CVE-2009-2446 from upstream (closes #20724)
- setup utf8 encoding instead of latin1 by default (closes #12390)
- include C99 aliasing violation patch from mythtv (closes #22452)
- removed username-length patch
- wait for mysqld shutdown (closes #22234)
- don't run initial setup mysql database if mysql.user table already exists
gzip Jan 20, 2010, 06:01 PMJan 20, 2010, 06:01 PM
Version: 1.3.5-alt6
Summary: The GNU data compression program
Changelog:
- Applied upstream fix for integer underflow bug (CVE-2010-0001).
Back to Top