Sisyphus repository
Last update: 2018-07-20 03:07:50 +0400 | SRPMs: 15013 | Sign in or Sign up
en ru uk br
Security fixes

postgresql9.4-9.4.18-alt0.M70P.1  build 2018-05-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.4.18
- Fix CVE-2018-1115

postgresql10-10.4-alt0.M70P.1  build 2018-05-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 10.4
- Fix CVE-2018-1115

postgresql9.6-1C-9.6.9-alt0.M70P.1  build 2018-05-09

Group: Databases
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.3 and later)
Changes:

- 9.6.9
- Fix CVE-2018-1115

postgresql9.6-9.6.9-alt0.M70P.1  build 2018-05-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.6.9
- Fix CVE-2018-1115

postgresql9.3-9.3.23-alt0.M70P.1  build 2018-05-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.3.23
- Fix CVE-2018-1115

postgresql9.5-9.5.13-alt0.M70P.1  build 2018-05-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.5.13
- Fix CVE-2018-1115

ntp-4.2.8p11-alt1  build 2018-03-04

Group: System/Configuration/Other
Summary: The Network Time Protocol (NTP)
Changes:

- 4.2.8p11 (CVE-2018-7185, CVE-2018-7184, CVE-2018-7170, CVE-2018-7183,
CVE-2018-7182, CVE-2016-1549)
- updated vniiftri ntp servers in ntp.conf
- added perl-HTTP-Tiny, perl-Net-SSLeay, perl-IO-Socket-SSL to BuildRequires

clamav-0.99.4-alt1  build 2018-03-04

Group: File tools
Summary: Clam Antivirus scanner
Changes:

- 0.99.4 (CVE-2012-6706, CVE-2017-6419, CVE-2017-11423,
CVE-2018-0202, and CVE-2018-1000085)

postgresql9.5-9.5.12-alt0.M70P.1  build 2018-03-02

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.5.12
- Fix CVE-2018-1058

postgresql9.4-9.4.17-alt0.M70P.1  build 2018-03-02

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.4.17
- Fix CVE-2018-1058

postgresql9.6-1C-9.6.8-alt0.M70P.1  build 2018-03-02

Group: Databases
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.3 and later)
Changes:

- 9.6.8
- Re-applay patches from 1C:
* 00001-1c_FULL_96.patch
* 00004-postgresql-1c-9.6.patch
* 00005-exists_opt-2.patch
- Remove path 00001-1c_create_append_path.patch (fixed in 00001-1c_FULL_96.patch)
- Fix CVE-2018-1058

postgresql10-10.3-alt0.M70P.1  build 2018-03-02

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 10.3
- Fix CVE-2018-1058

postgresql9.6-9.6.8-alt0.M70P.1  build 2018-03-02

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.6.8
- Fix CVE-2018-1058

postgresql9.3-9.3.22-alt0.M70P.1  build 2018-03-02

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.3.22
- Fix CVE-2018-1058

clamav-0.99.3-alt1  build 2018-01-28

Group: File tools
Summary: Clam Antivirus scanner
Changes:

- 0.99.3 (multiple CVE's, look to README)
- removed cve-2017-6418.patch and cve-2017-6420.patch (in upstream now)

kernel-image-un-def-1:4.1.49-alt0.M70P.1  build 2018-01-24

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.1.49 (Fixes: CVE-2017-0861, CVE-2017-1000407, CVE-2017-7184)

kernel-image-un-def-1:4.1.47-alt0.M70P.1  build 2017-12-08

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.1.47 (Fixes: CVE-2017-13080, CVE-2017-7518, CVE-2017-8824)

kernel-image-un-def-1:4.1.46-alt0.M70P.1.1  build 2017-12-05

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- temporary fix for HugeDirtyCowPOC (fixes CVE-2017-1000405)

palemoon-2:27.6.2-alt0.M70P.1  build 2017-12-02

Group: Networking/WWW
Summary: The New Moon browser, an unofficial branding of the Pale Moon project browser
Changes:

- New Version - Release 27.6.2
- Fixed CVE-2017-7832, CVE-2017-7835, CVE-2017-7840. See Changelog

kernel-image-un-def-1:4.1.46-alt0.M70P.1  build 2017-11-15

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.1.46 (Fixes: CVE-2017-0786, CVE-2017-12153, CVE-2017-12154, CVE-2017-12193,
CVE-2017-15265)

glibc-6:2.17-alt8.M70P.2  build 2017-10-23

Group: System/Base
Summary: The GNU libc libraries
Changes:

- Backported upstream secutiry patches (fixes CVE-2017-15670 CVE-2017-15804).

kernel-image-un-def-1:4.1.45-alt0.M70P.1.1  build 2017-10-18

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.1.45 (Fixes: CVE-2017-11600)

kernel-image-un-def-1:4.1.44-alt0.M70P.1.1  build 2017-10-17

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- Local root in alsa fixed (Fixes: CVE-2017-15265)

ntp-4.2.8p10-alt1  build 2017-09-27

Group: System/Configuration/Other
Summary: The Network Time Protocol (NTP)
Changes:

- updated to 4.2.8p10 (Fixes: CVE-2017-6451, CVE-2017-6452, CVE-2017-6455,
CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462,
CVE-2017-6463, CVE-2017-6464)
- patch level moved to version to pleasure CVE checkoing tools

clamav-0.99.2-alt3  build 2017-09-25

Group: File tools
Summary: Clam Antivirus scanner
Changes:

- Fixes:
+ CVE-2017-6418 remote attackers can cause a denial of service (out-of-bounds read) via a crafted e-mail message
+ CVE-2017-6420 remote attackers can cause a denial of service (use-after-free) via a crafted PE file with WWPack compression

postgresql9.5-9.5.8-alt0.M70P.1  build 2017-08-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.5.8
- fix CVE-2017-7547

postgresql9.6-1C-9.6.4-alt0.M70P.1  build 2017-08-09

Group: Databases
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.3 and later)
Changes:

- 9.6.4
- fix CVE-2017-7547

postgresql9.3-9.3.18-alt0.M70P.1  build 2017-08-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.3.18
- fix CVE-2017-7547

postgresql9.6-9.6.4-alt0.M70P.1  build 2017-08-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.6.4
- fix CVE-2017-7547

postgresql10-9.6.4-alt1  build 2017-08-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.6.4
- fix CVE-2017-7547

postgresql9.4-9.4.13-alt0.M70P.1  build 2017-08-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.4.13
- fix CVE-2017-7547

samba-DC-4.5.12-alt1.M70P.1  build 2017-07-12

Group: System/Servers
Summary: Samba Active Directory Domain Controller
Changes:

- Update to summer security release
- Security fixes:
+ CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation

samba-4.5.12-alt1.M70P.1  build 2017-07-12

Group: System/Servers
Summary: The Samba4 CIFS and AD client and server suite
Changes:

- Update to summer security release
- Security fixes:
+ CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation
(Samba binaries built against MIT Kerberos are not vulnerable.)

wireshark-2.2.7-alt1.M70P.1  build 2017-06-04

Group: Monitoring
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changes:

- new version with these security fixes:
* wnpa-sec-2017-22 Bazaar dissector infinite loop CVE-2017-9352
* wnpa-sec-2017-23 DOF dissector read overflow CVE-2017-9348
* wnpa-sec-2017-24 DHCP dissector read overflow CVE-2017-9351
* wnpa-sec-2017-25 SoulSeek dissector infinite loop CVE-2017-9346
* wnpa-sec-2017-26 DNS dissector infinite loop CVE-2017-9345
* wnpa-sec-2017-27 DICOM dissector infinite loop CVE-2017-9349
* wnpa-sec-2017-28 openSAFETY dissector memory exhaustion CVE-2017-9350
* wnpa-sec-2017-29 BT L2CAP dissector divide by zero CVE-2017-9344
* wnpa-sec-2017-30 MSNIP dissector crash CVE-2017-9343
* wnpa-sec-2017-31 ROS dissector crash CVE-2017-9347
* wnpa-sec-2017-32 RGMP dissector crash CVE-2017-9354
* wnpa-sec-2017-30 MSNIP dissector crash CVE-2017-9343
* wnpa-sec-2017-31 ROS dissector crash CVE-2017-9347
* wnpa-sec-2017-32 RGMP dissector crash CVE-2017-9354
* wnpa-sec-2017-33 IPv6 dissector crash CVE-2017-9353

samba-DC-4.5.10-alt1.M70P.1  build 2017-05-24

Group: System/Servers
Summary: Samba Active Directory Domain Controller
Changes:

- Update to second spring security release
- Fix longtime initialization bug in ldb proxy
- Security fixes:
+ CVE-2017-7494 Remote code execution from a writable share

samba-4.5.10-alt1.M70P.1  build 2017-05-24

Group: System/Servers
Summary: The Samba4 CIFS and AD client and server suite
Changes:

- Update to second spring security release
- Fix longtime initialization bug in ldb proxy
- Security fixes:
+ CVE-2017-7494 Remote code execution from a writable share

firefox-45.9.0-alt1  build 2017-04-20

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version
- Security fixes:
+ CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9,
+ CVE-2017-5462: DRBG flaw in NSS
+ CVE-2017-5445: Uninitialized values used while parsing
+ CVE-2017-5469: Potential Buffer overflow in flex-generated code
+ CVE-2017-5437: Vulnerabilities in Libevent library
+ CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
+ CVE-2017-5465: Out-of-bounds read in ConvolvePixel
+ CVE-2017-5447: Out-of-bounds read during glyph processing
+ CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with
+ CVE-2017-5444: Buffer overflow while parsing application/http-index-format
+ CVE-2017-5443: Out-of-bounds write during BinHex decoding
+ CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
+ CVE-2017-5442: Use-after-free during style changes
+ CVE-2017-5441: Use-after-free with selection during scroll events
+ CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT
+ CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
+ CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
+ CVE-2017-5460: Use-after-free in frame selection
+ CVE-2017-5432: Use-after-free in text input selection
+ CVE-2017-5434: Use-after-free during focus handling
+ CVE-2017-5459: Buffer overflow in WebGL
+ CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
+ CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
+ CVE-2017-5435: Use-after-free during transaction processing in the editor
+ CVE-2017-5433: Use-after-free in SMIL animation functions

firefox-esr-45.9.0-alt1  build 2017-04-20

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version
- Security fixes:
+ CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9,
+ CVE-2017-5462: DRBG flaw in NSS
+ CVE-2017-5445: Uninitialized values used while parsing
+ CVE-2017-5469: Potential Buffer overflow in flex-generated code
+ CVE-2017-5437: Vulnerabilities in Libevent library
+ CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
+ CVE-2017-5465: Out-of-bounds read in ConvolvePixel
+ CVE-2017-5447: Out-of-bounds read during glyph processing
+ CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with
+ CVE-2017-5444: Buffer overflow while parsing application/http-index-format
+ CVE-2017-5443: Out-of-bounds write during BinHex decoding
+ CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
+ CVE-2017-5442: Use-after-free during style changes
+ CVE-2017-5441: Use-after-free with selection during scroll events
+ CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT
+ CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
+ CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
+ CVE-2017-5460: Use-after-free in frame selection
+ CVE-2017-5432: Use-after-free in text input selection
+ CVE-2017-5434: Use-after-free during focus handling
+ CVE-2017-5459: Buffer overflow in WebGL
+ CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
+ CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
+ CVE-2017-5435: Use-after-free during transaction processing in the editor
+ CVE-2017-5433: Use-after-free in SMIL animation functions

wireshark-2.2.6-alt1.M70P.1  build 2017-04-14

Group: Monitoring
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changes:

- new version with these security fixes:
* wnpa-sec-2017-12 IMAP dissector crash CVE-2017-7703
* wnpa-sec-2017-13 WBMXL dissector infinite loop CVE-2017-7702
* wnpa-sec-2017-14 NetScaler file parser infinite loop CVE-2017-7700
* wnpa-sec-2017-15 RPCoRDMA dissector infinite loop CVE-2017-7705
* wnpa-sec-2017-16 BGP dissector infinite loop CVE-2017-7701
* wnpa-sec-2017-17 DOF dissector infinite loop CVE-2017-7704

krb5-1.13.7-alt0.M70P.1  build 2017-03-24

Group: System/Libraries
Summary: The Kerberos network authentication system
Changes:

- Update to supported security release (Fixes: CVE-2014-5355, CVE-2015-2694,
CVE-2015-2695, CVE-2015-2696, CVE-2015-2698, CVE-2015-2697, CVE-2015-8629,
CVE-2015-8630, CVE-2015-8631, CVE-2016-3119, CVE-2016-3120)
- Backport _keytab group for default keytab /etc/krb5.keytab

samba-DC-4.5.7-alt1.M70P.1  build 2017-03-23

Group: System/Servers
Summary: Samba Active Directory Domain Controller
Changes:

- Update to spring security release
- Fixed build --without docs (closes: 33118)
- Security fixes:
+ CVE-2017-2619 Symlink race allows access outside share definition

samba-4.5.7-alt1.M70P.1  build 2017-03-23

Group: System/Servers
Summary: The Samba4 CIFS and AD client and server suite
Changes:

- Update to spring security release
- Fixed build --without docs (closes: 33118)
- Security fixes:
+ CVE-2017-2619 Symlink race allows access outside share definition

adobe-flash-player-3:25-alt0.M70P.1  build 2017-03-20

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version
- security fixes:
CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000,
CVE-2017-3001, CVE-2017-3002, CVE-2017-3003

adobe-flash-player-3:24-alt0.M70P.3  build 2017-02-17

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version
- security fixes:
CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986,
CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2991,
CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995,
CVE-2017-2996

adobe-flash-player-3:24-alt0.M70P.2  build 2017-01-11

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version
- security fixes:
CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928,
CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933,
CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937,
CVE-2017-2938

samba-DC-4.5.3-alt1.M70P.1  build 2016-12-19

Group: System/Servers
Summary: Samba Active Directory Domain Controller
Changes:

- Update for release with security fixes:
- CVE-2016-2123 (ndr_pull_dnsp_name contains an integer wrap problem)
- CVE-2016-2125 (client code always requests a forwardable ticket)
- CVE-2016-2126 (crash winbindd using a legitimate Kerberos ticket)

samba-4.5.3-alt1.M70P.1  build 2016-12-19

Group: System/Servers
Summary: The Samba4 CIFS and AD client and server suite
Changes:

- Update for release with security fixes:
- CVE-2016-2123 (ndr_pull_dnsp_name contains an integer wrap problem)
- CVE-2016-2125 (client code always requests a forwardable ticket)
- CVE-2016-2126 (crash winbindd using a legitimate Kerberos ticket)

adobe-flash-player-3:24-alt0.M70P.1  build 2016-12-15

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version
- security fixes:
CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870,
CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874,
CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878,
CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890,
CVE-2016-7892

wireshark-2.2.2-alt1  build 2016-11-21

Group: Monitoring
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changes:

- new version, in which following vulnerabilities have been fixed:
* CVE-2016-9372 Profinet I/O long loop.
* CVE-2016-9373 DCERPC crash.
* CVE-2016-9374 AllJoyn crash.
* CVE-2016-9375 DTN infinite loop.
* CVE-2016-9376 OpenFlow crash.

adobe-flash-player-3:11-alt68  build 2016-11-09

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version
- security fixes:
CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860,
CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864,
CVE-2016-7865

  1         3     4     5            Last »  

 
© 2009–2018 Igor Zubkov