Репозитории ALT
Последнее обновление в Вс, 18 апр. 2021, 10:43:22 +0000 | Пакетов: 9785
en ru
Исправления уязвимостей

kernel-image-el-smp-2.6.32-alt10.src.rpm  сборка 2010-09-17

Группа: Система/Ядро и оборудование
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:

- CVE-2010-3301
- build loop as module

apache2-2.2.24-alt2.M51.1.src.rpm  сборка 2010-09-16

Группа: Система/Серверы
О пакете: The most widely used Web server on the Internet
Изменения:

- 2.2.16 (Closes: #23933)
- Security fixes (CVE-2009-3555, CVE-2010-0408, CVE-2010-0425,
CVE-2010-043, CVE-2010-1452, CVE-2010-2068)
- Updated messages a2{en,dis}*: added an indication of the file
(Closes: #20932)
- Move %apache2_extra_available/Directory_*_default.conf.in to
%apache2_confdir/include/ dir

samba-3.0.37-alt5.M50P.1.src.rpm  сборка 2010-09-13

Группа: Система/Серверы
О пакете: Samba SMB/CIFS server
Изменения:

- CVE-2010-3069

pam-1.1.3-alt0.M51.1.src.rpm  сборка 2010-09-02

Группа: Система/Основа
О пакете: Pluggable Authentication Modules
Изменения:

- Updated to Linux-PAM-1_1_2 (fixes CVE-2010-3316).

kernel-image-ovz-rhel-2.6.18-alt13.M51.46.src.rpm  сборка 2010-09-01

Группа: Система/Ядро и оборудование
О пакете: Virtuozzo Linux kernel (the core of the Linux operating system)
Изменения:

- Release of 2.6.18-194.11.3.el5 028stab071.3
- CVE-2010-2240: keep a guard page below a grow-down stack segment

kernel-image-ovz-rhel-2.6.18-alt13.M51.46.src.rpm  сборка 2010-08-31

Группа: Система/Ядро и оборудование
О пакете: Virtuozzo Linux kernel (the core of the Linux operating system)
Изменения:

- Release of 2.6.18-194.11.1.el5 028stab071.2
- RHSA-2010-0610:
* CVE-2010-1084: kernel: bluetooth: potential bad memory access with
sysfs files
* CVE-2010-2066: kernel: ext4: Make sure the MOVE_EXT ioctl can't
overwrite append-only files
* CVE-2010-2070: /kernel/security/CVE-2006-0742 test cause kernel-xen
panic on ia64
* CVE-2010-2226: kernel: xfs swapext ioctl minor security issue
* CVE-2010-2248: kernel: cifs: Fix a kernel BUG with remote OS/2 server
* CVE-2010-2521: kernel: nfsd4: bug in read_buf
* CVE-2010-2524: kernel: dns_resolver upcall security issue

ssmtp-2.62.2-alt10.M51.11.src.rpm  сборка 2010-08-27

Группа: Система/Серверы
О пакете: ssmtp - extremely simple MTA to get mail off the system to a mail hub
Изменения:

- ALT #23964
- CVE-2008-7258

libmikmod-3.1.11-alt0.8.src.rpm  сборка 2010-08-26

Группа: Система/Библиотеки
О пакете: A portable sound library for Unix
Изменения:

- imported security fixes from openSUSE 3.1.11a-84.5 package:
+ CVE-2007-6720:
denial of service (crash) by loading multiple MOD files
with different numbers of channels
+ CVE-2009-0179:
denial of service (crash) by loading an XM file
+ CVE-2009-3995:
arbitrary code execution via (1) crafted samples
or (2) crafted instrument definitions in an Impulse Tracker file
+ CVE-2009-3996:
arbitrary code execution via an Ultratracker file

kernel-image-el-smp-2.6.32-alt10.src.rpm  сборка 2010-08-20

Группа: Система/Ядро и оборудование
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:

- 2.6.32-44.2.el6
- fix CVE-2010-2240 kernel: mm: keep a guard page below (ALT #23912)

vlc-1.1.4-alt0.M50P.1.src.rpm  сборка 2010-08-19

Группа: Видео
О пакете: VLC media player
Изменения:

- 1.1.3 release (fixes CVE-2010-2937).

adobe-flash-player-3:11-alt24.M51.1.src.rpm  сборка 2010-08-11

Группа: Сети/WWW
О пакете: Adobe Flash Player
Изменения:

- only 32-bit new version
- CVE-2010-0209 CVE-2010-2188 CVE-2010-2213 CVE-2010-2214 CVE-2010-2215
CVE-2010-2216

libfreetype-2.4.2-alt1.src.rpm  сборка 2010-08-07

Группа: Система/Библиотеки
О пакете: The FreeType2 library
Изменения:

- fixed CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808

socat-1.7.1.3-alt1.src.rpm  сборка 2010-08-04

Группа: Сети/Прочее
О пакете: 'socket cat' - multipurpose relay for bidirectional data transfer
Изменения:

- New version: CVE-2010-2799 fixed (closes #23839).

pidgin-mini-2.7.11-alt0.M50P.1.src.rpm  сборка 2010-07-24

Группа: Сети/Мгновенные сообщения
О пакете: A GTK+ based multiprotocol instant messaging client
Изменения:

- Updated to 2.7.2
+ CVE-2010-2528: crash bug that can be triggered by remote users

libwebkit-1.2.6-alt1.M51.1.src.rpm  сборка 2010-07-18

Группа: Система/Библиотеки
О пакете: Web browser engine
Изменения:

- 1.2.3
- disable patch1(webkit-1.1.23-alt-icu4.4.patch); upstream fixed
- fixed the following CVEs (thanks to the Debian security team):
+ CVE-2010-1386 CVE-2010-1392 CVE-2010-1405 CVE-2010-1407
+ CVE-2010-1416 CVE-2010-1417 CVE-2010-1665 CVE-2010-1418
+ CVE-2010-1421 CVE-2010-1422 CVE-2010-1501 CVE-2010-1767
+ CVE-2010-1664 CVE-2010-1758 CVE-2010-1759 CVE-2010-1760
+ CVE-2010-1761 CVE-2010-1762 CVE-2010-1770 CVE-2010-1771
+ CVE-2010-1772 CVE-2010-1773 CVE-2010-1774

openldap2.4-2.4.23-alt0.M50P.1.src.rpm  сборка 2010-07-01

Группа: Система/Серверы
О пакете: LDAP libraries and sample clients
Изменения:

- backport to p5 branch (security fixes: CVE-2010-0212 and CVE-2010-0211)

openldap2.4-2.4.23-alt0.M50P.1.src.rpm  сборка 2010-06-30

Группа: Система/Серверы
О пакете: LDAP libraries and sample clients
Изменения:

- 2.4.23
- security fixes: CVE-2010-0212 and CVE-2010-0211

libpng-1.2.44-alt1.src.rpm  сборка 2010-06-29

Группа: Система/Библиотеки
О пакете: A library of functions for manipulating PNG image format files
Изменения:

- Updated to 1.2.44 (fixes: CVE-2010-1205, CVE-2010-2249).

samba-3.0.37-alt5.M50P.1.src.rpm  сборка 2010-06-16

Группа: Система/Серверы
О пакете: Samba SMB/CIFS server
Изменения:

- CVE-2010-2063

adobe-flash-player-3:11-alt24.M51.1.src.rpm  сборка 2010-06-14

Группа: Сети/WWW
О пакете: Adobe Flash Player
Изменения:

- only 32-bit new version (ALT#17168)
- only 32-bit fixes CVE-2008-4546 CVE-2009-3793 CVE-2010-1297 CVE-2010-2160
CVE-2010-2161 CVE-2010-2162 CVE-2010-2163 CVE-2010-2164 CVE-2010-2165
CVE-2010-2166 CVE-2010-2167 CVE-2010-2169 CVE-2010-2170 CVE-2010-2171
CVE-2010-2172 CVE-2010-2173 CVE-2010-2174 CVE-2010-2175 CVE-2010-2176
CVE-2010-2177 CVE-2010-2178 CVE-2010-2179 CVE-2010-2180 CVE-2010-2181
CVE-2010-2182 CVE-2010-2183 CVE-2010-2184 CVE-2010-2185 CVE-2010-2186
CVE-2010-2187 CVE-2010-2188 CVE-2010-2189

pidgin-mini-2.7.11-alt0.M50P.1.src.rpm  сборка 2010-06-13

Группа: Сети/Мгновенные сообщения
О пакете: A GTK+ based multiprotocol instant messaging client
Изменения:

- Updated to 2.7.1
+ CVE-2010-0013: MSN local file disclosure vulnerability
+ CVE-2010-0277: remote MSN SLP crash
+ CVE-2010-0420: remote Finch XMPP crash
+ CVE-2010-0423: remote smiley freeze/CPU pegging DoS
+ CVE-2010-1624: MSN emoticon DoS
- Added Conflicts to pidgin-devel and libpurple-devel
(noted by repocop)

qt4-4.6.3-alt1.M51.1.src.rpm  сборка 2010-05-19

Группа: Система/Библиотеки
О пакете: Shared library for the Qt4 GUI toolkit
Изменения:

- update kde-qt patches
- add cups fixes
- add fixes for CVE-2010-0047 CVE-2010-0051 CVE-2010-0054 CVE-2010-0648
CVE-2010-0656 CVE-2010-0046 CVE-2010-0049 CVE-2010-0050 CVE-2010-0052
(ALT#23506)

fetchmail-6.3.17-alt0.M50P.1.src.rpm  сборка 2010-05-09

Группа: Сети/Почта
О пакете: Full-featured POP/IMAP/ETRN mail retrieval daemon
Изменения:

- 6.3.17
+ CVE-2010-1167: DoS in debug mode with multichar locales

irssi-0.8.15-alt0.M50P.1.src.rpm  сборка 2010-04-19

Группа: Сети/IRC
О пакете: Irssi is an IRC client
Изменения:

- 0.8.15 (Closes: #23317). Security fixes:
+ CVE-2010-1155 (poor verification the hostname of the server when
using SSL connections)
+ CVE-2010-1156 (A NULL-pointer dereference error in
src/core/nicklist.c can be exploited to cause a crash)

zabbix-1:1.8.18-alt0.M51.1.src.rpm  сборка 2010-04-05

Группа: Мониторинг
О пакете: A network monitor
Изменения:

- Update to 11296 svn rev. of 1.8 branch.
- Security fix: CVE-2010-1144 Zabbix PHP Frontend "user" SQL Injection
Vulnerability. See http://secunia.com/advisories/39119/ for datails.
- Enable ipv6 support.

fetchmail-6.3.17-alt0.M50P.1.src.rpm  сборка 2010-03-27

Группа: Сети/Почта
О пакете: Full-featured POP/IMAP/ETRN mail retrieval daemon
Изменения:

- 6.3.14
+ CVE-2010-0562: heap overrun in verbose SSL cert' info display
- package COPYING
- remove Packager:
- fix buildreqs
- fix configure warnings about GSSAPI headers
- fix using optflags

GraphicsMagick-1.3.12-alt0.M50P.1.src.rpm  сборка 2010-03-26

Группа: Графика
О пакете: An X application for displaying and manipulating images
Изменения:

- New version
- Bugfix release (CVE-2010-0205)

openssl098-0.9.8p-alt0.M51.1.src.rpm  сборка 2010-03-25

Группа: Система/Основа
О пакете: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Изменения:

- Updated to 0.9.8n (fixes CVE-2010-0740 and CVE-2010-0433).

tomcat5-0:5.5.27-alt4_7.4jpp5.src.rpm  сборка 2010-03-19

Группа: Разработка/Java
О пакете: Apache Servlet/JSP Engine, RI for Servlet 2.4/JSP 2.0 API
Изменения:

- updated to fc 7.4
- CVE-2009-0033, CVE-2009-0580 (closes: 20311, 20314)
- su -s /bin/sh -c instead of su - (closes: #23073)

apache-1.3.42rusPL30.24-alt3.M51.1.src.rpm  сборка 2010-03-16

Группа: Система/Серверы
О пакете: The most widely used Web server on the Internet
Изменения:

- 1.3.42rusPL30.24 (Closes: #22912)
- Security fixes (CVE-2010-0010)
- Generate SSL key from httpd-perl initscript

tar-1.23-alt4.src.rpm  сборка 2010-03-10

Группа: Архивирование/Резервное копирование
О пакете: A GNU file archiving program
Изменения:

- Updated to 1.23 (fixes CVE-2010-0624).

libpng-1.2.44-alt1.src.rpm  сборка 2010-03-09

Группа: Система/Библиотеки
О пакете: A library of functions for manipulating PNG image format files
Изменения:

- Updated to 1.2.43 (fixes CVE-2010-0205).

dnsmasq-2.46-alt1.1.M51.2.src.rpm  сборка 2010-03-01

Группа: Система/Серверы
О пакете: A lightweight caching nameserver
Изменения:

- fix TFTP server vulnerabilities (CVE-2009-2957, CVE-2009-2958).

openssl098-0.9.8p-alt0.M51.1.src.rpm  сборка 2010-02-26

Группа: Система/Основа
О пакете: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Изменения:

- Updated to 0.9.8m with security fixes and improvements, including:
+ CVE-2009-3245, CVE-2008-1678
+ CVE-2009-1377, CVE-2009-1378, CVE-2009-1379
+ CVE-2009-1387 (closes: #20280)
+ CVE-2009-4355 (closes: #22817, #23037)
+ patch for Cisco VPN client DTLS

transmission-2.04-alt0.M51.1.src.rpm  сборка 2010-02-24

Группа: Сети/Передача файлов
О пакете: Llightweight BitTorrent client
Изменения:

- add patches from upstream 1.7x branch with fix for CVE-2010-0012 (closes: #23019)

sudo-1:1.6.8p12-alt7.src.rpm  сборка 2010-02-23

Группа: Система/Основа
О пакете: Allows command execution as another user
Изменения:

- Backported upstream fix for CVE-2010-0426 (a flaw in sudoedit could
give a user with permission to run sudoedit the ability to run
arbitrary commands).

typo3_src-4.3.13-alt0.M51.1.src.rpm  сборка 2010-02-23

Группа: Сети/Прочее
О пакете: A free, feature rich, Content Management Framework/System
Изменения:

- 4.3.2: major/medium security fixes (no CVE so far)
+ frontend login: possible auth bypass using a hash
*if* "saltedpasswords" is enabled
*and* several auth services are configured
+ frontend: possible CSS if running on php-cgi
+ backend: possible XSSes (valid backend login required)
+ backend: information disclosure with specific
sys_action setup (valid backend login required)
+ https://typo3.org/teams/security/security-bulletins/typo3-sa-2010-004/

pidgin-2.6.6-alt0.M50P.1.src.rpm  сборка 2010-02-22

Группа: Сети/Мгновенные сообщения
О пакете: A GTK+ based multiprotocol instant messaging client
Изменения:

- 2.6.6:
+ Fixes a remote MSN SLP crash (CVE-2010-0277) (Closes: #566775)
+ Fixes a remote Finch XMPP crash (CVE-2010-0420)
+ Fixes a remote smiley freeze/CPU pegging DoS (CVE-2010-0423)
- drop %add_findprov_lib_path for %_libdir/pidgin %_libdir/purple-2 %_libdir/finch

sendmail-8.14.4-alt0.M51.1.src.rpm  сборка 2010-02-22

Группа: Система/Серверы
О пакете: A widely used Mail Transport Agent (MTA)
Изменения:

- New version, security update (CVE-2009-4565)
addition: look to Errata 2010-01-04 on http://www.sendmail.org/releases/8.14.4
if used FEATURE(`ldap_routing')

otrs-2.4.11-alt1.2.src.rpm  сборка 2010-02-21

Группа: Сети/WWW
О пакете: Open source Ticket Request System
Изменения:

- Security fixes:
+ Vulnerability in OTRS-Core allows SQL-Injection; CVE-2010-0438 (ALT #22947)

netpbm-10.35.32-alt1.M51.1.src.rpm  сборка 2010-02-13

Группа: Графика
О пакете: Tools for manipulating graphics files in netpbm supported formats
Изменения:

- fixed stack-based buffer overflow (CVE-2009-4274)
- fixed build
+ netpbm-10.35-alt-fix-overflow-destination-buffer.patch
+ netpbm-10.35-fix-gcc43.patch (backported fix)

chrony-1.24-alt1.src.rpm  сборка 2010-02-08

Группа: Система/Настройка/Прочее
О пакете: Chrony clock synchronization program
Изменения:

- 1.24. Contains security fixes for CVE-2010-0292, CVE-2010-0293, CVE-2010-0294.

arts-1:1.5.10-alt3.M51.1.src.rpm  сборка 2010-02-05

Группа: Система/Серверы
О пакете: aRts (analog realtime synthesizer) - the KDE sound system
Изменения:

- fix to compile (ALT#22891)
- fix CVE-2009-3736

kdelibs-3.5.10-alt11.M51.1.src.rpm  сборка 2010-02-05

Группа: Графические оболочки/KDE
О пакете: K Desktop Environment - Libraries
Изменения:

- update to lastest 3.5 branch
- fix CVE-2009-3736
- fix to build with new autoconf

asterisk1.6.2-1.6.2.11-alt1.M51.2.src.rpm  сборка 2010-02-04

Группа: Система/Серверы
О пакете: Open source PBX
Изменения:

- 1.6.2.2
- CVE-2010-0441

lighttpd-1.4.35-alt0.M51.1.src.rpm  сборка 2010-02-04

Группа: Система/Серверы
О пакете: A fast webserver with minimal memory-footprint
Изменения:

- Update to 2710 revision of 1.4.x branch.
- Security fix: CVE-2010-0295 (lighttpd Slow Request Denial of Service
Vulnerability).

fuse-2.8.2-alt1.src.rpm  сборка 2010-01-27

Группа: Система/Ядро и оборудование
О пакете: tool for creating virtual filesystems
Изменения:

- 2.8.2
- CVE-2009-3297 (ALT #22834)

openttd-1.0.2-alt0.M51.1.src.rpm  сборка 2010-01-27

Группа: Игры/Стратегии
О пакете: An open source clone of the Microprose game "Transport Tycoon Deluxe".
Изменения:

- new version (CVE-2009-4007 fixed)

MySQL-5.0.89-alt1.src.rpm  сборка 2010-01-25

Группа: Базы данных
О пакете: MySQL: A very fast and reliable SQL database engine
Изменения:

- new version (closes #18943)
- fixed CVE-2009-2446 from upstream (closes #20724)
- setup utf8 encoding instead of latin1 by default (closes #12390)
- include C99 aliasing violation patch from mythtv (closes #22452)
- removed username-length patch
- wait for mysqld shutdown (closes #22234)
- don't run initial setup mysql database if mysql.user table already exists

GraphicsMagick-1.3.12-alt0.M50P.1.src.rpm  сборка 2010-01-23

Группа: Графика
О пакете: An X application for displaying and manipulating images
Изменения:

- New version
- Fix ALT (#22348)
- Change number of bits in a pixel quantum 8 -> 16
- Fix build with libfpx
- Security Fixes:
+ Fix for CVE-2009-1882 "Integer overflow in the XMakeImage function".
+ Fix lockup due to hanging in loop while parsing malformed
sub-image specification (SourceForge issue 2886560).
+ Libltdl: Updated libtool to 2.2.6b in order to fix security issue.
Resolves CVE-2009-3736 as it pertains to GraphicsMagick.
- Bug fixes:
+ -convolve, -recolor: Validate that user-provided matrix is square
when parsing -convolve and -recolor commands in order to avoid a
core dump.
+ CALS: Reading images taller than the image width resulted in a
failure.
+ ConstituteImage(), DispatchImage(): 'A' and 'T' should indicate
transparency and 'O' should indicate opacity. Behavior was
inconsistent. In some cases 'O' meant transparency while in other
cases it meant opacity. Also, in a few cases, matte was not
getting enabled in the image as it should.
+ DCRAW: Module name was not registered so modules based builds were
not supporting formats provided via 'dcraw'.
+ GetOptimalKernelWidth1D(), GetOptimalKernelWidth2D(): In the Q32
build, convolution kernel size was estimated incorrectly for large
sigmas on 32-bit systems due to arithmetic overflow. This could
cause wrong results for -convolve, -blur, -sharpen, and other
algorithms which use these functions.
+ Image Size: Fixed the ability to pass the image size via the
filename specification like "myfile.jpg[640x480]" rather than
needing to use -size.
+ IPTC: Blob data needed to be padded to an even size. Size is now
correctly reported.
+ IPTC: Returned IPTC string values were one character too short.
+ Large Files: Large pixel cache files were not working under GNU Linux.
+ JP2: Fixed some value scaling problems.
+ JP2: Fix possible crash at exit when Jasper is used by a modules build.
+ MPC: is_monochrome and is_grayscale flags were not managed
properly for the MPC coder.
+ PCL: Page was not always being ejected.
+ PNG: The png8 encoder would fail when trying to write a 1-color image.
+ PSD: PSD parser was confused by 0x0 pixel layers, resulting in
image data corruption of all following layers.
+ -rotate, -shear: Some internally-reported errors were potentially
being lost.
+ Subrange/stdin: Commands now support reading an image from stdin
in conjunction with a subrange specification (e.g. "-[1]").
+ Magick++ STL ShadeImage: Implementation was completely botched.
- New Features:
+ CALS Type 1 files may now be written (Work contributed by John
Sergeant). CALS support is dependent on the TIFF library.
+ GROUP4RAW encoder supports reading/writing RAW Group4 data.
+ JP2: JPEG 2000 may now be written in arbitrary bit depths ranging
from 2 to 16 rather than just 8 or 16.
+ JPEG: IJG JPEG library version 7 is now supported.
+ JPEG: Added jpeg:block-smoothing and jpeg:fancy-upsampling defines
to control these JPEG library options.
+ JPEG: Detect and apply colorspaces appropriately for ITU FAX JPEG.
+ Resource Limits: There is now a "threads" resource limit which
allows specifying the number of OpenMP threads which may be used,
similar to the OMP_NUM_THREADS environment variable.
+ TIFF: Allow CIELAB TIFF to be read.
+ MagickGetImageAttribute()/MagickSetImageAttribute(): New Wand
methods to support getting and setting an image attribute.
Contributed by Mikko Koppanen.
+ ClonePixelWand(): New Wand method to deep-copy an existing pixel wand.
+ ClonePixelWands(): New Wand method to deep-copy an array of
existing pixel wands.
+ MagickCdlImage(): New Wand method to apply the ASC CDL to an
image.
+ MagickGetImageBoundingBox(): New Wand method to return the crop
bounding box required to remove any solid-color border from the
image.
+ MagickGetImageFuzz(), MagickSetImageFuzz(): New Wand methods to
get and set the color comparison fuzz factor.
+ MagickHaldClutImage(): New Wand method to apply a Hald CLUT to an
image.
+ MagickSetResolution(): New Wand method to set the wand resolution.
+ MagickSetResolutionUnits(): New Wand method to set the wand
resolution units.

  « Первая         1         3         5     6     7            Последняя »  

 
Ветви:
свернуть окно
Проект Geyser основан на коде из проекта Prometheus 2.0, который был доступен по лицензии MIT