Sisyphus repository
Last update: 2017-01-19 15:06:01 +0300 | SRPMs: 17751 | Sign in or Sign up
en ru uk br
Security fixes

libwebkitgtk4-2.14.3-alt1  build 2017-01-17

Group: System/Libraries
Summary: Web browser engine
Changes:

- 2.14.3 (fixed CVE-2016-7656, CVE-2016-7635, CVE-2016-7654, CVE-2016-7639,
CVE-2016-7645, CVE-2016-7652, CVE-2016-7641, CVE-2016-7632, CVE-2016-7599,
CVE-2016-7592, CVE-2016-7589, CVE-2016-7623, CVE-2016-7586)

adobe-flash-player-ppapi-3:24-alt2  build 2017-01-11

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version
- security fixes:
CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928,
CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933,
CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937,
CVE-2017-2938

phpipam-1.27.002-alt1  build 2017-01-10

Group: Networking/WWW
Summary: PHP-based virtual machine control tool
Changes:

- git snapshot of master branch d55883ff28a3cf347f18e0cc717cf64b7556706a
- update PHPMailer to 5.2.22 (fixed CVE-2017-5223)

firejail-0.9.44.4-alt1  build 2017-01-08

Group: Development/Tools
Summary: Linux namepaces sandbox program
Changes:

- new version 0.9.44.4
- Update for release with security fixes:
- CVE-2017-5207 (-bandwidth root shell found by Martin Carpenter)
- CVE-2017-5206 (disabled --allow-debuggers when running on kernel 4.8)
- CVE-2017-5180 (root exploit found by Sebastian Krahmer)

libwebp-0.5.2-alt1  build 2016-12-28

Group: System/Libraries
Summary: Library and tools for the WebP graphics format
Changes:

- 0.5.2 (fixed CVE-2016-8888, CVE-2016-9085)

phpipam-1.26.050-alt1  build 2016-12-26

Group: Networking/WWW
Summary: PHP-based virtual machine control tool
Changes:

- git snapshot of master branch b99412648829471f3a336036f5cd138b8f131721
- install PHPMailer from upstream (fixed CVE-2015-8476,CVE-2016-10033,CVE-2016-10045)

curl-7.52.1-alt1.S1  build 2016-12-23

Group: Networking/File transfer
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changes:

- new version with security fixes:
CVE-2016-9594: uninitialized random

curl-7.52.0-alt1.S1  build 2016-12-21

Group: Networking/File transfer
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changes:

- new version with security fixes:
CVE-2016-9586: printf floating point buffer overflow

samba-DC-4.5.3-alt1.S1  build 2016-12-19

Group: System/Servers
Summary: Samba Active Directory Domain Controller
Changes:

- Update for release with security fixes:
- CVE-2016-2123 (ndr_pull_dnsp_name contains an integer wrap problem)
- CVE-2016-2125 (client code always requests a forwardable ticket)
- CVE-2016-2126 (crash winbindd using a legitimate Kerberos ticket)

samba-4.5.3-alt1.S1  build 2016-12-19

Group: System/Servers
Summary: The Samba4 CIFS and AD client and server suite
Changes:

- Update for release with security fixes:
- CVE-2016-2123 (ndr_pull_dnsp_name contains an integer wrap problem)
- CVE-2016-2125 (client code always requests a forwardable ticket)
- CVE-2016-2126 (crash winbindd using a legitimate Kerberos ticket)

adobe-flash-player-ppapi-3:24-alt1  build 2016-12-15

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version
- security fixes:
CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870,
CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874,
CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878,
CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890,
CVE-2016-7892

firefox-50.1.0-alt1  build 2016-12-15

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (50.1.0).
- Fixed:
+ CVE-2016-9894: Buffer overflow in SkiaGL
+ CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
+ CVE-2016-9895: CSP bypass using marquee tag
+ CVE-2016-9896: Use-after-free with WebVR
+ CVE-2016-9897: Memory corruption in libGLES
+ CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
+ CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
+ CVE-2016-9904: Cross-origin information leak in shared atoms
+ CVE-2016-9901: Data from Pocket server improperly sanitized before execution
+ CVE-2016-9902: Pocket extension does not validate the origin of events
+ CVE-2016-9903: XSS injection vulnerability in add-ons SDK
+ CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
+ CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6

chromium-55.0.2883.75-alt1  build 2016-12-08

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (55.0.2883.75).
- Security fixes:
- CVE-2016-9651: Private property access in V8. Credit to Guang Gong of Alpha Team Of Qihoo 360
- CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu (robwu.nl)
- CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous
- CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go of STEALIEN
- CVE-2016-5203: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB
- CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani
- CVE-2016-5211: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani
- CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch and MSVR
- CVE-2016-5216: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang
- CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu (robwu.nl)
- CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman Alqabandi (@qab)
- CVE-2016-5219: Use after free in V8. Credit to Rob Wu (robwu.nl)
- CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker of ForAllSecure
- CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu (robwu.nl)
- CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr of Tencent's Xuanwu Lab
- CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub Zoczek
- CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee
- CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu (@shhnjk)
- CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme (@Scott_Helme, scotthelme.co.uk)
- CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak
- CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives

firefox-50.0.2-alt1  build 2016-12-02

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (50.0.2).
- Fixed:
+ CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect
+ CVE-2016-9079: Use-after-free in SVG Animation

xen-4.7.1-alt2  build 2016-11-25

Group: Emulators
Summary: Xen is a virtual machine monitor (hypervisor)
Changes:

- Upstream updates:
- x86/hvm: Fix the handling of non-present segments.
This is CVE-2016-9386 / XSA-191.
- x86/HVM: don't load LDTR with VM86 mode attrs during task switch.
This is CVE-2016-9382 / XSA-192.
- x86/PV: writes of %fs and %gs base MSRs require canonical addresses
This is CVE-2016-9385 / XSA-193.
- libelf: fix stack memory leak when loading 32 bit symbol tables.
This is CVE-2016-9384 / XSA-164.
- x86emul: fix huge bit offset handling.
This is CVE-2016-9383 / XSA-195.
- x86/emul: correct the IDT entry calculation in inject_swint().
This is CVE-2016-9377 / part of XSA-196.
- x86/svm: fix injection of software interrupts.
This is CVE-2016-9378 / part of XSA-196.
- pygrub: Properly quote results, when returning them to the caller.
This is CVE-2016-9379 and CVE-2016-9380 / XSA-198.

wireshark-2.2.2-alt1  build 2016-11-21

Group: Monitoring
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changes:

- new version, in which following vulnerabilities have been fixed:
* CVE-2016-9372 Profinet I/O long loop.
* CVE-2016-9373 DCERPC crash.
* CVE-2016-9374 AllJoyn crash.
* CVE-2016-9375 DTN infinite loop.
* CVE-2016-9376 OpenFlow crash.

firefox-50.0-alt1  build 2016-11-16

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (50.0).
- Fixed:
+ CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
+ CVE-2016-5292: URL parsing causes crash
+ CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink
+ CVE-2016-5294: Arbitrary target directory for result files of update process
+ CVE-2016-5297: Incorrect argument length checking in JavaScript
+ CVE-2016-9064: Add-ons update must verify IDs match between current and new versions
+ CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen
+ CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
+ CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
+ CVE-2016-9068: heap-use-after-free in nsRefreshDriver
+ CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
+ CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges
+ CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them
+ CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file
+ CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM
+ CVE-2016-5298: SSL indicator can mislead the user about the real URL visited
+ CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions
+ CVE-2016-9061: API key (glocation) in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions
+ CVE-2016-9062: Private browsing browser traces (Android) in browser.db and wal file
+ CVE-2016-9070: Sidebar bookmark can have reference to chrome window
+ CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"
+ CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
+ CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s
+ CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in Expat
+ CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
+ CVE-2016-5289: Memory safety bugs fixed in Firefox 50
+ CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5

libsndfile-1.0.27-alt1  build 2016-11-14

Group: System/Libraries
Summary: A library to handle various audio file formats
Changes:

- 1.0.27 (fixed CVE-2014-9496, CVE-2014-9756, CVE-2015-7805)

adobe-flash-player-3:11-alt68  build 2016-11-09

Group: Networking/WWW
Summary: Adobe Flash Player NPAPI compatibility
Changes:

- new version
- security fixes:
CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860,
CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864,
CVE-2016-7865

adobe-flash-player-ppapi-3:23-alt7  build 2016-11-09

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version
- security fixes:
CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860,
CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864,
CVE-2016-7865

libgit2-0.24.3-alt1  build 2016-11-08

Group: System/Libraries
Summary: linkable library for Git
Changes:

- 0.24.3 (fixed CVE-2016-8568, CVE-2016-8569)

curl-7.51.0-alt1  build 2016-11-02

Group: Networking/File transfer
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changes:

- new version with security fixes:
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host

memcached-1.4.33-alt1  build 2016-11-02

Group: System/Servers
Summary: memcached - memory caching daemon
Changes:

- 1.4.33
- fixed CVE-2016-8705,CVE-2016-8704,CVE-2016-8706
- update systemd unit

bind-9.9.8-alt5  build 2016-11-02

Group: System/Servers
Summary: ISC BIND - DNS server
Changes:

- Applied upstream fix for CVE-2016-8864.

adobe-flash-player-3:11-alt67  build 2016-10-27

Group: Networking/WWW
Summary: Adobe Flash Player NPAPI compatibility
Changes:

- new version
- security fixes: CVE-2016-7855

adobe-flash-player-ppapi-3:23-alt5  build 2016-10-27

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version
- security fixes: CVE-2016-7855

mariadb-10.1.18-alt1  build 2016-10-25

Group: Databases
Summary: A very fast and reliable SQL database engine
Changes:

- 10.1.18
- Fixes for the following security vulnerabilities:
+ CVE-2016-6663
+ CVE-2016-5616
+ CVE-2016-5624
+ CVE-2016-5626
+ CVE-2016-3492
+ CVE-2016-5629
+ CVE-2016-8283

python-module-django-1.8.15-alt1  build 2016-10-24

Group: Development/Python
Summary: A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Changes:

- 1.8.15
- fixed CVE-2016-2512,CVE-2016-2513,CVE-2016-6186,CVE-2016-7401

firefox-49.0.2-alt1  build 2016-10-21

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (49.0.2).
- Fixed:
+ CVE-2016-5287: Crash in nsTArray_base::SwapArrayElements
+ CVE-2016-5288: Web content can read cache entries

kernel-image-ovz-el-2.6.32-alt144  build 2016-10-21

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- Added fix for CVE-2016-5195.

openssh-7.2p2-alt2  build 2016-10-20

Group: Networking/Remote access
Summary: OpenSSH free Secure Shell (SSH) implementation
Changes:

- Backported upstream fixes for CVE-2015-8325, CVE-2016-6210,
CVE-2016-8858.

mpg123-1.23.8-alt1  build 2016-10-19

Group: Sound
Summary: MPEG audio player
Changes:

- 1.23.8 (fixed CVE-2016-1000247)

guile20-2.0.13-alt1  build 2016-10-14

Group: Development/Scheme
Summary: A GNU implementation of Scheme (version 2.0)
Changes:

- 2.0.13 (fixed CVE-2016-8606)

adobe-flash-player-ppapi-3:23-alt4  build 2016-10-12

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version
- security fixes:
CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982,
CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986,
CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992

adobe-flash-player-3:11-alt66  build 2016-10-12

Group: Networking/WWW
Summary: Adobe Flash Player NPAPI compatibility
Changes:

- new version
- security fixes:
CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982,
CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986,
CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992

pve-qemu-2.6.1-alt6  build 2016-10-03

Group: Emulators
Summary: QEMU CPU Emulator
Changes:

- various CVE fixes

firefox-49.0.1-alt1  build 2016-09-27

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (49.0.1).
- Fixed:
+ CVE-2016-2827: Out-of-bounds read in mozilla::net::IsValidReferrerPolicy
+ CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString
+ CVE-2016-5271: Out-of-bounds read in PropertyProvider::GetSpacingInternal
+ CVE-2016-5272: Bad cast in nsImageGeometryMixin
+ CVE-2016-5273: crash in mozilla::a11y::HyperTextAccessible::GetChildOffset
+ CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList
+ CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState
+ CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick
+ CVE-2016-5275: A buffer overflow when working with empty filters during canvas rendering
+ CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame
+ CVE-2016-5279: Full local path of files is available to web pages after drag and drop
+ CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
+ CVE-2016-5281: use-after-free in DOMSVGLength
+ CVE-2016-5282: Don't allow content to request favicons from non-whitelisted schemes
+ CVE-2016-5283: Iframe src fragment timing attack can reveal cross-origin data
+ CVE-2016-5284: Add-on update site certificate pin expiration
+ CVE-2016-5256: Memory safety bugs fixed in Firefox 49
+ CVE-2016-5257: Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4

bind-9.9.8-alt4  build 2016-09-27

Group: System/Servers
Summary: ISC BIND - DNS server
Changes:

- Applied upstream fix for CVE-2016-2776.

openssl10-1.0.2j-alt1  build 2016-09-26

Group: System/Base
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changes:

- Updated to v1.0.2j (fixes CVE-2016-6309).

ruby-httpclient-2.8.2.4-alt1  build 2016-09-25

Group: Development/Ruby
Summary: HTTP accessing library for Ruby
Changes:

- Update to latest release
+ Security CVE-2014-3566 critical to rhc:
https://blog.openshift.com/poodle-ssl-vulnerability/

mailman-5:2.1.23-alt0.1.20160915  build 2016-09-24

Group: System/Servers
Summary: Mailing list manager with built in web access
Changes:

- LP shapshot 20160916.
- Security fixes:
+ CVE-2016-6893: Extend CSRF protection to user options page.

openssl10-1.0.2i-alt1  build 2016-09-22

Group: System/Base
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changes:

- Updated to 1.0.2i (fixes CVE-2016-2177, CVE-2016-2179,
CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183,
CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306).

adobe-flash-player-3:11-alt65  build 2016-09-19

Group: Networking/WWW
Summary: Adobe Flash Player NPAPI compatibility
Changes:

- new version
CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275,
CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279,
CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283,
CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921,
CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925,
CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,
CVE-2016-6931, CVE-2016-6932

pve-qemu-2.6.1-alt5  build 2016-09-19

Group: Emulators
Summary: QEMU CPU Emulator
Changes:

- various CVE fixes

curl-7.50.3-alt1  build 2016-09-14

Group: Networking/File transfer
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changes:

- new version with security fixes (CVE-2016-7167)

libgtk+2-2.24.31-alt1  build 2016-09-07

Group: System/Libraries
Summary: The GIMP ToolKit (GTK+), a library for creating GUIs
Changes:

- 2.24.31 (CVE-2013-7447)

qemu-2.6.1-alt1  build 2016-09-06

Group: Emulators
Summary: QEMU CPU Emulator
Changes:

- 2.6.1
- fixed CVE-2016-4439,CVE-2016-4441,CVE-2016-4952

libwebkitgtk4-2.12.4-alt1  build 2016-08-24

Group: System/Libraries
Summary: Web browser engine
Changes:

- 2.12.4 (fixed CVE-2016-4622, CVE-2016-4624, CVE-2016-4591, CVE-2016-4590)

eog-3.20.4-alt1  build 2016-08-21

Group: Graphics
Summary: Eye Of Gnome
Changes:

- 3.20.4 (CVE-2016-6855)

gnupg-1.4.21-alt1  build 2016-08-17

Group: File tools
Summary: The GNU Privacy Guard
Changes:

- 1.4.20 -> 1.4.21 (fixes CVE-2016-6313).

  1         3     4     5            Last »  

 
© 2009–2016 Igor Zubkov