Sisyphus repository
Last update: 2018-07-23 06:07:40 +0400 | SRPMs: 18105 | Sign in or Sign up
en ru uk br
Security fixes

curl-7.61.0-alt1.M80P.1  build 2018-07-17

Group: Networking/File transfer
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changes:

- 7.61.0
- fixes:
* CVE-2018-0500 SMTP send heap buffer overflow

glusterfs3-3.12.12-alt1  build 2018-07-12

Group: System/Base
Summary: Cluster File System
Changes:

- new version 3.12.12 (with rpmrb script)
- CVE-2018-10841

kernel-image-un-def-1:4.14.55-alt0.M80P.1  build 2018-07-11

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.55 (Fixes: CVE-2018-10876, CVE-2018-10877, CVE-2018-10879, CVE-2018-10880,
CVE-2018-10881, CVE-2018-10882, CVE-2018-10883)

kernel-image-std-pae-1:4.4.140-alt0.M80P.1  build 2018-07-11

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.140 (Fixes: CVE-2018-10876, CVE-2018-10877, CVE-2018-10881, CVE-2018-10882,
CVE-2018-10883)

kernel-image-std-def-1:4.9.112-alt0.M80P.1  build 2018-07-11

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.112 (Fixes: CVE-2018-10876, CVE-2018-10877, CVE-2018-10881, CVE-2018-10882,
CVE-2018-10883)

thunderbird-52.9.0-alt1  build 2018-07-04

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version (52.9.0).
- Enigmail 2.0.7.
- Fixes:
+ CVE-2018-12359 Buffer overflow using computed size of canvas element
+ CVE-2018-12360 Use-after-free when using focus()
+ CVE-2018-12372 S/MIME and PGP decryption oracles can be built with HTML emails
+ CVE-2018-12373 S/MIME plaintext can be leaked through HTML reply/forward
+ CVE-2018-12362 Integer overflow in SSSE3 scaler
+ CVE-2018-12363 Use-after-free when appending DOM nodes
+ CVE-2018-12364 CSRF attacks through 307 redirects and NPAPI plugins
+ CVE-2018-12365 Compromised IPC child process can list local filenames
+ CVE-2018-12366 Invalid data handling during QCMS transformations
+ CVE-2018-12368 No warning when opening executable SettingContent-ms files
+ CVE-2018-12374 Using form to exfiltrate encrypted mail part by pressing enter in form field
+ CVE-2018-5188 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 52.9

firefox-61.0-alt1  build 2018-07-02

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (61.0).
- Fixed:
+ CVE-2018-12359: Buffer overflow using computed size of canvas element
+ CVE-2018-12360: Use-after-free when using focus()
+ CVE-2018-12361: Integer overflow in SwizzleData
+ CVE-2018-12358: Same-origin bypass using service worker and redirection
+ CVE-2018-12362: Integer overflow in SSSE3 scaler
+ CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
+ CVE-2018-12363: Use-after-free when appending DOM nodes
+ CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
+ CVE-2018-12365: Compromised IPC child process can list local filenames
+ CVE-2018-12371: Integer overflow in Skia library during edge builder allocation
+ CVE-2018-12366: Invalid data handling during QCMS transformations
+ CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
+ CVE-2018-12368: No warning when opening executable SettingContent-ms files
+ CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments
+ CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View
+ CVE-2018-5186: Memory safety bugs fixed in Firefox 61
+ CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
+ CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9

kernel-image-std-def-1:4.9.110-alt0.M80P.1  build 2018-06-26

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.110 (Fixes: CVE-2018-1118)

firefox-esr-60.1.0-alt1  build 2018-06-26

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (60.1.0).
- Fixed:
+ CVE-2018-12359 Buffer overflow using computed size of canvas element
+ CVE-2018-12360 Use-after-free when using focus()
+ CVE-2018-12361 Integer overflow in SwizzleData
+ CVE-2018-12362 Integer overflow in SSSE3 scaler
+ CVE-2018-5156 Media recorder segmentation fault when track type is changed during capture
+ CVE-2018-12363 Use-after-free when appending DOM nodes
+ CVE-2018-12364 CSRF attacks through 307 redirects and NPAPI plugins
+ CVE-2018-12365 Compromised IPC child process can list local filenames
+ CVE-2018-12371 Integer overflow in Skia library during edge builder allocation
+ CVE-2018-12366 Invalid data handling during QCMS transformations
+ CVE-2018-12367 Timing attack mitigation of PerformanceNavigationTiming
+ CVE-2018-12368 No warning when opening executable SettingContent-ms files
+ CVE-2018-12369 WebExtension security permission checks bypassed by embedded experiments
+ CVE-2018-5187 Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
+ CVE-2018-5188 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9

kernel-image-un-def-1:4.14.52-alt0.M80P.1  build 2018-06-26

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.52 (Fixes: CVE-2018-10840, CVE-2018-1118, CVE-2018-11412)

kernel-image-std-pae-1:4.4.138-alt0.M80P.1  build 2018-06-19

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.138 (Fixes: CVE-2018-10853)

kernel-image-un-def-1:4.14.50-alt0.M80P.1  build 2018-06-19

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.50 (Fixes: CVE-2018-10853)

kernel-image-std-def-1:4.9.109-alt0.M80P.1  build 2018-06-19

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.109 (Fixes: CVE-2018-10853)

libgcrypt-1.7.10-alt1.M80P.1  build 2018-06-14

Group: System/Libraries
Summary: The GNU crypto library
Changes:

- new version
- security fixes: CVE-2018-0495

firefox-esr-60.0.2-alt1  build 2018-06-11

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (60.0.2).
- Fixed:
+ CVE-2018-6126 Heap buffer overflow rasterizing paths in SVG with Skia

gnupg2-2.2.8-alt1.M80P.1  build 2018-06-08

Group: Text tools
Summary: The GNU Privacy Guard suite
Changes:

- new version
- security fix: CVE-2018-12020

firefox-60.0.2-alt1  build 2018-06-07

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (60.0.2).
- Fixed:
+ CVE-2018-6126 Heap buffer overflow rasterizing paths in SVG with Skia

firefox-esr-60.0.1-alt1  build 2018-06-05

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (60.0.1).
- Fixed:
+ CVE-2018-5154: Use-after-free with SVG animations and clip paths
+ CVE-2018-5155: Use-after-free with SVG animations and text paths
+ CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files
+ CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer
+ CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
+ CVE-2018-5160: Uninitialized memory use by WebRTC encoder
+ CVE-2018-5152: WebExtensions information leak through webRequest API
+ CVE-2018-5153: Out-of-bounds read in mixed content websocket messages
+ CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache
+ CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace
+ CVE-2018-5166: WebExtension host permission bypass through filterReponseData
+ CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger
+ CVE-2018-5168: Lightweight themes can be installed without user interaction
+ CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages
+ CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer
+ CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters
+ CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update
+ CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies
+ CVE-2018-5176: JSON Viewer script injection
+ CVE-2018-5177: Buffer overflow in XSLT during number formatting
+ CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox
+ CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
+ CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink
+ CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar
+ CVE-2018-5151: Memory safety bugs fixed in Firefox 60
+ CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8

jq-1.5-alt3.M80P.1  build 2018-05-31

Group: Development/Other
Summary: Command-line JSON processor
Changes:

- security update (fixes: CVE-2016-4074)

kernel-image-std-pae-1:4.4.134-alt0.M80P.1  build 2018-05-30

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.134 (Fixes: CVE-2018-6412)

kernel-image-un-def-1:4.14.45-alt0.M80P.1  build 2018-05-30

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.45 (Fixes: CVE-2018-6412)

kernel-image-std-def-1:4.9.104-alt0.M80P.1  build 2018-05-30

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.104 (Fixes: CVE-2018-6412)

wireshark-2.6.1-alt1.M80P.1  build 2018-05-24

Group: Monitoring
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changes:

- 2.6.1 (fixes: CVE-2018-11359, CVE-2018-11361, CVE-2018-11358, CVE-2018-11360, CVE-2018-11356, CVE-2018-11357, CVE-2018-11355, CVE-2018-11354, CVE-2018-11362)

mariadb-10.1.33-alt1.M80P.1  build 2018-05-23

Group: Databases
Summary: A very fast and reliable SQL database engine
Changes:

- 10.1.33
- Fixes for the following security vulnerabilities:
+ CVE-2018-2562
+ CVE-2018-2622
+ CVE-2018-2640
+ CVE-2018-2665
+ CVE-2018-2668
+ CVE-2018-2612
+ CVE-2018-2782
+ CVE-2018-2784
+ CVE-2018-2787
+ CVE-2018-2766
+ CVE-2018-2755
+ CVE-2018-2819
+ CVE-2018-2817
+ CVE-2018-2761
+ CVE-2018-2781
+ CVE-2018-2771
+ CVE-2018-2813

kernel-image-std-def-1:4.9.101-alt0.M80P.1  build 2018-05-21

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.101 (Fixes: CVE-2018-1120)

kernel-image-un-def-1:4.14.42-alt0.M80P.1  build 2018-05-21

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.42 (Fixes: CVE-2018-1120)

thunderbird-52.8.0-alt1  build 2018-05-19

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version (52.8.0).
- Enigmail 2.0.4.
- Fixes:
+ CVE-2018-5183 Backport critical security fixes in Skia
+ CVE-2018-5184 Full plaintext recovery in S/MIME via chosen-ciphertext attack
+ CVE-2018-5154 Use-after-free with SVG animations and clip paths
+ CVE-2018-5155 Use-after-free with SVG animations and text paths
+ CVE-2018-5159 Integer overflow and out-of-bounds write in Skia
+ CVE-2018-5161 Hang via malformed headers
+ CVE-2018-5162 Encrypted mail leaks plaintext through src attribute
+ CVE-2018-5170 Filename spoofing for external attachments
+ CVE-2018-5168 Lightweight themes can be installed without user interaction
+ CVE-2018-5178 Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
+ CVE-2018-5185 Leaking plaintext through HTML forms
+ CVE-2018-5150 Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8, and Thunderbird 52.8
- Build in several threads.

firefox-60.0.1-alt1  build 2018-05-17

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (60.0.1).
- Fixed:
+ CVE-2018-5154 Use-after-free with SVG animations and clip paths
+ CVE-2018-5155 Use-after-free with SVG animations and text paths
+ CVE-2018-5157 Same-origin bypass of PDF Viewer to view protected PDF files
+ CVE-2018-5158 Malicious PDF can inject JavaScript into PDF Viewer
+ CVE-2018-5159 Integer overflow and out-of-bounds write in Skia
+ CVE-2018-5160 Uninitialized memory use by WebRTC encoder
+ CVE-2018-5152 WebExtensions information leak through webRequest API
+ CVE-2018-5153 Out-of-bounds read in mixed content websocket messages
+ CVE-2018-5163 Replacing cached data in JavaScript Start-up Bytecode Cache
+ CVE-2018-5164 CSP not applied to all multipart content sent with multipart/x-mixed-replace
+ CVE-2018-5166 WebExtension host permission bypass through filterReponseData
+ CVE-2018-5167 Improper linkification of chrome: and javascript: content in web console and JavaScript debugger
+ CVE-2018-5168 Lightweight themes can be installed without user interaction
+ CVE-2018-5169 Dragging and dropping link text onto home button can set home page to include chrome pages
+ CVE-2018-5172 Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer
+ CVE-2018-5173 File name spoofing of Downloads panel with Unicode characters
+ CVE-2018-5174 Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update
+ CVE-2018-5175 Universal CSP bypass on sites using strict-dynamic in their policies
+ CVE-2018-5176 JSON Viewer script injection
+ CVE-2018-5177 Buffer overflow in XSLT during number formatting
+ CVE-2018-5165 Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox
+ CVE-2018-5180 heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
+ CVE-2018-5181 Local file can be displayed in noopener tab through drag and drop of hyperlink
+ CVE-2018-5182 Local file can be displayed from hyperlink dragged and dropped on addressbar
+ CVE-2018-5151 Memory safety bugs fixed in Firefox 60
+ CVE-2018-5150 Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8

glusterfs3-3.12.9-alt1  build 2018-05-17

Group: System/Base
Summary: Cluster File System
Changes:

- new version 3.12.9 (with rpmrb script)
- CVE-2018-1088

curl-7.60.0-alt1.M80P.1  build 2018-05-16

Group: Networking/File transfer
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changes:

- 7.60.0
- fixes:
* CVE-2018-1000300 FTP shutdown response buffer overflow
* CVE-2018-1000301 RTSP bad headers buffer over-read

kernel-image-un-def-1:4.14.41-alt0.M80P.1  build 2018-05-16

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.41 (Fixes: CVE-2018-1000200)

postgresql9.3-9.3.23-alt0.M80P.1  build 2018-05-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.3.23
- Fix CVE-2018-1115

postgresql9.5-9.5.13-alt0.M80P.1  build 2018-05-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.5.13
- Fix CVE-2018-1115

postgresql9.6-1C-9.6.9-alt0.M80P.1  build 2018-05-09

Group: Databases
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.3 and later)
Changes:

- 9.6.9
- Fix CVE-2018-1115

firefox-esr-52.8.0-alt1  build 2018-05-09

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (52.8.0).
- Fixes:
+ CVE-2018-5183 Backport critical security fixes in Skia
+ CVE-2018-5154 Use-after-free with SVG animations and clip paths
+ CVE-2018-5155 Use-after-free with SVG animations and text paths
+ CVE-2018-5157 Same-origin bypass of PDF Viewer to view protected PDF files
+ CVE-2018-5158 Malicious PDF can inject JavaScript into PDF Viewer
+ CVE-2018-5159 Integer overflow and out-of-bounds write in Skia
+ CVE-2018-5168 Lightweight themes can be installed without user interaction
+ CVE-2018-5178 Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
+ CVE-2018-5150 Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8

postgresql9.4-9.4.18-alt0.M80P.1  build 2018-05-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.4.18
- Fix CVE-2018-1115

postgresql10-10.4-alt0.M80P.1  build 2018-05-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 10.4
- Fix CVE-2018-1115

postgresql9.6-9.6.9-alt0.M80P.1  build 2018-05-09

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.6.9
- Fix CVE-2018-1115

php5-5.6.36-alt1.M80P.1  build 2018-05-08

Group: Development/Other
Summary: The PHP5 scripting language
Changes:

- 5.6.33 (fixes: CVE-2018-10549, CVE-2018-10546, CVE-2018-10548, CVE-2018-10547, CVE-2018-10545, CVE-2018-7584)

libwebkitgtk4-2.20.2-alt1  build 2018-05-08

Group: System/Libraries
Summary: Web browser engine
Changes:

- 2.20.2 (fixed CVE-2018-4200)

adobe-flash-player-ppapi-3:29-alt1.M80P.1  build 2018-05-07

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version (ALT#34555)
- security fixes:
CVE-2018-4919, CVE-2018-4920, CVE-2018-4932, CVE-2018-4933,
CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, CVE-2018-4937

kernel-image-std-def-1:4.9.98-alt0.M80P.1  build 2018-05-06

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.98 (Fixes: CVE-2018-1093, CVE-2018-1108)

kernel-image-std-pae-1:4.4.131-alt0.M80P.1  build 2018-05-06

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.131 (Fixes: CVE-2018-1093)

kernel-image-un-def-1:4.14.39-alt0.M80P.1  build 2018-05-06

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.39 (Fixes: CVE-2018-1093, CVE-2018-1108)

plasma5-kwallet-pam-5.12.5-alt1.M80P.1  build 2018-05-03

Group: Graphical desktop/KDE
Summary: KDE Workspace 5 PAM KWallet integration
Changes:

- new version
- security fixes: CVE-2018-10380

kernel-image-std-def-1:4.9.96-alt0.M80P.1  build 2018-04-24

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.96 (Fixes: CVE-2018-1092, CVE-2018-1108)

kernel-image-un-def-1:4.14.36-alt0.M80P.1  build 2018-04-24

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.36 (Fixes: CVE-2018-1092, CVE-2018-1094, CVE-2018-1095, CVE-2018-1108)

kernel-image-std-pae-1:4.4.129-alt0.M80P.1  build 2018-04-24

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.129 (Fixes: CVE-2018-1092)

kernel-image-std-def-1:4.9.95-alt0.M80P.1  build 2018-04-21

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.95 (Fixes: CVE-2017-5715)

krb5-1.14.6-alt1.M80P.1  build 2018-04-17

Group: System/Libraries
Summary: The Kerberos network authentication system
Changes:

- Update to latest security release of krb5-1.14
- Security fixes:
+ CVE-2017-11368 Fix a KDC denial of service vulnerability caused by unset
status strings
+ CVE-2017-11462 Preserve GSS contexts on init/accept failure

  1         3     4     5            Last »  

 
© 2009–2018 Igor Zubkov