Репозиторій Sisyphus
Останнє оновлення: 2018-06-22 09:06:43 +0400 | Пакетів: 18578 | Sign in or Sign up
en ru uk br
Security fixes

kernel-image-std-def-1:4.9.109-alt1  build 2018-06-19

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.9.109 (Fixes: CVE-2018-10853)

kernel-image-un-def-1:4.16.16-alt1  build 2018-06-19

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.16.16 (Fixes: CVE-2018-10853)

libgcrypt-1.7.10-alt1.S1  build 2018-06-14

Group: Система/Бібліотеки
Про пакет: The GNU crypto library
Зміни:

- new version
- security fixes: CVE-2018-0495

firefox-esr-60.0.2-alt1  build 2018-06-11

Group: Мережі/WWW
Про пакет: The Mozilla Firefox project is a redesign of Mozilla's browser
Зміни:

- New ESR version (60.0.2).
- Fixed:
+ CVE-2018-6126 Heap buffer overflow rasterizing paths in SVG with Skia

libwebkitgtk4-2.20.3-alt1  build 2018-06-11

Group: Система/Бібліотеки
Про пакет: Web browser engine
Зміни:

- 2.20.3 (fixed CVE-2018-4190, CVE-2018-4199, CVE-2018-4218,
CVE-2018-4222, CVE-2018-4232, CVE-2018-4233, CVE-2018-4246,
CVE-2018-11646)

gnupg-1.4.22-alt2  build 2018-06-08

Group: Робота з файлами
Про пакет: The GNU Privacy Guard
Зміни:

- Backported upstream fixes
(GnuPG-bug-id: 2923, 3329, 3898, 4012; fixes CVE-2018-12020).

gnupg2-2.2.8-alt1.S1  build 2018-06-08

Group: Робота з текстами
Про пакет: The GNU Privacy Guard suite
Зміни:

- new version
- security fix: CVE-2018-12020

epiphany-3.28.3.1-alt1  build 2018-06-08

Group: Мережі/WWW
Про пакет: Epiphany is a GNOME web browser.
Зміни:

- 3.28.3.1 (fixed CVE-2018-11396, CVE-2018-12016)

firefox-60.0.2-alt1  build 2018-06-07

Group: Мережі/WWW
Про пакет: The Mozilla Firefox project is a redesign of Mozilla's browser
Зміни:

- New release (60.0.2).
- Fixed:
+ CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia

firefox-esr-60.0.1-alt1  build 2018-06-05

Group: Мережі/WWW
Про пакет: The Mozilla Firefox project is a redesign of Mozilla's browser
Зміни:

- New ESR version (60.0.1).
- Fixed:
+ CVE-2018-5154: Use-after-free with SVG animations and clip paths
+ CVE-2018-5155: Use-after-free with SVG animations and text paths
+ CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files
+ CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer
+ CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
+ CVE-2018-5160: Uninitialized memory use by WebRTC encoder
+ CVE-2018-5152: WebExtensions information leak through webRequest API
+ CVE-2018-5153: Out-of-bounds read in mixed content websocket messages
+ CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache
+ CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace
+ CVE-2018-5166: WebExtension host permission bypass through filterReponseData
+ CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger
+ CVE-2018-5168: Lightweight themes can be installed without user interaction
+ CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages
+ CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer
+ CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters
+ CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update
+ CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies
+ CVE-2018-5176: JSON Viewer script injection
+ CVE-2018-5177: Buffer overflow in XSLT during number formatting
+ CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox
+ CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
+ CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink
+ CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar
+ CVE-2018-5151: Memory safety bugs fixed in Firefox 60
+ CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8

jq-1.5-alt3.S1  build 2018-05-31

Group: Розробка/Інше
Про пакет: Command-line JSON processor
Зміни:

- security update (fixes: CVE-2016-4074)

python-2.7.14-alt4  build 2018-05-31

Group: Розробка/Python
Про пакет: An interpreted, interactive object-oriented programming language
Зміни:

- Fixed heap-use-after-free bug (Fixes: CVE-2018-1000030).

kernel-image-std-pae-1:4.4.134-alt1  build 2018-05-30

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.4.134 (Fixes: CVE-2018-6412)

kernel-image-std-def-1:4.9.104-alt1  build 2018-05-30

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.9.104 (Fixes: CVE-2018-6412)

wireshark-2.6.1-alt1.S1  build 2018-05-24

Group: Моніторинг
Про пакет: The BugTraq Award Winning Network Traffic Analyzer
Зміни:

- 2.6.1 (fixes: CVE-2018-11359, CVE-2018-11361, CVE-2018-11358, CVE-2018-11360, CVE-2018-11356, CVE-2018-11357, CVE-2018-11355, CVE-2018-11354, CVE-2018-11362)

xen-4.10.1-alt1.S1  build 2018-05-24

Group: Емулятори
Про пакет: Xen is a virtual machine monitor (hypervisor)
Зміни:

- 4.10.1 release
- upstream updates upto 7b35e7807, including:
+ x86/HVM: guard against emulator driving ioreq state in weird ways
(thx Jan Beulich) (XSA-262)
+ x86/vpt: add support for IO-APIC routed interrupts (part of XSA-261)
+ x86/traps: Fix handling of #DB exceptions in hypervisor context
x86/traps: Use an Interrupt Stack Table for #DB
x86/pv: Move exception injection into {,compat_}test_all_events()
x86/traps: Fix %dr6 handing in #DB handler
(thx Andrew Cooper) (part of XSA-260 / CVE-2018-8897)

kernel-image-un-def-1:4.16.10-alt1  build 2018-05-21

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.16.10 (Fixes: CVE-2018-1120)

kernel-image-std-def-1:4.9.101-alt1  build 2018-05-21

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.9.101 (Fixes: CVE-2018-1120)

thunderbird-52.8.0-alt1  build 2018-05-19

Group: Мережі/Пошта
Про пакет: Thunderbird is Mozilla's e-mail client
Зміни:

- New version (52.8.0).
- Enigmail 2.0.4.
- Fixes:
+ CVE-2018-5183 Backport critical security fixes in Skia
+ CVE-2018-5184 Full plaintext recovery in S/MIME via chosen-ciphertext attack
+ CVE-2018-5154 Use-after-free with SVG animations and clip paths
+ CVE-2018-5155 Use-after-free with SVG animations and text paths
+ CVE-2018-5159 Integer overflow and out-of-bounds write in Skia
+ CVE-2018-5161 Hang via malformed headers
+ CVE-2018-5162 Encrypted mail leaks plaintext through src attribute
+ CVE-2018-5170 Filename spoofing for external attachments
+ CVE-2018-5168 Lightweight themes can be installed without user interaction
+ CVE-2018-5178 Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
+ CVE-2018-5185 Leaking plaintext through HTML forms
+ CVE-2018-5150 Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8, and Thunderbird 52.8
- Build in several threads.

mariadb-10.2.15-alt1.S1  build 2018-05-18

Group: Бази даних
Про пакет: A very fast and reliable SQL database engine
Зміни:

- 10.2.15
- rename libmysqlclient18 to libmariadb
- relocate plugindir to %_libdir/%name/plugin
- build without libwrap support
- Fixes for the following security vulnerabilities:
+ CVE-2018-2562
+ CVE-2018-2622
+ CVE-2018-2640
+ CVE-2018-2665
+ CVE-2018-2668
+ CVE-2018-2612
+ CVE-2018-2786
+ CVE-2018-2759
+ CVE-2018-2777
+ CVE-2018-2810
+ CVE-2018-2782
+ CVE-2018-2784
+ CVE-2018-2787
+ CVE-2018-2766
+ CVE-2018-2755
+ CVE-2018-2819
+ CVE-2018-2817
+ CVE-2018-2761
+ CVE-2018-2781
+ CVE-2018-2771
+ CVE-2018-2813

glusterfs3-3.12.9-alt1  build 2018-05-17

Group: Система/Основа
Про пакет: Cluster File System
Зміни:

- new version 3.12.9 (with rpmrb script)
- CVE-2018-1088

firefox-60.0.1-alt1  build 2018-05-17

Group: Мережі/WWW
Про пакет: The Mozilla Firefox project is a redesign of Mozilla's browser
Зміни:

- New release (60.0.1).
- Fixed:
+ CVE-2018-5154: Use-after-free with SVG animations and clip paths
+ CVE-2018-5155: Use-after-free with SVG animations and text paths
+ CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files
+ CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer
+ CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
+ CVE-2018-5160: Uninitialized memory use by WebRTC encoder
+ CVE-2018-5152: WebExtensions information leak through webRequest API
+ CVE-2018-5153: Out-of-bounds read in mixed content websocket messages
+ CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache
+ CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace
+ CVE-2018-5166: WebExtension host permission bypass through filterReponseData
+ CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger
+ CVE-2018-5168: Lightweight themes can be installed without user interaction
+ CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages
+ CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer
+ CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters
+ CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update
+ CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies
+ CVE-2018-5176: JSON Viewer script injection
+ CVE-2018-5177: Buffer overflow in XSLT during number formatting
+ CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox
+ CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
+ CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink
+ CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar
+ CVE-2018-5151: Memory safety bugs fixed in Firefox 60
+ CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8

curl-7.60.0-alt1.S1  build 2018-05-16

Group: Мережі/Передача файлів
Про пакет: Gets a file from a FTP, GOPHER or HTTP server
Зміни:

- 7.60.0
- fixes:
* CVE-2018-1000300 FTP shutdown response buffer overflow
* CVE-2018-1000301 RTSP bad headers buffer over-read

kernel-image-un-def-1:4.16.9-alt1  build 2018-05-16

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.16.9 (Fixes: CVE-2018-1000200)

postgresql9.3-9.3.23-alt1  build 2018-05-09

Group: Бази даних
Про пакет: PostgreSQL client programs and libraries
Зміни:

- 9.3.23
- Fix CVE-2018-1115

postgresql9.6-1C-9.6.9-alt1  build 2018-05-09

Group: Бази даних
Про пакет: PostgreSQL client programs and libraries (edition for 1C 8.3.3 and later)
Зміни:

- 9.6.9
- Fix CVE-2018-1115

postgresql9.5-9.5.13-alt1  build 2018-05-09

Group: Бази даних
Про пакет: PostgreSQL client programs and libraries
Зміни:

- 9.5.13
- Fix CVE-2018-1115

postgresql9.4-9.4.18-alt1  build 2018-05-09

Group: Бази даних
Про пакет: PostgreSQL client programs and libraries
Зміни:

- 9.4.18
- Fix CVE-2018-1115

postgresql9.6-9.6.9-alt1  build 2018-05-09

Group: Бази даних
Про пакет: PostgreSQL client programs and libraries
Зміни:

- 9.6.9
- Fix CVE-2018-1115

firefox-esr-52.8.0-alt1  build 2018-05-09

Group: Мережі/WWW
Про пакет: The Mozilla Firefox project is a redesign of Mozilla's browser
Зміни:

- New ESR version (52.8.0).
- Fixes:
+ CVE-2018-5183 Backport critical security fixes in Skia
+ CVE-2018-5154 Use-after-free with SVG animations and clip paths
+ CVE-2018-5155 Use-after-free with SVG animations and text paths
+ CVE-2018-5157 Same-origin bypass of PDF Viewer to view protected PDF files
+ CVE-2018-5158 Malicious PDF can inject JavaScript into PDF Viewer
+ CVE-2018-5159 Integer overflow and out-of-bounds write in Skia
+ CVE-2018-5168 Lightweight themes can be installed without user interaction
+ CVE-2018-5178 Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
+ CVE-2018-5150 Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8

postgresql10-10.4-alt1  build 2018-05-09

Group: Бази даних
Про пакет: PostgreSQL client programs and libraries
Зміни:

- 10.4
- Fix CVE-2018-1115

php5-5.6.36-alt1.S1  build 2018-05-08

Group: Розробка/Інше
Про пакет: The PHP5 scripting language
Зміни:

- 5.6.33 (fixes: CVE-2018-10549, CVE-2018-10546, CVE-2018-10548, CVE-2018-10547, CVE-2018-10545, CVE-2018-7584)

libwebkitgtk4-2.20.2-alt1  build 2018-05-08

Group: Система/Бібліотеки
Про пакет: Web browser engine
Зміни:

- 2.20.2 (fixed CVE-2018-4200)

adobe-flash-player-ppapi-3:29-alt1.S1  build 2018-05-07

Group: Мережі/WWW
Про пакет: Adobe Flash Player
Зміни:

- new version (ALT#34555)
- security fixes:
CVE-2018-4919, CVE-2018-4920, CVE-2018-4932, CVE-2018-4933,
CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, CVE-2018-4937

patch-2.7.6.0.15.369d-alt1  build 2018-05-07

Group: Робота з текстами
Про пакет: The GNU patch command, for modifying/upgrading files
Зміни:

- patch: v2.7.5-17-g817d7d1 -> v2.7.6-15-g369dccc (fixes: CVE-2018-1000156).

kernel-image-std-def-1:4.9.98-alt1  build 2018-05-06

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.9.98 (Fixes: CVE-2018-1093, CVE-2018-1108)

kernel-image-un-def-1:4.16.7-alt1  build 2018-05-06

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.16.7 (Fixes: CVE-2018-1093, CVE-2018-1108)

kernel-image-std-pae-1:4.4.131-alt1  build 2018-05-06

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.4.131 (Fixes: CVE-2018-1093)

plasma5-kwallet-pam-5.12.5-alt1.S1  build 2018-05-03

Group: Графічні оболонки/KDE
Про пакет: KDE Workspace 5 PAM KWallet integration
Зміни:

- new version
- security fixes: CVE-2018-10380

kernel-image-std-pae-1:4.4.129-alt1  build 2018-04-24

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.4.129 (Fixes: CVE-2018-1092)

kernel-image-std-def-1:4.9.96-alt1  build 2018-04-24

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.9.96 (Fixes: CVE-2018-1092, CVE-2018-1108)

kernel-image-un-def-1:4.16.4-alt1  build 2018-04-24

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.16.4 (Fixes: CVE-2018-1092, CVE-2018-1094, CVE-2018-1095, CVE-2018-1108)

kernel-image-std-def-1:4.9.95-alt1  build 2018-04-21

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.9.95 (Fixes: CVE-2017-5715)

chromium-66.0.3359.117-alt1  build 2018-04-19

Group: Мережі/WWW
Про пакет: An open source web browser developed by Google
Зміни:

- New version (66.0.3359.117).
- Security fixes:
- CVE-2018-6085: Use after free in Disk Cache.
- CVE-2018-6086: Use after free in Disk Cache.
- CVE-2018-6087: Use after free in WebAssembly.
- CVE-2018-6088: Use after free in PDFium.
- CVE-2018-6089: Same origin policy bypass in Service Worker.
- CVE-2018-6090: Heap buffer overflow in Skia.
- CVE-2018-6091: Incorrect handling of plug-ins by Service Worker.
- CVE-2018-6092: Integer overflow in WebAssembly.
- CVE-2018-6093: Same origin bypass in Service Worker.
- CVE-2018-6094: Exploit hardening regression in Oilpan.
- CVE-2018-6095: Lack of meaningful user interaction requirement before file upload.
- CVE-2018-6096: Fullscreen UI spoof.
- CVE-2018-6097: Fullscreen UI spoof.
- CVE-2018-6098: URL spoof in Omnibox.
- CVE-2018-6099: CORS bypass in ServiceWorker.
- CVE-2018-6100: URL spoof in Omnibox.
- CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools .
- CVE-2018-6102: URL spoof in Omnibox.
- CVE-2018-6103: UI spoof in Permissions.
- CVE-2018-6104: URL spoof in Omnibox.
- CVE-2018-6105: URL spoof in Omnibox.
- CVE-2018-6106: Incorrect handling of promises in V8.
- CVE-2018-6107: URL spoof in Omnibox.
- CVE-2018-6108: URL spoof in Omnibox.
- CVE-2018-6109: Incorrect handling of files by FileAPI.
- CVE-2018-6110: Incorrect handling of plaintext files via file:// .
- CVE-2018-6111: Heap-use-after-free in DevTools.
- CVE-2018-6112: Incorrect URL handling in DevTools.
- CVE-2018-6113: URL spoof in Navigation.
- CVE-2018-6114: CSP bypass.
- CVE-2018-6115: SmartScreen bypass in downloads.
- CVE-2018-6116: Incorrect low memory handling in WebAssembly.
- CVE-2018-6117: Confusing autofill settings.
- CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS.

kernel-image-std-def-1:4.9.93-alt1  build 2018-04-09

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.9.93 (Fixes: CVE-2017-5754)

acpica-20180209-alt1.S1  build 2018-04-02

Group: Система/Ядро та обладнання
Про пакет: ACPICA tools for the development and debug of ACPI tables
Зміни:

- 20180209
- Fixes:
+ CVE-2017-13693
+ CVE-2017-13694
+ CVE-2017-13695

libvirt-4.2.0-alt1.S1  build 2018-04-01

Group: Система/Бібліотеки
Про пакет: Library providing a simple API virtualization
Зміни:

- 4.2.0 (Fixes: CVE-2018-5748)
- Use Python 3 for building
- fix package login-shell

kernel-image-un-def-1:4.14.32-alt1  build 2018-04-01

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.14.32 (Fixes: CVE-2017-8824)

kernel-image-std-pae-1:4.4.126-alt1  build 2018-04-01

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.4.126 (Fixes: CVE-2017-8824)

kernel-image-std-def-1:4.9.92-alt1  build 2018-04-01

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.9.92 (Fixes: CVE-2017-8824)

  1         3     4     5            Остання »  

 
© 2009–2018 Ігор Зубков