CVE-2018-19364: 9pfs: use-after-free (bz #1651359) CVE-2018-19489: 9pfs: use- after-free renaming files (bz #1653157) CVE-2018-16867: usb-mtp: path traversal issue (bz #1656746) CVE-2018-16872: usb-mtp: path traversal issue (bz #1659150) CVE-2018-20191: pvrdma: uar_read leads to NULL deref (bz #1660315) CVE-2019-6778: slirp: heap buffer overflow (bz #1669072) CVE-2019-3812: Out-of-
Archive for Fedora
Update to 3.0. License has changed to ASL 2.0 + exception. See https://github.com/michaelrsweet/mxml/releases/tag/v3.0 for more info.
This update addresses various overflow conditions that could result in possible memory read/write out of bounds errors or zero byte allocations when connected to a malicious server.
**Version 2.7.2** (2019-03-12) * added TemplateWrapper::getTemplateName() —- **Version 2.7.1** (2019-03-12) * fixed class aliases —- **Version 2.7.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array keys when fill
**Version 1.38.2** (2019-03-12) * added TemplateWrapper::getTemplateName() —- **Version 1.38.1** (2019-03-12) * fixed class aliases —- **Version 1.38.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array
Backport a security fix from PuTTY 0.71 affecting SFTP connections: Fix an integer overflow in the RSA key exchange preceeding host key verification
Update tcpflow to 1.5.2 tag at github, fixing a security issue.
**Version 1.5.2** * Fix bug in AES encryption affecting certain file sizes * Keep file permissions when modifying zip archives * Support systems with small stack size. * Add nullability annotations.
This release fixes a buffer overflow when processing RIFF/WAV files with in invalid MS ADPCM predictor.
Security fix CVE-2019-9210
– Allow to install cri-o as alternative to docker – Allow to install moby-engine as alternative to docker —- Update to v1.12.5 (Verify backend upgraded connection)
Fedora 28: mingw-poppler Security Update
Backport security fixes: CVE-2019-7310, CVE-2018-20662
Fedora 29: guacamole-server Security Update
Update to 1.0.0, which includes fixes for CVE-2018-1340
xen: various flaws (#1685577) grant table transfer issues on large hosts [XSA-284] race with pass-through device hotplug [XSA-285] x86: steal_page violates page_struct access discipline [XSA-287] x86: Inconsistent PV IOMMU discipline [XSA-288] missing preemption in x86 PV page table unvalidation [XSA-290] x86/PV: page type reference counting issue with failed IOMMU update
Fedora 29: postgresql-jdbc Security Update
new upstream version, to fix CVE-2018-10936
Fedora 28: postgresql-jdbc Security Update
new upstream version, to fix CVE-2018-10936
Fedora 28: guacamole-server Security Update
Update to 1.0.0, which includes fixes for CVE-2018-1340
Security fix for CVE-2018-15587
Fedora 29: php-typo3-phar-stream-wrapper2 Security Update
## drupal8 Upstream: – https://www.drupal.org/project/drupal/releases/8.6.10 – https://www.drupal.org/SA-CORE-2019-003 – https://www.drupal.org/project/drupal/releases/8.6.9 – https://www.drupal.org/project/drupal/releases/8.6.8 – https://www.drupal.org/project/drupal/releases/8.6.7 –
Fedora 28: php-typo3-phar-stream-wrapper2 Security Update
## drupal8 Upstream: – https://www.drupal.org/project/drupal/releases/8.6.10 – https://www.drupal.org/SA-CORE-2019-003 – https://www.drupal.org/project/drupal/releases/8.6.9 – https://www.drupal.org/project/drupal/releases/8.6.8 – https://www.drupal.org/project/drupal/releases/8.6.7 –
– bugfix {foreach} using new style property access like {$item@property} on Smarty 2 style named foreach loop could produce errors https://github.com/smarty-php/smarty/issues/484 31.08.2018 – bugfix some custom left and right delimiters like ‘{^’ ‘^}’ did not work
– https://www.drupal.org/project/link/releases/7.x-1.6 – https://www.drupal.org/sa-contrib-2019-020 – https://www.drupal.org/sa- core-2019-003 – https://www.drupal.org/project/link/releases/7.x-1.5 – https://www.drupal.org/project/link/releases/7.x-1.5-beta3
Bump to ignition-dracut 2c69925 * support platform configs and user configs in /boot ^ https://github.com/coreos/ignition-dracut/pull/43 * Add ability to parse config.ign file on boot ^ https://github.com/coreos/ignition-dracut/pull/42
Fedora 28: php-erusev-parsedown Security Update
## 1.7.1 – \#475: “Loose” lists will now contain paragraphs in all items, not just some. – \#433: Links will no longer be double nested – \#525: The info- string when beginning a code block may now contain non-word characters (e.g. `c++`) – \#561: The `mbstring` extension (which we already depend on) has been added explicitly to `composer.json` – \#563: The `Parsedown::version` constant
Fixes: CVE-2018-6358, CVE-2018-7867, CVE-2018-7868, CVE-2018-7870, CVE-2018-7871, CVE-2018-7872, CVE-2018-7875, CVE-2018-9165.
– https://www.drupal.org/project/link/releases/7.x-1.6 – https://www.drupal.org/sa-contrib-2019-020 – https://www.drupal.org/sa- core-2019-003 – https://www.drupal.org/project/link/releases/7.x-1.5 – https://www.drupal.org/project/link/releases/7.x-1.5-beta3
Security fix for CVE-2018-17937
Update to 4.01. Fixes lots of security bugs (and non-security bugs).
FreeRDP fix for CVE-2018-1000852, Remmina bugfix update and rebuilds for updated FreeRDP.
FreeRDP fix for CVE-2018-1000852, Remmina bugfix update and rebuilds for updated FreeRDP.