Sisyphus repository
Last update: 2018-04-22 12:06:50 +0400 | SRPMs: 18024 | Sign in or Sign up
en ru uk br
Security fixes

wireshark-2.4.6-alt1.M80P.1  build 2018-04-09

Group: Monitoring
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changes:

- 2.4.6 (Fixes: CVE-2018-9259, CVE-2018-9260, CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264, CVE-2018-9265,
CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272,
CVE-2018-9273, CVE-2018-9274)

kernel-image-std-def-1:4.9.93-alt0.M80P.1  build 2018-04-09

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.93 (Fixes: CVE-2017-5754)

kernel-image-std-def-1:4.9.92-alt0.M80P.1  build 2018-04-01

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.92 (Fixes: CVE-2017-8824)

kernel-image-un-def-1:4.14.32-alt0.M80P.1  build 2018-04-01

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.32 (Fixes: CVE-2017-8824)

kernel-image-std-pae-1:4.4.126-alt0.M80P.1  build 2018-04-01

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.126 (Fixes: CVE-2017-8824)

apache2-1:2.4.33-alt1.M80P.1  build 2018-03-31

Group: System/Servers
Summary: The most widely used Web server on the Internet
Changes:

- 2.4.33
- fixes:
* CVE-2018-1303 low: Possible out of bound read in mod_cache_socache
* CVE-2018-1302 low: Possible write of after free on HTTP/2 stream shutdown
* CVE-2018-1301 low: Possible out of bound access after failure in reading the HTTP request
* CVE-2018-1312 low: Weak Digest auth nonce generation in mod_auth_digest
* CVE-2017-15715 low: bypass with a trailing newline in the file name
* CVE-2017-15710 low: Out of bound write in mod_authnz_ldap when using too small Accept-Language values
* CVE-2018-1283 medium: Tampering of mod_session data for CGI applications

curl-7.59.0-alt1.M80P.1  build 2018-03-31

Group: Networking/File transfer
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changes:

- new version
- fixes:
* CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write
* CVE-2018-1000121 LDAP NULL pointer dereference
* CVE-2018-1000122 RTSP RTP buffer over-read

firefox-59.0.2-alt1  build 2018-03-27

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (59.0.2).
- Fixed:
+ CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
+ CVE-2018-5128: Use-after-free manipulating editor selection ranges
+ CVE-2018-5129: Out-of-bounds write with malformed IPC messages
+ CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption
+ CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources
+ CVE-2018-5132: WebExtension Find API can search privileged pages
+ CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized
+ CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions
+ CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts
+ CVE-2018-5136: Same-origin policy violation with data: URL shared workers
+ CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources
+ CVE-2018-5138: Android Custom Tab address spoofing through long domain names
+ CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol
+ CVE-2018-5141: DOS attack through notifications Push API
+ CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs
+ CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar
+ CVE-2018-5126: Memory safety bugs fixed in Firefox 59
+ CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
+ CVE-2018-5146: Out of bounds memory write in libvorbis
+ CVE-2018-5147: Out of bounds memory write in libtremor
+ CVE-2018-5148: Use-after-free in compositor

systemd-1:237-alt2.M80P.1  build 2018-03-26

Group: System/Configuration/Boot and Init
Summary: System and Session Manager
Changes:

- backport to p8
- fix build systemd.directive man
- move "journalctl --update-catalog" from %post to filetrigger
- move "udevadm hwdb" from %post to filetrigger
- add filetriggers for systemd-sysctl,systemd-binfmt
- add group render
- add drop-in config with defined PATH for user
- Fixes: CVE-2017-15908,CVE-2017-1000082,CVE-2018-1049

firefox-esr-52.7.3-alt1  build 2018-03-26

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (52.7.3)
- Fixes:
+ CVE-2018-5148 Use-after-free in compositor

thunderbird-52.7.0-alt1  build 2018-03-24

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version (52.7.0)
- Fixes:
+ CVE-2018-5127 Buffer overflow manipulating SVG animatedPathSegList
+ CVE-2018-5129 Out-of-bounds write with malformed IPC messages
+ CVE-2018-5144 Integer overflow during Unicode conversion
+ CVE-2018-5146 Out of bounds memory write in libvorbis
+ CVE-2018-5125 Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7
+ CVE-2018-5145 Memory safety bugs fixed in Firefox ESR 52.7 and Thunderbird 52.7

unbound-1.7.0-alt1  build 2018-03-23

Group: System/Servers
Summary: Validating, recursive, and caching DNS resolver
Changes:

- 1.7.0
- New version (closes: #34122)
- Add lost libunbound.so and libunbound.pc to libunbound-devel
- Set libunbound-devel arch-depended
- Move unbound-control-setup.8 from unbound-control to unbound
- Fixed CVE-2017-15105

kernel-image-std-pae-1:4.4.122-alt0.M80P.1  build 2018-03-21

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.122 (Fixes: CVE-2018-1000004)

kernel-image-un-def-1:4.14.28-alt0.M80P.1  build 2018-03-19

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.28 (Fixes: CVE-2018-1000004)

kernel-image-std-def-1:4.9.88-alt0.M80P.1  build 2018-03-19

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.88 (Fixes: CVE-2018-1000004)

samba-DC-4.6.14-alt1.M80P.1  build 2018-03-12

Group: System/Servers
Summary: Samba Active Directory Domain Controller
Changes:

- Update to spring security release
- Security fixes:
+ CVE-2018-1050 Codenomicon crashes in spoolss server code
+ CVE-2018-1057 Unprivileged user can change any user (and admin) password

kernel-image-std-def-1:4.9.87-alt0.M80P.1  build 2018-03-12

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.87 (Fixes: CVE-2011-1161)

samba-4.6.14-alt1.M80P.1  build 2018-03-12

Group: System/Servers
Summary: The Samba4 CIFS and AD client and server suite
Changes:

- Update to spring security release
- Security fixes:
+ CVE-2018-1050 Codenomicon crashes in spoolss server code
+ CVE-2018-1057 Unprivileged user can change any user (and admin) password

firefox-esr-52.7.0-alt1  build 2018-03-10

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (52.7.0).
- Fixes:
+ CVE-2018-5127 Buffer overflow manipulating SVG animatedPathSegList
+ CVE-2018-5129 Out-of-bounds write with malformed IPC messages
+ CVE-2018-5130 Mismatched RTP payload type can trigger memory corruption
+ CVE-2018-5131 Fetch API improperly returns cached copies of no-store/no-cache resources
+ CVE-2018-5144 Integer overflow during Unicode conversion
+ CVE-2018-5125 Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
+ CVE-2018-5145 Memory safety bugs fixed in Firefox ESR 52.7

ntp-4.2.8p11-alt1  build 2018-03-04

Group: System/Configuration/Other
Summary: The Network Time Protocol (NTP)
Changes:

- 4.2.8p11 (CVE-2018-7185, CVE-2018-7184, CVE-2018-7170, CVE-2018-7183,
CVE-2018-7182, CVE-2016-1549)
- updated vniiftri ntp servers in ntp.conf
- added perl-HTTP-Tiny, perl-Net-SSLeay, perl-IO-Socket-SSL to BuildRequires

memcached-1.5.6-alt1.M80P.1  build 2018-03-04

Group: System/Servers
Summary: memcached - memory caching daemon
Changes:

- 1.5.6
- disable UDP port by default (fixed CVE-2018-1000115)
- drop scripts package
- add tool package
- add memcached@.service for allow start "instanced" version, like 'memcached@11211'

clamav-0.99.4-alt1  build 2018-03-04

Group: File tools
Summary: Clam Antivirus scanner
Changes:

- 0.99.4 (CVE-2012-6706, CVE-2017-6419, CVE-2017-11423,
CVE-2018-0202, and CVE-2018-1000085)

postgresql10-10.3-alt0.M80P.1  build 2018-03-02

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 10.3
- Fix CVE-2018-1058

postgresql9.4-9.4.17-alt0.M80P.1  build 2018-03-02

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.4.17
- Fix CVE-2018-1058

postgresql9.3-9.3.22-alt0.M80P.1  build 2018-03-02

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.3.22
- Fix CVE-2018-1058

postgresql9.5-9.5.12-alt0.M80P.1  build 2018-03-02

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.5.12
- Fix CVE-2018-1058

postgresql9.6-1C-9.6.8-alt0.M80P.1  build 2018-03-02

Group: Databases
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.3 and later)
Changes:

- 9.6.8
- Re-applay patches from 1C:
* 00001-1c_FULL_96.patch
* 00004-postgresql-1c-9.6.patch
* 00005-exists_opt-2.patch
- Remove path 00001-1c_create_append_path.patch (fixed in 00001-1c_FULL_96.patch)
- Fix CVE-2018-1058

postgresql9.6-9.6.8-alt0.M80P.1  build 2018-03-02

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.6.8
- Fix CVE-2018-1058

wireshark-2.4.5-alt1.M80P.1  build 2018-02-26

Group: Monitoring
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changes:

- 2.4.5
- fixes:
* wnpa-sec-2018-05 The IEEE 802.11 dissector could crash. CVE-2018-7335
* wnpa-sec-2018-06 Multiple dissectors could go into large infinite loops. All ASN.1
BER dissectors, along with the DICOM, DMP, LLTD, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router,
S7COMM, SCCP, Thread, Thrift, USB and WCCP dissectors were susceptible. CVE-2018-7321, CVE-2018-7322,
CVE-2018-7323, CVE-2018-7324, CVE-2018-7325, CVE-2018-7326, CVE-2018-7327, CVE-2018-7328, CVE-2018-7329,
CVE-2018-7330, CVE-2018-7331, CVE-2018-7332, CVE-2018-7333
* wnpa-sec-2018-07 The UMTS MAC dissector could crash. CVE-2018-7334
* wnpa-sec-2018-08 The DOCSIS dissector could crash. CVE-2018-7337
* wnpa-sec-2018-09 The FCP dissector could crash. CVE-2018-7336
* wnpa-sec-2018-10 The SIGCOMP dissector could crash. CVE-2018-7320
* wnpa-sec-2018-11 The pcapng file parser could crash. CVE-2018-7420
* wnpa-sec-2018-12 The IPMI dissector could crash. CVE-2018-7417
* wnpa-sec-2018-13 The SIGCOMP dissector could crash. CVE-2018-7418
* wnpa-sec-2018-14 The NBAP disssector could crash. CVE-2018-7419

dotnet-coreclr-2.0.5-alt1  build 2018-02-22

Group: Development/Other
Summary: .NET Core runtime, called CoreCLR, and the base library, called mscorlib
Changes:

- new version (2.0.5) with rpmgs script
- CVE-2018-0764, CVE-2018-0786
- backport patch: Add support for building under glibc 2.26

kernel-image-std-pae-1:4.4.116-alt0.M80P.1  build 2018-02-19

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.116 (Fixes: CVE-2017-8824)

kernel-image-std-def-1:4.9.82-alt0.M80P.1  build 2018-02-19

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.82 (Fixes: CVE-2017-8824)

kernel-image-un-def-1:4.14.20-alt0.M80P.1  build 2018-02-19

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.20 (Fixes: CVE-2017-16995, CVE-2017-16996, CVE-2017-5715, CVE-2017-5754,
CVE-2017-8824)

adobe-flash-player-ppapi-3:28-alt2.M80P.1  build 2018-02-19

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version (ALT#34555)
- security fixes: CVE-2018-4871, CVE-2018-4877, CVE-2018-4878

plasma5-workspace-5.11.5-alt2.M80P.1  build 2018-02-12

Group: Graphical desktop/KDE
Summary: KDE Workspace 5 Plasma
Changes:

- security fix: CVE-2018-6791

firefox-58.0.2-alt1  build 2018-02-11

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (58.0.2).
- Fixed:
+ CVE-2018-5091: Use-after-free with DTMF timers
+ CVE-2018-5092: Use-after-free in Web Workers
+ CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing
+ CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory
+ CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
+ CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
+ CVE-2018-5098: Use-after-free while manipulating form input elements
+ CVE-2018-5099: Use-after-free with widget listener
+ CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory
+ CVE-2018-5101: Use-after-free with floating first-letter style elements
+ CVE-2018-5102: Use-after-free in HTML media elements
+ CVE-2018-5103: Use-after-free during mouse event handling
+ CVE-2018-5104: Use-after-free during font face manipulation
+ CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts
+ CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker
+ CVE-2018-5107: Printing process will follow symlinks for local file access
+ CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs
+ CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution
+ CVE-2018-5110: Cursor can be made invisible on OS X
+ CVE-2018-5111: URL spoofing in addressbar through drag and drop
+ CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel
+ CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow
+ CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts
+ CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs
+ CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access
+ CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
+ CVE-2018-5118: Activity Stream images can attempt to load local content through file:
+ CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers
+ CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar
+ CVE-2018-5122: Potential integer overflow in DoCrypt
+ CVE-2018-5090: Memory safety bugs fixed in Firefox 58
+ CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
+ CVE-2018-5124: Sanitize HTML fragments created for chrome-privileged documents

vlc-2.2.6.20170917-alt1.M80P.1  build 2018-02-09

Group: Video
Summary: VLC media player
Changes:

- New version
(Fixes: CVE-2017-10699, CVE-2017-8310, CVE-2017-8311, CVE-2017-8313, CVE-2017-9300, CVE-2017-9301).

dotnet-sdk-2.0.5-alt1  build 2018-02-08

Group: Development/Other
Summary: SDK for the .NET Core runtime and libraries
Changes:

- .NET Core SDK 2.0.5 Release
- CVE-2018-0764, CVE-2018-0786

dotnet-corefx-2.0.5-alt1  build 2018-02-05

Group: Development/Other
Summary: .NET Core foundational libraries, called CoreFX
Changes:

- new version (2.0.5) with rpmgs script
- CVE-2018-0764, CVE-2018-0786

dotnet-bootstrap-2.0.5-alt1  build 2018-02-05

Group: Development/Other
Summary: .NET Core SDK binaries
Changes:

- new version (2.0.5) with rpmgs script
- CVE-2018-0764, CVE-2018-0786

kernel-image-std-pae-1:4.4.115-alt0.M80P.1  build 2018-02-05

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.4.115 (Fixes: CVE-2017-5715)

php5-5.6.33-alt1.M80P.1  build 2018-01-31

Group: Development/Other
Summary: The PHP5 scripting language
Changes:

- new version (fixes: CVE-2018-5711, CVE-2018-5712)

kernel-image-std-def-1:4.9.79-alt0.M80P.1  build 2018-01-31

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.9.79 (Fixes: CVE-2017-5715)

kernel-image-un-def-1:4.14.16-alt0.M80P.1  build 2018-01-31

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.14.16 (Fixes: CVE-2017-5715)

dotnet-common-2.0.5-alt1  build 2018-01-30

Group: Development/Other
Summary: Common dir and files for the .NET Core runtime and libraries
Changes:

- build 2.0.5 release
- CVE-2018-0764, CVE-2018-0786

thunderbird-52.6.0-alt1  build 2018-01-29

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version (52.6.0)
- Fixes:
+ CVE-2018-5095 Integer overflow in Skia library during edge builder allocation
+ CVE-2018-5096 Use-after-free while editing form elements
+ CVE-2018-5097 Use-after-free when source document is manipulated during XSLT
+ CVE-2018-5098 Use-after-free while manipulating form input elements
+ CVE-2018-5099 Use-after-free with widget listener
+ CVE-2018-5102 Use-after-free in HTML media elements
+ CVE-2018-5103 Use-after-free during mouse event handling
+ CVE-2018-5104 Use-after-free during font face manipulation
+ CVE-2018-5117 URL spoofing with right-to-left text aligned left-to-right
+ CVE-2018-5089 Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6, and Thunderbird 52.6

clamav-0.99.3-alt1  build 2018-01-28

Group: File tools
Summary: Clam Antivirus scanner
Changes:

- 0.99.3 (multiple CVE's, look to README)
- removed cve-2017-6418.patch and cve-2017-6420.patch (in upstream now)

curl-7.58.0-alt1.M80P.1  build 2018-01-24

Group: Networking/File transfer
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changes:

- new version
- fixes:
* CVE-2018-1000005 HTTP/2 trailer out-of-bounds read
* CVE-2018-1000007 HTTP authentication leak in redirects

firefox-esr-52.6.0-alt1  build 2018-01-22

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (52.6.0)
- Fixes:
+ CVE-2018-5095 Integer overflow in Skia library during edge builder allocation
+ CVE-2018-5096 Use-after-free while editing form elements
+ CVE-2018-5097 Use-after-free when source document is manipulated during XSLT
+ CVE-2018-5098 Use-after-free while manipulating form input elements
+ CVE-2018-5099 Use-after-free with widget listener
+ CVE-2018-5102 Use-after-free in HTML media elements
+ CVE-2018-5103 Use-after-free during mouse event handling
+ CVE-2018-5104 Use-after-free during font face manipulation
+ CVE-2018-5117 URL spoofing with right-to-left text aligned left-to-right
+ CVE-2018-5089 Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
- Continue fix of Speculative execution side-channel attack ("Spectre")

wireshark-2.4.4-alt1.M80P.1  build 2018-01-17

Group: Monitoring
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changes:

- 2.4.4
- fixes:
* wnpa-sec-2018-01 Multiple dissectors could crash. CVE-2018-5336
* wnpa-sec-2018-03 The IxVeriWave file parser could crash. CVE-2018-5334
* wnpa-sec-2018-04 The WCP dissector could crash. CVE-2018-5335

  1         3     4     5            Last »  

 
© 2009–2018 Igor Zubkov