Security
Oct 20, 2018, 10:21 PM
libssh
Version: 0.7.6-alt1.M70P.1
Summary: C library to authenticate in a simple manner to one or more SSH servers
Changelog:
- new version - security fix: CVE-2018-10933
May 22, 2018, 09:36 AM
postgresql10
Version: 10.4-alt0.M70P.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 10.4 - Fix CVE-2018-1115
May 22, 2018, 09:18 AM
postgresql9.3
Version: 9.3.23-alt0.M70P.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 9.3.23 - Fix CVE-2018-1115
May 22, 2018, 09:02 AM
postgresql9.4
Version: 9.4.18-alt0.M70P.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 9.4.18 - Fix CVE-2018-1115
May 22, 2018, 08:45 AM
postgresql9.5
Version: 9.5.13-alt0.M70P.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 9.5.13 - Fix CVE-2018-1115
May 22, 2018, 08:27 AM
postgresql9.6
Version: 9.6.9-alt0.M70P.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 9.6.9 - Fix CVE-2018-1115
May 22, 2018, 08:09 AM
postgresql9.6-1C
Version: 9.6.9-alt0.M70P.1
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.3 and later)
Changelog:
- 9.6.9 - Fix CVE-2018-1115
Jan 24, 2018, 04:43 PM
kernel-image-un-def
Version: 4.1.49-alt0.M70P.1
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
- v4.1.49 (Fixes: CVE-2017-0861, CVE-2017-1000407, CVE-2017-7184)
Oct 23, 2017, 08:46 PM
glibc
Version: 2.17-alt8.M70P.2
Summary: The GNU libc libraries
Changelog:
- Backported upstream secutiry patches (fixes CVE-2017-15670 CVE-2017-15804).
Jul 13, 2017, 06:56 AM
samba-DC
Version: 4.5.12-alt1.M70P.1
Summary: Samba Active Directory Domain Controller
Changelog:
- Update to summer security release - Security fixes: + CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation
Jul 13, 2017, 05:47 AM
samba
Version: 4.5.12-alt1.M70P.1
Summary: The Samba4 CIFS and AD client and server suite
Changelog:
- Update to summer security release - Security fixes: + CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation (Samba binaries built against MIT Kerberos are not vulnerable.)
Jun 4, 2017, 03:44 PM
wireshark
Version: 2.2.7-alt1.M70P.1
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changelog:
- new version with these security fixes: * wnpa-sec-2017-22 Bazaar dissector infinite loop CVE-2017-9352 * wnpa-sec-2017-23 DOF dissector read overflow CVE-2017-9348 * wnpa-sec-2017-24 DHCP dissector read overflow CVE-2017-9351 * wnpa-sec-2017-25 SoulSeek dissector infinite loop CVE-2017-9346 * wnpa-sec-2017-26 DNS dissector infinite loop CVE-2017-9345 * wnpa-sec-2017-27 DICOM dissector infinite loop CVE-2017-9349 * wnpa-sec-2017-28 openSAFETY dissector memory exhaustion CVE-2017-9350 * wnpa-sec-2017-29 BT L2CAP dissector divide by zero CVE-2017-9344 * wnpa-sec-2017-30 MSNIP dissector crash CVE-2017-9343 * wnpa-sec-2017-31 ROS dissector crash CVE-2017-9347 * wnpa-sec-2017-32 RGMP dissector crash CVE-2017-9354 * wnpa-sec-2017-30 MSNIP dissector crash CVE-2017-9343 * wnpa-sec-2017-31 ROS dissector crash CVE-2017-9347 * wnpa-sec-2017-32 RGMP dissector crash CVE-2017-9354 * wnpa-sec-2017-33 IPv6 dissector crash CVE-2017-9353
Apr 9, 2017, 07:18 AM
krb5
Version: 1.13.7-alt0.M70P.1
Summary: The Kerberos network authentication system
Changelog:
- Update to supported security release (Fixes: CVE-2014-5355, CVE-2015-2694, CVE-2015-2695, CVE-2015-2696, CVE-2015-2698, CVE-2015-2697, CVE-2015-8629, CVE-2015-8630, CVE-2015-8631, CVE-2016-3119, CVE-2016-3120) - Backport _keytab group for default keytab /etc/krb5.keytab
Mar 20, 2017, 02:12 PM
adobe-flash-player
Version: 25-alt0.M70P.1
Summary: Adobe Flash Player
Changelog:
- new version - security fixes: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
Nov 8, 2016, 05:51 PM
openssh
Version: 6.7p1-alt1.M70P.4
Summary: OpenSSH free Secure Shell (SSH) implementation
Changelog:
- Backported upstream fixes for CVE-2015-5352, CVE-2015-6563, CVE-2015-6564.
Oct 24, 2016, 11:44 AM
kernel-image-std-def
Version: 3.14.79-alt0.M70P.2
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
- CVE-2016-5195 fixed
Oct 10, 2016, 07:35 PM
dbus
Version: 1.6.30-alt1.M70P.1
Summary: D-BUS is a simple IPC framework based on messages.
Changelog:
- fixed CVE-2015-0245
Sep 27, 2016, 06:28 PM
bind
Version: 9.9.8-alt2.M70P.2
Summary: ISC BIND - DNS server
Changelog:
- Applied upstream fix for CVE-2016-2776.
Sep 22, 2016, 05:42 PM
openssl10
Version: 1.0.1u-alt0.M70P.1
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changelog:
- Updated to 1.0.1u (fixes CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306).
Jun 6, 2016, 02:36 PM
ImageMagick
Version: 6.8.4.10-alt3.M70P.2
Summary: An X application for displaying and manipulating images
Changelog:
- Apply security patch from Debian: Disable support for reading input from a shell command, or writing output to a shell command. This was done by the pipe (|) prefix. It was possible to perform a command injection as discrived by CVE-2016-5118 since it use popen.
Apr 14, 2016, 07:02 PM
NetworkManager
Version: 0.9.8.10-alt1.M70P.2.git20150519
Summary: Network Link Manager and User Applications
Changelog:
- keyfile: fix temporary file races (CVE-2016-0764). - Upstream git snapshot (nm-0-9-8 branch).
Jan 18, 2016, 09:27 PM
dhcpcd
Version: 5.6.8-alt2.M70P.1
Summary: DHCP Client
Changelog:
- Ensure that length of the DHCP option's data less then buffer size. - Fix CVE-2014-6060.
Jan 2, 2016, 01:42 PM
cyrus-imapd
Version: 2.4.18-alt1.M70P.1
Summary: A high-performance mail store with IMAP and POP3 support
Changelog:
- updated to git 20151026 of "cyrus-imapd-2.4" branch (CVE-2015-8077, CVE-2015-8078)
Sep 15, 2015, 07:03 PM
screen
Version: 4.0.3-alt10.M70P.1
Summary: A screen manager that supports multiple sessions on one terminal
Changelog:
- Backported to p7 branch (CVE-2015-6806).
May 15, 2015, 08:50 PM
qemu
Version: 1.4.0-alt1.1.M70P.1
Summary: QEMU CPU Emulator
Changelog:
- Backported patch from Sisyphus (CVE-2015-3456): + fdc: force the fifo access to be in bounds of the allocated buffer.
Oct 9, 2014, 11:07 PM
rsyslog
Version: 7.6.7-alt0.M70P.1
Summary: Enhanced system logging and kernel message trapping daemon
Changelog:
- 7.6.7 - fixed CVE-2014-3634, CVE-2014-3683
Sep 8, 2014, 03:14 PM
python-module-django-horizon
Version: 2014.1.2-alt2
Summary: Django application for talking to Openstack
Changelog:
- Tests disabled temporary - 0101-Add-ru-locale-horizon.patch updated - 0102-CVE-2014-3594.patch added - AutoReq: yes, nopython for theme subpackage
Jun 20, 2014, 08:52 AM
kernel-image-el-def
Version: 2.6.32-alt25
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
- 2.6.32-431.20.3.el6: + CVE-2013-6378 + CVE-2014-0196 + CVE-2014-0203 + CVE-2014-1737 + CVE-2014-1738 + CVE-2014-1874 + CVE-2014-2039 + CVE-2014-3153
May 13, 2014, 02:21 AM
kernel-src-kvm
Version: 3.10.21-alt8
Summary: KVM modules sources for Linux kernel
Changelog:
- updates from linux-3.10.40: + KVM: ioapic: fix assignment of ioapic->rtc_status.pending_eoi (CVE-2014-0155)
Oct 5, 2013, 02:37 PM
gnupg2
Version: 2.0.22-alt1
Summary: The GNU Privacy Guard suite
Changelog:
- Updated to 2.0.22 (fixes CVE-2013-4402).
Oct 5, 2013, 02:24 PM
gnupg
Version: 1.4.15-alt1
Summary: The GNU Privacy Guard
Changelog:
- Updated to 1.4.15 (fixes CVE-2013-4402).
Aug 7, 2013, 04:53 PM
strongswan
Version: 5.1.0-alt1
Summary: StrongSWAN IPSEC implementation
Changelog:
- 5.1.0: CVE-2013-5018 fix (charon DoS, see also http://www.strongswan.org/blog/2013/08/01/)
May 27, 2013, 01:19 AM
socat
Version: 1.7.2.2-alt1
Summary: 'socket cat' - multipurpose relay for bidirectional data transfer
Changelog:
- Updated to 1.7.2.2 (fixes CVE-2013-3571).
Mar 20, 2013, 12:40 AM
exim
Version: 4.76-alt3
Summary: Exim Mail Transport Agent
Changelog:
- NMU: + applied CVE-2012-5671.patch + dropped mailq symlink duplicating sendmail-common's one (ALT#28006)
Mar 12, 2013, 11:01 AM
perl
Version: 5.16.3-alt1
Summary: Practical Extraction and Report Language
Changelog:
- 5.16.2 -> 5.16.3 - Fixed CVE-2013-1667: memory exhaustion with arbitrary hash keys
Nov 16, 2012, 01:02 PM
apr1
Version: 1.4.6-alt1
Summary: Apache Portable Runtime
Changelog:
- New version (1.4.6) - Security fixes (CVE-2011-1928, oCERT-2011-003)
Oct 27, 2012, 09:44 PM
libexif
Version: 0.6.21-alt1
Summary: libexif is a library for parsing, editing, and saving EXIF data
Changelog:
- 0.6.21 - fixed CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841, CVE-2012-2845
Sep 10, 2012, 04:19 AM
automake_1.10
Version: 1.10.3-alt2
Summary: A GNU tool for automatically creating Makefiles
Changelog:
- distdir.am (distcheck): backported upstream fix for CVE-2012-3386. - aclocal: backported upstream fix for perl 5.16.0.
Jul 18, 2012, 06:46 PM
libjpeg-turbo
Version: 1.2.1-alt1
Summary: A SIMD-accelerated library for manipulating JPEG image format files
Changelog:
- Updated to 1.2.1 (fixes CVE-2012-2806).
Jan 27, 2009, 09:23 AM
smarty
Version: 2.6.22-alt1
Summary: Template engine for PHP
Changelog:
- Updated to 2.6.22. Security fixes: + CVE-2008-4810 + CVE-2008-4811