Sisyphus repository
Last update: 2017-09-22 06:05:39 +0400 | SRPMs: 17919 | Sign in or Sign up
en ru uk br
Security fixes

adobe-flash-player-ppapi-3:27-alt1.S1  build 2017-09-21

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version
- security fixes: CVE-2017-11281, CVE-2017-11282

samba-4.6.8-alt1.S1  build 2017-09-20

Group: System/Servers
Summary: The Samba4 CIFS and AD client and server suite
Changes:

- Update for autumn security release:
+ CVE-2017-12150 (SMB1/2/3 connections may not require signing where they
should)
+ CVE-2017-12151 (SMB3 connections don't keep encryption across DFS redirects)
+ CVE-2017-12163 (Server memory information leak over SMB1)

samba-DC-4.6.8-alt1.S1  build 2017-09-20

Group: System/Servers
Summary: Samba Active Directory Domain Controller
Changes:

- Update for autumn security release:
+ CVE-2017-12150 (SMB1/2/3 connections may not require signing where they
should)
+ CVE-2017-12151 (SMB3 connections don't keep encryption across DFS redirects)
+ CVE-2017-12163 (Server memory information leak over SMB1)

wireshark-2.4.1-alt1.S1  build 2017-09-18

Group: Monitoring
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changes:

- 2.4.1 with following fixes:
* wnpa-sec-2017-38 MSDP dissector infinite loop CVE-2017-13767
* wnpa-sec-2017-39 Profinet I/O buffer overrun CVE-2017-13766
* wnpa-sec-2017-40 Modbus dissector crash CVE-2017-13764
* wnpa-sec-2017-41 IrCOMM dissector buffer overrun CVE-2017-13765

ffmpeg-2:3.3.4-alt1  build 2017-09-18

Group: Video
Summary: A command line toolbox to manipulate, convert and stream multimedia content
Changes:

- 3.3.4 with fixes for multiple vilnerabilities (CVE-2017-14054, CVE-2017-14055,
CVE-2017-14059, CVE-2017-14058, CVE-2017-14057, CVE-2017-14225, CVE-2017-14170,
CVE-2017-14056, CVE-2017-14222, CVE-2017-14169, CVE-2017-14223, CVE-2017-14171)

tor-0.3.1.7-alt1.S1  build 2017-09-18

Group: System/Servers
Summary: Anonymizing overlay network for TCP (The onion router)
Changes:

- new version (Fixes: CVE-2017-0380)

libgcrypt-1.7.9-alt1.S1  build 2017-09-18

Group: System/Libraries
Summary: The GNU crypto library
Changes:

- new version
- security fixes: CVE-2017-0379

ruby-2.4.2-alt1  build 2017-09-16

Group: Development/Ruby
Summary: An Interpreted Object-Oriented Scripting Language
Changes:

- New version 2.4.2
- Security fixes:
+ CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
+ CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
+ CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
+ CVE-2017-14064: Heap exposure in generating JSON

mariadb-10.1.26-alt1.S1  build 2017-09-14

Group: Databases
Summary: A very fast and reliable SQL database engine
Changes:

- 10.1.26
- Fixes for the following security vulnerabilities:
+ CVE-2017-3636
+ CVE-2017-3641
+ CVE-2017-3653

gdm-3.24.3-alt1  build 2017-09-12

Group: Graphical desktop/GNOME
Summary: The GNOME Display Manager
Changes:

- 3.24.3 (fixed CVE-2017-12164)

chromium-61.0.3163.79-alt1  build 2017-09-12

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (61.0.3163.79).
- CVE-2017-5111: Use after free in PDFium. Reported by Luat Nguyen (@l4wio) of KeenLab, Tencent on 2017-06-27
- CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein (www.trapkit.de) on 2017-07-10
- CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous on 2017-07-20
- CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by Ke Liu of Tencent's Xuanwu LAB on 2017-08-07
- CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini on 2017-07-17
- CVE-2017-5116: Type confusion in V8. Reported Guang Gong of Alpha Team, Qihoo 360 on 2017-08-28
- CVE-2017-5117: Use of uninitialized value in Skia. Reported by Tobias Klein (www.trapkit.de) on 2017-07-04
- CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-07-24
- CVE-2017-5119: Use of uninitialized value in Skia. Reported by Anonymous on 2017-05-22
- CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. Reported by Xiaoyin Liu (@general_nfs) on 2017-05-05

openldap-2.4.45-alt1  build 2017-09-11

Group: System/Servers
Summary: LDAP libraries and sample clients
Changes:

- updated to 2.4.45 (Fixes: CVE-2017-9287)

libraw-0.18.3-alt1  build 2017-09-11

Group: System/Libraries
Summary: library for reading RAW files obtained from digital photo cameras
Changes:

- 0.18.3 (fixed CVE-2017-13735)

ruby-2.4.1-alt1  build 2017-09-05

Group: Development/Ruby
Summary: An Interpreted Object-Oriented Scripting Language
Changes:

- New version 2.4.1 with gems 2.6.13
- Security fixes:
+ CVE-2017-0902 a DNS request hijacking vulnerability
+ CVE-2017-0899 an ANSI escape sequence vulnerability
+ CVE-2017-0900 a DoS vulnerability in the query command
+ CVE-2017-0901 a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files
- ext/tk: Tk is removed from stdlib. [Feature #8539]

potrace-1.15-alt1  build 2017-08-19

Group: Graphics
Summary: Potrace is a utility for transform bitmaps into vector graphics
Changes:

- 1.15 (fixed CVE-2017-12067)

adobe-flash-player-ppapi-3:26-alt2.S1  build 2017-08-17

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version
- security fixes: CVE-2017-3085, CVE-2017-3106

libsoup-2.58.2-alt1  build 2017-08-14

Group: System/Libraries
Summary: HTTP client/server library for GNOME
Changes:

- 2.58.2 (fixed CVE-2017-2885)

firefox-55.0.1-alt1  build 2017-08-13

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (55.0.1).
- Fixed:
+ CVE-2017-7798: XUL injection in the style editor in devtools
+ CVE-2017-7800: Use-after-free in WebSockets during disconnection
+ CVE-2017-7801: Use-after-free with marquee during window resizing
+ CVE-2017-7809: Use-after-free while deleting attached editor DOM node
+ CVE-2017-7784: Use-after-free with image observers
+ CVE-2017-7802: Use-after-free resizing image elements
+ CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
+ CVE-2017-7786: Buffer overflow while painting non-displayable SVG
+ CVE-2017-7806: Use-after-free in layer manager with SVG
+ CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
+ CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
+ CVE-2017-7807: Domain hijacking through AppCache fallback
+ CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
+ CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
+ CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
+ CVE-2017-7808: CSP information leak with frame-ancestors containing paths
+ CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
+ CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates
+ CVE-2017-7794: Linux file truncation via sandbox broker
+ CVE-2017-7803: CSP containing 'sandbox' improperly applied
+ CVE-2017-7799: Self-XSS XUL injection in about:webrtc
+ CVE-2017-7783: DOS attack through long username in URL
+ CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives
+ CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection
+ CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values
+ CVE-2017-7796: Windows updater can delete any file named update.log
+ CVE-2017-7797: Response header name interning leaks across origins
+ CVE-2017-7780: Memory safety bugs fixed in Firefox 55
+ CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3

postgresql9.3-9.3.18-alt1  build 2017-08-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.3.18
- fix CVE-2017-7547

postgresql9.6-1C-9.6.4-alt1  build 2017-08-09

Group: Databases
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.3 and later)
Changes:

- 9.6.4
- fix CVE-2017-7547

postgresql9.4-9.4.13-alt1  build 2017-08-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.4.13
- fix CVE-2017-7547

postgresql9.6-9.6.4-alt1  build 2017-08-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.6.4
- fix CVE-2017-7547

curl-7.55.0-alt1.S1  build 2017-08-09

Group: Networking/File transfer
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changes:

- new version with following security fixes:
* CVE-2017-1000101 glob: do not parse after a strtoul() overflow range
* CVE-2017-1000100 tftp: reject file name lengths that don't fit
* CVE-2017-1000099 file: output the correct buffer to the user

postgresql9.5-9.5.8-alt1  build 2017-08-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.5.8
- fix CVE-2017-7547

perl-1:5.24.2-alt1  build 2017-08-09

Group: Development/Perl
Summary: Practical Extraction and Report Language
Changes:

- 5.24.1 -> 5.24.2 (CVE-2016-1238)

firefox-esr-52.3.0-alt1  build 2017-08-08

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (52.3.0)
- Security fixes:
+ CVE-2017-7798: XUL injection in the style editor in devtools
+ CVE-2017-7800: Use-after-free in WebSockets during disconnection
+ CVE-2017-7801: Use-after-free with marquee during window resizing
+ CVE-2017-7809: Use-after-free while deleting attached editor DOM node
+ CVE-2017-7784: Use-after-free with image observers
+ CVE-2017-7802: Use-after-free resizing image elements
+ CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
+ CVE-2017-7786: Buffer overflow while painting non-displayable SVG
+ CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
+ CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
+ CVE-2017-7807: Domain hijacking through AppCache fallback
+ CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
+ CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
+ CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
+ CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
+ CVE-2017-7803: CSP containing 'sandbox' improperly applied
+ CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3

libssh-0.7.5-alt1.S1  build 2017-08-08

Group: System/Libraries
Summary: C library to authenticate in a simple manner to one or more SSH servers
Changes:

- new version
- security fix: CVE-2016-0739

c-ares-1.13.0-alt1.S1  build 2017-08-08

Group: System/Libraries
Summary: A library that performs asynchronous DNS operations
Changes:

- 1.13.0 with these security fixes:
* CVE-2016-5180 - Heap-based buffer overflow in the ares_create_query function.
* CVE-2017-1000381 - NAPTR parser out of bounds access.

pve-qemu-2.9.0-alt3  build 2017-08-07

Group: Emulators
Summary: QEMU CPU Emulator
Changes:

- fix CVE-2017-7539, CVE-2017-11434, CVE-2017-11334, CVE-2017-10806, CVE-2017-10664, CVE-2017-9524, CVE-2017-9503

chromium-60.0.3112.78-alt1  build 2017-08-01

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (60.0.3112.78).
- Security fixes:
- CVE-2017-5091: Use after free in IndexedDB. Reported by Ned Williamson on 2017-06-02
- CVE-2017-5092: Use after free in PPAPI. Reported by Yu Zhou, Yuan Deng of Ant-financial Light-Year Security Lab on 2017-06-15
- CVE-2017-5093: UI spoofing in Blink. Reported by Luan Herrera on 2015-10-31
- CVE-2017-5094: Type confusion in extensions. Reported by Anonymous on 2017-03-19
- CVE-2017-5095: Out-of-bounds write in PDFium. Reported by Anonymous on 2017-06-13
- CVE-2017-5096: User information leak via Android intents. Reported by Takeshi Terada on 2017-04-23
- CVE-2017-5097: Out-of-bounds read in Skia. Reported by Anonymous on 2017-07-11
- CVE-2017-5098: Use after free in V8. Reported by Jihoon Kim on 2017-07-11
- CVE-2017-5099: Out-of-bounds write in PPAPI. Reported by Yuan Deng, Yu Zhou of Ant-financial Light-Year Security Lab on 2017-06-15
- CVE-2017-5100: Use after free in Chrome Apps. Reported by Anonymous on 2017-05-04
- CVE-2017-5101: URL spoofing in OmniBox. Reported by Luan Herrera on 2017-01-17
- CVE-2017-5102: Uninitialized use in Skia. Reported by Anonymous on 2017-05-30
- CVE-2017-5103: Uninitialized use in Skia. Reported by Anonymous on 2017-05-25
- CVE-2017-5104: UI spoofing in browser. Reported by Khalil Zhani on 2017-06-02
- CVE-2017-7000: Pointer disclosure in SQLite. Reported by Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative
- CVE-2017-5105: URL spoofing in OmniBox. Reported by Rayyan Bijoora on 2017-06-06
- CVE-2017-5106: URL spoofing in OmniBox. Reported by Jack Zac on 2017-04-24
- CVE-2017-5107: User information leak via SVG. Reported by David Kohlbrenner of UC San Diego on 2017-01-27
- CVE-2017-5108: Type confusion in PDFium. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2017-02-24
- CVE-2017-5109: UI spoofing in browser. Reported by Jose Maria Acuna Morgado on 2017-04-11
- CVE-2017-5110: UI spoofing in payments dialog. Reported by xisigr of Tencent's Xuanwu Lab on 2017-05-02

ffmpeg-2:3.3.3-alt1  build 2017-08-01

Group: Video
Summary: A command line toolbox to manipulate, convert and stream multimedia content
Changes:

- 3.3.3 with fixes for following vulnerabilities:
* CVE-2017-11399 remote DoS via crafted APE file
* CVE-2017-11665 remote DoS via crafted RTMP stream
* CVE-2017-11719 remote DoS via crafted crafted DNxHD file

libwebkitgtk4-2.16.6-alt1  build 2017-07-27

Group: System/Libraries
Summary: Web browser engine
Changes:

- 2.16.6 (fixed CVE-2017-7039, CVE-2017-7018, CVE-2017-7030,
CVE-2017-7037, CVE-2017-7034, CVE-2017-7055, CVE-2017-7056,
CVE-2017-7064, CVE-2017-7061, CVE-2017-7048, CVE-2017-7046)

autotrace-0.31.1-alt7.S1  build 2017-07-25

Group: Graphics
Summary: Bitmap to vector graphics converter
Changes:

- fixed CVE-2016-7392

tcsh-6.20.00-alt1  build 2017-07-25

Group: Shells
Summary: An enhanced version of csh, the C shell
Changes:

- Updated to 6.20.00.
- Disabled TIOCSTI (avoid CVE-2017-5226 issues).
- Moved documentation to separate subpackage.

MySQL-5.5.57-alt1  build 2017-07-24

Group: Databases
Summary: A very fast and reliable SQL database engine
Changes:

- 5.5.57 (Fixes: CVE-2017-3653, CVE-2017-3651, CVE-2017-3652, CVE-2017-3648, CVE-2017-3641, CVE-2017-3636, CVE-2017-3635)
- Fixes various memory and pointer mishandlings.

wireshark-2.2.8-alt1.S1  build 2017-07-21

Group: Monitoring
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changes:

- new version:
* wnpa-sec-2017-13 WBMXL dissector infinite loop CVE-2017-7702, CVE-2017-11410
* wnpa-sec-2017-28 openSAFETY dissector memory exhaustion CVE-2017-9350, CVE-2017-11411
* wnpa-sec-2017-34 AMQP dissector crash CVE-2017-11408
* wnpa-sec-2017-35 MQ dissector crash CVE-2017-11407
* wnpa-sec-2017-36 DOCSIS infinite loop CVE-2017-11406

virtualbox-5.1.24-alt1.S1  build 2017-07-20

Group: Emulators
Summary: VM VirtualBox OSE - Virtual Machine for x86 hardware
Changes:

- new version 5.1.24
(Fixes: CVE-2017-10129, CVE-2017-10187, CVE-2017-10204, CVE-2017-10209, CVE-2017-10210, CVE-2017-10233, CVE-2017-10235, CVE-2017-10236, CVE-2017-10237, CVE-2017-10238, CVE-2017-10239, CVE-2017-10240, CVE-2017-10241, CVE-2017-10242)

librsvg-1:2.40.18-alt1  build 2017-07-20

Group: System/Libraries
Summary: SVG rendering library
Changes:

- 2.40.18 (fixed CVE-2017-11464)

evince-3.24.0-alt2  build 2017-07-14

Group: Office
Summary: A document viewer
Changes:

- updated to 3.24.0-12-g717df38 (fixed BGO ##691448, 779614,
784630 (CVE-2017-1000083))

openvswitch-2.7.1-alt1  build 2017-07-13

Group: Networking/Other
Summary: An open source, production quality, multilayer virtual switch
Changes:

- 2.7.1 with security fixes:
+ CVE-2017-9214 Buffer overrread in ofputil_pull_queue_get_config_reply10().
+ CVE-2017-9263 remote DoS attack by a malicious switch.
+ CVE-2017-9265 buffer over-read while parsing the group mod OpenFlow message sent from the controller

mpg123-1.25.2-alt1  build 2017-07-13

Group: Sound
Summary: MPEG audio player
Changes:

- 1.25.2 (fixed CVE-2017-11126)

samba-DC-4.6.6-alt1.S1  build 2017-07-12

Group: System/Servers
Summary: Samba Active Directory Domain Controller
Changes:

- Update to summer security release
- Security fixes:
+ CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation

samba-4.6.6-alt1.S1  build 2017-07-12

Group: System/Servers
Summary: The Samba4 CIFS and AD client and server suite
Changes:

- Update to summer security release
- Security fixes:
+ CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation
(Samba binaries built against MIT Kerberos are not vulnerable.)

davfs2-1.5.4-alt1.S1  build 2017-07-12

Group: Networking/Other
Summary: Linux file system driver that allows you to mount a WebDAV server as a local file system.
Changes:

- new version with security fixes:
+ CVE-2013-4362 Unsecure use of system()

oniguruma-6.4.0-alt1.S1  build 2017-07-12

Group: System/Libraries
Summary: Regular expressions library
Changes:

- new version with security fixes (CVE-2017-9224, CVE-2017-9225, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)

bind-9.10.5.P3-alt1  build 2017-07-11

Group: System/Servers
Summary: ISC BIND - DNS server
Changes:

- 9.10.4-P8 -> 9.10.5-P3
(fixes: CVE-2017-3140, CVE-2017-3141, CVE-2017-3142, CVE-2017-3143).

nginx-1.12.1-alt1.S1  build 2017-07-11

Group: System/Servers
Summary: Fast HTTP server
Changes:

- Updated to 1.12.1 (Fixes CVE-2017-7529).

php5-5.6.31-alt1.S1  build 2017-07-07

Group: Development/Other
Summary: The PHP5 scripting language
Changes:

- new version with security fixes for mbstring (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)

libgcrypt-1.6.6-alt2.S1  build 2017-07-06

Group: System/Libraries
Summary: The GNU crypto library
Changes:

- security fixes: CVE-2017-7526

kernel-image-ovz-el-2.6.32-alt154  build 2017-07-04

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- Updated to 042stab123.9 (Updated fix for CVE-2017-1000364).

  1         3     4     5            Last »  

 
© 2009–2017 Igor Zubkov