A znc update has been released for Arch Linux
Updated Thunderbird packages are available for Arch Linux
Updated qutebrowser packages has been released for Arch Linux
A new installation CD based on Kernel 4.17.3 has been released for Arch Linux
A new installation CD based on Kernel 4.14.15 has been released for Arch Linux
Updated Firefox packages has been released for Arch Linux to address multiple vulnerabilities
Updated cantata and qutebrowser packages has been released for Arch Linux:
ASA-201806-12: cantata: multiple issuesThe package cantata before version 2.3.1-2 is vulnerable to multiple issues including access restriction bypass and privilege escalation.
ASA-201806-13: qutebrowser: cross-site scriptingThe package qutebrowser before version 1.3.3-1 is vulnerable to cross-site scripting.
Updated pass packages has been released for Arch Linux
A libgcrypt update has been released for Arch Linux to address a vulnerability to private key recovery
The following updates has been released for Arch Linux:
ASA-201806-8: gnupg: content spoofingThe package gnupg before version 2.2.8-1 is vulnerable to content spoofing.
ASA-201806-9: chromium: arbitrary code executionThe package chromium before version 67.0.3396.87-1 is vulnerable to arbitrary code execution.
The following updates has been released for Arch Linux:
ASA-201806-5: firefox: arbitrary code executionThe package firefox before version 60.0.2-1 is vulnerable to arbitrary code execution.
ASA-201806-6: p7zip: arbitrary code executionThe package p7zip before version 16.02-5 is vulnerable to arbitrary code execution.
ASA-201806-7: flashplugin: multiple issuesThe package flashplugin before version 30.0.0.113-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.
The following updates has been released for Arch Linux:
ASA-201806-3: krb5: insufficient validationThe package krb5 before version 1.16.1-1 is vulnerable to insufficient validation.
ASA-201806-4: chromium: access restriction bypassThe package chromium before version 67.0.3396.79-1 is vulnerable to access restriction bypass.
An updated radare2 package is now available for Arch Linux to address multiple issues including arbitrary code execution and denial of service.
A git security update has been released for Arch Linux. This update address two security issues:
1) CVE-2018-11233 (information disclosure). A security issue has been found in git before 2.17.1, where the code that sanify-check paths in is_ntfs_dotgit() could have been tricked into reading random pieces of memory.
2) CVE-2018-11235 (arbitrary code execution). With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name.
Updated thunderbird packages has been released for Arch Linux
