Sisyphus repository
Last update: 2017-11-18 16:06:37 +0300 | SRPMs: 17917 | Sign in or Sign up
en ru uk br
Security fixes

libxslt-1.1.32-alt1  build 2017-11-15

Group: System/Libraries
Summary: Library providing XSLT support
Changes:

- Updated to 1.1.32.
- Upstream support for SOURCE_DATE_EPOCH (ALT#32814).
- Fixes:
+ CVE-2017-5029 generation of text nodes integer overflow,
+ CVE-2016-1684 integer overflow (mishandle the i format token for
xsl:number),
+ CVE-2016-1683 out-of-bounds heap memory access (mishandle namespace nodes).

firefox-esr-52.5.0-alt1  build 2017-11-15

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (52.5.0)
- Fixes:
+ CVE-2017-7828 Use-after-free of PressShell while restyling layout
+ CVE-2017-7830 Cross-origin URL information leak through Resource
+ CVE-2017-7826 Memory safety bugs fixed in Firefox 57 and Firefox ESR

chromium-62.0.3202.89-alt1  build 2017-11-13

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (62.0.3202.89).
- Security fixes:
- CVE-2017-15398: Stack buffer overflow in QUIC.
- CVE-2017-15399: Use after free in V8.

virtualbox-5.1.30-alt1  build 2017-11-13

Group: Emulators
Summary: VM VirtualBox OSE - Virtual Machine for x86 hardware
Changes:

- new version 5.1.30
No more %ubt - too much changes between branches.
(Fixes: CVE-2017-10392,
CVE-2017-10407,
CVE-2017-10408,
CVE-2017-3733,
CVE-2017-10428)

libwebkitgtk4-2.18.3-alt1  build 2017-11-11

Group: System/Libraries
Summary: Web browser engine
Changes:

- 2.18.3 (fixed CVE-2017-13798, CVE-2017-13788, CVE-2017-13803)

roundcube-1.3.3-alt1  build 2017-11-10

Group: Networking/Mail
Summary: Browser-based multilingual IMAP client with an application-like user interface
Changes:

- new version 1.3.3 (with rpmrb script)
- CVE-2017-16651

openssl10-1.0.2m-alt1  build 2017-11-04

Group: System/Base
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changes:

- Updated to v1.0.2m (fixes CVE-2017-3735, CVE-2017-3736).

php5-5.6.32-alt1.S1  build 2017-11-03

Group: Development/Other
Summary: The PHP5 scripting language
Changes:

- new version (Fixes: CVE-2016-1283)
- switched to the use a system-wide timezone configuration, patch from Debian (closes: #32202)

php7-7.1.11-alt1.S1  build 2017-11-03

Group: Development/Other
Summary: The PHP7 scripting language
Changes:

- 7.1.11 (Fixes: CVE-2016-1283)

kernel-image-std-pae-1:4.4.96-alt1  build 2017-11-02

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.96 (Fixes: CVE-2017-12193)

kernel-image-std-def-1:4.9.60-alt1  build 2017-11-02

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.60 (Fixes: CVE-2017-12193)

kernel-image-un-def-1:4.13.11-alt1  build 2017-11-02

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.13.11 (Fixes: CVE-2017-12193)

adobe-flash-player-ppapi-3:27-alt3.S1  build 2017-10-30

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version
- security fixes: CVE-2017-11292

libvirt-3.8.0-alt1.S1  build 2017-10-30

Group: System/Libraries
Summary: Library providing a simple API virtualization
Changes:

- 3.8.0
- fixed CVE-2017-1000256

ffmpeg-2:3.3.5-alt1  build 2017-10-28

Group: Video
Summary: A command line toolbox to manipulate, convert and stream multimedia content
Changes:

- 3.3.4
- fixes:
* CVE-2017-15186 double free when ffmpeg parsing an craft AVI file to MKV file using ffvhuff decoder.

wget-1.19.2-alt1  build 2017-10-27

Group: Networking/WWW
Summary: An utility for retrieving files using the HTTP, HTTPS or FTP protocols
Changes:

- 1.19.2 (fixes: CVE-2017-13089, CVE-2017-13090)

glibc-6:2.25-alt3  build 2017-10-26

Group: System/Base
Summary: The GNU libc libraries
Changes:

- Backported upstream fixes for sw bugs: 21209 21242 21265 21298 21386 21624
21654 21778 21972 (fixes for CVE-2017-15670 CVE-2017-15804).
- Packaged glibc sources as a separate package.

chromium-62.0.3202.75-alt1  build 2017-10-24

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (62.0.3202.75).
- Security fixes:
- CVE-2017-5124: UXSS with MHTML.
- CVE-2017-5125: Heap overflow in Skia.
- CVE-2017-5126: Use after free in PDFium.
- CVE-2017-5127: Use after free in PDFium.
- CVE-2017-5128: Heap overflow in WebGL.
- CVE-2017-5129: Use after free in WebAudio.
- CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
- CVE-2017-5130: Heap overflow in libxml2.
- CVE-2017-5131: Out of bounds write in Skia.
- CVE-2017-5133: Out of bounds write in Skia.
- CVE-2017-15386: UI spoofing in Blink.
- CVE-2017-15387: Content security bypass.
- CVE-2017-15388: Out of bounds read in Skia.
- CVE-2017-15389: URL spoofing in OmniBox.
- CVE-2017-15390: URL spoofing in OmniBox.
- CVE-2017-15391: Extension limitation bypass in Extensions.
- CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
- CVE-2017-15393: Referrer leak in Devtools.
- CVE-2017-15394: URL spoofing in extensions UI.
- CVE-2017-15395: Null pointer dereference in ImageCapture.

bzip2-1:1.0.6-alt5  build 2017-10-24

Group: Archiving/Compression
Summary: Extremely powerful file compression utility
Changes:

- bzip2recover: fixed a use-after-free bug (by sem@; fixes: CVE-2016-3189).

curl-7.56.1-alt1.S1  build 2017-10-23

Group: Networking/File transfer
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changes:

- new version
- fixes:
* CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler

telegram-desktop-1.1.23-alt3  build 2017-10-21

Group: Networking/Instant messaging
Summary: Telegram is a messaging app with a focus on speed and security
Changes:

- fix old lang code in settings
- fix CVE-2016-10351: Insecure cWorkingDir permissions
- sync CMakeLists.txt with Gentoo, fix build with new Qt 5.9.2

kernel-image-std-pae-1:4.4.93-alt1.1  build 2017-10-18

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.93 (Fixes: CVE-2017-0786, CVE-2017-15265)

kernel-image-un-def-1:4.13.8-alt1.1  build 2017-10-18

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.13.8 (Fixes: CVE-2017-12188, CVE-2017-15265)

kernel-image-std-def-1:4.9.57-alt1.1  build 2017-10-18

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.57 (Fixes: CVE-2017-12188, CVE-2017-15265)

kernel-image-std-def-1:4.9.56-alt1.1  build 2017-10-17

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- Local root in alsa fixed (Fixes: CVE-2017-15265)

kernel-image-std-pae-1:4.4.92-alt1.1  build 2017-10-17

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- Local root in alsa fixed (Fixes: CVE-2017-15265)

kernel-image-un-def-1:4.13.7-alt1.1  build 2017-10-17

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- Local root in alsa fixed (Fixes: CVE-2017-15265)

hostapd-2.6-alt2  build 2017-10-16

Group: System/Kernel and hardware
Summary: User space daemon for extended IEEE 802.11 management
Changes:

- multiple vulnerabilities (so-called KRACK attack) fixed:
+ CVE-2017-13077
+ CVE-2017-13078
+ CVE-2017-13079
+ CVE-2017-13080
+ CVE-2017-13081
+ CVE-2017-13082
+ CVE-2017-13086
+ CVE-2017-13087
+ CVE-2017-13088

wpa_supplicant-2.6-alt2  build 2017-10-16

Group: Security/Networking
Summary: wpa_supplicant is an implementation of the WPA Supplicant component
Changes:

- multiple vulnerabilities (so-called KRACK attack) fixed:
+ CVE-2017-13077
+ CVE-2017-13078
+ CVE-2017-13079
+ CVE-2017-13080
+ CVE-2017-13081
+ CVE-2017-13082
+ CVE-2017-13086
+ CVE-2017-13087
+ CVE-2017-13088

wireshark-2.4.2-alt1.S1  build 2017-10-15

Group: Monitoring
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changes:

- 2.4.2
- fixes:
* wnpa-sec-2017-42 BT ATT dissector crash CVE-2017-15192
* wnpa-sec-2017-43 MBIM dissector crash CVE-2017-15193
* wnpa-sec-2017-44 DMP dissector crash CVE-2017-15191
* wnpa-sec-2017-45 RTSP dissector crash CVE-2017-15190
* wnpa-sec-2017-46 DOCSIS infinite loop CVE-2017-15189

kernel-image-un-def-1:4.13.7-alt1  build 2017-10-15

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.13.7 (Fixes: CVE-2017-5123)

kernel-image-std-def-1:4.9.56-alt1  build 2017-10-13

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.56 (Fixes: CVE-2017-0786, CVE-2017-1000255, CVE-2017-7518)

kernel-image-un-def-1:4.13.6-alt1  build 2017-10-13

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.13.6 (Fixes: CVE-2017-0786, CVE-2017-1000255)

ruby-2.4.2-alt2  build 2017-10-12

Group: Development/Ruby
Summary: An Interpreted Object-Oriented Scripting Language
Changes:

- Merge rubygems-2.6.14 changes
- Fixes:
+ CVE-2017-0903 Unsafe Object Deserialization Vulnerability in RubyGems

apache2-1:2.4.28-alt1.S1  build 2017-10-10

Group: System/Servers
Summary: The most widely used Web server on the Internet
Changes:

- new version 2.4.28
- disabled NameVirtualHost directive in ports_all.conf (closes: #32269)
- increased timeout for restarting httpd on SysVinit sytems (closes: #31062)
- increased LOOPSSTART and TimeoutStartSec (closes: #33978)
- fixes:
* CVE-2017-9798 Corrupted or freed memory access

firefox-56.0-alt1  build 2017-10-08

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (56.0).
- Fixed:
+ CVE-2017-7793: Use-after-free with Fetch API
+ CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode
+ CVE-2017-7818: Use-after-free during ARIA array manipulation
+ CVE-2017-7819: Use-after-free while resizing images in design mode
+ CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE
+ CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes
+ CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files
+ CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings
+ CVE-2017-7813: Integer truncation in the JavaScript parser
+ CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces
+ CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations
+ CVE-2017-7816: WebExtensions can load about: URLs in extension UI
+ CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction
+ CVE-2017-7823: CSP sandbox directive did not create a unique origin
+ CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV
+ CVE-2017-7820: Xray wrapper bypass with new tab and web console
+ CVE-2017-7811: Memory safety bugs fixed in Firefox 56
+ CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

dnsmasq-2.78-alt1  build 2017-10-06

Group: System/Servers
Summary: A lightweight caching nameserver
Changes:

- Updated to 2.78 (fixes: CVE-2017-13704, CVE-2017-14491,
CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495,
CVE-2017-14496).

kernel-image-std-def-1:4.9.53-alt1  build 2017-10-05

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.53 (Fixes: CVE-2017-1000252, CVE-2017-12153, CVE-2017-12154)

kernel-image-un-def-1:4.13.5-alt1  build 2017-10-05

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.13.5 (Fixes: CVE-2017-1000252, CVE-2017-12153, CVE-2017-12154)

kernel-image-std-pae-1:4.4.90-alt1  build 2017-10-05

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.90 (Fixes: CVE-2017-1000252, CVE-2017-12153, CVE-2017-12154)

curl-7.56.0-alt1.S1  build 2017-10-04

Group: Networking/File transfer
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changes:

- new version
- fixes:
* CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP.

newsbeuter-2.9-alt3  build 2017-10-03

Group: Networking/News
Summary: Newsbeuter is an open-source RSS/Atom feed reader for text terminals
Changes:

- Fixes:
+ CVE-2017-12904
+ CVE-2017-14500

firefox-esr-52.4.0-alt1  build 2017-09-29

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (52.4.0)
- Fixes:
+ CVE-2017-7793 Use-after-free with Fetch API
+ CVE-2017-7818 Use-after-free during ARIA array manipulation
+ CVE-2017-7819 Use-after-free while resizing images in design mode
+ CVE-2017-7824 Buffer overflow when drawing and validating elements with ANGLE
+ CVE-2017-7805 Use-after-free in TLS 1.2 generating handshake hashes
+ CVE-2017-7814 Blob and data URLs bypass phishing and malware protection warnings
+ CVE-2017-7825 OS X fonts render some Tibetan and Arabic unicode characters as spaces
+ CVE-2017-7823 CSP sandbox directive did not create a unique origin
+ CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

nagios-3.0.6-alt5  build 2017-09-28

Group: Monitoring
Summary: Services and network monitoring system
Changes:

- (Fixes: CVE-2009-2288, CVE-2011-1523, CVE-2012-6096, CVE-2013-2214,
CVE-2013-7108, CVE-2013-7205)

log4j-0:2.5-alt1_5jpp8  build 2017-09-28

Group: Development/Java
Summary: Java logging package
Changes:

- CVE-2017-5645

ntp-4.2.8p10-alt1  build 2017-09-27

Group: System/Configuration/Other
Summary: The Network Time Protocol (NTP)
Changes:

- updated to 4.2.8p10 (Fixes: CVE-2017-6451, CVE-2017-6452, CVE-2017-6455,
CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462,
CVE-2017-6463, CVE-2017-6464)
- patch level moved to version to pleasure CVE checkoing tools

libsndfile-1.0.28-alt1  build 2017-09-27

Group: System/Libraries
Summary: A library to handle various audio file formats
Changes:

- 1.0.28 (Fixes: CVE-2017-7585, CVE-2017-7586, CVE-2017-7741, CVE-2017-7742)

python-2.7.11-alt5  build 2017-09-27

Group: Development/Python
Summary: An interpreted, interactive object-oriented programming language
Changes:

- libpython, python-modules: backported upstream fixes
(Fixes: CVE-2016-0772, CVE-2016-5636)

libwmf-0.2.8.4-alt13  build 2017-09-27

Group: Text tools
Summary: A library to convert wmf files
Changes:

- Secutity (Fixes: CVE-2015-0848, CVE-2015-4588, CVE-2015-4695,
CVE-2015-4696, CVE-2016-9011)

libcacard-2.5.2-alt2  build 2017-09-27

Group: System/Libraries
Summary: Common Access Card (CAC) Emulation
Changes:

- Fixes:
+ CVE-2017-6414 Memory leak in the vcard_apdu_new function in card_7816.c

  1         3     4     5            Last »  

 
© 2009–2017 Igor Zubkov