Репозиторий Sisyphus
Последнее обновление: 2018-04-21 06:07:02 +0400 | Пакетов: 18285 | Войти или Зарегистрироваться
en ru uk br
Security fixes

kernel-image-std-def-1:4.9.93-alt1  сборка 2018-04-09

Группа: Система/Ядро и оборудование
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:

- v4.9.93 (Fixes: CVE-2017-5754)

acpica-20180209-alt1.S1  сборка 2018-04-02

Группа: Система/Ядро и оборудование
О пакете: ACPICA tools for the development and debug of ACPI tables
Изменения:

- 20180209
- Fixes:
+ CVE-2017-13693
+ CVE-2017-13694
+ CVE-2017-13695

kernel-image-std-def-1:4.9.92-alt1  сборка 2018-04-01

Группа: Система/Ядро и оборудование
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:

- v4.9.92 (Fixes: CVE-2017-8824)

libvirt-4.2.0-alt1.S1  сборка 2018-04-01

Группа: Система/Библиотеки
О пакете: Library providing a simple API virtualization
Изменения:

- 4.2.0 (Fixes: CVE-2018-5748)
- Use Python 3 for building
- fix package login-shell

kernel-image-un-def-1:4.14.32-alt1  сборка 2018-04-01

Группа: Система/Ядро и оборудование
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:

- v4.14.32 (Fixes: CVE-2017-8824)

kernel-image-std-pae-1:4.4.126-alt1  сборка 2018-04-01

Группа: Система/Ядро и оборудование
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:

- v4.4.126 (Fixes: CVE-2017-8824)

apache2-1:2.4.33-alt1.S1  сборка 2018-03-31

Группа: Система/Серверы
О пакете: The most widely used Web server on the Internet
Изменения:

- 2.4.33
- fixes:
* CVE-2018-1303 low: Possible out of bound read in mod_cache_socache
* CVE-2018-1302 low: Possible write of after free on HTTP/2 stream shutdown
* CVE-2018-1301 low: Possible out of bound access after failure in reading the HTTP request
* CVE-2018-1312 low: Weak Digest auth nonce generation in mod_auth_digest
* CVE-2017-15715 low: bypass with a trailing newline in the file name
* CVE-2017-15710 low: Out of bound write in mod_authnz_ldap when using too small Accept-Language values
* CVE-2018-1283 medium: Tampering of mod_session data for CGI applications

curl-7.59.0-alt1.S1  сборка 2018-03-31

Группа: Сети/Передача файлов
О пакете: Gets a file from a FTP, GOPHER or HTTP server
Изменения:

- new version
- fixes:
* CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write
* CVE-2018-1000121 LDAP NULL pointer dereference
* CVE-2018-1000122 RTSP RTP buffer over-read

ruby-2.5.1-alt1  сборка 2018-03-30

Группа: Разработка/Ruby
О пакете: An Interpreted Object-Oriented Scripting Language
Изменения:

- New version.
- Fixes:
+ CVE-2017-17742: HTTP response splitting in WEBrick
+ CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
+ CVE-2018-8777: DoS by large request in WEBrick
+ CVE-2018-8778: Buffer under-read in String#unpack
+ CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
+ CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir

firefox-59.0.2-alt1  сборка 2018-03-27

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New release (59.0.2).
- Fixed:
+ CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
+ CVE-2018-5128: Use-after-free manipulating editor selection ranges
+ CVE-2018-5129: Out-of-bounds write with malformed IPC messages
+ CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption
+ CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources
+ CVE-2018-5132: WebExtension Find API can search privileged pages
+ CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized
+ CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions
+ CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts
+ CVE-2018-5136: Same-origin policy violation with data: URL shared workers
+ CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources
+ CVE-2018-5138: Android Custom Tab address spoofing through long domain names
+ CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol
+ CVE-2018-5141: DOS attack through notifications Push API
+ CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs
+ CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar
+ CVE-2018-5126: Memory safety bugs fixed in Firefox 59
+ CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
+ CVE-2018-5146: Out of bounds memory write in libvorbis
+ CVE-2018-5147: Out of bounds memory write in libtremor
+ CVE-2018-5148: Use-after-free in compositor

openssl10-1.0.2o-alt1  сборка 2018-03-27

Группа: Система/Основа
О пакете: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Изменения:

- Updated to v1.0.2o (fixes CVE-2018-0739).

firefox-esr-52.7.3-alt1  сборка 2018-03-26

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New ESR version (52.7.3)
- Fixes:
+ CVE-2018-5148 Use-after-free in compositor

procmail-3.22-alt10  сборка 2018-03-26

Группа: Сети/Почта
О пакете: The procmail mail processing program
Изменения:

- Applied various fixes from Debian 3.22-26 package, including
fixes for memory corruption bugs in formail (fixes: CVE-2017-16844).

sqlite3-3.22.0-alt1  сборка 2018-03-25

Группа: Разработка/Базы данных
О пакете: An Embeddable SQL Database Engine
Изменения:

- 3.22.0
- Patches from Fedora:
+ sqlite-3.7.7.1-stupid-openfiles-test.patch
+ sqlite-3.22.0-int-float-compare.patch
+ sqlite-3.22.0-corrupt-schema.patch
- Fixes:
+ CVE-2017-15286 a NULL pointer dereference in tableColumnList

thunderbird-52.7.0-alt1  сборка 2018-03-24

Группа: Сети/Почта
О пакете: Thunderbird is Mozilla's e-mail client
Изменения:

- New version (52.7.0)
- Fixes:
+ CVE-2018-5127 Buffer overflow manipulating SVG animatedPathSegList
+ CVE-2018-5129 Out-of-bounds write with malformed IPC messages
+ CVE-2018-5144 Integer overflow during Unicode conversion
+ CVE-2018-5146 Out of bounds memory write in libvorbis
+ CVE-2018-5125 Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7
+ CVE-2018-5145 Memory safety bugs fixed in Firefox ESR 52.7 and Thunderbird 52.7

unbound-1.7.0-alt1  сборка 2018-03-23

Группа: Система/Серверы
О пакете: Validating, recursive, and caching DNS resolver
Изменения:

- 1.7.0
- New version (closes: #34122)
- Add lost libunbound.so and libunbound.pc to libunbound-devel
- Set libunbound-devel arch-depended
- Move unbound-control-setup.8 from unbound-control to unbound
- Fixed CVE-2017-15105

libexempi-2.4.5-alt1  сборка 2018-03-23

Группа: Система/Библиотеки
О пакете: Library for easy parsing of XMP metadata
Изменения:

- 2.4.5 (fixed CVE-2018-7730, CVE-2018-7728, CVE-2018-7729, CVE-2018-7731)

kernel-image-std-pae-1:4.4.123-alt1  сборка 2018-03-22

Группа: Система/Ядро и оборудование
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:

- v4.4.123 (Fixes: CVE-2016-0728, CVE-2017-1000405, CVE-2017-15265, CVE-2017-8824)

kernel-image-std-def-1:4.9.88-alt1  сборка 2018-03-19

Группа: Система/Ядро и оборудование
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:

- v4.9.88 (Fixes: CVE-2018-1000004)

samba-4.6.14-alt1.S1.1  сборка 2018-03-15

Группа: Система/Серверы
О пакете: The Samba4 CIFS and AD client and server suite
Изменения:

- Rebuild security release (Fixes: CVE-2018-1050, CVE-2018-1057) with old
ceph version without libceph-common for c7/c8

samba-DC-4.6.14-alt1.S1.1  сборка 2018-03-15

Группа: Система/Серверы
О пакете: Samba Active Directory Domain Controller
Изменения:

- Rebuild security release (Fixes: CVE-2018-1050, CVE-2018-1057) with old
ceph version without libceph-common for c7/c8

tor-0.3.2.10-alt1.S1  сборка 2018-03-13

Группа: Система/Серверы
О пакете: Anonymizing overlay network for TCP (The onion router)
Изменения:

- new version (Fixes: CVE-2018-0491)

samba-DC-4.6.14-alt1.S1  сборка 2018-03-12

Группа: Система/Серверы
О пакете: Samba Active Directory Domain Controller
Изменения:

- Update to spring security release
- Security fixes:
+ CVE-2018-1050 Codenomicon crashes in spoolss server code
+ CVE-2018-1057 Unprivileged user can change any user (and admin) password

samba-4.6.14-alt1.S1  сборка 2018-03-12

Группа: Система/Серверы
О пакете: The Samba4 CIFS and AD client and server suite
Изменения:

- Update to spring security release
- Security fixes:
+ CVE-2018-1050 Codenomicon crashes in spoolss server code
+ CVE-2018-1057 Unprivileged user can change any user (and admin) password

kernel-image-std-def-1:4.9.87-alt1  сборка 2018-03-12

Группа: Система/Ядро и оборудование
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:

- v4.9.87 (Fixes: CVE-2011-1161)

firefox-esr-52.7.0-alt1  сборка 2018-03-10

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New ESR version (52.7.0).
- Fixes:
+ CVE-2018-5127 Buffer overflow manipulating SVG animatedPathSegList
+ CVE-2018-5129 Out-of-bounds write with malformed IPC messages
+ CVE-2018-5130 Mismatched RTP payload type can trigger memory corruption
+ CVE-2018-5131 Fetch API improperly returns cached copies of no-store/no-cache resources
+ CVE-2018-5144 Integer overflow during Unicode conversion
+ CVE-2018-5125 Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
+ CVE-2018-5145 Memory safety bugs fixed in Firefox ESR 52.7

libvirt-4.1.0-alt1.S1  сборка 2018-03-09

Группа: Система/Библиотеки
О пакете: Library providing a simple API virtualization
Изменения:

- 4.1.0 (Fixes: CVE-2018-6764, CVE-2017-5715)

chromium-65.0.3325.146-alt1  сборка 2018-03-07

Группа: Сети/WWW
О пакете: An open source web browser developed by Google
Изменения:

- New version (65.0.3325.146).
- Use clang.
- Security fixes:
- CVE-2018-6058: Use after free in Flash.
- CVE-2018-6059: Use after free in Flash.
- CVE-2018-6060: Use after free in Blink.
- CVE-2018-6061: Race condition in V8.
- CVE-2018-6062: Heap buffer overflow in Skia.
- CVE-2018-6057: Incorrect permissions on shared memory.
- CVE-2018-6063: Incorrect permissions on shared memory.
- CVE-2018-6064: Type confusion in V8.
- CVE-2018-6065: Integer overflow in V8.
- CVE-2018-6066: Same Origin Bypass via canvas.
- CVE-2018-6067: Buffer overflow in Skia.
- CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab.
- CVE-2018-6069: Stack buffer overflow in Skia.
- CVE-2018-6070: CSP bypass through extensions.
- CVE-2018-6071: Heap bufffer overflow in Skia.
- CVE-2018-6072: Integer overflow in PDFium.
- CVE-2018-6073: Heap bufffer overflow in WebGL.
- CVE-2018-6074: Mark-of-the-Web bypass.
- CVE-2018-6075: Overly permissive cross origin downloads.
- CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink.
- CVE-2018-6077: Timing attack using SVG filters.
- CVE-2018-6078: URL Spoof in OmniBox.
- CVE-2018-6079: Information disclosure via texture data in WebGL.
- CVE-2018-6080: Information disclosure in IPC call.
- CVE-2018-6081: XSS in interstitials.
- CVE-2018-6082: Circumvention of port blocking.
- CVE-2018-6083: Incorrect processing of AppManifests.

exim-4.90.1-alt1  сборка 2018-03-06

Группа: Система/Серверы
О пакете: Exim Mail Transport Agent
Изменения:

- Updated to upstream version 4.90.1
- Fixes:
+ CVE-2018-6789 Buffer overflow may happen. This can be used to execute code remotely.

ruby-2.5.0-alt1  сборка 2018-03-05

Группа: Разработка/Ruby
О пакете: An Interpreted Object-Oriented Scripting Language
Изменения:

- New version.
- Fixes:
+ CVE-2017-17405 Command injection vulnerability in Net::FTP
- Update Rubygems to 2.7.6 with security fixes (see https://blog.rubygems.org/2018/02/15/2.7.6-released.html)

clamav-0.99.4-alt1  сборка 2018-03-04

Группа: Работа с файлами
О пакете: Clam Antivirus scanner
Изменения:

- 0.99.4 (CVE-2012-6706, CVE-2017-6419, CVE-2017-11423,
CVE-2018-0202, and CVE-2018-1000085)

ntp-4.2.8p11-alt1  сборка 2018-03-04

Группа: Система/Настройка/Прочее
О пакете: The Network Time Protocol (NTP)
Изменения:

- 4.2.8p11 (CVE-2018-7185, CVE-2018-7184, CVE-2018-7170, CVE-2018-7183,
CVE-2018-7182, CVE-2016-1549)
- updated vniiftri ntp servers in ntp.conf
- added perl-HTTP-Tiny, perl-Net-SSLeay, perl-IO-Socket-SSL to BuildRequires

memcached-1.5.6-alt1.S1  сборка 2018-03-04

Группа: Система/Серверы
О пакете: memcached - memory caching daemon
Изменения:

- 1.5.6
- disable UDP port by default (fixed CVE-2018-1000115)
- drop scripts package
- add tool package
- add memcached@.service for allow start "instanced" version, like 'memcached@11211'

postgresql9.6-9.6.8-alt1  сборка 2018-03-02

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries
Изменения:

- 9.6.8
- Fix CVE-2018-1058

postgresql9.5-9.5.12-alt1  сборка 2018-03-02

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries
Изменения:

- 9.5.12
- Fix CVE-2018-1058

postgresql9.4-9.4.17-alt1  сборка 2018-03-02

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries
Изменения:

- 9.4.17
- Fix CVE-2018-1058

postgresql10-10.3-alt1  сборка 2018-03-02

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries
Изменения:

- 10.3
- Fix CVE-2018-1058

postgresql9.3-9.3.22-alt1  сборка 2018-03-02

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries
Изменения:

- 9.3.22
- Fix CVE-2018-1058

postgresql9.6-1C-9.6.8-alt1  сборка 2018-02-28

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries (edition for 1C 8.3.3 and later)
Изменения:

- 9.6.8
- Re-applay patches from 1C:
* 00001-1c_FULL_96.patch
* 00004-postgresql-1c-9.6.patch
* 00005-exists_opt-2.patch
- Remove path 00001-1c_create_append_path.patch (fixed in 00001-1c_FULL_96.patch)
- Fix CVE-2018-1058

dhcp-1:4.3.6.P1-alt1  сборка 2018-02-28

Группа: Система/Серверы
О пакете: Dynamic Host Configuration Protocol (DHCP) distribution
Изменения:

- Updated patches.
- Updated to 4.3.6-P1 (fixes: CVE-2017-3144,CVE-2018-5732,CVE-2018-5733).

node-6.13.0-alt1  сборка 2018-02-27

Группа: Разработка/Инструменты
О пакете: Evented I/O for V8 Javascript
Изменения:

- new version 6.13.0
- 2018-02-13, Version 6.13.0 'Boron' (LTS)
- fixed CVE-2017-15896, CVE-2017-3738

wireshark-2.4.5-alt1.S1  сборка 2018-02-26

Группа: Мониторинг
О пакете: The BugTraq Award Winning Network Traffic Analyzer
Изменения:

- 2.4.5
- fixes:
* wnpa-sec-2018-05 The IEEE 802.11 dissector could crash. CVE-2018-7335
* wnpa-sec-2018-06 Multiple dissectors could go into large infinite loops. All ASN.1
BER dissectors, along with the DICOM, DMP, LLTD, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router,
S7COMM, SCCP, Thread, Thrift, USB and WCCP dissectors were susceptible. CVE-2018-7321, CVE-2018-7322,
CVE-2018-7323, CVE-2018-7324, CVE-2018-7325, CVE-2018-7326, CVE-2018-7327, CVE-2018-7328, CVE-2018-7329,
CVE-2018-7330, CVE-2018-7331, CVE-2018-7332, CVE-2018-7333
* wnpa-sec-2018-07 The UMTS MAC dissector could crash. CVE-2018-7334
* wnpa-sec-2018-08 The DOCSIS dissector could crash. CVE-2018-7337
* wnpa-sec-2018-09 The FCP dissector could crash. CVE-2018-7336
* wnpa-sec-2018-10 The SIGCOMP dissector could crash. CVE-2018-7320
* wnpa-sec-2018-11 The pcapng file parser could crash. CVE-2018-7420
* wnpa-sec-2018-12 The IPMI dissector could crash. CVE-2018-7417
* wnpa-sec-2018-13 The SIGCOMP dissector could crash. CVE-2018-7418
* wnpa-sec-2018-14 The NBAP disssector could crash. CVE-2018-7419

dotnet-coreclr-2.0.5-alt1  сборка 2018-02-22

Группа: Разработка/Прочее
О пакете: .NET Core runtime, called CoreCLR, and the base library, called mscorlib
Изменения:

- new version (2.0.5) with rpmgs script
- CVE-2018-0764, CVE-2018-0786
- backport patch: Add support for building under glibc 2.26

kernel-image-std-pae-1:4.4.116-alt1  сборка 2018-02-19

Группа: Система/Ядро и оборудование
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:

- v4.4.116 (Fixes: CVE-2017-8824)

adobe-flash-player-ppapi-3:28-alt2.S1  сборка 2018-02-19

Группа: Сети/WWW
О пакете: Adobe Flash Player
Изменения:

- new version (ALT#34555)
- security fixes: CVE-2018-4871, CVE-2018-4877, CVE-2018-4878

kernel-image-std-def-1:4.9.82-alt1  сборка 2018-02-19

Группа: Система/Ядро и оборудование
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:

- v4.9.82 (Fixes: CVE-2017-8824)

qemu-2.11.1-alt1  сборка 2018-02-16

Группа: Эмуляторы
О пакете: QEMU CPU Emulator
Изменения:

- 2.11.1
- This update contains new functionality needed to enable mitigations
for Spectre/Meltdown (CVE-2017-5715)
- fixes for potential host DoS attacks via VGA devices (CVE-2018-5683)
and VNC clients (CVE-2017-15124)
- revert define MAX_RESERVED_VA for arm

rsync-3.1.3-alt1  сборка 2018-02-15

Группа: Сети/Передача файлов
О пакете: A program for synchronizing files over a network
Изменения:

- v3.1.2 -> v3.1.3 (fixes CVE-2018-5764).
- Fixed running with an unknown current directory
(by Florian Weimer; fixes upstream bug 6422).
- Added --noatime option (based on patch from Nicolas George;
fixes upstream bug 7249).

mpv-0.27.1-alt1  сборка 2018-02-12

Группа: Видео
О пакете: mpv is a free and open-source general-purpose video player based on MPlayer and mplayer2.
Изменения:

- 0.27.1
- Fixes:
+ CVE-2018-6360

plasma5-workspace-5.11.5-alt2.S1  сборка 2018-02-12

Группа: Графические оболочки/KDE
О пакете: KDE Workspace 5 Plasma
Изменения:

- security fix: CVE-2018-6791

  1         3     4     5            Последняя »  

 
© 2009–2018 Игорь Зубков