Sisyphus repository
Last update: 2018-10-20 23:10:32 +0400 | SRPMs: 18794 | Sign in or Sign up
en ru uk br
Security fixes

kernel-image-std-pae-1:4.4.162-alt1  build 2018-10-20

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.162 (Fixes: CVE-2018-10879)

clamav-0.100.2-alt1  build 2018-10-17

Group: File tools
Summary: Clam Antivirus scanner
Changes:

- 0.100.2 (CVE-2018-15378, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)

libssh-0.8.4-alt1  build 2018-10-17

Group: System/Libraries
Summary: C library to authenticate in a simple manner to one or more SSH servers
Changes:

- new version
- security fix: CVE-2018-10933

libssh-0.8.4-alt2  build 2018-10-17

Group: System/Libraries
Summary: C library to authenticate in a simple manner to one or more SSH servers
Changes:

- fix changelog
- security fixes: CVE-2018-10933

texlive-2018-alt1_4  build 2018-10-16

Group: Publishing
Summary: The TeX formatting system
Changes:

- new version; fixes CVE-2018-17407

kernel-image-std-pae-1:4.4.161-alt1  build 2018-10-15

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.161 (Fixes: CVE-2018-10879, CVE-2018-10880, CVE-2018-7755)

kernel-image-std-pae-1:4.4.161-alt1  build 2018-10-15

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.161 (Fixes: CVE-2018-10879, CVE-2018-10880, CVE-2018-7755)

kernel-image-un-def-1:4.18.14-alt1  build 2018-10-15

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.18.14 (Fixes: CVE-2018-15471)

kernel-image-std-def-1:4.14.76-alt1  build 2018-10-15

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.76 (Fixes: CVE-2018-15471)

kernel-image-std-def-1:4.14.76-alt1  build 2018-10-15

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.76 (Fixes: CVE-2018-15471)

wireshark-2.6.4-alt1  build 2018-10-13

Group: Monitoring
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changes:

- 2.6.4 (fixes: CVE-2018-18227, CVE-2018-18225, CVE-2018-18225, CVE-2018-12086)
- disabled build gtk+ UI

glusterfs3-3.12.15-alt1  build 2018-10-13

Group: System/Base
Summary: Cluster File System
Changes:

- new version 3.12.15 (with rpmrb script)
- CVE-2018-10907, CVE-2018-10904, CVE-2018-10911 CVE-2018-10913, CVE-2018-10923, CVE-2018-10930

libgit2-0.26.7-alt1  build 2018-10-12

Group: System/Libraries
Summary: linkable library for Git
Changes:

- 0.26.7 (fixed CVE-2018-17456)

tinc-1.0.35-alt1  build 2018-10-11

Group: System/Servers
Summary: Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet.
Changes:

- New version
* Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738)
* Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758)
- Disabling VDE support

libpng16-1.6.35-alt1  build 2018-10-10

Group: System/Libraries
Summary: A library of functions for manipulating PNG image format files
Changes:

- 1.6.35 (fixes: CVE-2018-13785, CVE-2018-14048)

firefox-62.0.3-alt1  build 2018-10-04

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (62.0.3).
+ CVE-2018-12386: Type confusion in JavaScript
+ CVE-2018-12387: A vulnerability where the JavaScript JIT compiler
+ CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
+ CVE-2018-12377: Use-after-free in refresh driver timers
+ CVE-2018-12378: Use-after-free in IndexedDB
+ CVE-2018-12379: Out-of-bounds write with malicious MAR file
+ CVE-2017-16541: Proxy bypass using automount and autofs
+ CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation
+ CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android
+ CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords
+ CVE-2018-12375: Memory safety bugs fixed in Firefox 62
+ CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2

kernel-image-un-def-1:4.18.12-alt1  build 2018-10-04

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.18.12 (Fixes: CVE-2018-7755)

kernel-image-std-def-1:4.14.74-alt1  build 2018-10-04

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.74 (Fixes: CVE-2018-7755)

kernel-image-std-def-1:4.14.74-alt1  build 2018-10-04

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.74 (Fixes: CVE-2018-7755)

adobe-flash-player-ppapi-3:31-alt1  build 2018-10-02

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version
- security fixes: CVE-2018-15967

firefox-esr-60.2.2-alt1  build 2018-10-02

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (60.2.2)
- Fixed:
+ CVE-2018-12386 Type confusion in JavaScript
+ CVE-2018-12387 JavaScript JIT compiler inlines Array.prototype.push with multiple arguments

kernel-image-std-pae-1:4.4.159-alt1  build 2018-10-01

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.159 (Fixes: CVE-2018-14633)

kernel-image-un-def-1:4.18.11-alt1  build 2018-10-01

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.18.11 (Fixes: CVE-2018-14633)

kernel-image-std-pae-1:4.4.159-alt1  build 2018-10-01

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.159 (Fixes: CVE-2018-14633)

kernel-image-std-def-1:4.14.73-alt1  build 2018-10-01

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.73 (Fixes: CVE-2018-14633)

kernel-image-std-def-1:4.14.73-alt1  build 2018-10-01

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.73 (Fixes: CVE-2018-14633)

mediawiki-1.31.1-alt1  build 2018-09-29

Group: Networking/WWW
Summary: A wiki engine, typical installation (with Apache2 and MySQL support)
Changes:

- new version 1.31.1 (with rpmrb script)
- CVE-2018-0503, CVE-2018-0505, CVE-2018-1325
- fix apache configs

git-2.17.2-alt1  build 2018-09-27

Group: Development/Other
Summary: Git core and tools
Changes:

- 2.17.1 -> 2.17.2 (fixes: CVE-2018-17456).

mosquitto-1.5.3-alt1  build 2018-09-27

Group: Development/C++
Summary: Mosquitto is an open source implementation of a server for version 3.1 and 3.1.1 of the MQTT protocol
Changes:

- new version (1.5.3) with rpmgs script
- fix CVE-2018-12543

firefox-esr-60.2.1-alt1  build 2018-09-24

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (60.2.1).
- Fixed:
+ CVE-2018-12385 Crash in TransportSecurityInfo due to cached data
+ CVE-2018-12383 Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords

kernel-image-std-pae-1:4.4.156-alt1  build 2018-09-17

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.156 (Fixes: CVE-2018-6554, CVE-2018-6555)

kernel-image-std-def-1:4.14.70-alt1  build 2018-09-17

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.70 (Fixes: CVE-2018-6554, CVE-2018-6555)

kernel-image-std-pae-1:4.4.156-alt1  build 2018-09-17

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.156 (Fixes: CVE-2018-6554, CVE-2018-6555)

kernel-image-std-def-1:4.14.70-alt1  build 2018-09-17

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.70 (Fixes: CVE-2018-6554, CVE-2018-6555)

opensc-0.19.0-alt1.rc1  build 2018-09-13

Group: System/Configuration/Hardware
Summary: OpenSC library - for accessing SmartCard devices using PC/SC Lite
Changes:

- New pre-release version 0.19.0-rc1.
- Fixed multiple security problems due to out of bound writes/reads
(Fixes: CVE-2018-16391, CVE-2018-16392, CVE-2018-16393, CVE-2018-16418,
CVE-2018-16419, CVE-2018-16420, CVE-2018-16421, CVE-2018-16422,
CVE-2018-16423, CVE-2018-16424, CVE-2018-16425, CVE-2018-16426,
CVE-2018-16427).

firefox-esr-60.2.0-alt1  build 2018-09-10

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (60.2.0).
- Fixed:
+ CVE-2018-12377 Use-after-free in refresh driver timers
+ CVE-2018-12378 Use-after-free in IndexedDB
+ CVE-2018-12379 Out-of-bounds write with malicious MAR file
+ CVE-2017-16541 Proxy bypass using automount and autofs
+ CVE-2018-12381 Dragging and dropping Outlook email message results in page navigation
+ CVE-2018-12376 Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2

curl-7.61.1-alt1  build 2018-09-09

Group: Networking/File transfer
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changes:

- 7.61.1 (fixes: CVE-2018-14618)

ceph-12.2.8-alt1.S1  build 2018-09-08

Group: System/Base
Summary: User space components of the Ceph file system
Changes:

- 12.2.8
- fixed uninstall ceph-common (%preun_service rbdmap)
- Fixes for the following security vulnerabilities:
+ CVE-2018-1128 auth: cephx authorizer subject to replay attack
+ CVE-2018-1129 auth: cephx signature check is weak
+ CVE-2018-10861 mon: auth checks not correct for pool ops

libsndfile-1.0.28-alt2  build 2018-09-07

Group: System/Libraries
Summary: A library to handle various audio file formats
Changes:

- fixes: CVE-2017-6892, CVE-2017-12562

chromium-69.0.3497.81-alt1  build 2018-09-05

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (69.0.3497.81).
- Security fixes:
- CVE-2018-16065: Out of bounds write in V8.
- CVE-2018-16066: Out of bounds read in Blink.
- CVE-2018-16067: Out of bounds read in WebAudio.
- CVE-2018-16068: Out of bounds write in Mojo.
- CVE-2018-16069: Out of bounds read in SwiftShader.
- CVE-2018-16070: Integer overflow in Skia.
- CVE-2018-16071: Use after free in WebRTC.
- CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with Android's MediaPlayer.
- CVE-2018-16073: Site Isolation bypass after tab restore.
- CVE-2018-16074: Site Isolation bypass using Blob URLS.
- CVE-2018-16075: Local file access in Blink.
- CVE-2018-16076: Out of bounds read in PDFium.
- CVE-2018-16077: Content security policy bypass in Blink.
- CVE-2018-16078: Credit card information leak in Autofill.
- CVE-2018-16079: URL spoof in permission dialogs.
- CVE-2018-16080: URL spoof in full screen mode.
- CVE-2018-16081: Local file access in DevTools.
- CVE-2018-16082: Stack buffer overflow in SwiftShader.
- CVE-2018-16083: Out of bounds read in WebRTC.
- CVE-2018-16084: User confirmation bypass in external protocol handling.
- CVE-2018-16085: Use after free in Memory Instrumentation.
- Out of bounds read in Little-CMS.

wireshark-2.6.3-alt1  build 2018-09-03

Group: Monitoring
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changes:

- 2.6.3 (fixes: CVE-2018-16056, CVE-2018-16057, CVE-2018-16058)

SPICE-0.14.1-alt1  build 2018-08-31

Group: Graphical desktop/Other
Summary: Implements the SPICE protocol
Changes:

- 0.14.1 (Fixes: CVE-2018-10873)

firmware-intel-ucode-2:7-alt1.20180807.a  build 2018-08-30

Group: System/Kernel and hardware
Summary: Microcode definitions for Intel processors
Changes:

- Sync with Debian 3.20180807a1:
+ New Microcodes:
sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264
sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216
sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360
sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336
sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240
+ Updated Microcodes:
sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288
sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216
sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216
sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096
sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288
sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336
sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312
sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552
sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432
sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528
sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600
sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312
sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328
sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744
sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528
sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528
sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384
sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280
sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304
+ Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
+ Implements SSBD support (Spectre v4 mitigation),
Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older
processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655.
Intel SA-0088, CVE-2017-5753, CVE-2017-5754
- source: update symlinks to reflect id of the latest release, 20180807a

xinetd-2.3.15-alt4  build 2018-08-30

Group: System/Base
Summary: xinetd is a powerful replacement for inetd
Changes:

- Applied upstream fix for TCPMUX services (fixes: CVE-2013-4342).
- Stripped executable bit from xinetd.service (closes: #34566).
- Disabled tcp_wrappers support.

node-8.11.4-alt1  build 2018-08-29

Group: Development/Tools
Summary: Evented I/O for V8 Javascript
Changes:

- new version 8.11.4 (with rpmrb script)
- 2018-08-15, Version 8.11.4 'Carbon' (LTS), @rvagg
- CVE-2018-0732, CVE-2018-12115
- build with external libnghttp2
- fix build with ICU >= 61 (add -DU_USING_ICU_NAMESPACE=1)

ipsec-tools-0.8.2-alt2  build 2018-08-29

Group: Security/Networking
Summary: IPsec-Tools package use the IPsec functionality in the linux-2.5+ kernels.
Changes:

- build with openssl-1.1
- add patches from Debian
- fixed CVE-2016-10396

mutt-3:1.10.1-alt1  build 2018-08-29

Group: Networking/Mail
Summary: A text mode mail and news user agent
Changes:

- Updated to mutt-1-10-1-rel (fixes CVE-2018-14349, CVE-2018-14350,
CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354,
CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358,
CVE-2018-14359, CVE-2018-14362)
- Ported neomutt nntp patches (fixes CVE-2018-14360, CVE-2018-14361,
CVE-2018-14363).
- Rebuilt with openssl 1.1.

ntp-4.2.8p12-alt1  build 2018-08-28

Group: System/Configuration/Other
Summary: The Network Time Protocol (NTP)
Changes:

- 4.2.8p12 (CVE-2018-12327)

krb5-1.16.1-alt1.S1  build 2018-08-27

Group: System/Libraries
Summary: The Kerberos network authentication system
Changes:

- 1.16.1 (CVE-2018-5729, CVE-2018-5730)

openssh-7.2p2-alt3  build 2018-08-24

Group: Networking/Remote access
Summary: OpenSSH free Secure Shell (SSH) implementation
Changes:

- Backported upstream fixex for CVE-2018-15473 (username enumeration).

  1         3     4     5            Last »  

 
© 2009–2018 Igor Zubkov