Updated Firefox packages has been released for Arch Linux to address multiple vulnerabilities
Updated cantata and qutebrowser packages has been released for Arch Linux:
ASA-201806-12: cantata: multiple issues
The package cantata before version 2.3.1-2 is vulnerable to multiple issues including access restriction bypass and privilege escalation.
ASA-201806-13: qutebrowser: cross-site scripting
The package qutebrowser before version 1.3.3-1 is vulnerable to cross-site scripting.
ASA-201806-12: cantata: multiple issues
The package cantata before version 2.3.1-2 is vulnerable to multiple issues including access restriction bypass and privilege escalation.
ASA-201806-13: qutebrowser: cross-site scripting
The package qutebrowser before version 1.3.3-1 is vulnerable to cross-site scripting.
Updated pass packages has been released for Arch Linux
A libgcrypt update has been released for Arch Linux to address a vulnerability to private key recovery
The following updates has been released for Arch Linux:
ASA-201806-8: gnupg: content spoofing
The package gnupg before version 2.2.8-1 is vulnerable to content spoofing.
ASA-201806-9: chromium: arbitrary code execution
The package chromium before version 67.0.3396.87-1 is vulnerable to arbitrary code execution.
ASA-201806-8: gnupg: content spoofing
The package gnupg before version 2.2.8-1 is vulnerable to content spoofing.
ASA-201806-9: chromium: arbitrary code execution
The package chromium before version 67.0.3396.87-1 is vulnerable to arbitrary code execution.
The following updates has been released for Arch Linux:
ASA-201806-5: firefox: arbitrary code execution
The package firefox before version 60.0.2-1 is vulnerable to arbitrary code execution.
ASA-201806-6: p7zip: arbitrary code execution
The package p7zip before version 16.02-5 is vulnerable to arbitrary code execution.
ASA-201806-7: flashplugin: multiple issues
The package flashplugin before version 30.0.0.113-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.
ASA-201806-5: firefox: arbitrary code execution
The package firefox before version 60.0.2-1 is vulnerable to arbitrary code execution.
ASA-201806-6: p7zip: arbitrary code execution
The package p7zip before version 16.02-5 is vulnerable to arbitrary code execution.
ASA-201806-7: flashplugin: multiple issues
The package flashplugin before version 30.0.0.113-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.
The following updates has been released for Arch Linux:
ASA-201806-3: krb5: insufficient validation
The package krb5 before version 1.16.1-1 is vulnerable to insufficient validation.
ASA-201806-4: chromium: access restriction bypass
The package chromium before version 67.0.3396.79-1 is vulnerable to access restriction bypass.
ASA-201806-3: krb5: insufficient validation
The package krb5 before version 1.16.1-1 is vulnerable to insufficient validation.
ASA-201806-4: chromium: access restriction bypass
The package chromium before version 67.0.3396.79-1 is vulnerable to access restriction bypass.
An updated radare2 package is now available for Arch Linux to address multiple issues including arbitrary code execution and denial of service.
A git security update has been released for Arch Linux. This update address two security issues:
1) CVE-2018-11233 (information disclosure). A security issue has been found in git before 2.17.1, where the code that sanify-check paths in is_ntfs_dotgit() could have been tricked into reading random pieces of memory.
2) CVE-2018-11235 (arbitrary code execution). With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name.
1) CVE-2018-11233 (information disclosure). A security issue has been found in git before 2.17.1, where the code that sanify-check paths in is_ntfs_dotgit() could have been tricked into reading random pieces of memory.
2) CVE-2018-11235 (arbitrary code execution). With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name.
The following updates has been released for Arch Linux:
ASA-201805-22: wireshark-gtk: multiple issues
ASA-201805-23: wireshark-qt: multiple issues
ASA-201805-24: wireshark-common: multiple issues
ASA-201805-25: wireshark-cli: multiple issues
ASA-201805-26: strongswan: denial of service
ASA-201805-22: wireshark-gtk: multiple issues
ASA-201805-23: wireshark-qt: multiple issues
ASA-201805-24: wireshark-common: multiple issues
ASA-201805-25: wireshark-cli: multiple issues
ASA-201805-26: strongswan: denial of service
Updated thunderbird packages has been released for Arch Linux
The following updates has been released for Arch Linux:
ASA-201805-19: libofx: denial of service
ASA-201805-20: bind: denial of service
ASA-201805-19: libofx: denial of service
ASA-201805-20: bind: denial of service
The following security updates has been released for Arch Linux:
ASA-201805-14: lib32-curl: multiple issues
ASA-201805-15: lib32-libcurl-compat: multiple issues
ASA-201805-16: lib32-libcurl-gnutls: multiple issues
ASA-201805-17: libcurl-compat: multiple issues
ASA-201805-18: libcurl-gnutls: multiple issues
ASA-201805-14: lib32-curl: multiple issues
ASA-201805-15: lib32-libcurl-compat: multiple issues
ASA-201805-16: lib32-libcurl-gnutls: multiple issues
ASA-201805-17: libcurl-compat: multiple issues
ASA-201805-18: libcurl-gnutls: multiple issues
Updated curl packages are available for Arch Linux
Updated zathura-pdf-mupdf packages has been released for Arch Linux
A runc security advisory has been published for Arch Linux
The following updates has been released for Arch Linux:
ASA-201805-10: firefox: multiple issues
ASA-201805-8: llpp: multiple issues
ASA-201805-9: webkit2gtk: arbitrary code execution
ASA-201805-10: firefox: multiple issues
ASA-201805-8: llpp: multiple issues
ASA-201805-9: webkit2gtk: arbitrary code execution
The following updates has been released for Arch Linux:
ASA-201805-4: mupdf: multiple issues
ASA-201805-5: mupdf-gl: multiple issues
ASA-201805-6: libmupdf: multiple issues
ASA-201805-7: mupdf-tools: multiple issues
ASA-201805-4: mupdf: multiple issues
ASA-201805-5: mupdf-gl: multiple issues
ASA-201805-6: libmupdf: multiple issues
ASA-201805-7: mupdf-tools: multiple issues
The following security advisories has been published for Arch Linux:
ASA-201805-1: powerdns: arbitrary code execution
ASA-201805-2: libraw: multiple issues
ASA-201805-3: freetype2: denial of service
ASA-201805-1: powerdns: arbitrary code execution
ASA-201805-2: libraw: multiple issues
ASA-201805-3: freetype2: denial of service
Updated Drupal packages has been released for Arch Linux
