Репозиторий Sisyphus
Последнее обновление: 2017-04-25 16:06:05 +0400 | Пакетов: 17861 | Войти или Зарегистрироватся
en ru uk br
Security fixes

firefox-esr-45.9.0-alt1  сборка 2017-04-20

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New ESR version
- Security fixes:
+ CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9,
+ CVE-2017-5462: DRBG flaw in NSS
+ CVE-2017-5445: Uninitialized values used while parsing
+ CVE-2017-5469: Potential Buffer overflow in flex-generated code
+ CVE-2017-5437: Vulnerabilities in Libevent library
+ CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
+ CVE-2017-5465: Out-of-bounds read in ConvolvePixel
+ CVE-2017-5447: Out-of-bounds read during glyph processing
+ CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with
+ CVE-2017-5444: Buffer overflow while parsing application/http-index-format
+ CVE-2017-5443: Out-of-bounds write during BinHex decoding
+ CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
+ CVE-2017-5442: Use-after-free during style changes
+ CVE-2017-5441: Use-after-free with selection during scroll events
+ CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT
+ CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
+ CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
+ CVE-2017-5460: Use-after-free in frame selection
+ CVE-2017-5432: Use-after-free in text input selection
+ CVE-2017-5434: Use-after-free during focus handling
+ CVE-2017-5459: Buffer overflow in WebGL
+ CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
+ CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
+ CVE-2017-5435: Use-after-free during transaction processing in the editor
+ CVE-2017-5433: Use-after-free in SMIL animation functions

firefox-gost-45.9.0-alt1  сборка 2017-04-20

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser (with GOST support)
Изменения:

- New ESR version
- Security fixes:
+ CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9,
+ CVE-2017-5462: DRBG flaw in NSS
+ CVE-2017-5445: Uninitialized values used while parsing
+ CVE-2017-5469: Potential Buffer overflow in flex-generated code
+ CVE-2017-5437: Vulnerabilities in Libevent library
+ CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
+ CVE-2017-5465: Out-of-bounds read in ConvolvePixel
+ CVE-2017-5447: Out-of-bounds read during glyph processing
+ CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with
+ CVE-2017-5444: Buffer overflow while parsing application/http-index-format
+ CVE-2017-5443: Out-of-bounds write during BinHex decoding
+ CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
+ CVE-2017-5442: Use-after-free during style changes
+ CVE-2017-5441: Use-after-free with selection during scroll events
+ CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT
+ CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
+ CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
+ CVE-2017-5460: Use-after-free in frame selection
+ CVE-2017-5432: Use-after-free in text input selection
+ CVE-2017-5434: Use-after-free during focus handling
+ CVE-2017-5459: Buffer overflow in WebGL
+ CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
+ CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
+ CVE-2017-5435: Use-after-free during transaction processing in the editor
+ CVE-2017-5433: Use-after-free in SMIL animation functions

adobe-flash-player-ppapi-3:25-alt2.S1  сборка 2017-04-19

Группа: Сети/WWW
О пакете: Adobe Flash Player
Изменения:

- new version
- security fixes:
CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061,
CVE-2017-3062, CVE-2017-3063, CVE-2017-3064

curl-7.54.0-alt1.S1  сборка 2017-04-19

Группа: Сети/Передача файлов
О пакете: Gets a file from a FTP, GOPHER or HTTP server
Изменения:

- new version with security fixes:
CVE-2016-5419: TLS session resumption client cert bypass (again)

xen-4.8.1-alt1  сборка 2017-04-16

Группа: Эмуляторы
О пакете: Xen is a virtual machine monitor (hypervisor)
Изменения:

- Upstream updates:
+ x86/vmx: Don't leak host syscall MSR state into HVM guests
+ x86/layout: Correct Xen's idea of its own memory layout
+ xen: credit2: always mark a tickled pCPU as... tickled
+ xen: credit2: don't miss accounting while doing a credit reset
+ x86emul: correct decoding of vzero{all,upper}
+ x86/emul: Correct the decoding of mov to/from cr/dr
+ Don't clear HCR_VM bit when updating VTTBR
+ x86: drop unneeded __packed attributes
+ build/clang: fix XSM dummy policy when using clang 4.0
+ x86/EFI: avoid overrunning mb_modules[]
+ x86/EFI: avoid IOMMU faults on [_end,__2M_rwdata_end)
+ x86/EFI: avoid Xen image when looking for module/kexec position
+ xen: sched: don't call hooks of the wrong scheduler via VCPU2OP
+ memory: properly check guest memory ranges in XENMEM_exchange handling
(CVE-2017-7228 / XSA-212)
+ x86: use 64 bit mask when masking away mfn bits

wireshark-2.2.6-alt1.S1  сборка 2017-04-14

Группа: Мониторинг
О пакете: The BugTraq Award Winning Network Traffic Analyzer
Изменения:

- new version with these security fixes:
* wnpa-sec-2017-12 IMAP dissector crash CVE-2017-7703
* wnpa-sec-2017-13 WBMXL dissector infinite loop CVE-2017-7702
* wnpa-sec-2017-14 NetScaler file parser infinite loop CVE-2017-7700
* wnpa-sec-2017-15 RPCoRDMA dissector infinite loop CVE-2017-7705
* wnpa-sec-2017-16 BGP dissector infinite loop CVE-2017-7701
* wnpa-sec-2017-17 DOF dissector infinite loop CVE-2017-7704

python-module-django-1.8.18-alt1  сборка 2017-04-12

Группа: Разработка/Python
О пакете: A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Изменения:

- 1.8.18
- fixed CVE-2017-7233,CVE-2017-7234

bind-9.10.4.P8-alt1  сборка 2017-04-12

Группа: Система/Серверы
О пакете: ISC BIND - DNS server
Изменения:

- 9.10.4-P6 -> 9.10.4-P8 (fixes: CVE-2017-3136, CVE-2017-3137, CVE-2017-3138).
- bind.service: pass $CHROOT to named-checkconf (closes: #33239).
- bind.init: check named configuration on startup.

MySQL-5.5.54-alt1  сборка 2017-04-03

Группа: Базы данных
О пакете: A very fast and reliable SQL database engine
Изменения:

- 5.5.54 (Fixes: CVE-2017-3318, CVE-2017-3317, CVE-2017-3313, CVE-2017-3312, CVE-2017-3291, CVE-2017-3265, CVE-2017-3258, CVE-2017-3244, CVE-2017-3243, CVE-2017-3238)

chromium-57.0.2987.110-alt1  сборка 2017-03-27

Группа: Сети/WWW
О пакете: An open source web browser developed by Google
Изменения:

- New version (57.0.2987.110).
- Security fixes:
- CVE-2017-5030: Memory corruption in V8. Credit to Brendon Tiszka
- CVE-2017-5031: Use after free in ANGLE. Credit to Looben Yang
- CVE-2017-5032: Out of bounds write in PDFium. Credit to Ashfaq Ansari - Project Srishti
- CVE-2017-5029: Integer overflow in libxslt. Credit to Holger Fuhrmannek
- CVE-2017-5034: Use after free in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB
- CVE-2017-5035: Incorrect security UI in Omnibox. Credit to Enzo Aguado
- CVE-2017-5036: Use after free in PDFium. Credit to Anonymous
- CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. Credit to Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com)
- CVE-2017-5039: Use after free in PDFium. Credit to jinmo123
- CVE-2017-5040: Information disclosure in V8. Credit to Choongwoo Han
- CVE-2017-5041: Address spoofing in Omnibox. Credit to Jordi Chancel
- CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to Nicolai Grodum
- CVE-2017-5042: Incorrect handling of cookies in Cast. Credit to Mike Ruddy
- CVE-2017-5038: Use after free in GuestView. Credit to Anonymous
- CVE-2017-5043: Use after free in GuestView. Credit to Anonymous
- CVE-2017-5044: Heap overflow in Skia. Credit to Kushal Arvind Shah of Fortinet's FortiGuard Labs
- CVE-2017-5045: Information disclosure in XSS Auditor. Credit to Dhaval Kapil (vampire)
- CVE-2017-5046: Information disclosure in Blink. Credit to Masato Kinugawa

samba-DC-4.6.1-alt1.S1  сборка 2017-03-23

Группа: Система/Серверы
О пакете: Samba Active Directory Domain Controller
Изменения:

- Update to spring security release
- Fixed build --without docs (closes: 33118)
- Security fixes:
+ CVE-2017-2619 Symlink race allows access outside share definition

samba-4.6.1-alt1.S1  сборка 2017-03-23

Группа: Система/Серверы
О пакете: The Samba4 CIFS and AD client and server suite
Изменения:

- Update to spring security release
- Fixed build --without docs (closes: 33118)
- Security fixes:
+ CVE-2017-2619 Symlink race allows access outside share definition

file-4.26-alt13  сборка 2017-03-22

Группа: Работа с файлами
О пакете: A utility for determining file types
Изменения:

- Backported readelf fix (by sem@; fixes: CVE-2014-9653).
- Backported magic for lrzip, lz4, zstd, and snappy.
- Backported -z support for lrzip, lz4, and zstd.

adobe-flash-player-ppapi-3:25-alt1.S1  сборка 2017-03-20

Группа: Сети/WWW
О пакете: Adobe Flash Player
Изменения:

- new version
- security fixes:
CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000,
CVE-2017-3001, CVE-2017-3002, CVE-2017-3003

tar-1.29.0.19.d061-alt1  сборка 2017-03-20

Группа: Архивирование/Резервное копирование
О пакете: A GNU file archiving program
Изменения:

- tar: release_1_28-39-gd02c81d -> release_1_29-19-gd06126f
(fixes: CVE-2016-6321).
- tar: added --lz4 and --zstd options.
- gnulib: v0.1-585-g2fda85e -> v0.1-1209-g24b3216.

rabbitmq-server-3.6.8-alt1  сборка 2017-03-17

Группа: Система/Серверы
О пакете: The RabbitMQ server
Изменения:

- 3.6.8
- fixed CVE-2016-9877

firefox-52.0-alt1  сборка 2017-03-15

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New release (52.0).
- Built with internal icu.
- Fixed:
+ CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
+ CVE-2017-5401: Memory Corruption when handling ErrorResult
+ CVE-2017-5402: Use-after-free working with events in FontFace objects
+ CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
+ CVE-2017-5404: Use-after-free working with ranges in selections
+ CVE-2017-5406: Segmentation fault in Skia with canvas operations
+ CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
+ CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
+ CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
+ CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service
+ CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
+ CVE-2017-5412: Buffer overflow read in SVG filters
+ CVE-2017-5413: Segmentation fault during bidirectional operations
+ CVE-2017-5414: File picker can choose incorrect default directory
+ CVE-2017-5415: Addressbar spoofing through blob URL
+ CVE-2017-5416: Null dereference crash in HttpChannel
+ CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
+ CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
+ CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
+ CVE-2017-5427: Non-existent chrome.manifest file loaded during startup
+ CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
+ CVE-2017-5419: Repeated authentication prompts lead to DOS attack
+ CVE-2017-5420: Javascript: URLs can obfuscate addressbar location
+ CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
+ CVE-2017-5421: Print preview spoofing
+ CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
+ CVE-2017-5399: Memory safety bugs fixed in Firefox 52
+ CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8

libytnef-1.9.2-alt1  сборка 2017-03-08

Группа: Система/Библиотеки
О пакете: TNEF Stream Parser Library
Изменения:

- 1.9.2 (fixed CVE-2017-6306, CVE-2017-6305, CVE-2017-6304, CVE-2017-6303
CVE-2017-6302, CVE-2017-6301, CVE-2017-6300, CVE-2017-6299, CVE-2017-6298)

libxml2-1:2.9.4.0.12.e905-alt1  сборка 2017-03-03

Группа: Система/Библиотеки
О пакете: The library for manipulating XML files
Изменения:

- v2.9.3-5-g65112cb -> v2.9.4-12-ge905f08
(fixes: CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836,
CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840,
CVE-2016-3627, CVE-2016-3705, CVE-2016-4449, CVE-2016-4483,
CVE-2016-4658, CVE-2016-5131).

shadow-1:4.4-alt1  сборка 2017-03-03

Группа: Система/Основа
О пакете: Utilities for managing shadow password files and user/group accounts
Изменения:

- Don't own %_sysconfdir/default/ (closes: #32541).
- Fix possible crash if gmtime() returns NULL.
- chsh: Fix duplicate warning.
- Enable audit support.
- Don't package ChangeLog/NEWS files.
- Spec cleanup.
- submap: Add control scripts for newuidmap/newgidmap.
- Fix build: ignore write() return value.
- configure.ac: Drop man/po/Makefile.
- Drop FORCE_SHADOW.
- Don't create missing files.
- Fixes from usptream git:
+ Keep the permissions of the original file when creating a backup.
+ useradd: Read defaults after changing root directories.
+ Don't crash on bogus keys in login.defs if PAM is enabled.
+ Last bits of enabling subuids.
+ Make login.def files valid ASCII instead of UTF-8.
+ include getdef.h for getdef_bool prototype.
+ Print error message if SELinux file context manipulation fails.
+ Fix regression in useradd not loading defaults properly.
+ */Makefile.am: Replace INCLUDES with AM_CPPFLAGS.
- Updated to 4.4 (fixes CVE-2016-6252).

curl-7.53.0-alt1.S1  сборка 2017-02-22

Группа: Сети/Передача файлов
О пакете: Gets a file from a FTP, GOPHER or HTTP server
Изменения:

- new version with security fixes:
CVE-2017-2629: SSL_VERIFYSTATUS ignored

potrace-1.14-alt1  сборка 2017-02-22

Группа: Графика
О пакете: Potrace is a utility for transform bitmaps into vector graphics
Изменения:

- 1.14 (fixed CVE-2016-8685, CVE-2016-8686)

adobe-flash-player-ppapi-3:24-alt3  сборка 2017-02-17

Группа: Сети/WWW
О пакете: Adobe Flash Player
Изменения:

- new version
- security fixes:
CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986,
CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2991,
CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995,
CVE-2017-2996

krb5-1.14.4-alt1.S1  сборка 2017-02-15

Группа: Система/Библиотеки
О пакете: The Kerberos network authentication system
Изменения:

- 1.14.4
- fixed CVE-2016-3120

xen-4.8.0-alt5  сборка 2017-02-11

Группа: Эмуляторы
О пакете: Xen is a virtual machine monitor (hypervisor)
Изменения:

- Fix packaging errors
- Upstream updates:
+ qemu-xen: cirrus: fix oob access issue (CVE-2017-2615)
+ x86/xstate: Fix array overrun on hardware with LWP
+ x86emul: VEX.B is ignored in compatibility mode
+ x86emul: LOCK check adjustments
+ x86: segment attribute handling adjustments
+ x86emul: correct FPU stub asm() constraints
+ x86/hvm: do not set msr_tsc_adjust on hvm_set_guest_tsc_fixed
+ xen: credit2: use the correct scratch cpumask
+ xen: credit2: never consider CPUs outside of our cpupool
+ xen: credit2: fix shutdown/suspend when playing with cpupools
+ x86/emulate: don't assume that addr_size == 32 implies protected mode

libwebkitgtk4-2.14.4-alt1  сборка 2017-02-10

Группа: Система/Библиотеки
О пакете: Web browser engine
Изменения:

- 2.14.4 (fixed CVE-2017-2365, CVE-2017-2366, CVE-2017-2373, CVE-2017-2363,
CVE-2017-2362, CVE-2017-2350, CVE-2017-2350, CVE-2017-2354, CVE-2017-2355,
CVE-2017-2356, CVE-2017-2371, CVE-2017-2364, CVE-2017-2369)

gtk-vnc-0.7.0-alt1  сборка 2017-02-09

Группа: Система/Библиотеки
О пакете: VNC viewer widget
Изменения:

- 0.7.0 (fixed CVE-2017-5884, CVE-2017-5885)

chromium-56.0.2924.87-alt1  сборка 2017-02-08

Группа: Сети/WWW
О пакете: An open source web browser developed by Google
Изменения:

- New version (56.0.2924.87).
- Security fixes:
- CVE-2017-5007: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2017-5006: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2017-5008: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2017-5010: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2017-5011: Unauthorised file access in Devtools. Credit to Khalil Zhani
- CVE-2017-5009: Out of bounds memory access in WebRTC. Credit to Sean Stanek and Chip Bradford
- CVE-2017-5012: Heap overflow in V8. Credit to Gergely Nagy (Tresorit)
- CVE-2017-5013: Address spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)
- CVE-2017-5014: Heap overflow in Skia. Credit to sweetchip
- CVE-2017-5015: Address spoofing in Omnibox. Credit to Armin Razmdjou
- CVE-2017-5019: Use after free in Renderer. Credit to Wadih Matar
- CVE-2017-5016: UI spoofing in Blink. Credit to Haosheng Wang (@gnehsoah)
- CVE-2017-5017: Uninitialised memory access in webm video. Credit to Dan Berman
- CVE-2017-5018: Universal XSS in chrome://apps. Credit to Rob Wu
- CVE-2017-5020: Universal XSS in chrome://downloads. Credit to Rob Wu
- CVE-2017-5021: Use after free in Extensions. Credit to Rob Wu
- CVE-2017-5022: Bypass of Content Security Policy in Blink. Credit to evi1m0#ly.com
- CVE-2017-5023: Type confusion in metrics. Credit to the UK's National Cyber Security Centre (NCSC)
- CVE-2017-5024: Heap overflow in FFmpeg. Credit to Paul Mehta
- CVE-2017-5025: Heap overflow in FFmpeg. Credit to Paul Mehta
- CVE-2017-5026: UI spoofing. Credit to Ronni Skansing
- CVE-2017-5027: Bypass of Content Security Policy in Blink.

bind-9.10.4-alt2  сборка 2017-02-08

Группа: Система/Серверы
О пакете: ISC BIND - DNS server
Изменения:

- 9.10.4-P5 -> 9.10.4-P6 (fixes CVE-2017-3135).

python-module-django-1.8.17-alt1  сборка 2017-02-02

Группа: Разработка/Python
О пакете: A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Изменения:

- 1.8.17
- fixed CVE-2016-9013,CVE-2016-9014

firefox-51.0.1-alt1  сборка 2017-01-30

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New release (51.0.1).
- Fixed:
+ CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
+ CVE-2017-5376: Use-after-free in XSL
+ CVE-2017-5377: Memory corruption with transforms to create gradients in Skia
+ CVE-2017-5378: Pointer and frame data leakage of Javascript objects
+ CVE-2017-5379: Use-after-free in Web Animations
+ CVE-2017-5380: Potential use-after-free during DOM manipulations
+ CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
+ CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests
+ CVE-2017-5396: Use-after-free with Media Decoder
+ CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations
+ CVE-2017-5382: Feed preview can expose privileged content errors and exceptions
+ CVE-2017-5383: Location bar spoofing with unicode characters
+ CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
+ CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers
+ CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
+ CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events
+ CVE-2017-5391: Content about: pages can load privileged about: pages
+ CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage
+ CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager
+ CVE-2017-5395: Android location bar spoofing during scrolling
+ CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages
+ CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks
+ CVE-2017-5374: Memory safety bugs fixed in Firefox 51
+ CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7

openssl10-1.0.2k-alt1  сборка 2017-01-26

Группа: Система/Основа
О пакете: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Изменения:

- Updated to v1.0.2k (fixes CVE-2016-7055, CVE-2017-3731, CVE-2017-3732).

libytnef-1.9-alt1  сборка 2017-01-24

Группа: Система/Библиотеки
О пакете: TNEF Stream Parser Library
Изменения:

- 1.9 (fixed CVE-2010-5109)

runc-1.0.0-alt2.gitc91b5be  сборка 2017-01-23

Группа: Разработка/Прочее
О пакете: CLI for running Open Containers
Изменения:

- New version.
- Fixes CVE-2016-9962.

freeipa-4.3.2-alt6  сборка 2017-01-23

Группа: Система/Основа
О пакете: The Identity, Policy and Audit system
Изменения:

- client: Require nss-utils (closes: #33031).
- Patches from upstream:
+ Fixed CVE-2016-7030.
+ Fixed CVE-2016-9575.

libwebkitgtk4-2.14.3-alt1  сборка 2017-01-17

Группа: Система/Библиотеки
О пакете: Web browser engine
Изменения:

- 2.14.3 (fixed CVE-2016-7656, CVE-2016-7635, CVE-2016-7654, CVE-2016-7639,
CVE-2016-7645, CVE-2016-7652, CVE-2016-7641, CVE-2016-7632, CVE-2016-7599,
CVE-2016-7592, CVE-2016-7589, CVE-2016-7623, CVE-2016-7586)

adobe-flash-player-ppapi-3:24-alt2  сборка 2017-01-11

Группа: Сети/WWW
О пакете: Adobe Flash Player
Изменения:

- new version
- security fixes:
CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928,
CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933,
CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937,
CVE-2017-2938

phpipam-1.27.002-alt1  сборка 2017-01-10

Группа: Сети/WWW
О пакете: PHP-based virtual machine control tool
Изменения:

- git snapshot of master branch d55883ff28a3cf347f18e0cc717cf64b7556706a
- update PHPMailer to 5.2.22 (fixed CVE-2017-5223)

firejail-0.9.44.4-alt1  сборка 2017-01-08

Группа: Разработка/Инструменты
О пакете: Linux namepaces sandbox program
Изменения:

- new version 0.9.44.4
- Update for release with security fixes:
- CVE-2017-5207 (-bandwidth root shell found by Martin Carpenter)
- CVE-2017-5206 (disabled --allow-debuggers when running on kernel 4.8)
- CVE-2017-5180 (root exploit found by Sebastian Krahmer)

libwebp6-0.5.2-alt1  сборка 2016-12-28

Группа: Система/Библиотеки
О пакете: Library for the WebP graphics format
Изменения:

- 0.5.2 (fixed CVE-2016-8888, CVE-2016-9085)

libwebp-0.5.2-alt1  сборка 2016-12-28

Группа: Система/Библиотеки
О пакете: Library and tools for the WebP graphics format
Изменения:

- 0.5.2 (fixed CVE-2016-8888, CVE-2016-9085)

phpipam-1.26.050-alt1  сборка 2016-12-26

Группа: Сети/WWW
О пакете: PHP-based virtual machine control tool
Изменения:

- git snapshot of master branch b99412648829471f3a336036f5cd138b8f131721
- install PHPMailer from upstream (fixed CVE-2015-8476,CVE-2016-10033,CVE-2016-10045)

curl-7.52.1-alt1.S1  сборка 2016-12-23

Группа: Сети/Передача файлов
О пакете: Gets a file from a FTP, GOPHER or HTTP server
Изменения:

- new version with security fixes:
CVE-2016-9594: uninitialized random

curl-7.52.0-alt1.S1  сборка 2016-12-21

Группа: Сети/Передача файлов
О пакете: Gets a file from a FTP, GOPHER or HTTP server
Изменения:

- new version with security fixes:
CVE-2016-9586: printf floating point buffer overflow

samba-DC-4.5.3-alt1.S1  сборка 2016-12-19

Группа: Система/Серверы
О пакете: Samba Active Directory Domain Controller
Изменения:

- Update for release with security fixes:
- CVE-2016-2123 (ndr_pull_dnsp_name contains an integer wrap problem)
- CVE-2016-2125 (client code always requests a forwardable ticket)
- CVE-2016-2126 (crash winbindd using a legitimate Kerberos ticket)

samba-4.5.3-alt1.S1  сборка 2016-12-19

Группа: Система/Серверы
О пакете: The Samba4 CIFS and AD client and server suite
Изменения:

- Update for release with security fixes:
- CVE-2016-2123 (ndr_pull_dnsp_name contains an integer wrap problem)
- CVE-2016-2125 (client code always requests a forwardable ticket)
- CVE-2016-2126 (crash winbindd using a legitimate Kerberos ticket)

adobe-flash-player-ppapi-3:24-alt1  сборка 2016-12-15

Группа: Сети/WWW
О пакете: Adobe Flash Player
Изменения:

- new version
- security fixes:
CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870,
CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874,
CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878,
CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890,
CVE-2016-7892

firefox-50.1.0-alt1  сборка 2016-12-15

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New release (50.1.0).
- Fixed:
+ CVE-2016-9894: Buffer overflow in SkiaGL
+ CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
+ CVE-2016-9895: CSP bypass using marquee tag
+ CVE-2016-9896: Use-after-free with WebVR
+ CVE-2016-9897: Memory corruption in libGLES
+ CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
+ CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
+ CVE-2016-9904: Cross-origin information leak in shared atoms
+ CVE-2016-9901: Data from Pocket server improperly sanitized before execution
+ CVE-2016-9902: Pocket extension does not validate the origin of events
+ CVE-2016-9903: XSS injection vulnerability in add-ons SDK
+ CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
+ CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6

chromium-55.0.2883.75-alt1  сборка 2016-12-08

Группа: Сети/WWW
О пакете: An open source web browser developed by Google
Изменения:

- New version (55.0.2883.75).
- Security fixes:
- CVE-2016-9651: Private property access in V8. Credit to Guang Gong of Alpha Team Of Qihoo 360
- CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu (robwu.nl)
- CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous
- CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go of STEALIEN
- CVE-2016-5203: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB
- CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani
- CVE-2016-5211: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani
- CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch and MSVR
- CVE-2016-5216: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang
- CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu (robwu.nl)
- CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman Alqabandi (@qab)
- CVE-2016-5219: Use after free in V8. Credit to Rob Wu (robwu.nl)
- CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker of ForAllSecure
- CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu (robwu.nl)
- CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr of Tencent's Xuanwu Lab
- CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub Zoczek
- CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee
- CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu (@shhnjk)
- CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme (@Scott_Helme, scotthelme.co.uk)
- CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak
- CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives

firefox-50.0.2-alt1  сборка 2016-12-02

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New release (50.0.2).
- Fixed:
+ CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect
+ CVE-2016-9079: Use-after-free in SVG Animation

  1         3     4     5            Последняя »  

 
© 2009–2016 Игорь Зубков