As correcções de segurança
kernel-image-std-def-4.9.57-alt1.1
build Kernel Bot,
2017-10-18
- v4.9.57 (Fixes: CVE-2017-12188, CVE-2017-15265)
kernel-image-un-def-4.13.8-alt1.1 build Kernel Bot, 2017-10-18
- v4.13.8 (Fixes: CVE-2017-12188, CVE-2017-15265)
kernel-image-std-pae-4.4.93-alt1.1 build Kernel Bot, 2017-10-18
- v4.4.93 (Fixes: CVE-2017-0786, CVE-2017-15265)
kernel-image-std-def-4.9.56-alt1.1 build Kernel Bot, 2017-10-17
- Local root in alsa fixed (Fixes: CVE-2017-15265)
kernel-image-un-def-4.13.7-alt1.1 build Kernel Bot, 2017-10-17
- Local root in alsa fixed (Fixes: CVE-2017-15265)
kernel-image-std-pae-4.4.92-alt1.1 build Kernel Bot, 2017-10-17
- Local root in alsa fixed (Fixes: CVE-2017-15265)
hostapd-2.6-alt2 build Sergey Bolshakov, 2017-10-16
- multiple vulnerabilities (so-called KRACK attack) fixed:
+ CVE-2017-13077
+ CVE-2017-13078
+ CVE-2017-13079
+ CVE-2017-13080
+ CVE-2017-13081
+ CVE-2017-13082
+ CVE-2017-13086
+ CVE-2017-13087
+ CVE-2017-13088
wpa_supplicant-2.6-alt2 build Sergey Bolshakov, 2017-10-16
- multiple vulnerabilities (so-called KRACK attack) fixed:
+ CVE-2017-13077
+ CVE-2017-13078
+ CVE-2017-13079
+ CVE-2017-13080
+ CVE-2017-13081
+ CVE-2017-13082
+ CVE-2017-13086
+ CVE-2017-13087
+ CVE-2017-13088
kernel-image-un-def-4.13.7-alt1 build Kernel Bot, 2017-10-15
- v4.13.7 (Fixes: CVE-2017-5123)
wireshark-2.4.2-alt1.S1 build Anton Farygin, 2017-10-15
- 2.4.2
- fixes:
* wnpa-sec-2017-42 BT ATT dissector crash CVE-2017-15192
* wnpa-sec-2017-43 MBIM dissector crash CVE-2017-15193
* wnpa-sec-2017-44 DMP dissector crash CVE-2017-15191
* wnpa-sec-2017-45 RTSP dissector crash CVE-2017-15190
* wnpa-sec-2017-46 DOCSIS infinite loop CVE-2017-15189
kernel-image-std-def-4.9.56-alt1 build Kernel Bot, 2017-10-13
- v4.9.56 (Fixes: CVE-2017-0786, CVE-2017-1000255, CVE-2017-7518)
kernel-image-un-def-4.13.6-alt1 build Kernel Bot, 2017-10-13
- v4.13.6 (Fixes: CVE-2017-0786, CVE-2017-1000255)
ruby-2.4.2-alt2 build Andrey Cherepanov, 2017-10-12
- Merge rubygems-2.6.14 changes
- Fixes:
+ CVE-2017-0903 Unsafe Object Deserialization Vulnerability in RubyGems
apache2-2.4.28-alt1.S1 build Anton Farygin, 2017-10-10
- new version 2.4.28
- disabled NameVirtualHost directive in ports_all.conf (closes: #32269)
- increased timeout for restarting httpd on SysVinit sytems (closes: #31062)
- increased LOOPSSTART and TimeoutStartSec (closes: #33978)
- fixes:
* CVE-2017-9798 Corrupted or freed memory access
firefox-56.0-alt1 build Alexey Gladkov, 2017-10-08
- New release (56.0).
- Fixed:
+ CVE-2017-7793: Use-after-free with Fetch API
+ CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode
+ CVE-2017-7818: Use-after-free during ARIA array manipulation
+ CVE-2017-7819: Use-after-free while resizing images in design mode
+ CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE
+ CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes
+ CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files
+ CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings
+ CVE-2017-7813: Integer truncation in the JavaScript parser
+ CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces
+ CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations
+ CVE-2017-7816: WebExtensions can load about: URLs in extension UI
+ CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction
+ CVE-2017-7823: CSP sandbox directive did not create a unique origin
+ CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV
+ CVE-2017-7820: Xray wrapper bypass with new tab and web console
+ CVE-2017-7811: Memory safety bugs fixed in Firefox 56
+ CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
dnsmasq-2.78-alt1 build Mikhail Efremov, 2017-10-06
- Updated to 2.78 (fixes: CVE-2017-13704, CVE-2017-14491,
CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495,
CVE-2017-14496).
kernel-image-std-def-4.9.53-alt1 build Kernel Bot, 2017-10-05
- v4.9.53 (Fixes: CVE-2017-1000252, CVE-2017-12153, CVE-2017-12154)
kernel-image-un-def-4.13.5-alt1 build Kernel Bot, 2017-10-05
- v4.13.5 (Fixes: CVE-2017-1000252, CVE-2017-12153, CVE-2017-12154)
kernel-image-std-pae-4.4.90-alt1 build Kernel Bot, 2017-10-05
- v4.4.90 (Fixes: CVE-2017-1000252, CVE-2017-12153, CVE-2017-12154)
curl-7.56.0-alt1.S1 build Anton Farygin, 2017-10-04
- new version
- fixes:
* CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP.
newsbeuter-2.9-alt3 build Vladimir D. Seleznev, 2017-10-03
- Fixes:
+ CVE-2017-12904
+ CVE-2017-14500
firefox-esr-52.4.0-alt1 build Andrey Cherepanov, 2017-09-29
- New ESR version (52.4.0)
- Fixes:
+ CVE-2017-7793 Use-after-free with Fetch API
+ CVE-2017-7818 Use-after-free during ARIA array manipulation
+ CVE-2017-7819 Use-after-free while resizing images in design mode
+ CVE-2017-7824 Buffer overflow when drawing and validating elements with ANGLE
+ CVE-2017-7805 Use-after-free in TLS 1.2 generating handshake hashes
+ CVE-2017-7814 Blob and data URLs bypass phishing and malware protection warnings
+ CVE-2017-7825 OS X fonts render some Tibetan and Arabic unicode characters as spaces
+ CVE-2017-7823 CSP sandbox directive did not create a unique origin
+ CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
nagios-3.0.6-alt5 build Denis Medvedev, 2017-09-28
- (Fixes: CVE-2009-2288, CVE-2011-1523, CVE-2012-6096, CVE-2013-2214,
CVE-2013-7108, CVE-2013-7205)
log4j-2.5-alt1_5jpp8 build Igor Vlasenko, 2017-09-28
projeto & código: Vladimir Lettiev aka crux © 2004-2005,
Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009