AOSC Wiki / AOSC OS / AOSC OS Security Advisories (AOSA) / .

List of Announced AOSAs (2019)

Archive of Announced AOSC OS Security Advisories (2019)

Security updates§

AOSAPackageBranchVendor Advisory
AOSA-2019-0001flashplayer-ppapi: update to Security Bulletin APSB18-42
AOSA-2019-0002vivaldi: update to 2.2.1388.37stable(Chrome) Stable Channel Update for Desktop Tuesday, December 4, 2018, Stable Channel Update for Desktop Wednesday, December 12, 2018
AOSA-2019-0003opera: update to 57.0.3098.106stableOpera 57.0.3098.106 Stable update
AOSA-2019-0004django: update to 2.1.5stableDjango security releases issued: 2.1.5, 2.0.10, and 1.11.18
AOSA-2019-0005dotnet-{runtime,sdk}: update to 2.1.7, 2.1.503stable, runtime stable, sdk.NET Core 2.1.7 Update - January 08, 2019
AOSA-2019-0006firefox: update to 64.0.2stableMozilla Foundation Security Advisory 2018-29
AOSA-2019-0007go: update to 1.11.4stable[security] Go 1.11.3 and Go 1.10.6 are released
AOSA-2019-0008tcpdump: patchstableThe Problem
AOSA-2019-0009systemd: patchstabletmpfiles: symlinks are followed in non-terminal path components (CVE-2018-6954)
AOSA-2019-0010nettle: update to 3.4.1stableThe 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
AOSA-2019-0011wget: patchstable[Bug-wget] CVE-2018-20483 counter-measure
AOSA-2019-0012aria2: patchstableMetadata and potential password leaks via --log=
AOSA-2019-0013uriparser: update to 0.9.1stableChangeLog
AOSA-2019-0014units: update to 2.18stableunits_cur: missing input validation
AOSA-2019-0015imagemagick: update to 6.9.10-23stableconvert hang until 100% CPU 100% mem
AOSA-2019-0016openjpeg: patchstableOut-of-bound left shift in opj_j2k_setup_encoder (src/lib/openjp2/j2k.c), Excessive Iteration in opj_t1_encode_cblks (src/lib/openjp2/t1.c), OPENJPEG null ptr dereference in openjpeg-2.3.0/src/bin/jp2/convert.c:2243
AOSA-2019-0017systemd: patchstableCVE-2018-16864 systemd: stack overflow when calling syslog from a command with long cmdline, CVE-2018-16865 systemd: stack overflow when receiving many journald entries, CVE-2018-16866 systemd: out-of-bounds read when parsing a crafted syslog message