Security
| log4j Dec 15, 2021, 11:35 PM | Dec 15, 2021, 11:35 PM |
| Version: 2.9.1-alt2.c9.1_4jpp8 | |
| Summary: Java logging package | |
| Changelog: | |
- security fix CVE-2021-44228 and CVE-2021-45046 | |
| postgresql11 Nov 10, 2021, 01:05 PM | Nov 10, 2021, 01:05 PM |
| Version: 11.14-alt0.M90P.1 | |
| Summary: PostgreSQL client programs and libraries | |
| Changelog: | |
- 11.14 (Fixes CVE-2021-23214, CVE-2021-23222) | |
| postgresql10 Nov 10, 2021, 12:52 PM | Nov 10, 2021, 12:52 PM |
| Version: 10.19-alt0.M90P.1 | |
| Summary: PostgreSQL client programs and libraries | |
| Changelog: | |
- 10.19 (Fixes CVE-2021-23214, CVE-2021-23222) | |
| postgresql9.6 Nov 10, 2021, 12:41 PM | Nov 10, 2021, 12:41 PM |
| Version: 9.6.24-alt0.M90P.1 | |
| Summary: PostgreSQL client programs and libraries | |
| Changelog: | |
- 9.6.24 (Fixes CVE-2021-23214, CVE-2021-23222) | |
| postgresql12-1C Nov 10, 2021, 12:12 PM | Nov 10, 2021, 12:12 PM |
| Version: 12.7-alt0.M90P.3 | |
| Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later) | |
| Changelog: | |
- Fixes CVE-2021-23214, CVE-2021-23222 | |
| postgresql12 Nov 10, 2021, 11:55 AM | Nov 10, 2021, 11:55 AM |
| Version: 12.9-alt0.M90P.1 | |
| Summary: PostgreSQL client programs and libraries | |
| Changelog: | |
- 12.9 (Fixes CVE-2021-23214, CVE-2021-23222) | |
| java-1.8.0-openjdk Oct 23, 2021, 08:43 AM | Oct 23, 2021, 08:43 AM |
| Version: 1.8.0.312.b07-alt1_1jpp8 | |
| Summary: OpenJDK Runtime Environment 8 | |
| Changelog: | |
- New version. - Security fixes: + CVE-2021-35588 InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0 + CVE-2021-35550 Update the default enabled cipher suites preference + CVE-2021-35565 com.sun.net.HttpsServer spins on TLS session close + CVE-2021-35556 Richer Text Editors + CVE-2021-35559 Enhanced style for RTF kit + CVE-2021-35561 Better hashing support + CVE-2021-35564 Improve Keystore integrity + CVE-2021-35567 More Constrained Delegation + CVE-2021-35578 Improve TLS client handshaking + CVE-2021-35586 Better BMP support + CVE-2021-35603 Better session identification | |
| freerdp Oct 21, 2021, 04:06 PM | Oct 21, 2021, 04:06 PM |
| Version: 2.4.1-alt1 | |
| Summary: Remote Desktop Protocol functionality | |
| Changelog: | |
- New version. - Security fixes: + CVE-2021-41159 Improper client input validation for gateway connections allows to overwrite memory + CVE-2021-41160 Improper region checks in all clients allow out of bound write to memory | |
| openssl1.1 Aug 24, 2021, 05:24 PM | Aug 24, 2021, 05:24 PM |
| Version: 1.1.1l-alt1 | |
| Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools | |
| Changelog: | |
- Updated to 1.1.1l (fixes CVE-2021-3711, CVE-2021-3712). | |
| dovecot Aug 12, 2021, 01:39 PM | Aug 12, 2021, 01:39 PM |
| Version: 2.3.16-alt1 | |
| Summary: Dovecot secure IMAP/POP3 server | |
| Changelog: | |
- Updated to 2.3.16 (fixes CVE-2021-33515, CVE-2021-29157, CVE-2021-33515, CVE-2021-29157). - Package watch file. | |
| pacemaker Jul 24, 2021, 03:36 PM | Jul 24, 2021, 03:36 PM |
| Version: 2.1.0-alt1 | |
| Summary: Scalable High-Availability cluster resource manager | |
| Changelog: | |
- New version. - Security fix CVE-2020-25654 in 2.0.5. | |
| zabbix Jul 16, 2021, 02:43 PM | Jul 16, 2021, 02:43 PM |
| Version: 5.0.12-alt0.p9.2 | |
| Summary: A network monitor | |
| Changelog: | |
- Updated the changelog to reflect CVE fix (Fixes: CVE-2013-1364). | |
| nginx Jun 17, 2021, 12:48 PM | Jun 17, 2021, 12:48 PM |
| Version: 1.20.1-alt1 | |
| Summary: Fast HTTP server | |
| Changelog: | |
- 1.20.1 (Fixes: CVE-2021-23017) - updated rtmp module to 1.2.2 - updated spnego snapshot to a06f9efc | |
| curl May 27, 2021, 11:42 AM | May 27, 2021, 11:42 AM |
| Version: 7.77.0-alt1 | |
| Summary: Gets a file from a FTP, GOPHER or HTTP server | |
| Changelog: | |
- 7.77.0 - Fixes: * CVE-2021-22897 schannel cipher selection surprise * CVE-2021-22898 TELNET stack contents disclosure * CVE-2021-22901 TLS session caching disaster | |
| bind Apr 29, 2021, 05:55 PM | Apr 29, 2021, 05:55 PM |
| Version: 9.11.31-alt1 | |
| Summary: ISC BIND - DNS server | |
| Changelog: | |
- 9.11.28 -> 9.11.31 (fixes: CVE-2021-25214, CVE-2021-25215, CVE-2021-25216). | |
| ceph Apr 20, 2021, 07:49 PM | Apr 20, 2021, 07:49 PM |
| Version: 14.2.20-alt1 | |
| Summary: User space components of the Ceph file system | |
| Changelog: | |
- 14.2.20 (Fixes: CVE-2021-20288). | |
| dnsmasq Apr 9, 2021, 01:11 PM | Apr 9, 2021, 01:11 PM |
| Version: 2.85-alt1 | |
| Summary: A lightweight caching nameserver | |
| Changelog: | |
- Dropped obsoleted patch. - Updated to 2.83 (fixes: CVE-2021-3448). | |
| samba Mar 24, 2021, 08:34 PM | Mar 24, 2021, 08:34 PM |
| Version: 4.12.14-alt1 | |
| Summary: The Samba4 CIFS and AD client and server suite | |
| Changelog: | |
- Update to latest security release of the Samba 4.12 - Security fixes: + CVE-2020-27840: Heap corruption via crafted DN strings + CVE-2021-20277: Out of bounds read in AD DC LDAP server | |
| python-module-yaml Mar 18, 2021, 12:29 PM | Mar 18, 2021, 12:29 PM |
| Version: 5.4.1-alt0.c9 | |
| Summary: PyYAML, a YAML parser and emitter for Python | |
| Changelog: | |
- Backport version 5.4.x to c9 branch (fixes CVE-2020-1747). | |
| wpa_supplicant Mar 1, 2021, 01:53 PM | Mar 1, 2021, 01:53 PM |
| Version: 2.9-alt4 | |
| Summary: wpa_supplicant is an implementation of the WPA Supplicant component | |
| Changelog: | |
- P2P: Fix a corner case in peer addition based on PD Request (Fixes: CVE-2021-27803) | |
| ipmitool Feb 27, 2021, 12:46 PM | Feb 27, 2021, 12:46 PM |
| Version: 1.8.18-alt4 | |
| Summary: ipmitool - Utility for IPMI control | |
| Changelog: | |
- applied patches from upstream git to fix security issue (Fixes: CVE-2020-5208) see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp - added upstream fix FTBFS with gcc-10 | |
| xterm Feb 24, 2021, 03:22 PM | Feb 24, 2021, 03:22 PM |
| Version: 366-alt1 | |
| Summary: A standard terminal emulator for the X Window System | |
| Changelog: | |
- Autobuild version bump to 366 - CVE-2021-27135 (Closes: #39725) | |
| subversion Feb 14, 2021, 09:22 PM | Feb 14, 2021, 09:22 PM |
| Version: 1.14.1-alt1 | |
| Summary: A version control system | |
| Changelog: | |
- New version. - Fixes: + CVE-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn | |
| sudo Jan 27, 2021, 09:04 PM | Jan 27, 2021, 09:04 PM |
| Version: 1.9.5p2-alt1 | |
| Summary: Allows command execution as another user | |
| Changelog: | |
- Update to latest security release (fixes: CVE-2021-3156) (closes: 39615) - Added sudo-python package with Sudo Python Plugin API - Added sudo-logsrvd package with High-performance log server | |
| nagios Jan 27, 2021, 04:30 PM | Jan 27, 2021, 04:30 PM |
| Version: 3.0.6-alt15 | |
| Summary: Services and network monitoring system | |
| Changelog: | |
- Fixes: + CVE-2017-12847 Kill arbitrary processes by leveraging access to PID file. - Don't install the PID file. | |
| containerd Jan 22, 2021, 06:18 AM | Jan 22, 2021, 06:18 AM |
| Version: 1.3.9-alt1 | |
| Summary: A daemon to control runC | |
| Changelog: | |
- 1.3.9 (Fixes: CVE-2020-15257) | |
| x11vnc Jan 21, 2021, 09:31 AM | Jan 21, 2021, 09:31 AM |
| Version: 0.9.16-alt2 | |
| Summary: VNC server for real X displays | |
| Changelog: | |
- Applied security fix from upstream (Fixes: CVE-2020-29074). | |
| golang Jan 20, 2021, 03:59 PM | Jan 20, 2021, 03:59 PM |
| Version: 1.14.14-alt1 | |
| Summary: The Go Programming Language | |
| Changelog: | |
- New version (1.14.14). - Fixes: + CVE-2021-3114 + CVE-2021-3115 | |
| screen Jan 20, 2021, 02:38 PM | Jan 20, 2021, 02:38 PM |
| Version: 4.6.2-alt3.p9.1 | |
| Summary: A screen manager that supports multiple sessions on one terminal | |
| Changelog: | |
- Backported upstream commits (fixes CVE-2020-9366). | |
| qemu Dec 24, 2020, 07:48 PM | Dec 24, 2020, 07:48 PM |
| Version: 4.2.1-alt4 | |
| Summary: QEMU CPU Emulator | |
| Changelog: | |
- Fixes: CVE-2020-25723 | |