Security
| oniguruma Dec. 6, 2019, 1:53 p.m. | Dec. 6, 2019, 1:53 p.m. |
|
Version: 6.9.4-alt1 |
|
| Summary: Regular expressions library |
|
| Changelog: | |
- 6.9.4 - fixes: * CVE-2019-19012 Integer overflow related to reg->dmax in search_in_range() * CVE-2019-19203 heap-buffer-overflow in gb18030_mbc_enc_len() * CVE-2019-19204 heap-buffer-overflow in fetch_interval_quantifier() |
|
| sudo Oct. 31, 2019, 5:11 a.m. | Oct. 31, 2019, 5:11 a.m. |
|
Version: 1.8.28-alt1 |
|
| Summary: Allows command execution as another user |
|
| Changelog: | |
- Update to autumn security release (closes: 37334) - Code execution with euid==0 in rare box configurations (fixes: CVE-2019-14287) - Fix post script for sudowheel control in case of upgrade in not default state |
|
| libXfont2 Oct. 7, 2019, 3:31 p.m. | Oct. 7, 2019, 3:31 p.m. |
|
Version: 2.0.3-alt1 |
|
| Summary: X.Org libXfont runtime library |
|
| Changelog: | |
- fixes: + CVE-2017-16611 Open files with O_NOFOLLOW |
|
| libspice-gtk Sept. 25, 2019, 5:16 p.m. | Sept. 25, 2019, 5:16 p.m. |
|
Version: 0.34-alt0.M80C.1 |
|
| Summary: A GTK widget for SPICE clients |
|
| Changelog: | |
- Port to c8.1 branch due to upgrade of the server side (SPICE); - (Fixes: CVE-2016-3066). |
|
| dovecot-pigeonhole Aug. 30, 2019, 1:37 p.m. | Aug. 30, 2019, 1:37 p.m. |
|
Version: 0.4.11-alt1.M80C.1 |
|
| Summary: Sieve language and the ManageSieve protocol for the Dovecot Secure IMAP Server |
|
| Changelog: | |
- Applied upstream security fix (fixes CVE-2019-11500). |
|
| dovecot Aug. 30, 2019, 1:35 p.m. | Aug. 30, 2019, 1:35 p.m. |
|
Version: 2.2.21-alt1.M80C.1 |
|
| Summary: Dovecot secure IMAP/POP3 server |
|
| Changelog: | |
- Applied upstream security fix (fixes CVE-2019-11500). |
|
| firmware-intel-ucode Aug. 6, 2019, 2:26 p.m. | Aug. 6, 2019, 2:26 p.m. |
|
Version: 9-alt1.20190514 |
|
| Summary: Microcode definitions for Intel processors |
|
| Changelog: | |
- Sync with Debian 3.20190514.1:
+ New upstream microcode datafile 20190514
+ SECURITY UPDATE
Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+ New Microcodes:
sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
+ Updated Microcodes:
sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280 |
|
| samba-DC Aug. 5, 2019, 8:56 p.m. | Aug. 5, 2019, 8:56 p.m. |
|
Version: 4.6.16-alt1.M80C.1 |
|
| Summary: Samba Active Directory Domain Controller |
|
| Changelog: | |
- Update to latest samba-4.6 security release
- Security fixes:
+ CVE-2018-10858 Insufficient input validation on client directory
listing in libsmbclient
+ CVE-2018-10919 Confidential attribute disclosure from the AD LDAP server |
|
| samba Aug. 5, 2019, 8:22 p.m. | Aug. 5, 2019, 8:22 p.m. |
|
Version: 4.6.16-alt1.M80C.1 |
|
| Summary: The Samba4 CIFS and AD client and server suite |
|
| Changelog: | |
- Update to latest samba-4.6 security release
- Security fixes:
+ CVE-2018-10858 Insufficient input validation on client directory
listing in libsmbclient
+ CVE-2018-10919 Confidential attribute disclosure from the AD LDAP server |
|
| libxmlsec1 May 21, 2019, 12:09 p.m. | May 21, 2019, 12:09 p.m. |
|
Version: 1.2.26-alt1.M80C.1 |
|
| Summary: Library providing support for "XML Signature" and "XML Encryption" standards |
|
| Changelog: | |
- for c8, soap reenabled (Fixes: CVE-2017-1000061) |
|
| dhcpcd May 14, 2019, 8:09 p.m. | May 14, 2019, 8:09 p.m. |
|
Version: 6.11.7-alt1 |
|
| Summary: DHCP Client |
|
| Changelog: | |
- Fix crash on lease renewals (closes: #36730). - Updated to 6.11.7 (fixes: CVE-2019-11766). |
|
| SPICE April 23, 2019, 7:24 a.m. | April 23, 2019, 7:24 a.m. |
|
Version: 0.14.1-alt1 |
|
| Summary: Implements the SPICE protocol |
|
| Changelog: | |
- 0.14.1 (Fixes: CVE-2018-10873) |
|
| nettle Jan. 11, 2019, 2:32 p.m. | Jan. 11, 2019, 2:32 p.m. |
|
Version: 3.4.1-alt1 |
|
| Summary: A low-level cryptographic library |
|
| Changelog: | |
- Updated to 3.4.1 (fixes: CVE-2018-16869). |
|
| systemd Jan. 10, 2019, 5:13 p.m. | Jan. 10, 2019, 5:13 p.m. |
|
Version: 233-alt0.M80C.3 |
|
| Summary: System and Session Manager |
|
| Changelog: | |
- journald: set a limit on the number of fields once more. - Backported patches from upstream (fixes: CVE-2018-16864, CVE-2018-16865, CVE-2018-16866). |
|
| NetworkManager Nov. 9, 2018, 6:29 p.m. | Nov. 9, 2018, 6:29 p.m. |
|
Version: 1.4.7-alt1.git3712c5180676 |
|
| Summary: Install NetworkManager daemon and plugins |
|
| Changelog: | |
- Upstream git snapshot (nm-1-4 branch) (fixes: CVE-2018-15688). |
|
| libssh Oct. 25, 2018, 2:55 p.m. | Oct. 25, 2018, 2:55 p.m. |
|
Version: 0.7.6-alt2 |
|
| Summary: C library to authenticate in a simple manner to one or more SSH servers |
|
| Changelog: | |
- fix changelog - security fixes: CVE-2018-10933 |
|
| mariadb Sept. 13, 2018, 8:20 p.m. | Sept. 13, 2018, 8:20 p.m. |
|
Version: 10.1.35-alt0.N.M80C.1 |
|
| Summary: A very fast and reliable SQL database engine |
|
| Changelog: | |
- 10.1.35 - Fixes for the following security vulnerabilities: + CVE-2018-3064 + CVE-2018-3063 + CVE-2018-3058 + CVE-2018-3066 - change mode of plugin dir in chroot (ALT #33259) |
|
| openssh Aug. 24, 2018, 6:51 p.m. | Aug. 24, 2018, 6:51 p.m. |
|
Version: 7.2p2-alt2.M80C.3 |
|
| Summary: OpenSSH free Secure Shell (SSH) implementation |
|
| Changelog: | |
- Correction for fix for CVE-2018-15473 |
|
| ruby May 18, 2018, 2:47 p.m. | May 18, 2018, 2:47 p.m. |
|
Version: 2.4.4-alt0.M80C.1 |
|
| Summary: An Interpreted Object-Oriented Scripting Language |
|
| Changelog: | |
- New version. - Fixes: + CVE-2017-17742: HTTP response splitting in WEBrick + CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir + CVE-2018-8777: DoS by large request in WEBrick + CVE-2018-8778: Buffer under-read in String#unpack + CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket + CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir |
|
| curl March 31, 2018, 9:35 a.m. | March 31, 2018, 9:35 a.m. |
|
Version: 7.59.0-alt1.N.M80C.1 |
|
| Summary: Gets a file from a FTP, GOPHER or HTTP server |
|
| Changelog: | |
- new version - fixes: * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write * CVE-2018-1000121 LDAP NULL pointer dereference * CVE-2018-1000122 RTSP RTP buffer over-read |
|
| kernel-image-std-restricted Feb. 19, 2018, 9:22 p.m. | Feb. 19, 2018, 9:22 p.m. |
|
Version: 4.4.116-alt0.M80C.1 |
|
| Summary: Restricted version of the Linux kernel |
|
| Changelog: | |
- v4.4.116 (Fixes: CVE-2017-8824) |
|
| kernel-image-srv-restricted Feb. 19, 2018, 8:38 p.m. | Feb. 19, 2018, 8:38 p.m. |
|
Version: 4.4.116-alt0.M80C.1 |
|
| Summary: Restricted version of the Linux kernel |
|
| Changelog: | |
- v4.4.116 (Fixes: CVE-2017-8824) |
|
| openssl10 Dec. 7, 2017, 6:17 p.m. | Dec. 7, 2017, 6:17 p.m. |
|
Version: 1.0.2n-alt0.M80C.1 |
|
| Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools |
|
| Changelog: | |
- Backported to c8 branch (fixes CVE-2017-3737, CVE-2017-3738). |
|
| glibc Oct. 23, 2017, 9:53 p.m. | Oct. 23, 2017, 9:53 p.m. |
|
Version: 2.23-alt3.M80C.3 |
|
| Summary: The GNU libc libraries |
|
| Changelog: | |
- Backported upstream secutiry patches (fixes CVE-2017-15670 CVE-2017-15804). |
|
| apache2 Oct. 20, 2017, 11:18 a.m. | Oct. 20, 2017, 11:18 a.m. |
|
Version: 2.4.28-alt1.N.M80C.1 |
|
| Summary: The most widely used Web server on the Internet |
|
| Changelog: | |
- new version 2.4.28 - disabled NameVirtualHost directive in ports_all.conf (closes: #32269) - increased timeout for restarting httpd on SysVinit sytems (closes: #31062) - increased LOOPSSTART and TimeoutStartSec (closes: #33978) - fixes: * CVE-2017-9798 Corrupted or freed memory access |
|
| xorg-server Oct. 17, 2017, 3:17 p.m. | Oct. 17, 2017, 3:17 p.m. |
|
Version: 1.18.4-alt2.M80C.2 |
|
| Summary: Xserver - X Window System display server |
|
| Changelog: | |
- (Fixes: CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12183). |
|
| wpa_supplicant Oct. 16, 2017, 5:29 p.m. | Oct. 16, 2017, 5:29 p.m. |
|
Version: 2.6-alt1.M80C.1 |
|
| Summary: wpa_supplicant is an implementation of the WPA Supplicant component |
|
| Changelog: | |
- backport to c8 - multiple vulnerabilities (so-called KRACK attack) (Fixes: + CVE-2017-13077 + CVE-2017-13078 + CVE-2017-13079 + CVE-2017-13080 + CVE-2017-13081 + CVE-2017-13082 + CVE-2017-13086 + CVE-2017-13087 + CVE-2017-13088) |
|
| nagios Sept. 28, 2017, 10:04 p.m. | Sept. 28, 2017, 10:04 p.m. |
|
Version: 3.0.6-alt4.M80C.1 |
|
| Summary: Services and network monitoring system |
|
| Changelog: | |
- Backport to C8 (Fixes: CVE-2009-2288, CVE-2011-1523, CVE-2012-6096, CVE-2013-2214, CVE-2013-7108, CVE-2013-7205) |
|
| openvswitch Sept. 28, 2017, 5:01 p.m. | Sept. 28, 2017, 5:01 p.m. |
|
Version: 2.7.2-alt0.M80C.1 |
|
| Summary: An open source, production quality, multilayer virtual switch |
|
| Changelog: | |
- backport to c8 (Fixes: CVE-2016-2074) |
|
| libpng Sept. 28, 2017, 3:10 p.m. | Sept. 28, 2017, 3:10 p.m. |
|
Version: 1.5.28-alt0.M80C.1 |
|
| Summary: A library of functions for manipulating PNG image format files |
|
| Changelog: | |
- Updated to 1.5.28 (Fixes: CVE-2016-10087) |
|