Security fix for the ALT Linux 10 package apache2 version 1:2.4.28-alt1

Oct. 10, 2017 Anton Farygin 1:2.4.28-alt1 - new version 2.4.28 - disabled NameVirtualHost directive in portsall.conf closes: 32269 - increased timeout for restarting httpd on SysVinit sytems closes: 31062 - increased LOOPSSTART and TimeoutStartSec closes: 33978 - fixes: CVE-2017-9798 Corrupted or...

Security fix for the ALT Linux 8 package apache2 version 1:2.4.28-alt1

Oct. 10, 2017 Anton Farygin 1:2.4.28-alt1 - new version 2.4.28 - disabled NameVirtualHost directive in portsall.conf closes: 32269 - increased timeout for restarting httpd on SysVinit sytems closes: 31062 - increased LOOPSSTART and TimeoutStartSec closes: 33978 - fixes: CVE-2017-9798 Corrupted or...

Security fix for the ALT Linux 10 package dnsmasq version 2.78-alt1

Oct. 6, 2017 Mikhail Efremov 2.78-alt1 - Updated to 2.78 fixes: CVE-2017-13704, CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496...

Security fix for the ALT Linux 8 package curl version 7.56.0-alt1

Oct. 4, 2017 Anton Farygin 7.56.0-alt1 - new version - fixes: CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP...

Security fix for the ALT Linux 10 package firefox-esr version 52.4.0-alt1

Sept. 29, 2017 Andrey Cherepanov 52.4.0-alt1 - New ESR version 52.4.0 - Fixes: + CVE-2017-7793 Use-after-free with Fetch API + CVE-2017-7818 Use-after-free during ARIA array manipulation + CVE-2017-7819 Use-after-free while resizing images in design mode + CVE-2017-7824 Buffer overflow when drawi...

Security fix for the ALT Linux 8 package clamav version 0.99.2-alt3

Sept. 25, 2017 Anton V. Boyarshinov 0.99.2-alt3 - Fixes: + CVE-2017-6418 remote attackers can cause a denial of service out-of-bounds read via a crafted e-mail message + CVE-2017-6420 remote attackers can cause a denial of service use-after-free via a crafted PE file with WWPack compression...

Security fix for the ALT Linux 9 package clamav version 0.99.2-alt3

Sept. 25, 2017 Anton V. Boyarshinov 0.99.2-alt3 - Fixes: + CVE-2017-6418 remote attackers can cause a denial of service out-of-bounds read via a crafted e-mail message + CVE-2017-6420 remote attackers can cause a denial of service use-after-free via a crafted PE file with WWPack compression...

Security fix for the ALT Linux 10 package clamav version 0.99.2-alt3

Sept. 25, 2017 Anton V. Boyarshinov 0.99.2-alt3 - Fixes: + CVE-2017-6418 remote attackers can cause a denial of service out-of-bounds read via a crafted e-mail message + CVE-2017-6420 remote attackers can cause a denial of service use-after-free via a crafted PE file with WWPack compression...

Security fix for the ALT Linux 10 package git version 2.10.5-alt1

Sept. 22, 2017 Dmitry V. Levin 2.10.5-alt1 - 2.10.4 - 2.10.5 fixes: CVE-2017-14867...

Security fix for the ALT Linux 8 package git version 2.10.5-alt1

Sept. 22, 2017 Dmitry V. Levin 2.10.5-alt1 - 2.10.4 - 2.10.5 fixes: CVE-2017-14867...

Security fix for the ALT Linux 8 package tor version 0.3.1.7-alt1.M80P.1

0.3.1.7-alt1.M80P.1 built Sept. 21, 2017 Anton Farygin in task 188387 Sept. 18, 2017 Vladimir Didenko - new version Fixes: CVE-2017-0380...

Security fix for the ALT Linux 10 package samba version 4.6.8-alt1.S1

Sept. 20, 2017 Evgeny Sinelnikov 4.6.8-alt1.S1 - Update for autumn security release: + CVE-2017-12150 SMB1/2/3 connections may not require signing where they should + CVE-2017-12151 SMB3 connections don't keep encryption across DFS redirects + CVE-2017-12163 Server memory information leak over SM...

Security fix for the ALT Linux 8 package samba-DC version 4.6.8-alt1

Sept. 20, 2017 Evgeny Sinelnikov 4.6.8-alt1 - Update for autumn security release: + CVE-2017-12150 SMB1/2/3 connections may not require signing where they should + CVE-2017-12151 SMB3 connections don't keep encryption across DFS redirects + CVE-2017-12163 Server memory information leak over SMB1...

Security fix for the ALT Linux 8 package samba version 4.6.8-alt1

Sept. 20, 2017 Evgeny Sinelnikov 4.6.8-alt1 - Update for autumn security release: + CVE-2017-12150 SMB1/2/3 connections may not require signing where they should + CVE-2017-12151 SMB3 connections don't keep encryption across DFS redirects + CVE-2017-12163 Server memory information leak over SMB1...

Security fix for the ALT Linux 8 package vlc version 2.2.6.20170917-alt0.M80C.1

Sept. 18, 2017 Anton V. Boyarshinov 2.2.6.20170917-alt0.M80C.1 - 2.2.6+ Fixes: CVE-2017-10699, CVE-2017-8310, CVE-2017-8311, CVE-2017-8313, CVE-2017-9300, CVE-2017-9301...

Security fix for the ALT Linux 9 package wireshark version 2.4.1-alt1

Sept. 18, 2017 Anton Farygin 2.4.1-alt1 - 2.4.1 with following fixes: wnpa-sec-2017-38 MSDP dissector infinite loop CVE-2017-13767 wnpa-sec-2017-39 Profinet I/O buffer overrun CVE-2017-13766 wnpa-sec-2017-40 Modbus dissector crash CVE-2017-13764 wnpa-sec-2017-41 IrCOMM dissector buffer overrun...

Security fix for the ALT Linux 8 package mariadb version 10.1.26-alt1

Sept. 14, 2017 Alexey Shabalin 10.1.26-alt1 - 10.1.26 - Fixes for the following security vulnerabilities: + CVE-2017-3636 + CVE-2017-3641 + CVE-2017-3653...

PT-2017-13018

Name of the Vulnerable Software and Affected Versions tcpdump versions prior to 4.9.2 ALT Linux affected versions not specified Description The issue concerns a buffer over-read in the IKEv1 parser, specifically in the ikev1 id print function within print-isakmp.c. This problem affects the tcpdum...

PT-2017-13017

Name of the Vulnerable Software and Affected Versions tcpdump versions prior to 4.9.2 ALT Linux affected versions not specified Description The issue is related to a buffer over-read in the OLSR parser. There is no information provided about the estimated number of potentially affected devices...

Security fix for the ALT Linux 7 package postgresql9.4 version 9.4.13-alt0.M70P.1

9.4.13-alt0.M70P.1 built Aug. 9, 2017 Alexei Takaseev in task 186876 Aug. 9, 2017 Alexei Takaseev - 9.4.13 - fix CVE-2017-7547...