Sisyphus repository
Last update: 20 september 2018 | SRPMs: 18652 | Visits: 12233232
en ru br
Security fixes

kernel-image-std-pae-4.4.156-alt1   build Kernel Bot, 2018-09-17

- v4.4.156 (Fixes: CVE-2018-6554, CVE-2018-6555)

kernel-image-std-def-4.14.70-alt1   build Kernel Bot, 2018-09-17

- v4.14.70 (Fixes: CVE-2018-6554, CVE-2018-6555)

opensc-0.19.0-alt1.rc1   build Paul Wolneykien, 2018-09-13

- New pre-release version 0.19.0-rc1.
- Fixed multiple security problems due to out of bound writes/reads
(Fixes: CVE-2018-16391, CVE-2018-16392, CVE-2018-16393, CVE-2018-16418,
CVE-2018-16419, CVE-2018-16420, CVE-2018-16421, CVE-2018-16422,
CVE-2018-16423, CVE-2018-16424, CVE-2018-16425, CVE-2018-16426,

firefox-esr-60.2.0-alt1   build Andrey Cherepanov, 2018-09-10

- New ESR version (60.2.0).
- Fixed:
+ CVE-2018-12377 Use-after-free in refresh driver timers
+ CVE-2018-12378 Use-after-free in IndexedDB
+ CVE-2018-12379 Out-of-bounds write with malicious MAR file
+ CVE-2017-16541 Proxy bypass using automount and autofs
+ CVE-2018-12381 Dragging and dropping Outlook email message results in page navigation
+ CVE-2018-12376 Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2

cve-manager-0.17.0-alt1   build Alexey Appolonov, 2018-09-10

- Prescribed mapping;
- Detecting 'relative' packages at the import stage
and using information about them as mapping attribute;
- Handling FSTEC vulnerabilities within current cve-issues concept;
- cve-monitor is working OK within current cve-issues concept;
- Revised comparison of versions that happens at the issues-detection stage;
- Revised packages-filtering function;
- Removing duplicates of src packages names at import stage
and corresponding bin-packages names, not vice versa;
- Not importing CPEs of 'hardware' part;
- Not importing Mitre list by default;
- Common bin package for conf file & common py module;
- Own config file for cve-monitor.

curl-7.61.1-alt1.S1   build Anton Farygin, 2018-09-09

- 7.61.1 (fixes: CVE-2018-14618)

ceph-12.2.8-alt1.S1   build Alexey Shabalin, 2018-09-08

- 12.2.8
- fixed uninstall ceph-common (%preun_service rbdmap)
- Fixes for the following security vulnerabilities:
+ CVE-2018-1128 auth: cephx authorizer subject to replay attack
+ CVE-2018-1129 auth: cephx signature check is weak
+ CVE-2018-10861 mon: auth checks not correct for pool ops

libsndfile-1.0.28-alt2   build Valery Inozemtsev, 2018-09-07

- fixes: CVE-2017-6892, CVE-2017-12562

chromium-69.0.3497.81-alt1   build Alexey Gladkov, 2018-09-05

- New version (69.0.3497.81).
- Security fixes:
- CVE-2018-16065: Out of bounds write in V8.
- CVE-2018-16066: Out of bounds read in Blink.
- CVE-2018-16067: Out of bounds read in WebAudio.
- CVE-2018-16068: Out of bounds write in Mojo.
- CVE-2018-16069: Out of bounds read in SwiftShader.
- CVE-2018-16070: Integer overflow in Skia.
- CVE-2018-16071: Use after free in WebRTC.
- CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with Android's MediaPlayer.
- CVE-2018-16073: Site Isolation bypass after tab restore.
- CVE-2018-16074: Site Isolation bypass using Blob URLS.
- CVE-2018-16075: Local file access in Blink.
- CVE-2018-16076: Out of bounds read in PDFium.
- CVE-2018-16077: Content security policy bypass in Blink.
- CVE-2018-16078: Credit card information leak in Autofill.
- CVE-2018-16079: URL spoof in permission dialogs.
- CVE-2018-16080: URL spoof in full screen mode.
- CVE-2018-16081: Local file access in DevTools.
- CVE-2018-16082: Stack buffer overflow in SwiftShader.
- CVE-2018-16083: Out of bounds read in WebRTC.
- CVE-2018-16084: User confirmation bypass in external protocol handling.
- CVE-2018-16085: Use after free in Memory Instrumentation.
- Out of bounds read in Little-CMS.

wireshark-2.6.3-alt1.S1   build Anton Farygin, 2018-09-03

- 2.6.3 (fixes: CVE-2018-16056, CVE-2018-16057, CVE-2018-16058)

cve-manager-0.16.0-alt1   build Alexey Appolonov, 2018-09-02

- Versions of vulnerable programs are now taken into account when figuring out
the 'fix' entries of *_issues table;
- Ability to compare 'fix' entries of different branches;
- c7.1 and c8.1 branches are avalible for cve-manager;
- Fix of monitoring of the selected packages;
- Only members of the 'cve' group can run modules that modify
the vulnerabilities DB.

SPICE-0.14.1-alt1   build Alexey Shabalin, 2018-08-31

- 0.14.1 (Fixes: CVE-2018-10873)

xinetd-2.3.15-alt4   build Dmitry V. Levin, 2018-08-30

- Applied upstream fix for TCPMUX services (fixes: CVE-2013-4342).
- Stripped executable bit from xinetd.service (closes: #34566).
- Disabled tcp_wrappers support.

firmware-intel-ucode-7-alt1.20180807.a   build L.A. Kostis, 2018-08-30

- Sync with Debian 3.20180807a1:
+ New Microcodes:
sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264
sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216
sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360
sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336
sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240
+ Updated Microcodes:
sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288
sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216
sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216
sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096
sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288
sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336
sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312
sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552
sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432
sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528
sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600
sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312
sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328
sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744
sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528
sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528
sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384
sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280
sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304
+ Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
+ Implements SSBD support (Spectre v4 mitigation),
Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older
processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655.
Intel SA-0088, CVE-2017-5753, CVE-2017-5754
- source: update symlinks to reflect id of the latest release, 20180807a

mutt-1.10.1-alt1   build Gleb F-Malinovskiy, 2018-08-29

- Updated to mutt-1-10-1-rel (fixes CVE-2018-14349, CVE-2018-14350,
CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354,
CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358,
CVE-2018-14359, CVE-2018-14362)
- Ported neomutt nntp patches (fixes CVE-2018-14360, CVE-2018-14361,
- Rebuilt with openssl 1.1.

ipsec-tools-0.8.2-alt2   build Alexey Shabalin, 2018-08-29

- build with openssl-1.1
- add patches from Debian
- fixed CVE-2016-10396

node-8.11.4-alt1   build Vitaly Lipatov, 2018-08-29

- new version 8.11.4 (with rpmrb script)
- 2018-08-15, Version 8.11.4 'Carbon' (LTS), @rvagg
- CVE-2018-0732, CVE-2018-12115
- build with external libnghttp2
- fix build with ICU >= 61 (add -DU_USING_ICU_NAMESPACE=1)

ntp-4.2.8p12-alt1   build Sergey Y. Afonin, 2018-08-28

- 4.2.8p12 (CVE-2018-12327)

krb5-1.16.1-alt1.S1   build Ivan A. Melnikov, 2018-08-27

- 1.16.1 (CVE-2018-5729, CVE-2018-5730)

openssh-7.2p2-alt3   build Gleb F-Malinovskiy, 2018-08-24

- Backported upstream fixex for CVE-2018-15473 (username enumeration).

kernel-image-std-pae-4.4.150-alt1   build Kernel Bot, 2018-08-21

- v4.4.150 (Fixes: CVE-2018-9363)

kernel-image-std-def-4.14.65-alt1   build Kernel Bot, 2018-08-21

- v4.14.65 (Fixes: CVE-2018-9363)

kernel-image-un-def-4.18.3-alt1   build Kernel Bot, 2018-08-21

- v4.18.3 (Fixes: CVE-2018-9363)

mariadb-10.3.9-alt1.S1   build Alexey Shabalin, 2018-08-19

- 10.3.9
- Fixes for the following security vulnerabilities:
+ CVE-2018-3060
+ CVE-2018-3064
+ CVE-2018-3063
+ CVE-2018-3058
+ CVE-2018-3066
- fix path to plugin dir in chroot (ALT #35242)
- change mode of plugin dir in chroot (ALT #33259)

kernel-image-std-def-4.14.63-alt1   build Kernel Bot, 2018-08-16

- v4.14.63 (Fixes: CVE-2018-3620)
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin