Security fix for the ALT Linux 10 package samba version 4.9.5-alt1

March 15, 2019 Evgeny Sinelnikov 4.9.5-alt1 - Update to latest release with security ldb fixes CVE-2019-3824 - Prepare to replace runtime files from /var/run to /run directory...

Security fix for the ALT Linux 9 package dotnet-bootstrap-3.1 version 2.1.9-alt1

March 13, 2019 Vitaly Lipatov 2.1.9-alt1 - new version 2.1.9 with rpmrb script - includes .NET Core 2.1.9, ASP.NET Core 2.1.9 and .NET Core SDK 2.1.505 - CVE-2019-0657: .NET Core NuGet Tampering Vulnerability...

Security fix for the ALT Linux 9 package dotnet-bootstrap-5.0 version 2.1.9-alt1

March 13, 2019 Vitaly Lipatov 2.1.9-alt1 - new version 2.1.9 with rpmrb script - includes .NET Core 2.1.9, ASP.NET Core 2.1.9 and .NET Core SDK 2.1.505 - CVE-2019-0657: .NET Core NuGet Tampering Vulnerability...

Security fix for the ALT Linux 10 package dotnet-bootstrap-6.0 version 2.1.9-alt1

March 13, 2019 Vitaly Lipatov 2.1.9-alt1 - new version 2.1.9 with rpmrb script - includes .NET Core 2.1.9, ASP.NET Core 2.1.9 and .NET Core SDK 2.1.505 - CVE-2019-0657: .NET Core NuGet Tampering Vulnerability...

Security fix for the ALT Linux 10 package dotnet-bootstrap-3.1 version 2.1.9-alt1

March 13, 2019 Vitaly Lipatov 2.1.9-alt1 - new version 2.1.9 with rpmrb script - includes .NET Core 2.1.9, ASP.NET Core 2.1.9 and .NET Core SDK 2.1.505 - CVE-2019-0657: .NET Core NuGet Tampering Vulnerability...

Security fix for the ALT Linux 10 package dotnet-bootstrap-5.0 version 2.1.9-alt1

March 13, 2019 Vitaly Lipatov 2.1.9-alt1 - new version 2.1.9 with rpmrb script - includes .NET Core 2.1.9, ASP.NET Core 2.1.9 and .NET Core SDK 2.1.505 - CVE-2019-0657: .NET Core NuGet Tampering Vulnerability...

Security fix for the ALT Linux 10 package dotnet-bootstrap-7.0 version 2.1.9-alt1

March 13, 2019 Vitaly Lipatov 2.1.9-alt1 - new version 2.1.9 with rpmrb script - includes .NET Core 2.1.9, ASP.NET Core 2.1.9 and .NET Core SDK 2.1.505 - CVE-2019-0657: .NET Core NuGet Tampering Vulnerability...

Security fix for the ALT Linux 8 package SPICE version 0.14.1-alt1

0.14.1-alt1 built March 11, 2019 Andrey Cherepanov in task 217681 Aug. 31, 2018 Alexey Shabalin - 0.14.1 Fixes: CVE-2018-10873...

Security fix for the ALT Linux 10 package node version 10.15.3-alt1

March 9, 2019 Vitaly Lipatov 10.15.3-alt1 - new version 10.15.3 with rpmrb script - 2018-03-05, Version 10.15.3 'Dubnium' LTS, @BethGriggs - CVE-2019-5737 - fix rpm's cflags using, add -latomic on mipsel - use external gyp...

Security fix for the ALT Linux 8 package mariadb version 10.1.38-alt1

10.1.38-alt1 built March 6, 2019 Alexey Shabalin in task 223431 March 2, 2019 Alexey Shabalin - 10.1.38 - Fixes for the following security vulnerabilities: + CVE-2019-2537 + CVE-2019-2529...

Security fix for the ALT Linux 9 package wireshark version 2.6.7-alt1

March 4, 2019 Anton Farygin 2.6.7-alt1 - 2.6.7 - fixes: ASN.1 BER and related dissectors crash. CVE-2019-9209 TCAP dissector crash. CVE-2019-9208...

Security fix for the ALT Linux 9 package mariadb version 10.3.13-alt1

March 2, 2019 Alexey Shabalin 10.3.13-alt1 - 10.3.13 - Fixes for the following security vulnerabilities: + CVE-2019-2510 + CVE-2019-2537...

Security fix for the ALT Linux 10 package bind version 9.11.5.P4-alt1

Feb. 22, 2019 Stanislav Levin 9.11.5.P4-alt1 - 9.11.5 - 9.11.5.P4 fixes: CVE-2018-5744, CVE-2018-5745, CVE-2019-6465...

Security fix for the ALT Linux 9 package bind version 9.11.5.P4-alt1

Feb. 22, 2019 Stanislav Levin 9.11.5.P4-alt1 - 9.11.5 - 9.11.5.P4 fixes: CVE-2018-5744, CVE-2018-5745, CVE-2019-6465...

Security fix for the ALT Linux 8 package runc version 1.0.0-alt7.git0a012df

1.0.0-alt7.git0a012df built Feb. 20, 2019 Alexey Shabalin in task 221967 Feb. 13, 2019 Alexey Shabalin - snapshot of master branch. - Fixes CVE-2019-5736...

Security fix for the ALT Linux 9 package systemd version 1:241-alt2

Feb. 19, 2019 Alexey Shabalin 1:241-alt2 - Fixes for the following security vulnerabilities: + CVE-2019-6454: systemd PID1 crash with specially crafted D-Bus message...

Security fix for the ALT Linux 10 package thunderbird version 60.5.1-alt1

Feb. 15, 2019 Andrey Cherepanov 60.5.1-alt1 - New version 60.5.1. - Fixes: + CVE-2018-18356 Use-after-free in Skia + CVE-2019-5785 Integer overflow in Skia + CVE-2018-18335 Buffer overflow in Skia with accelerated Canvas 2D + CVE-2018-18509 S/MIME signature spoofing...

Security fix for the ALT Linux 10 package firefox-esr version 60.5.1-alt1

Feb. 15, 2019 Andrey Cherepanov 60.5.1-alt1 - New ESR version 60.5.1. - Fixed: + CVE-2018-18356 Use-after-free in Skia + CVE-2019-5785 Integer overflow in Skia + CVE-2018-18335 Buffer overflow in Skia with accelerated Canvas 2D...

Security fix for the ALT Linux 8 package kf5-kauth version 5.49.0-alt2

5.49.0-alt2 built Feb. 14, 2019 Sergey V Turchin in task 221227 Feb. 11, 2019 Sergey V Turchin - security fixes: CVE-2019-7443...

Security fix for the ALT Linux 10 package runc version 1.0.0-alt7.git0a012df

Feb. 13, 2019 Alexey Shabalin 1.0.0-alt7.git0a012df - snapshot of master branch. - Fixes CVE-2019-5736...

Security fix for the ALT Linux 8 package curl version 7.64.0-alt1

7.64.0-alt1 built Feb. 8, 2019 Anton Farygin in task 220788 Feb. 6, 2019 Anton Farygin - 7.64.0 - fixes: CVE-2018-16890: NTLM type-2 out-of-bounds buffer read CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow CVE-2019-3823: SMTP end-of-response out-of-bounds read...

Security fix for the ALT Linux 10 package firefox-esr version 60.5.0-alt1

Feb. 1, 2019 Andrey Cherepanov 60.5.0-alt1 - New ESR version 60.5.0. - Fixed: + CVE-2018-18500 Use-after-free parsing HTML5 stream + CVE-2018-18505 Privilege escalation through IPC channel messages + CVE-2018-18501 Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5...

Security fix for the ALT Linux 10 package thunderbird version 60.5.0-alt1

Feb. 1, 2019 Andrey Cherepanov 60.5.0-alt1 - New version 60.5.0. - Fixes: + CVE-2018-18500 Use-after-free parsing HTML5 stream + CVE-2018-18505 Privilege escalation through IPC channel messages + CVE-2016-5824 DoS use-after-free via a crafted ics file + CVE-2018-18501 Memory safety bugs fixed in...

Security fix for the ALT Linux 10 package python3 version 3.6.8-alt1

Jan. 29, 2019 Aleksei Nikiforov 3.6.8-alt1 - Updated to upstream version 3.6.8 - Removed dependency on rpm-build-python3 from python3 package Closes: 35992 - Applied security fix Fixes: CVE-2019-5010...

Security fix for the ALT Linux 8 package apache2 version 1:2.4.38-alt1

1:2.4.38-alt1 built Jan. 28, 2019 Anton Farygin in task 219984 Jan. 25, 2019 Anton Farygin - 2.4.38 - fixes: important: modssl 2.4.37 remote DoS when used with OpenSSL 1.1.1. CVE-2019-0190 low: modsessioncookie does not respect expiry time. CVE-2018-17199 low: DoS for HTTP/2 connections via slow...

Security fix for the ALT Linux 10 package apache2 version 1:2.4.38-alt1

Jan. 25, 2019 Anton Farygin 1:2.4.38-alt1 - 2.4.38 - fixes: important: modssl 2.4.37 remote DoS when used with OpenSSL 1.1.1. CVE-2019-0190 low: modsessioncookie does not respect expiry time. CVE-2018-17199 low: DoS for HTTP/2 connections via slow request bodies. CVE-2018-17189...

Security fix for the ALT Linux 9 package apache2 version 1:2.4.38-alt1

Jan. 25, 2019 Anton Farygin 1:2.4.38-alt1 - 2.4.38 - fixes: important: modssl 2.4.37 remote DoS when used with OpenSSL 1.1.1. CVE-2019-0190 low: modsessioncookie does not respect expiry time. CVE-2018-17199 low: DoS for HTTP/2 connections via slow request bodies. CVE-2018-17189...

Security fix for the ALT Linux 10 package golang version 1.11.5-alt1

Jan. 24, 2019 Alexey Shabalin 1.11.5-alt1 - 1.11.5 - fixed CPU DoS vulnerability affecting P-521 and P-384 Fixes: CVE-2019-6486 - add ppc64le to goarches...

Security fix for the ALT Linux 8 package php7 version 7.2.14-alt1

7.2.14-alt1 built Jan. 23, 2019 Anton Farygin in task 219433 Jan. 15, 2019 Anton Farygin - 7.2.14 fixes: CVE-2018-19935 - removed the .a archive from php7-mysqlnd package closes: 34521 - E2K: worked around the lack of gcc5's builtins in lcc-1.23 closes: 35856...

Security fix for the ALT Linux 10 package php8.0 version Jan.

Jan. 15, 2019 Anton Farygin 7.2.14-alt1 - 7.2.14 fixes: CVE-2018-19935 - removed the .a archive from php7-mysqlnd package closes: 34521 - E2K: worked around the lack of gcc5's builtins in lcc-1.23 closes: 35856...

Security fix for the ALT Linux 10 package php8.1 version Jan.

Jan. 15, 2019 Anton Farygin 7.2.14-alt1 - 7.2.14 fixes: CVE-2018-19935 - removed the .a archive from php7-mysqlnd package closes: 34521 - E2K: worked around the lack of gcc5's builtins in lcc-1.23 closes: 35856...

Security fix for the ALT Linux 9 package wireshark version 2.6.6-alt1

Jan. 13, 2019 Anton Farygin 2.6.6-alt1 - 2.6.6 - fixes: The 6LoWPAN dissector could crash. CVE-2019-5716 The PMUL dissector could crash. CVE-2019-5717 The RTSE dissector and other dissectors could crash. CVE-2019-5718 The ISAKMP dissector could crash. CVE-2019-5719...

Security fix for the ALT Linux 9 package polkit version 0.115-alt5

Jan. 9, 2019 Yuri N. Sedunov 0.115-alt5 - updated to 0.115-26-gc898fdf fixed CVE-2018-19788...

Security fix for the ALT Linux 9 package krb5 version 1.16.3-alt1

Jan. 8, 2019 Ivan A. Melnikov 1.16.3-alt1 - 1.16.3 CVE-2018-20217 - apply bootstrap and e2k tweaks mike@ closes: 32982 + introduce doc, ldap, selinux, verto knobs on by default + conditionally package bundled libverto + e2k: disable -Werror=pointer-arith,uninitialized lcc...

Security fix for the ALT Linux 9 package systemd version 1:240-alt3

Jan. 8, 2019 Mikhail Efremov 1:240-alt3 - journald: set a limit on the number of fields once more. - Backported patches from upstream fixes: CVE-2018-16864, CVE-2018-16865...

Security fix for the ALT Linux 9 package mailman version 5:2.1.29-alt1

Jan. 6, 2019 Dmitry V. Levin 5:2.1.29-alt1 - 2.1.26 - 2.1.29 fixes: CVE-2018-0618, CVE-2018-13796. - Enhanced init script. - Added tmpfiles.d5 rules and a systemd unit file for mailman...

Security fix for the ALT Linux 8 package nettle version 3.4.1-alt1

3.4.1-alt1 built Dec. 28, 2018 Ivan Zakharyaschev in task 217493 Dec. 6, 2018 Mikhail Efremov - Updated to 3.4.1 fixes: CVE-2018-16869...

Security fix for the ALT Linux 10 package thunderbird version 60.4.0-alt1

Dec. 24, 2018 Andrey Cherepanov 60.4.0-alt1 - New version 60.4.0. - Enigmail 2.0.9. - Fixes: + CVE-2018-17466 Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 + CVE-2018-18492 Use-after-free with select element + CVE-2018-18493 Buffer overflow in accelerated 2D canvas...

Security fix for the ALT Linux 10 package samba version 4.9.4-alt1

Dec. 20, 2018 Evgeny Sinelnikov 4.9.4-alt1 - Update to first winter security release - Security fixes regressions: + CVE-2018-16853 Do not segfault if client is not set + CVE-2018-14629 Fix CNAME loop prevention using counter regression...

Security fix for the ALT Linux 9 package openssl10 version 1.0.2q-alt1

Dec. 19, 2018 Dmitry V. Levin 1.0.2q-alt1 - 1.0.2p - 1.0.2q fixes CVE-2018-5407 and CVE-2018-0734. - Disabled krb5 support...

Security fix for the ALT Linux 8 package postgresql11 version 11.1-alt0.M80P.1

11.1-alt0.M80P.1 built Dec. 11, 2018 Alexei Takaseev in task 216249 Nov. 8, 2018 Alexei Takaseev - 11.1 - Fix CVE-2018-16850...

Security fix for the ALT Linux 8 package postgresql10 version 10.6-alt0.M80P.1

10.6-alt0.M80P.1 built Dec. 11, 2018 Alexei Takaseev in task 216249 Nov. 8, 2018 Alexei Takaseev - 10.6 - Fixes CVE-2018-16850 - Add conflict to PG 11...

Security fix for the ALT Linux 10 package firefox-esr version 60.4.0-alt1

Dec. 11, 2018 Andrey Cherepanov 60.4.0-alt1 - New ESR version 60.4.0 - Fixed: + CVE-2018-17466 Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 + CVE-2018-18492 Use-after-free with select element + CVE-2018-18493 Buffer overflow in accelerated 2D canvas with Skia +...

Security fix for the ALT Linux 10 package gnutls30 version 3.6.5-alt1

Dec. 6, 2018 Mikhail Efremov 3.6.5-alt1 - Updated to 3.6.5 fixes: CVE-2018-16868...

Security fix for the ALT Linux 9 package gnutls30 version 3.6.5-alt1

Dec. 6, 2018 Mikhail Efremov 3.6.5-alt1 - Updated to 3.6.5 fixes: CVE-2018-16868...

Security fix for the ALT Linux 9 package polkit version 0.115-alt4

Dec. 6, 2018 Alexey Shabalin 0.115-alt4 - updated to 0.115-23fd211e - Port the JS authority to mozjs-60 - Move D-Bus policy file to /usr/share/dbus-1/system.d/ - Drop deprecated use of gtypeclassaddprivate - Allow negative uids/gids in PolkitUnixUser and Group objects fixed CVE-2018-19788...

Security fix for the ALT Linux 8 package mariadb version 10.1.37-alt1

10.1.37-alt1 built Dec. 5, 2018 Alexey Shabalin in task 217040 Nov. 28, 2018 Alexey Shabalin - 10.1.37 - Fixes for the following security vulnerabilities: + CVE-2018-3282 + CVE-2016-9843 + CVE-2018-3174 + CVE-2018-3143 + CVE-2018-3156 + CVE-2018-3251...

Security fix for the ALT Linux 9 package wireshark version 2.6.5-alt1

Dec. 3, 2018 Anton Farygin 2.6.5-alt1 - 2.6.5 - added devel package closes: 29869 - fixes: The Wireshark dissection engine could crash. CVE-2018-19625 The DCOM dissector could crash. CVE-2018-19626 The LBMPDM dissector could crash. CVE-2018-19623 The MMSE dissector could go into an infinite loop...

Security fix for the ALT Linux 10 package node version 10.14.1-alt1

Nov. 30, 2018 Vitaly Lipatov 10.14.1-alt1 - new version 10.14.1 with rpmrb script - disable internal doc - 2018-11-27, Version 10.14.0 'Dubnium' LTS, @rvagg - CVE-2018-12121, CVE-2018-12122, CVE-2018-12123...

Security fix for the ALT Linux 8 package samba version 4.7.12-alt1

4.7.12-alt1 built Nov. 29, 2018 Evgeny Sinelnikov in task 216960 Nov. 27, 2018 Evgeny Sinelnikov - Update to autumn security release - Clean test module of thirdparty/iso8601 and subunit modules - Security fixes: + CVE-2018-14629 Unprivileged adding of CNAME record causing loop in AD Internal DNS...