Security
Apr 24, 2024, 04:25 PM
chromium
Version: 124.0.6367.60-alt1
Summary: An open source web browser developed by Google
Changelog:
- New version (124.0.6367.60). - Security fixes: + CVE-2024-3832: Object corruption in V8. + CVE-2024-3833: Object corruption in WebAssembly. + CVE-2024-3914: Use after free in V8. + CVE-2024-3834: Use after free in Downloads. + CVE-2024-3837: Use after free in QUIC. + CVE-2024-3838: Inappropriate implementation in Autofill. + CVE-2024-3839: Out of bounds read in Fonts. + CVE-2024-3840: Insufficient policy enforcement in Site Isolation. + CVE-2024-3841: Insufficient data validation in Browser Switcher. + CVE-2024-3843: Insufficient data validation in Downloads. + CVE-2024-3844: Inappropriate implementation in Extensions. + CVE-2024-3845: Inappropriate implementation in Network. + CVE-2024-3846: Inappropriate implementation in Prompts. + CVE-2024-3847: Insufficient policy enforcement in WebUI.
Apr 22, 2024, 10:15 AM
flatpak
Version: 1.14.6-alt1
Summary: Application deployment framework for desktop apps
Changelog:
- 1.14.6 (fixed CVE-2024-32462)
Apr 22, 2024, 08:00 AM
glibc
Version: 2.38.0.66.ge1135387de-alt1
Summary: The GNU libc libraries
Changelog:
- Updated to glibc-2.38-66-ge1135387de (fixes: CVE-2024-2961).
Apr 19, 2024, 05:48 AM
putty
Version: 0.81-alt1
Summary: Free SSH, Telnet and Rlogin client
Changelog:
- 0.81 - Fixed a critical vulnerability in the use of 521-bit ECDSA keys (ecdsa-sha2-nistp521) (fixes: CVE-2024-31497)
Apr 19, 2024, 01:20 AM
xdg-desktop-portal
Version: 1.18.4-alt1
Summary: Portal frontend service to Flatpak
Changelog:
- 1.18.4 (fixed CVE-2024-32462)
Apr 16, 2024, 06:41 PM
firefox-esr
Version: 115.10.0-alt1
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
Changelog:
- New ESR version. - Security fixes + CVE-2024-3852 GetBoundName in the JIT returned the wrong object + CVE-2024-3854 Out-of-bounds-read after mis-optimized switch statement + CVE-2024-3857 Incorrect JITting of arguments led to use-after-free during garbage collection + CVE-2024-2609 Permission prompt input delay could expire when not in focus + CVE-2024-3859 Integer-overflow led to out-of-bounds-read in the OpenType sanitizer + CVE-2024-3861 Potential use-after-free due to AlignedBuffer self-move + CVE-2024-3863 Download Protections were bypassed by .xrm-ms files on Windows + CVE-2024-3302 Denial of Service using HTTP/2 CONTINUATION frames + CVE-2024-3864 Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
Apr 16, 2024, 11:58 AM
python3-module-Pillow
Version: 10.3.0-alt1
Summary: Python Imaging Library
Changelog:
- 10.3.0 released (fixes: CVE-2024-28219)
Apr 12, 2024, 07:46 PM
php8.2
Version: 8.2.18-alt1
Summary: The PHP scripting language
Changelog:
- 8.2.17 -> 8.2.18 (Fixes: CVE-2024-1874, CVE-2024-2756, CVE-2024-3096)
Apr 12, 2024, 07:36 PM
php8.1
Version: 8.1.28-alt1
Summary: The PHP scripting language
Changelog:
- 8.1.27 -> 8.1.28 (Fixes: CVE-2024-1874, CVE-2024-2756, CVE-2024-3096)
Apr 12, 2024, 07:08 PM
php8.3
Version: 8.3.6-alt1
Summary: The PHP scripting language
Changelog:
- 8.3.4 -> 8.3.6 (Fixes: CVE-2024-1874, CVE-2024-2756, CVE-2024-3096, CVE-2024-2757)
Apr 11, 2024, 12:17 PM
sox
Version: 14.4.2-alt7
Summary: A general purpose sound file conversion tool
Changelog:
- Added patches from debian and fix vulnerabilities (Fixes: CVE-2017-15371, CVE-2019-8355, CVE-2021-33844, CVE-2017-15370, CVE-2019-8356, CVE-2021-3643, CVE-2017-11332, CVE-2019-8357, CVE-2021-40426, CVE-2017-11359, CVE-2023-32627, CVE-2022-31650, CVE-2017-15372, CVE-2017-11358, CVE-2022-31651, CVE-2017-15642, CVE-2019-13590, CVE-2019-8354, CVE-2021-23159): + fixed hcom big endian + fixed resource leak comments + fixed resource leak hcom + added handle vorbis analysis headerout errors + added wavpack check errors + added xa validate channel count
Apr 8, 2024, 08:47 PM
libvirt
Version: 10.2.0-alt1
Summary: Library providing a simple API virtualization
Changelog:
- 10.2.0 (Fixes: CVE-2024-1441)
Apr 6, 2024, 01:37 AM
dotnet-runtime-7.0
Version: 7.0.17-alt1
Summary: Microsoft .NET Runtime and Microsoft.NETCore.App
Changelog:
- new version (7.0.17) with rpmgs script - CVE-2024-0056: Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider Information Disclosure Vulnerability - CVE-2024-0057: .NET Security Feature bypass Vulnerability - CVE-2024-21319: .NET Denial of Service Vulnerability - CVE-2024-21386: .NET Denial of Service Vulnerability - CVE-2024-21404: .NET Denial of Service Vulnerability - CVE-2024-21392: .NET Denial of Service Vulnerability - CVE-2024-26190: Microsoft QUIC Denial of Service Vulnerability
Apr 5, 2024, 01:13 PM
dotnet-bootstrap-7.0
Version: 7.0.17-alt1
Summary: .NET Core SDK binaries
Changelog:
- The .NET 7.0.17 and .NET SDK 7.0.117 releases - CVE-2024-0056: Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider Information Disclosure Vulnerability - CVE-2024-0057: .NET Security Feature bypass Vulnerability - CVE-2024-21319: .NET Denial of Service Vulnerability - CVE-2024-21386: .NET Denial of Service Vulnerability - CVE-2024-21404: .NET Denial of Service Vulnerability - CVE-2024-21392: .NET Denial of Service Vulnerability - CVE-2024-26190: Microsoft QUIC Denial of Service Vulnerability
Apr 5, 2024, 11:00 AM
libnghttp2
Apr 5, 2024, 10:54 AM
apache2
Version: 2.4.59-alt1
Summary: The most widely used Web server on the Internet
Changelog:
- 2.4.58 -> 2.4.59 (Fixes: CVE-2023-38709, CVE-2024-24795, CVE-2024-27316)
Apr 5, 2024, 03:17 AM
dotnet-bootstrap-8.0
Version: 8.0.3-alt1
Summary: .NET 8 SDK binaries
Changelog:
- CVE-2024-21392: .NET Denial of Service Vulnerability - CVE-2024-26190: Microsoft QUIC Denial of Service Vulnerability
Apr 4, 2024, 04:07 AM
node
Version: 20.12.1-alt1
Summary: Evented I/O for V8 Javascript
Changelog:
- 2024-04-03, Version 20.12.1 'Iron' (LTS), @RafaelGSS - CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) - CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
Apr 3, 2024, 07:57 PM
golang
Version: 1.22.2-alt1
Summary: The Go Programming Language
Changelog:
- New version (1.22.2) (Fixes: CVE-2023-45288).
Apr 3, 2024, 10:18 AM
thunderbird
Version: 115.9.0-alt1
Summary: Thunderbird is Mozilla's e-mail client
Changelog:
- New version. - Security fixes: + CVE-2024-0743 Crash in NSS TLS method + CVE-2024-2605 Windows Error Reporter could be used as a Sandbox escape vector + CVE-2024-2607 JIT code failed to save return registers on Armv7-A + CVE-2024-2608 Integer overflow could have led to out of bounds write + CVE-2024-2616 Improve handling of out-of-memory conditions in ICU + CVE-2023-5388 NSS susceptible to timing attack against RSA decryption + CVE-2024-2610 Improper handling of html and body tags enabled CSP nonce leakage + CVE-2024-2611 Clickjacking vulnerability could have led to a user accidentally granting permissions + CVE-2024-2612 Self referencing object could have potentially led to a use-after-free + CVE-2024-2614 Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
Apr 2, 2024, 02:25 PM
espeak-ng
Version: 1.51.1-alt1
Summary: eSpeak NG Text-to-Speech
Changelog:
- Initial build for ALT Sisyphus (ALT bug: 49726) + (fixes: CVE-2023-49990 CVE-2023-49991 CVE-2023-49992 CVE-2023-49993 CVE-2023-49994)
Apr 1, 2024, 02:36 PM
wireshark
Version: 4.2.4-alt1
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changelog:
- 4.2.4 (Fixes: CVE-2024-2955)
Mar 28, 2024, 11:10 PM
libflif
Version: 0.4-alt1
Summary: Free Lossless Image Format
Changelog:
- new version 0.4 (fixes: CVE-2017-14232, CVE-2018-10971, CVE-2018-11507, CVE-2018-12109, CVE-2018-14876, CVE-2019-14373)
Mar 27, 2024, 08:23 PM
openvpn
Version: 2.6.10-alt1
Summary: a full-featured SSL VPN solution
Changelog:
- New version - Fixes (all CVE are Windows-specific): + CVE-2024-27459: Windows: fix a possible stack overflow + CVE-2024-24974: Windows: disallow remote access to the service pipe + CVE-2024-27903: Windows: disallow loading of plugins from untrusted dirs + CVE-2023-7235: Windows: local privilege escalation via Windows Installer
Mar 27, 2024, 04:06 PM
gnutls30
Version: 3.8.4-alt1
Summary: A TLS protocol implementation
Changelog:
- Updated to 3.8.4 (fixes: CVE-2024-28834, CVE-2024-28835).
Mar 27, 2024, 12:10 PM
curl
Version: 8.7.1-alt1
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changelog:
- 8.6.0 -> 8.7.1 - Fixes: * CVE-2024-2398: HTTP/2 push headers memory-leak * CVE-2024-2004: Usage of disabled protocol
Mar 27, 2024, 11:45 AM
libfcgi
Mar 22, 2024, 09:57 PM
python3-module-django
Version: 4.2.11-alt1
Summary: A high-level Python 3 Web framework that encourages rapid development and clean, pragmatic design.
Changelog:
- New version 4.2.11. - Fixes a security issue with severity "moderate" and a regression in 4.2.10. - Fixes for the following security vulnerabilities: + CVE-2024-24680: Potential denial-of-service in intcomma template filter + CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
Mar 19, 2024, 03:17 PM
yandex-browser-stable
Version: 24.1.3.845-alt1
Summary: Yandex Browser
Changelog:
- Browser updated to 24.1.3.845 + High CVE-2024-0333: Insufficient data validation in Extensions. + High CVE-2024-0518: Type confusion in V8 + High CVE-2024-0517: Out of bounds write in V8 + High CVE-2024-0519: Out of bounds memory access in V8
Mar 7, 2024, 03:55 PM
libxml2
Version: 2.12.5-alt1
Summary: The library for manipulating XML files
Changelog:
- 2.12.5 (Fixes: CVE-2024-25062)
Mar 2, 2024, 03:22 PM
python3-module-dns
Version: 2.6.1-alt1
Summary: DNS toolkit
Changelog:
- new version 2.6.1, change license to ISC - switch to pyproject_build - CVE-2023-29483
Feb 19, 2024, 08:58 PM
dnsmasq
Version: 2.90-alt1
Summary: A lightweight caching nameserver
Changelog:
- Fixed different signedness comparison on 32bit systems. - Dropped obsoleted patches. - Patches from upstream git: + Add missing CHANGELOG entries for 2.90; + Fix spurious "resource limit exceeded" messages. - Updated to 2.90 (fixes: CVE-2023-50387,CVE 2023-50868).
Feb 18, 2024, 05:03 PM
libuv
Version: 1.48.0-alt1
Summary: Evented I/O for NodeJS
Changelog:
- new version 1.48.0 (with rpmrb script) - CVE-2024-24806
Feb 14, 2024, 12:59 PM
exiv2
Version: 0.28.2-alt1
Summary: Command line tool to access EXIF data in image files
Changelog:
- 0.28.2 (fixed CVE-2024-24826, CVE-2024-25112)
Feb 12, 2024, 12:03 PM
postgresql15-1C
Version: 15.5-alt4
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Changelog:
- Update 1C patch - Fixes CVE-2024-0985
Feb 12, 2024, 12:02 PM
postgresql15
Version: 15.6-alt1
Summary: PostgreSQL client programs and libraries
Changelog:
- 15.6 (Fixes CVE-2024-0985)
Feb 12, 2024, 11:59 AM
postgresql14
Version: 14.11-alt1
Summary: PostgreSQL client programs and libraries
Changelog:
- 14.11 (Fixes CVE-2024-0985)
Feb 12, 2024, 11:55 AM
postgresql13
Version: 13.14-alt1
Summary: PostgreSQL client programs and libraries
Changelog:
- 13.14 (Fixes CVE-2024-0985)
Feb 12, 2024, 11:51 AM
postgresql12
Version: 12.18-alt1
Summary: PostgreSQL client programs and libraries
Changelog:
- 12.18 (Fixes CVE-2024-0985)
Feb 12, 2024, 11:42 AM
postgresql16
Version: 16.2-alt1
Summary: PostgreSQL client programs and libraries
Changelog:
- 16.2 (Fixes CVE-2024-0985)
Feb 9, 2024, 03:20 AM
gem-nokogiri
Version: 1.16.2-alt1
Summary: Ruby libraries for Nokogiri (HTML, XML, SAX, and Reader parser)
Changelog:
- ^ 1.15.5 -> 1.16.2 - ! fixed CVE-2024-25062
Feb 5, 2024, 12:49 PM
java-17-openjdk
Version: 17.0.10.0.7-alt1
Summary: OpenJDK 17 Runtime Environment
Changelog:
- New version. - Security fixes: - CVE-2024-20918 - CVE-2024-20919 - CVE-2024-20921 - CVE-2024-20932 - CVE-2024-20945 - CVE-2024-20952
Feb 3, 2024, 01:42 PM
java-11-openjdk
Version: 11.0.22.0.7-alt1
Summary: OpenJDK Runtime Environment 11
Changelog:
- New version. - Security fixes - CVE-2024-20918 - CVE-2024-20919 - CVE-2024-20921 - CVE-2024-20926 - CVE-2024-20945 - CVE-2024-20952
Feb 2, 2024, 05:31 PM
runc
Version: 1.1.12-alt1
Summary: CLI for running Open Containers
Changelog:
- New version 1.1.12 (Fixes: CVE-2024-21626). - Drop tmpfiles.d/runc.conf
Feb 1, 2024, 12:18 PM
shim
Version: 15.8-alt1
Summary: First-stage UEFI bootloader
Changelog:
- new version - update shim-15.8-alt-Bump-grub-SBAT-revocation-to-4 patch - Fixes: + CVE-2023-40546 mok: fix LogError() invocation + CVE-2023-40547 - avoid incorrectly trusting HTTP headers + CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system + CVE-2023-40549 Authenticode: verify that the signature header is in bounds. + CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat() + CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries
Jan 30, 2024, 08:37 AM
libssh2
Version: 1.11.0-alt2
Summary: A library implementing the SSH2 protocol
Changelog:
- Applied security fix from upstream (Fixes: CVE-2023-48795).
Jan 18, 2024, 11:08 PM
MySQL
Version: 8.0.36-alt1
Summary: A very fast and reliable SQL database engine
Changelog:
- new version + (fixes: CVE-2024-20960, CVE-2024-20961, CVE-2024-20962, CVE-2024-20963) + (fixes: CVE-2024-20964, CVE-2024-20965, CVE-2024-20966, CVE-2024-20967) + (fixes: CVE-2024-20968, CVE-2024-20969, CVE-2024-20970, CVE-2024-20971) + (fixes: CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20975) + (fixes: CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20981) + (fixes: CVE-2024-20982, CVE-2024-20983, CVE-2024-20984, CVE-2024-20985) - update mysql-shell 8.0.35 -> 8.0.36
Jan 16, 2024, 03:40 PM
frr
Version: 9.0.2-alt1
Summary: FRRouting Routing daemon
Changelog:
- 9.0.2 (Fixes: CVE-2023-46752, CVE-2023-46753, CVE-2023-47234, CVE-2023-47235)
Jan 12, 2024, 10:52 AM
libssh
Version: 0.10.6-alt1
Summary: C library to authenticate in a simple manner to one or more SSH servers
Changelog:
- new version (fixes: CVE-2023-6004 CVE-2023-48795 CVE-2023-6918) (closes: 49050)
Jan 9, 2024, 02:05 AM
dotnet-runtime-6.0
Version: 6.0.25-alt1
Summary: Microsoft .NET Runtime and Microsoft.NETCore.App
Changelog:
- .NET 6.0.25 - CVE-2023-36049: .NET Elevation of Privilege Vulnerability - CVE-2023-36558: .NET Security Feature Bypass Vulnerability - CVE-2023-36792: .NET Remote Code Execution Vulnerability - CVE-2023-36793: .NET Remote Code Execution Vulnerability - CVE-2023-36794: .NET Remote Code Execution Vulnerability - CVE-2023-36796: .NET Remote Code Execution Vulnerability - CVE-2023-36799: .NET Denial of Service Vulnerability - CVE-2023-44487: .NET Denial of Service Vulnerability - CVE-2023-44487: .NET Denial of Service Vulnerability - CVE-2023-36792: .NET Remote Code Execution Vulnerability - CVE-2023-36793: .NET Remote Code Execution Vulnerability - CVE-2023-36794: .NET Remote Code Execution Vulnerability - CVE-2023-36796: .NET Remote Code Execution Vulnerability - CVE-2023-36799: .NET Denial of Service Vulnerability - CVE-2023-35390: .NET Remote Code Execution Vulnerability - CVE-2023-38180: .NET Denial of Service Vulnerability - CVE-2023-35391: .NET Information Disclosure Vulnerability
Jan 9, 2024, 02:01 AM
dotnet-bootstrap-6.0
Version: 6.0.25-alt1
Summary: .NET Core SDK binaries
Changelog:
- The .NET 6.0.25 and .NET SDK 6.0.125 releases - CVE-2023-36049: .NET Elevation of Privilege Vulnerability - CVE-2023-36558: .NET Security Feature Bypass Vulnerability - CVE-2023-36792: .NET Remote Code Execution Vulnerability - CVE-2023-36793: .NET Remote Code Execution Vulnerability - CVE-2023-36794: .NET Remote Code Execution Vulnerability - CVE-2023-36796: .NET Remote Code Execution Vulnerability - CVE-2023-36799: .NET Denial of Service Vulnerability - CVE-2023-44487: .NET Denial of Service Vulnerability - CVE-2023-44487: .NET Denial of Service Vulnerability - CVE-2023-36792: .NET Remote Code Execution Vulnerability - CVE-2023-36793: .NET Remote Code Execution Vulnerability - CVE-2023-36794: .NET Remote Code Execution Vulnerability - CVE-2023-36796: .NET Remote Code Execution Vulnerability - CVE-2023-36799: .NET Denial of Service Vulnerability - CVE-2023-35390: .NET Remote Code Execution Vulnerability - CVE-2023-38180: .NET Denial of Service Vulnerability - CVE-2023-35391: .NET Information Disclosure Vulnerability
Jan 5, 2024, 02:31 PM
openquantumsafe-openssh
Version: 8.9p1.202310-alt2
Summary: OQS-OpenSSH is a fork of OpenSSH that adds quantum-safe algorithms
Changelog:
- Security backports (fixes CVE-2023-48795, CVE-2023-51384, CVE-2023-51385). - Update version shown in 'ssh -V' to the actual one.
Jan 4, 2024, 10:57 AM
itop
Version: 3.1.1.1-alt1
Summary: IT Operations Portal
Changelog:
- New version 3.1.1.1 - Security fixes: + CVE-2023-48710 : Restrict pages/exec.php to PHP files + CVE-2023-48709 : Fix CSV injection in Excel from an iTop CSV export file + CVE-2023-46734 : Fix potential XSS vulnerabilities in TWIG CodeExtension filters + CVE-2023-47123 : Fix XSS vulnerability in n:n relations "tagset" widget + CVE-2023-47622 : Fix XSS vulnerabilities in ajax operations + CVE-2023-47626 : Fix XSS vulnerabilities in authent token + CVE-2023-44396 : Fix XSS vulnerabilities in dashlet ajax operations + CVE-2023-43790 : Fix XSS vulnerabilities in friendlyname in object details + CVE-2023-38511 : Fix dashboard allowing to load multiple files and urls + CVE-2023-45808 : Fix object creation in non allowed org by forging http query in both Console and Portal
Jan 1, 2024, 02:49 PM
tinyssh
Version: 20240101-alt1
Summary: TinySSH is small server
Changelog:
- Update to 20240101 (2024-01-01). (Fixes: CVE-2023-48795).
Dec 26, 2023, 02:09 PM
guacamole
Version: 1.5.4-alt1
Summary: Clientless remote desktop gateway
Changelog:
- 1.5.4 (Fixes: CVE-2023-43826).
Dec 25, 2023, 05:34 PM
guacamole-server
Version: 1.5.4-alt1
Summary: Server-side native components that form the Guacamole proxy
Changelog:
- New version 1.5.4 (Fixes: CVE-2023-43826).
Dec 25, 2023, 12:08 PM
raptor2
Version: 2.0.16-alt1
Summary: RDF Parser Toolkit for Redland
Changelog:
- new version (fixes: CVE-2017-18926 CVE-2020-25713) (closes: 48916)
Dec 20, 2023, 09:44 PM
phpipam
Version: 1.6.0-alt1
Summary: PHP-based virtual machine control tool
Changelog:
- 1.6.0 (Fixes: CVE-2023-24657). - Build with php8.2.
Dec 4, 2023, 05:48 PM
nextcloud
Version: 27.1.4-alt1
Summary: Cloud platform
Changelog:
- New version (fixes: CVE-2023-48306, CVE-2023-48305, CVE-2023-48304, CVE-2023-48303, CVE-2023-48302, CVE-2023-48301, CVE-2023-48239, CVE-2023-45148).
Dec 1, 2023, 05:28 PM
kubernetes1.25
Version: 1.25.16-alt1
Summary: Container cluster management
Changelog:
- 1.25.15 -> 1.25.16 (Fixes: CVE-2023-5528)
Nov 28, 2023, 09:55 AM
exim
Version: 4.97-alt1
Summary: Exim MTA
Changelog:
- update to 4.97 (fix CVE-2023-42114 ... CVE-2023-42116) - fix RM_COMMAND in scripts (#47254 #47255)
Nov 27, 2023, 11:11 AM
csync2
Version: 2.0-alt3
Summary: Csync2 is a cluster synchronization tool
Changelog:
- added commits from upstream git (Fixes: CVE-2019-15522, CVE-2019-15523)
Nov 24, 2023, 11:27 AM
tang
Nov 22, 2023, 11:15 AM
uwsgi
Version: 2.0.23-alt1
Summary: fast (pure C), self-healing, developer-friendly WSGI server
Changelog:
- update to 2.0.23 (Fixes: CVE-2023-27522)
Nov 15, 2023, 12:54 AM
firmware-intel-ucode
Version: 23-alt1.20231114
Summary: Microcode definitions for Intel processors
Changelog:
- New upstream microcode datafile 20231114: + Security updates for INTEL-SA-00950 (CVE-2023-23583). + Updated microcodes: sig 0x000606a6, pf_mask 0x87, 2023-09-01, rev 0xd0003b9, size 299008 sig 0x000606c1, pf_mask 0x10, 2023-09-08, rev 0x1000268, size 290816 sig 0x000706e5, pf_mask 0x80, 2023-09-03, rev 0x00c2, size 113664 sig 0x000806c1, pf_mask 0x80, 2023-09-07, rev 0x00b4, size 111616 sig 0x000806c2, pf_mask 0xc2, 2023-09-07, rev 0x0034, size 98304 sig 0x000806d1, pf_mask 0xc2, 2023-09-07, rev 0x004e, size 104448 sig 0x000806f4, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416 sig 0x000806f4, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184 sig 0x000806f5, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416 sig 0x000806f5, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184 sig 0x000806f6, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416 sig 0x000806f6, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184 sig 0x000806f7, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416 sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416 sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184 sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208 sig 0x00090675, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208 sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160 sig 0x000906a4, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160 sig 0x000a0671, pf_mask 0x02, 2023-09-03, rev 0x005d, size 104448 sig 0x000b0671, pf_mask 0x32, 2023-08-29, rev 0x011d, size 210944 sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064 sig 0x000b06a3, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064 sig 0x000b06e0, pf_mask 0x11, 2023-06-26, rev 0x0012, size 136192 sig 0x000b06f2, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208 sig 0x000b06f5, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208 - source: update symlinks to reflect id of the latest release, 20231114.
Nov 7, 2023, 06:32 PM
libetpan
Version: 1.9.4-alt4
Summary: This mail library provide a portable, efficient middleware for different kinds of mail access
Changelog:
- Patches from upstream git: + Fix buffer overwrite for empty string in remove_trailing_eol (upstream issue #408); + Detect extra data after STARTTLS response and exit (upstrem issue #387) (fixes: CVE-2020-15953); + Missing boundary fix (upstream issue #384); + Fix potential null pointer deferenced (upstream issue #363); + Fix potential null pointer deferenced (upstream issue #361); + Fix potential null pointer deference (upstream issue #348).
Nov 3, 2023, 12:06 AM
kubernetes1.24
Version: 1.24.17-alt1
Summary: Container cluster management
Changelog:
- 1.24.17 (Fixes: CVE-2023-2728) - Rename the package to include major and minor versions - Make kubernetes-common and kubernetes-crio noarch packages - Allow write to config dir /etc/kubernetes for kube group - Allow write to home dir /var/lib/kubernetes for kube group
Oct 19, 2023, 05:11 PM
json-c
Version: 0.17-alt1
Summary: JSON implementation in C
Changelog:
- Updated to 0.17 (Fixes: CVE-2021-32292).
Oct 19, 2023, 04:50 PM
libfastjson
Version: 1.2304.0-alt1
Summary: A JSON implementation in C
Changelog:
- New version 1.2304.0 (Fixed: CVE-2020-12762).
Oct 11, 2023, 04:19 PM
moodle
Version: 4.3.0-alt1
Summary: The world's open source learning platform
Changelog:
- New version. - Use PHP 8.2. - Security fixes: CVE-2023-40316, CVE-2023-40317, CVE-2023-40318, CVE-2023-40319, CVE-2023-40320, CVE-2022-39369, CVE-2023-40322, CVE-2023-40323, CVE-2023-40324, CVE-2023-40325 - Requires exif PHP module. - Set PHP parameter max_input_vars=5000.
Oct 11, 2023, 08:36 AM
libcue2
Version: 2.3.0-alt1
Summary: Cue sheet parser library
Changelog:
- new version 2.3.0 (with rpmrb script) - CVE-2023-43641
Oct 7, 2023, 07:00 AM
netatalk
Version: 3.1.18-alt1
Summary: Open Source Apple Filing Protocol(AFP) File Server
Changelog:
- 3.1.18 (fixed CVE-2022-22995)
Oct 4, 2023, 08:58 AM
libXpm
Sep 29, 2023, 03:25 PM
libppd
Version: 2.0.0-alt1
Summary: Library for retro-fitting legacy printer drivers
Changelog:
- 2.0.0 (Fixes: CVE-2023-4504)
Sep 29, 2023, 08:00 AM
openssl1.1
Version: 1.1.1w-alt1
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changelog:
- Updated to 1.1.1w (fixes CVE-2023-3817, CVE-2023-3446, CVE-2023-4807).
Aug 25, 2023, 01:15 PM
java-1.8.0-openjdk
Version: 1.8.0.382.b05-alt0_1jpp8
Summary: OpenJDK Runtime Environment 8
Changelog:
- New version. - Seciruty fixes: + CVE-2023-22045 + CVE-2023-22049 - Removed implicit requirements.
Aug 8, 2023, 08:16 PM
connman
Version: 1.42-alt1
Summary: ConnMan is a daemon for managing internet connections.
Changelog:
- New version 1.42. (Fixes: CVE-2022-32292, CVE-2022-32293, CVE-2023-28488)
Jul 29, 2023, 03:38 AM
burp
Version: 2.5.4-alt4
Summary: Burp is a network-based backup and restore program
Changelog:
- Support for OpenSSL 3 (to access Blowfish encryption). - Apply fixes to bundled yajl (CVE-2023-33460, CVE-2022-24795, CVE-2017-16516).
Jul 13, 2023, 05:12 PM
less
Version: 633-alt1
Summary: A text file browser similar to more, but better
Changelog:
- New version (633). - Security fixes: + CVE-2022-46663: less -R filtering bypass.
Jun 14, 2023, 09:32 AM
yajl
May 27, 2023, 03:54 AM
libtpms
Version: 0.9.6-alt1
Summary: Library providing Trusted Platform Module (TPM) functionality
Changelog:
- New version 0.9.6 (Fixes: CVE-2023-1017, CVE-2023-1018).
May 23, 2023, 12:02 PM
python3-module-requests
Version: 2.31.0-alt1
Summary: HTTP library, written in Python, for human beings
Changelog:
- 2.29.0 -> 2.31.0 (fixes: CVE-2023-32681).
Apr 8, 2023, 03:00 AM
ctags
Version: 5.8-alt6
Summary: A C programming language indexing and/or cross-reference tool
Changelog:
- Fixed arbitrary command execution via a tag file with a crafted filename (fixes CVE-2022-4515).
Mar 29, 2023, 07:29 AM
libmemcached
Version: 1.1.4-alt1
Summary: Client library to the memcached
Changelog:
- 1.1.4 (Fixes CVE-2023-27478) - Change URL to new upstream project - Use CMAKE
Mar 21, 2023, 04:53 PM
firejail
Version: 0.9.72-alt1
Summary: Linux namespaces sandbox program
Changelog:
- 0.9.68 -> 0.9.72 (Fixes: CVE-2022-31214)
Mar 9, 2023, 11:59 AM
clamav
Version: 0.103.8-alt1
Summary: Clam Antivirus scanner
Changelog:
- 0.103.8 (CVE-2023-20032, CVE-2023-20052)
Feb 18, 2023, 05:05 PM
tpm2-tss
Dec 5, 2022, 03:48 PM
libarchive
Version: 3.6.1-alt2
Summary: A library for handling streaming archive formats
Changelog:
- security (fixes: CVE-2022-36227)
Nov 2, 2022, 09:12 AM
perl-DBI
Version: 1.643-alt3
Summary: Database independent interface for Perl
Changelog:
- rename patch lib-DBD-File.pm-fix-CVE-2014-10401.patch - fixes changelog
Oct 29, 2022, 11:07 PM
expat
Version: 2.5.0-alt1
Summary: An XML parser written in C
Changelog:
- Updated to 2.5.0 (fixes: CVE-2022-43680 Fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations, DoS or potentially ACE).
Oct 25, 2022, 05:31 PM
arj
Version: 3.10.22-alt9
Summary: An compressor and uncompressor for .arj format archive files
Changelog:
- Fixes patch CVE-2015-0557-security-traversal-dir (ALT #44143).
Oct 18, 2022, 12:14 AM
adcli
Version: 0.9.2-alt1
Summary: Active Directory enrollment
Changelog:
- Add support LDAP add/mod operation to set/change password: + fix unable to join to active directory after KB5008380/CVE-2021-42287 with option '--ldap-passwd'; + https://gitlab.freedesktop.org/realmd/adcli/-/issues/27 - Add support fall back to LDAPS if CLDAP ping was not successful + If the --use-ldaps option is used and there is no reply on the CLDAP 389/udp port adcli will try to send the request to the LDAPS port 636/tcp. - Fix write SID before secret to Samba's db looks like 'net changesecretpw' - Add passwd-user sub-command for (re)set a user password. - Add dont-expire-password option for computer.
Oct 14, 2022, 03:47 PM
aspell
Version: 0.60.8-alt2
Summary: An Open Source interactive spelling checker program
Changelog:
- fixes CVE-2019-25051
Oct 12, 2022, 02:52 PM
lrzsz
Version: 0.12.20-alt2
Summary: Programs for communicating over Z-, Y- & X-modem protocols.
Changelog:
- fixes CVE-2018-10195.
Oct 12, 2022, 07:45 AM
unzip
May 15, 2022, 08:57 PM
xpdf
Version: 4.04-alt1
Summary: The PDF viewer and tools
Changelog:
- Version bump - Many bugfixes, including security, including: Fixes: CVE-2022-24106, CVE-2022-27135
May 15, 2022, 08:53 AM
unrar
Version: 6.1.7-alt1
Summary: RAR unarchiver
Changelog:
- Autobuild version bump to 6.1.7 - Fixes: CVE-2022-30333
Feb 10, 2022, 07:20 PM
pgbouncer
Version: 1.16.1-alt1
Summary: Lightweight connection pooler for PostgreSQL
Changelog:
- 1.16.1 (Fixes: CVE-2021-3935).
Dec 14, 2021, 03:13 PM
mailman
Version: 2.1.39-alt1
Summary: Mailing list manager with built in web access
Changelog:
- 2.1.38 -> 2.1.39 (fixes for CVE-2021-42097 and CVE-2021-44227).
Nov 11, 2021, 03:28 PM
screen
Version: 4.8.0-alt2
Summary: A screen manager that supports multiple sessions on one terminal
Changelog:
- Applied SUSE combchar.diff to prevent DoS via crafted UTF-8 character sequence (fixes CVE-2021-26937).