Security

- Applied upstream security fix (fixes CVE-2019-11500).
- Sync with Debian 3.20190514.1:
  + New upstream microcode datafile 20190514
  + SECURITY UPDATE
    Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
    CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
  + New Microcodes:
    sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
    sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
    sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
    sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
    sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
    sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
  + Updated Microcodes:
    sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
    sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
    sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
    sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
    sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
    sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
    sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
    sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
    sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
    sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
    sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
    sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
    sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
    sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
    sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
    sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
    sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
    sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
    sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
    sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
    sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
    sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
    sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
    sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
    sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
    sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
    sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
    sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
    sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
- journald: set a limit on the number of fields once more.
- journald: set a limit on the number of fields (1k) (fixes: CVE-2018-16865).
- fix changelog
- security fixes: CVE-2018-10933
- Fix for CVE-2018-15473 corrected
- New version.
- Fixes:
  + CVE-2017-17742: HTTP response splitting in WEBrick
  + CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
  + CVE-2018-8777: DoS by large request in WEBrick
  + CVE-2018-8778: Buffer under-read in String#unpack
  + CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
  + CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
- Update to latest security release of krb5-1.14
- Security fixes:
  + CVE-2017-11368 Fix a KDC denial of service vulnerability caused by unset
    status strings
  + CVE-2017-11462 Preserve GSS contexts on init/accept failure
- Backport security updates to legacy stable branches
- Fixes:
  + CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler
  + CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP
  + CVE-2017-1000101 do not parse after a strtoul() overflow range
  + CVE-2017-1000100 tftp reject file name lengths that don't fit
  + CVE-2017-1000099 output the correct buffer to the user
  + CVE-2017-9502 URL file scheme drive letter buffer overflow
  + CVE-2016-5419 TLS session resumption client cert bypass (again)
  + CVE-2017-2629 SSL_VERIFYSTATUS ignored
  + CVE-2016-9594 uninitialized random
  + CVE-2016-9586 printf floating point buffer overflow
  + CVE-2016-8615 cookie injection for other servers
  + CVE-2016-8616 case insensitive password comparison
  + CVE-2016-8617 OOB write via unchecked multiplication
  + CVE-2016-8618 double-free in curl_maprintf
  + CVE-2016-8619 double-free in krb5 code
  + CVE-2016-8620 glob parser write/read out of bounds
  + CVE-2016-8621 curl_getdate read out of bounds
  + CVE-2016-8622 URL unescape heap overflow via integer truncation
  + CVE-2016-8623 Use-after-free via shared cookies
  + CVE-2016-8624 invalid URL parsing with '#'
  + CVE-2016-8625 IDNA 2003 makes curl use wrong host
  + CVE-2015-3236 send the HTTP Basic authentication credentials for a previous connection
  + CVE-2015-3237 The smb_request_state function allows remote SMB servers to obtain
                  sensitive information from memory or cause a denial of service
  + CVE-2015-3153 sends custom HTTP headers to both the proxy and destination server,
                  which might allow remote proxy servers to obtain sensitive information
  + CVE-2015-3148 do not properly re-use authenticated Negotiate connections
  + CVE-2015-3143 does not properly re-use NTLM connections, which allows remote
                  attackers to connect as other users via an unauthenticated request
  + CVE-2015-3145 The sanitize_cookie_path function does not properly calculate an index
  + CVE-2015-3144 The fix_hostname function does not properly calculate an index
- Fix CVE-2017-3157
- Fix CVE-2017-12607
- Fix CVE-2017-12608
- Backported to c7 (Fixes: CVE-2016-10134, CVE-2016-4338, CVE-2014-9450).
- Added support for libssh2, unixODBC.
- Built proxy with PostgreSQL support.
- Backport to C7
- (Fixes: CVE-2016-4971, CVE-2014-4877)
- Backport to C7
- (Fixes: CVE-2015-0245)
- Backport to C7
- (Fixes: CVE-2014-6060)
- Backported upstream secutiry patches (fixes CVE-2017-15670 CVE-2017-15804).
- (Fixes: CVE-2014-8097, CVE-2017-12177).
- backport new version to c7
- multiple vulnerabilities (so-called KRACK attack) (Fixes:
  + CVE-2017-13077
  + CVE-2017-13078
  + CVE-2017-13079
  + CVE-2017-13080
  + CVE-2017-13081
  + CVE-2017-13082
  + CVE-2017-13086
  + CVE-2017-13087
  + CVE-2017-13088)
- systemd: Add After=network.target.
- systemd: Fix dnsmasq start order.
- Fixes:
   + CVE-2017-14494 Infoleak handling DHCPv6 forwarded requests.
   + CVE-2017-14493 DHCPv6 - Stack buffer overflow.
   + CVE-2017-14492 DHCPv6 RA heap overflow.
   + CVE-2017-14491 DNS heap buffer overflow.
- Fixes:
  + CVE-2017-13672: vga: OOB read access during display update
  + CVE-2017-8380: scsi: off-by-one error in megasas_mmio_wri allows remote
    attackers to have unspecified impact via unknown vectors
  + CVE-2017-12809: ide: flushing of empty CDROM drives leads to NULL dereference
  + CVE-2017-10664: qemu-nbd: server breaks with SIGPIPE upon client abort
- Drop PS4 env variable for root (fixes CVE-2016-7543).
- Fix CVE-2017-8779.
- new version with these security fixes:
     * wnpa-sec-2017-22 Bazaar dissector infinite loop CVE-2017-9352
     * wnpa-sec-2017-23 DOF dissector read overflow CVE-2017-9348
     * wnpa-sec-2017-24 DHCP dissector read overflow CVE-2017-9351
     * wnpa-sec-2017-25 SoulSeek dissector infinite loop CVE-2017-9346
     * wnpa-sec-2017-26 DNS dissector infinite loop CVE-2017-9345
     * wnpa-sec-2017-27 DICOM dissector infinite loop CVE-2017-9349
     * wnpa-sec-2017-28 openSAFETY dissector memory exhaustion CVE-2017-9350
     * wnpa-sec-2017-29 BT L2CAP dissector divide by zero CVE-2017-9344
     * wnpa-sec-2017-30 MSNIP dissector crash CVE-2017-9343
     * wnpa-sec-2017-31 ROS dissector crash CVE-2017-9347
     * wnpa-sec-2017-32 RGMP dissector crash CVE-2017-9354
     * wnpa-sec-2017-30 MSNIP dissector crash CVE-2017-9343
     * wnpa-sec-2017-31 ROS dissector crash CVE-2017-9347
     * wnpa-sec-2017-32 RGMP dissector crash CVE-2017-9354
     * wnpa-sec-2017-33 IPv6 dissector crash CVE-2017-9353
- CVE-2016-5387 fixed
- CVE-2016-0787 fixed
- Updated to 1.0.1u (fixes CVE-2016-2177, CVE-2016-2178, CVE-2016-2179,
  CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183,
  CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306).
- New version 2.2.3. Fixes CVE-2014-8104.
- CVE-2015-5218 fixed
- CVE-2011-4099 fixed
- updates from linux-3.10.40:
  + KVM: ioapic: fix assignment of ioapic->rtc_status.pending_eoi (CVE-2014-0155)
- 2.6.32-431.17.1.el6:
  + CVE-2013-6383
  + CVE-2014-0055
  + CVE-2014-0077
  + CVE-2014-0101
  + CVE-2014-2523
- new version
- security fixes: CVE-2014-0515

Branches
sisyphus
sisyphus_e2k
sisyphus_mipsel
sisyphus_riscv64
p10
p10_e2k
p9
p9_e2k
p9_mipsel
p8
c9f1
c7
i586
noarch
x86_64

dovecot Aug. 30, 2019, 1:58 p.m.	Aug. 30, 2019, 1:58 p.m.
Version: 2.2.30.2-alt0.M70C.2
Summary: Dovecot secure IMAP/POP3 server
Changelog:
- Applied upstream security fix (fixes CVE-2019-11500).

firmware-intel-ucode July 5, 2019, 11:31 a.m.	July 5, 2019, 11:31 a.m.
Version: 9-alt1.20190514
Summary: Microcode definitions for Intel processors
Changelog:
- Sync with Debian 3.20190514.1: + New upstream microcode datafile 20190514 + SECURITY UPDATE Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223 CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + New Microcodes: sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224 sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224 sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224 sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632 sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608 sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104 + Updated Microcodes: sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288 sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336 sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552 sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456 sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384 sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408 sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816 sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432 sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504 sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600 sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336 sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352 sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720 sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768 sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768 sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576 sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552 sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456 sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408 sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360 sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352 sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264 sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728 sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304 sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328 sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328 sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304 sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280 sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328 sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304 sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328 sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304 sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280

systemd Jan. 10, 2019, 12:38 a.m.	Jan. 10, 2019, 12:38 a.m.
Version: 201-alt1.M70P.1.M70C.2
Summary: A System and Session Manager
Changelog:
- journald: set a limit on the number of fields once more. - journald: set a limit on the number of fields (1k) (fixes: CVE-2018-16865).

libssh Oct. 23, 2018, 5:56 p.m.	Oct. 23, 2018, 5:56 p.m.
Version: 0.7.6-alt2
Summary: C library to authenticate in a simple manner to one or more SSH servers
Changelog:
- fix changelog - security fixes: CVE-2018-10933

openssh Aug. 24, 2018, 5:36 p.m.	Aug. 24, 2018, 5:36 p.m.
Version: 6.7p1-alt1.M70C.5
Summary: OpenSSH free Secure Shell (SSH) implementation
Changelog:
- Fix for CVE-2018-15473 corrected

ruby May 15, 2018, 1:54 p.m.	May 15, 2018, 1:54 p.m.
Version: 2.4.4-alt0.M70C.1
Summary: An Interpreted Object-Oriented Scripting Language
Changelog:
- New version. - Fixes: + CVE-2017-17742: HTTP response splitting in WEBrick + CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir + CVE-2018-8777: DoS by large request in WEBrick + CVE-2018-8778: Buffer under-read in String#unpack + CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket + CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir

krb5 April 17, 2018, 5:47 a.m.	April 17, 2018, 5:47 a.m.
Version: 1.14.6-alt1.M70C.1
Summary: The Kerberos network authentication system
Changelog:
- Update to latest security release of krb5-1.14 - Security fixes: + CVE-2017-11368 Fix a KDC denial of service vulnerability caused by unset status strings + CVE-2017-11462 Preserve GSS contexts on init/accept failure

curl March 15, 2018, 6:59 p.m.	March 15, 2018, 6:59 p.m.
Version: 7.56.1-alt1.M70C.1.1
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changelog:
- Backport security updates to legacy stable branches - Fixes: + CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler + CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP + CVE-2017-1000101 do not parse after a strtoul() overflow range + CVE-2017-1000100 tftp reject file name lengths that don't fit + CVE-2017-1000099 output the correct buffer to the user + CVE-2017-9502 URL file scheme drive letter buffer overflow + CVE-2016-5419 TLS session resumption client cert bypass (again) + CVE-2017-2629 SSL_VERIFYSTATUS ignored + CVE-2016-9594 uninitialized random + CVE-2016-9586 printf floating point buffer overflow + CVE-2016-8615 cookie injection for other servers + CVE-2016-8616 case insensitive password comparison + CVE-2016-8617 OOB write via unchecked multiplication + CVE-2016-8618 double-free in curl_maprintf + CVE-2016-8619 double-free in krb5 code + CVE-2016-8620 glob parser write/read out of bounds + CVE-2016-8621 curl_getdate read out of bounds + CVE-2016-8622 URL unescape heap overflow via integer truncation + CVE-2016-8623 Use-after-free via shared cookies + CVE-2016-8624 invalid URL parsing with '#' + CVE-2016-8625 IDNA 2003 makes curl use wrong host + CVE-2015-3236 send the HTTP Basic authentication credentials for a previous connection + CVE-2015-3237 The smb_request_state function allows remote SMB servers to obtain sensitive information from memory or cause a denial of service + CVE-2015-3153 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information + CVE-2015-3148 do not properly re-use authenticated Negotiate connections + CVE-2015-3143 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request + CVE-2015-3145 The sanitize_cookie_path function does not properly calculate an index + CVE-2015-3144 The fix_hostname function does not properly calculate an index

LibreOffice4 Jan. 31, 2018, 3:05 p.m.	Jan. 31, 2018, 3:05 p.m.
Version: 4.2-alt2.M70C.6
Summary: LibreOffice Productivity Suite
Changelog:
- Fix CVE-2017-3157 - Fix CVE-2017-12607 - Fix CVE-2017-12608

zabbix Dec. 21, 2017, 4:01 p.m.	Dec. 21, 2017, 4:01 p.m.
Version: 3.4.4-alt0.M70C.1
Summary: A network monitor
Changelog:
- Backported to c7 (Fixes: CVE-2016-10134, CVE-2016-4338, CVE-2014-9450). - Added support for libssh2, unixODBC. - Built proxy with PostgreSQL support.

wget Oct. 30, 2017, 3:37 p.m.	Oct. 30, 2017, 3:37 p.m.
Version: 1.18-alt0.M70C.1
Summary: An utility for retrieving files using the HTTP, HTTPS or FTP protocols
Changelog:
- Backport to C7 - (Fixes: CVE-2016-4971, CVE-2014-4877)

dbus Oct. 30, 2017, 2:55 p.m.	Oct. 30, 2017, 2:55 p.m.
Version: 1.6.30-alt1.M70C.2
Summary: D-BUS is a simple IPC framework based on messages.
Changelog:
- Backport to C7 - (Fixes: CVE-2015-0245)

dhcpcd Oct. 30, 2017, 2:52 p.m.	Oct. 30, 2017, 2:52 p.m.
Version: 5.6.8-alt2.M70C.1
Summary: DHCP Client
Changelog:
- Backport to C7 - (Fixes: CVE-2014-6060)

glibc Oct. 23, 2017, 7:50 p.m.	Oct. 23, 2017, 7:50 p.m.
Version: 2.17-alt5.M70C.14
Summary: The GNU libc libraries
Changelog:
- Backported upstream secutiry patches (fixes CVE-2017-15670 CVE-2017-15804).

rpcbind Sept. 14, 2017, 2:14 p.m.	Sept. 14, 2017, 2:14 p.m.
Version: 0.2.1-alt0.6.M70C.2
Summary: RPC port mapper
Changelog:
- Fix CVE-2017-8779.

apache2 Nov. 10, 2016, 5:04 p.m.	Nov. 10, 2016, 5:04 p.m.
Version: 2.2.31-alt1.M70C.1
Summary: The most widely used Web server on the Internet
Changelog:
- CVE-2016-5387 fixed

libssh2 Sept. 30, 2016, 7:34 p.m.	Sept. 30, 2016, 7:34 p.m.
Version: 1.4.3-alt1.M70C.3
Summary: A library implementing the SSH2 protocol
Changelog:
- CVE-2016-0787 fixed

util-linux March 18, 2016, 2:48 p.m.	March 18, 2016, 2:48 p.m.
Version: 2.22.1-alt1.M70C.3
Summary: A collection of basic system utilities
Changelog:
- CVE-2015-5218 fixed

xorg-server Oct. 18, 2017, 5:08 p.m.	Oct. 18, 2017, 5:08 p.m.
Version: 1.14.5-alt3.M70C.4
Summary: Xserver - X Window System display server
Changelog:
- (Fixes: CVE-2014-8097, CVE-2017-12177).

wpa_supplicant Oct. 16, 2017, 5:22 p.m.	Oct. 16, 2017, 5:22 p.m.
Version: 2.6-alt1.M70C.1
Summary: wpa_supplicant is an implementation of the WPA Supplicant component
Changelog:
- backport new version to c7 - multiple vulnerabilities (so-called KRACK attack) (Fixes: + CVE-2017-13077 + CVE-2017-13078 + CVE-2017-13079 + CVE-2017-13080 + CVE-2017-13081 + CVE-2017-13082 + CVE-2017-13086 + CVE-2017-13087 + CVE-2017-13088)

dnsmasq Oct. 9, 2017, 6:04 p.m.	Oct. 9, 2017, 6:04 p.m.
Version: 2.72-alt1.M70C.2
Summary: A lightweight caching nameserver
Changelog:
- systemd: Add After=network.target. - systemd: Fix dnsmasq start order. - Fixes: + CVE-2017-14494 Infoleak handling DHCPv6 forwarded requests. + CVE-2017-14493 DHCPv6 - Stack buffer overflow. + CVE-2017-14492 DHCPv6 RA heap overflow. + CVE-2017-14491 DNS heap buffer overflow.

qemu Oct. 9, 2017, 12:14 a.m.	Oct. 9, 2017, 12:14 a.m.
Version: 2.5.1.1-alt0.M70C.5
Summary: QEMU CPU Emulator
Changelog:
- Fixes: + CVE-2017-13672: vga: OOB read access during display update + CVE-2017-8380: scsi: off-by-one error in megasas_mmio_wri allows remote attackers to have unspecified impact via unknown vectors + CVE-2017-12809: ide: flushing of empty CDROM drives leads to NULL dereference + CVE-2017-10664: qemu-nbd: server breaks with SIGPIPE upon client abort

bash Sept. 14, 2017, 2:33 p.m.	Sept. 14, 2017, 2:33 p.m.
Version: 3.2.54-alt0.M70P.1.M70C.1
Summary: The GNU Bourne Again SHell (Bash)
Changelog:
- Drop PS4 env variable for root (fixes CVE-2016-7543).

wireshark June 4, 2017, 10:37 p.m.	June 4, 2017, 10:37 p.m.
Version: 2.2.7-alt1.M70C.1
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changelog:
- new version with these security fixes: * wnpa-sec-2017-22 Bazaar dissector infinite loop CVE-2017-9352 * wnpa-sec-2017-23 DOF dissector read overflow CVE-2017-9348 * wnpa-sec-2017-24 DHCP dissector read overflow CVE-2017-9351 * wnpa-sec-2017-25 SoulSeek dissector infinite loop CVE-2017-9346 * wnpa-sec-2017-26 DNS dissector infinite loop CVE-2017-9345 * wnpa-sec-2017-27 DICOM dissector infinite loop CVE-2017-9349 * wnpa-sec-2017-28 openSAFETY dissector memory exhaustion CVE-2017-9350 * wnpa-sec-2017-29 BT L2CAP dissector divide by zero CVE-2017-9344 * wnpa-sec-2017-30 MSNIP dissector crash CVE-2017-9343 * wnpa-sec-2017-31 ROS dissector crash CVE-2017-9347 * wnpa-sec-2017-32 RGMP dissector crash CVE-2017-9354 * wnpa-sec-2017-30 MSNIP dissector crash CVE-2017-9343 * wnpa-sec-2017-31 ROS dissector crash CVE-2017-9347 * wnpa-sec-2017-32 RGMP dissector crash CVE-2017-9354 * wnpa-sec-2017-33 IPv6 dissector crash CVE-2017-9353

openssl10 Sept. 23, 2016, 4:30 p.m.	Sept. 23, 2016, 4:30 p.m.
Version: 1.0.1u-alt0.M70C.1
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changelog:
- Updated to 1.0.1u (fixes CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306).

openvpn April 15, 2016, 3:08 p.m.	April 15, 2016, 3:08 p.m.
Version: 2.2.3-alt0.M70C.1
Summary: a full-featured SSL VPN solution
Changelog:
- New version 2.2.3. Fixes CVE-2014-8104.

libcap Oct. 5, 2015, 12:34 p.m.	Oct. 5, 2015, 12:34 p.m.
Version: 2.16-alt4.M70C.2
Summary: Library for getting and setting POSIX.1e capabilities
Changelog:
- CVE-2011-4099 fixed

kernel-src-kvm May 13, 2014, 2:21 a.m.	May 13, 2014, 2:21 a.m.
Version: 3.10.21-alt8
Summary: KVM modules sources for Linux kernel
Changelog:
- updates from linux-3.10.40: + KVM: ioapic: fix assignment of ioapic->rtc_status.pending_eoi (CVE-2014-0155)

Repository: c7

Security

kernel-image-el-def May 9, 2014, 4:16 a.m.	May 9, 2014, 4:16 a.m.
Version: 2.6.32-alt22
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
- 2.6.32-431.17.1.el6: + CVE-2013-6383 + CVE-2014-0055 + CVE-2014-0077 + CVE-2014-0101 + CVE-2014-2523

adobe-flash-player April 29, 2014, 9:34 p.m.	April 29, 2014, 9:34 p.m.
Version: 11-alt29
Summary: Adobe Flash Player
Changelog:
- new version - security fixes: CVE-2014-0515