Security
Jan 12, 2017, 05:06 AM
adobe-flash-player
Version: 24-alt0.M70P.2
Summary: Adobe Flash Player
Changelog:
- new version - security fixes: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938
Nov 8, 2016, 06:08 PM
openssh
Version: 6.7p1-alt1.M60P.4
Summary: OpenSSH free Secure Shell (SSH) implementation
Changelog:
- Backported upstream fixes for CVE-2015-5352, CVE-2015-6563, CVE-2015-6564.
Oct 21, 2016, 06:15 PM
bind
Version: 9.3.6-alt7.M60P.3
Summary: ISC BIND - DNS server
Changelog:
- Really applied upstream fix for CVE-2016-2776. - Applied fix for CVE-2016-2848.
Jun 11, 2016, 12:32 PM
ImageMagick
Version: 6.6.9.7-alt0.M60P.1
Summary: An X application for displaying and manipulating images
Changelog:
- Thanks Alt Linux Active Users Club and personally yyy@ - Apply security patch from Debian: Disable support for reading input from a shell command, or writing output to a shell command. This was done by the pipe (|) prefix. It was possible to perform a command injection as discrived by CVE-2016-5118 since it use popen.
Feb 16, 2016, 11:06 PM
glibc
Apr 23, 2015, 12:25 PM
openssl10
Version: 1.0.0p-alt0.M60P.1
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changelog:
- Updated to 1.0.0p (fixes CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570).
Feb 24, 2015, 03:02 AM
samba
Version: 3.5.22-alt0.M60P.1
Summary: Server and Client software to interoperate with Windows machines
Changelog:
- 3.5.22 + fixes CVE-2015-0240 (security flaw in the smbd file server daemon)
Nov 23, 2013, 03:41 PM
nss
Version: 3.14.5-alt0.M60P.1
Summary: Netscape Network Security Services(NSS)
Changelog:
- New version 3.14.5 - Security fixes: + CVE-2013-5605 Handle invalid handshake packets
Jun 24, 2013, 02:41 PM
curl
Version: 7.24.0-alt1.M60P.1
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changelog:
- CVE-2013-2174 fixed (curl_easy_unescape() may parse data beyond the end of the input buffer)
Apr 30, 2013, 04:18 PM
strongswan
Version: 4.6.4-alt1.M60T.1
Summary: StrongSWAN IPSEC implementation
Changelog:
- applied the upstream provided patch to fix CVE-2013-2944 (ECDSA signature vulnerability if openssl backend is loaded)
Nov 12, 2012, 06:52 PM
perl
Version: 5.12.5-alt1.M60P.1
Summary: Practical Extraction and Report Language
Changelog:
- 5.12.3 -> 5.12.5 - Security fixes: * CVE-2011-2728: File::Glob::bsd_glob() memory error with GLOB_ALTDIRFUNC * CVE-2012-5195: Heap buffer overrun in 'x' string repeat operator - Applied fix for bug #26249
Oct 30, 2012, 11:43 AM
perl-Encode
Version: 2.47-alt0.M60P.1
Summary: Character encodings
Changelog:
- Backported to p6 (including fix for CVE-2011-2939)
Oct 25, 2012, 02:25 PM
pidgin
Version: 2.10.6-alt1.M60P.1
Summary: A GTK+ based multiprotocol instant messaging client
Changelog:
- 2.10.6 - p6 security update (fix CVE-2012-3374)
Sep 14, 2012, 02:34 PM
freeradius
Version: 2.1.10-alt3.M60P.1
Summary: High-performance and highly configurable free RADIUS server
Changelog:
- Security fix: CVE-2012-3547 - Fixed permissions for /etc/raddb/modules, /etc/raddb/sql/mysql, /etc/raddb/sql/postgresql dirs (640 -> 750)
Apr 5, 2012, 04:38 AM
libpng
Version: 1.2.49-alt1
Summary: A library of functions for manipulating PNG image format files
Changelog:
- Updated to 1.2.49 (fixes CVE-2011-3048).
Mar 23, 2012, 07:18 PM
libtasn1
Version: 2.12-alt1
Summary: The ASN.1 library used in GNUTLS
Changelog:
- Updated to 2.12 (fixes CVE-2012-1569).
Dec 5, 2011, 12:14 PM
tuxguitar
Version: 1.2-alt1.M60P.1
Summary: A multitrack guitar tablature editor and player
Changelog:
- Backport to p6 branch (CVE-2010-3385)
Nov 1, 2011, 11:32 PM
cyrus-imapd
Version: 2.4.12-alt0.M60P.1
Summary: A high-performance mail store with IMAP and POP3 support
Changelog:
- Backport to p6 branch (fixes CVE-2011-3372)
Oct 7, 2011, 04:16 PM
radvd
Version: 1.8.2-alt1
Summary: A Router Advertisement daemon
Changelog:
- 1.8.2. Security fixes: + CVE-2011-3601 + CVE-2011-3602 + CVE-2011-3603 + CVE-2011-3604 + CVE-2011-3605
Sep 3, 2011, 06:21 PM
libmodplug
Version: 0.8.8.4-alt1
Summary: Modplug mod music file format library
Changelog:
- NMU: 0.8.8.4 - Security fixes: CVE-2011-2911 CVE-2011-2912 CVE-2011-2913 CVE-2011-2914 CVE-2011-2915
Jun 25, 2011, 04:20 AM
tor
Version: 0.2.1.30-alt1
Summary: Anonymizing overlay network for TCP (The onion router)
Changelog:
- Blindly updated 0.2.1.30 (fixes numerous bugs including CVE-2011-0427). - Updated build dependencies.
Jun 21, 2011, 10:45 AM
tigervnc
Version: 1.0.90-alt5
Summary: A TigerVNC remote display system
Changelog:
- updated xorg-server-source to 1.10.2 - enabled ipv6 - fixed CVE-2011-1775
Jun 16, 2011, 12:41 PM
xen
Version: 4.1.1-alt1
Summary: Xen is a virtual machine monitor
Changelog:
- 4.1.1 including CVE-2011-1898 fix
Jun 7, 2011, 03:08 PM
fetchmail
Version: 6.3.20-alt1
Summary: Full-featured POP/IMAP/ETRN mail retrieval daemon
Changelog:
- 6.3.20 + fixes CVE-2011-1947: STARTTLS denial of service vulnerability (thanks ldv@ for heads-up)
Apr 26, 2011, 09:12 AM
request-tracker
Version: 3.8.10-alt1
Summary: Request Tracker (RT) is an enterprise-grade issue tracking system
Changelog:
- 3.8.10. Security fixes: + CVE-2011-1689 + CVE-2011-1688 + CVE-2011-1687 + CVE-2011-1686 + CVE-2011-1685 - Enhance findreq skiplist.
Apr 25, 2011, 11:28 AM
polkit
Version: 0.101-alt2
Summary: PolicyKit Authorization Framework
Changelog:
- update to master git.7c59052 (fixed CVE-2011-1485)
Apr 13, 2011, 11:07 PM
ikiwiki
Mar 14, 2011, 02:11 PM
libgdiplus
Version: 2.6.7-alt2
Summary: An Open Source implementation of the GDI+ API.
Changelog:
- snapshot of 2.6 branch (20101015) - fixed CVE-2010-1526 (ALT #24399)
Mar 9, 2011, 03:38 AM
ncpfs
Version: 2.2.6-alt9
Summary: Utilities for the ncpfs filesystem, a NetWare client for Linux
Changelog:
- Imported fix of race conditions in ncpmount/ncpumount operations from Fedora (fixes CVE-2009-3297).
Mar 3, 2011, 02:17 PM
libcgroup
Version: 0.37.1-alt1
Summary: Libraries for allow to control and monitor control groups
Changelog:
- 0.37.1 - Fix buffer overflow when processing list of controllers from command line (CVE-2011-1006)
Jan 19, 2011, 10:52 PM
perl-CGI
Version: 3.49-alt2
Summary: Simple CGI class for Perl
Changelog:
- fixes for CVE-2010-4410 and CVE-2010-4411 (v5.12.3-RC2-1-gb7fa2ac)
Oct 25, 2010, 06:15 PM
libsmi
Version: 0.4.8-alt2
Summary: A library to access SMI MIB information
Changelog:
- some backports - security fix: CVE-2010-2891 (ALT #24394)
Oct 23, 2010, 08:39 AM
gnome-subtitles
Version: 1.0-alt1.git.75.gcf1c9d0
Summary: subtitle editor
Changelog:
- new version - fix CVE-2010-3357 (closes: #24316)
Oct 23, 2010, 02:36 AM
kernel-image-hpc-skif
Version: 2.6.32-alt24
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
- 2.6.32.24 - CVE-2010-3904 fixed
Oct 5, 2010, 10:43 AM
libesmtp
Version: 1.0.6-alt1
Summary: LibESMTP is a library to manage posting email using SMTP
Changelog:
- New version 1.0.6: + Fixed CVE-2010-1192, CVE-2010-1194 (certificate validation flaws) - Build changes: + Disabled static build + Fixed install section + Plugins moved from devel subpackage to the main
Jun 2, 2010, 03:33 PM
sudo
Version: 1.6.8p12-alt8
Summary: Allows command execution as another user
Changelog:
- Backported upstream fix for CVE-2010-1163 (env_reset, ignore_dot and secure_path sudoers options all had to be explicitly disabled to make an attack possible). - Backported upstream fix for CVE-2010-1646 (env_reset sudoers option had to be explicitly disabled to make an attack possible).
Feb 8, 2010, 12:09 PM
chrony
Version: 1.24-alt1
Summary: Chrony clock synchronization program
Changelog:
- 1.24. Contains security fixes for CVE-2010-0292, CVE-2010-0293, CVE-2010-0294.
Oct 5, 2009, 07:56 PM
ss5
Version: 3.6.4-alt2.rel3.2
Summary: Full featured SOCKS4 and SOCKS5 server
Changelog:
- NMU: security fix for CVE-2009-2368 (array index overflow) (ALT #20701) + thanks crux@ for heads-up
Jul 19, 2009, 03:24 AM
scponly
Version: 4.8-alt2
Summary: Limited shell for secure file transfers
Changelog:
- fix build with gcc - Add patch to prevent restriction bypass using OpenSSH's scp options -F and -o (CVE-2007-6415)
May 18, 2009, 03:44 PM
eggdrop
Version: 1.6.19-alt2
Summary: Eggdrop is an IRC bot, written in C
Changelog:
- Security fix: eggdrop remote crash vulnerability (incomplete patch for CVE-2007-2807) (Closes: #20067)
May 8, 2009, 04:38 AM
cscope
Version: 15.7a-alt1
Summary: Cscope is a text screen based source browsing tool
Changelog:
- [15.7a] (closes: #19952) + CVE-2009-0148
Jan 27, 2009, 09:23 AM
smarty
Version: 2.6.22-alt1
Summary: Template engine for PHP
Changelog:
- Updated to 2.6.22. Security fixes: + CVE-2008-4810 + CVE-2008-4811
Apr 16, 2007, 12:14 AM
lha
Version: 1.14i-alt2
Summary: An archiving and compression utility for LHarc format archives
Changelog:
- ac20050924p1: security fixes for CVE-2006-4335, CVE-2006-4337, CVE-2006-4338 (DoS, system access) - removed patch1, patch2, patch4, patch5 (didn't apply)