Репозиторий Sisyphus
Последнее обновление: 24 октября 2021 | Пакетов: 17375 | Посещений: 22146789
en ru br
Исправления уязвимостей

java-1.8.0-openjdk-1.8.0.312.b07-alt1_1jpp8   сборка Andrey Cherepanov, 2021-10-23


- New version.
- Security fixes:
+ CVE-2021-35588 InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0
+ CVE-2021-35550 Update the default enabled cipher suites preference
+ CVE-2021-35565 com.sun.net.HttpsServer spins on TLS session close
+ CVE-2021-35556 Richer Text Editors
+ CVE-2021-35559 Enhanced style for RTF kit
+ CVE-2021-35561 Better hashing support
+ CVE-2021-35564 Improve Keystore integrity
+ CVE-2021-35567 More Constrained Delegation
+ CVE-2021-35578 Improve TLS client handshaking
+ CVE-2021-35586 Better BMP support
+ CVE-2021-35603 Better session identification

java-11-openjdk-11.0.13.8-alt1_1jpp11   сборка Andrey Cherepanov, 2021-10-23


- New version.
- Security fixes:
+ CVE-2021-35550 Update the default enabled cipher suites preference
+ CVE-2021-35565 com.sun.net.HttpsServer spins on TLS session close
+ CVE-2021-35556 Richer Text Editors
+ CVE-2021-35559 Enhanced style for RTF kit
+ CVE-2021-35561 Better hashing support
+ CVE-2021-35564 Improve Keystore integrity
+ CVE-2021-35567 More Constrained Delegation
+ CVE-2021-35578 Improve TLS client handshaking
+ CVE-2021-35586 Better BMP support
+ CVE-2021-35603 Better session identification

qutebrowser-2.4.0-alt1   сборка Ilya Mashkin, 2021-10-22


- 2.4.0 (Fixes: CVE-2021-41146)

thunderbird-91.2.1-alt1   сборка Andrey Cherepanov, 2021-10-22


- New version.
- Security fixes:
+ CVE-2021-38502 Downgrade attack on SMTP STARTTLS connections
+ CVE-2021-38496 Use-after-free in MessageTask
+ CVE-2021-38497 Validation message could have been overlaid on another origin
+ CVE-2021-38498 Use-after-free of nsLanguageAtomService object
+ CVE-2021-32810 Data race in crossbeam-deque
+ CVE-2021-38500 Memory safety bugs fixed in Thunderbird 91.2
+ CVE-2021-38501 Memory safety bugs fixed in Thunderbird 91.2

freerdp-2.4.1-alt1   сборка Andrey Cherepanov, 2021-10-21


- New version.
- Security fixes:
+ CVE-2021-41159 Improper client input validation for gateway connections allows to overwrite memory
+ CVE-2021-41160 Improper region checks in all clients allow out of bound write to memory

chromium-95.0.4638.54-alt1   сборка Alexey Gladkov, 2021-10-21


- New version (95.0.4638.54<F2>).
- Security fixes:
- CVE-2021-37981: Heap buffer overflow in Skia.
- CVE-2021-37982: Use after free in Incognito.
- CVE-2021-37983: Use after free in Dev Tools.
- CVE-2021-37984: Heap buffer overflow in PDFium.
- CVE-2021-37985: Use after free in V8.
- CVE-2021-37986: Heap buffer overflow in Settings.
- CVE-2021-37987: Use after free in Network APIs.
- CVE-2021-37988: Use after free in Profiles.
- CVE-2021-37989: Inappropriate implementation in Blink.
- CVE-2021-37990: Inappropriate implementation in WebView.
- CVE-2021-37991: Race in V8.
- CVE-2021-37992: Out of bounds read in WebAudio.
- CVE-2021-37993: Use after free in PDF Accessibility.
- CVE-2021-37994: Inappropriate implementation in iFrame Sandbox.
- CVE-2021-37995: Inappropriate implementation in WebApp Installer.
- CVE-2021-37996: Insufficient validation of untrusted input in Downloads.

glpi-9.5.6-alt1   сборка Pavel Zilke, 2021-10-12


- New version 9.5.6
- This is a security release, upgrading is recommended
- Security fixes:
+ CVE-2021-39211 : Disclosure of GLPI and server informations in telemetry endpoint
+ CVE-2021-39210 : Autologin cookie accessible by scripts
+ CVE-2021-39209 : Bypassable CSRF protection on ajax endpoints
+ CVE-2021-39213 : Bypassable IP restriction on GLPI API using custom header injection

cve-manager-inner-knowledge-2021.10.04-alt2   сборка Alexey Appolonov, 2021-10-11


- Enhanced cve-manager-knowledge-miner utility.

golang-1.17.2-alt1   сборка Alexey Shabalin, 2021-10-11


- New version (1.17.2).
- Fixes:
+ CVE-2021-38297

apache2-2.4.51-alt1   сборка Anton Farygin, 2021-10-10


- 2.4.51 (Fixes: CVE-2021-42013)

python-2.7.18-alt8   сборка Vladimir D. Seleznev, 2021-10-08


- Fixed CVE-2021-3733 and CVE-2021-3737.

chromium-94.0.4606.81-alt1   сборка Alexey Gladkov, 2021-10-08


- New version (94.0.4606.81).
- Security fixes:
- CVE-2021-37977: Use after free in Garbage Collection.
- CVE-2021-37978: Heap buffer overflow in Blink.
- CVE-2021-37979: Heap buffer overflow in WebRTC.
- CVE-2021-37980: Inappropriate implementation in Sandbox.

apache2-2.4.50-alt1   сборка Anton Farygin, 2021-10-07


- 2.4.50 (Fixes: CVE-2021-41773, CVE-2021-41524)

kernel-image-un-def-5.14.10-alt1   сборка Kernel Bot, 2021-10-07


- v5.14.10 (Fixes: CVE-2021-3653, CVE-2021-3656)

samba-4.14.8-alt1   сборка Evgeny Sinelnikov, 2021-10-06


- Update to latest security release of Samba 4.14
- Fix performance regressions in lsa_LookupSids3/LookupNames4 since Samba 4.9 by
using an explicit database handle cache and address a signifcant in database
access in the AD DC since Samba 4.12.
- Fix an unuthenticated user can crash the AD DC KDC by omitting the server name
in a TGS-REQ (Fixes: CVE-2021-3671).

containerd-1.4.11-alt1   сборка Vladimir Didenko, 2021-10-06


- 1.4.11 (Fixes: CVE-2021-41103)

firefox-93.0-alt1   сборка Alexey Gladkov, 2021-10-06


- New release (93.0).
- Security fixes:
+ CVE-2021-38496: Use-after-free in MessageTask
+ CVE-2021-38497: Validation message could have been overlaid on another origin
+ CVE-2021-38498: Use-after-free of nsLanguageAtomService object
+ CVE-2021-32810: Data race in crossbeam-deque
+ CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
+ CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
+ CVE-2021-38499: Memory safety bugs fixed in Firefox 93

docker-engine-20.10.9-alt1   сборка Vladimir Didenko, 2021-10-06


- 20.10.9 (Fixes: CVE-2021-39293)

kernel-image-std-def-5.10.71-alt1   сборка Kernel Bot, 2021-10-06


- v5.10.71 (Fixes: CVE-2021-3653, CVE-2021-3656)

kernel-image-std-pae-5.10.71-alt1   сборка Kernel Bot, 2021-10-06


- v5.10.71 (Fixes: CVE-2021-3653, CVE-2021-3656)

kernel-image-std-debug-5.10.71-alt1   сборка Kernel Bot, 2021-10-06


- v5.10.71 (Fixes: CVE-2021-3653, CVE-2021-3656)

firefox-esr-91.2.0-alt1   сборка Andrey Cherepanov, 2021-10-05


- New ESR version.
- Security fixes:
+ CVE-2021-38496 Use-after-free in MessageTask
+ CVE-2021-38497 Validation message could have been overlaid on another origin
+ CVE-2021-38498 Use-after-free of nsLanguageAtomService object
+ CVE-2021-32810 Data race in crossbeam-deque
+ CVE-2021-38500 Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
+ CVE-2021-38501 Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2

cve-manager-0.56.0-alt1   сборка Alexey Appolonov, 2021-10-04


- Fixed cpe-map-choice module (the bug was introduced in the cve-manager v0.55);
- Improved user interface of the cve-monitor;
- Slightly changed format of cve-monitor "diff" reports (a modified header and
an absence of a footer).

chromium-94.0.4606.71-alt1   сборка Alexey Gladkov, 2021-10-01


- New version (94.0.4606.71).
- Security fixes:
- CVE-2021-37974 : Use after free in Safe Browsing.
- CVE-2021-37975 : Use after free in V8.
- CVE-2021-37976 : Information leak in core.

chromium-gost-94.0.4606.71-alt1   сборка Alexey Gladkov, 2021-10-01


- New version (94.0.4606.71).
- Security fixes:
- CVE-2021-37974 : Use after free in Safe Browsing.
- CVE-2021-37975 : Use after free in V8.
- CVE-2021-37976 : Information leak in core.
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin