ISO Image: alt-workstation-10.1-aarch64.iso

Apr 15, 2024, 04:03 PM

qemu-aux

Version: 6.2.0-alt1.p10  8.2.2-alt0.p10
Summary: QEMU auxiliary package
April 8, 2024 Alexey Shabalin:
- 8.2.2.
- Fixes: CVE-2023-42467, CVE-2023-1544, CVE-2023-3255, CVE-2023-3019,
         CVE-2021-3527, CVE-2023-6693, CVE-2023-0330, CVE-2023-6683.
- backkport patches (Fixes:  CVE-2024-26327, CVE-2024-26328).
- LoongArch KVM support from https://github.com/loongson/qemu.git,
  branch kvm-loongarch, commit 432f4cf89493f2a1ac144018224e7d1b4fbc31a4.
- qemu-user: fixed running 32-bit x86 binaries on hosts with a page
  size > 4KB (such as LoongArch, ppc64*)
- spec:
  + LoongArch: work around old glibc-kernheaders (thanks iv@)
  + LoongArch: pmem is not supported [yet]
- update vitastor block driver to vitastor-v1.3.1.
Apr 15, 2024, 04:03 PM

qemu-guest-agent

Version: 6.2.0-alt1.p10  8.2.2-alt0.p10
Summary: QEMU guest agent
April 8, 2024 Alexey Shabalin:
- 8.2.2.
- Fixes: CVE-2023-42467, CVE-2023-1544, CVE-2023-3255, CVE-2023-3019,
         CVE-2021-3527, CVE-2023-6693, CVE-2023-0330, CVE-2023-6683.
- backkport patches (Fixes:  CVE-2024-26327, CVE-2024-26328).
- LoongArch KVM support from https://github.com/loongson/qemu.git,
  branch kvm-loongarch, commit 432f4cf89493f2a1ac144018224e7d1b4fbc31a4.
- qemu-user: fixed running 32-bit x86 binaries on hosts with a page
  size > 4KB (such as LoongArch, ppc64*)
- spec:
  + LoongArch: work around old glibc-kernheaders (thanks iv@)
  + LoongArch: pmem is not supported [yet]
- update vitastor block driver to vitastor-v1.3.1.
Apr 11, 2024, 04:23 PM

xorg-server

Version: 1.20.14-alt6  1.20.14-alt12
Summary: Xserver - X Window System display server
April 4, 2024 Valery Inozemtsev:
- cherry pick upstream fixes for CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083
Apr 11, 2024, 04:23 PM

xorg-server-common

Version: 1.20.14-alt6  1.20.14-alt12
Summary: The X server common files
April 4, 2024 Valery Inozemtsev:
- cherry pick upstream fixes for CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083
Apr 11, 2024, 04:23 PM

xorg-xvfb

Version: 1.20.14-alt6  1.20.14-alt12
Summary: A virtual framebuffer X Windows System server for X.Org
April 4, 2024 Valery Inozemtsev:
- cherry pick upstream fixes for CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083
Apr 9, 2024, 09:23 PM

firefox-esr

Version: 102.6.0-alt1  115.9.1-alt1
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
April 3, 2024 Pavel Vasenkov:
- New ESR version.
- Security fixes
  + CVE-2024-0743 Crash in NSS TLS method
  + CVE-2024-2605 Windows Error Reporter could be used as a Sandbox escape vector
  + CVE-2024-2607 JIT code failed to save return registers on Armv7-A
  + CVE-2024-2608 Integer overflow could have led to out of bounds write
  + CVE-2024-2616 Improve handling of out-of-memory conditions in ICU
  + CVE-2023-5388 NSS susceptible to timing attack against RSA decryption
  + CVE-2024-2610 Improper handling of html and body tags enabled CSP nonce leakage
  + CVE-2024-2611 Clickjacking vulnerability could have led to a user accidentally granting permissions
  + CVE-2024-2612 Self referencing object could have potentially led to a use-after-free
  + CVE-2024-2614 Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
  + CVE-2024-29944 Privileged JavaScript Execution via Event Handlers
Apr 8, 2024, 05:58 PM

thunderbird

Version: 102.6.1-alt1  115.9.0-alt1
Summary: Thunderbird is Mozilla's e-mail client
April 3, 2024 Pavel Vasenkov:
- New version.
- Security fixes:
  + CVE-2024-0743 Crash in NSS TLS method
  + CVE-2024-2605 Windows Error Reporter could be used as a Sandbox escape vector
  + CVE-2024-2607 JIT code failed to save return registers on Armv7-A
  + CVE-2024-2608 Integer overflow could have led to out of bounds write
  + CVE-2024-2616 Improve handling of out-of-memory conditions in ICU
  + CVE-2023-5388 NSS susceptible to timing attack against RSA decryption
  + CVE-2024-2610 Improper handling of html and body tags enabled CSP nonce leakage
  + CVE-2024-2611 Clickjacking vulnerability could have led to a user accidentally granting permissions
  + CVE-2024-2612 Self referencing object could have potentially led to a use-after-free
  + CVE-2024-2614 Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
Apr 6, 2024, 01:36 AM

libnghttp2

Version: 1.41.0-alt1  1.61.0-alt1
Summary: HTTP/2.0 C Library
April 5, 2024 Anton Farygin:
- 1.60.0 -> 1.61.0 (Fixes: CVE-2024-28182)
Apr 2, 2024, 04:53 PM

libgnutls30

Version: 3.6.16-alt2  3.6.16-alt5
Summary: Transport Layer Security library
March 29, 2024 Mikhail Efremov:
- Fix side-channel in the deterministic ECDSA (fixes: CVE-2024-28834).
- tests: Add test for CVE-2024-28835.
- rsa-psk: minimize branching after decryption (fixes: CVE-2024-0553).
- x509: detect loop in certificate chain (fixes: CVE-2024-0567).
Apr 2, 2024, 04:53 PM

gnutls-utils

Version: 3.6.16-alt2  3.6.16-alt5
Summary: TLS protocol utilities
March 29, 2024 Mikhail Efremov:
- Fix side-channel in the deterministic ECDSA (fixes: CVE-2024-28834).
- tests: Add test for CVE-2024-28835.
- rsa-psk: minimize branching after decryption (fixes: CVE-2024-0553).
- x509: detect loop in certificate chain (fixes: CVE-2024-0567).
Mar 30, 2024, 07:23 PM

libcurl

Version: 7.87.0-alt1  8.7.1-alt1
Summary: The shared library for file transfer
March 27, 2024 Anton Farygin:
- 8.6.0 -> 8.7.1
- Fixes:
   * CVE-2024-2398: HTTP/2 push headers memory-leak
   * CVE-2024-2004: Usage of disabled protocol
Mar 30, 2024, 07:23 PM

curl

Version: 7.87.0-alt1  8.7.1-alt1
Summary: Gets a file from a FTP, GOPHER or HTTP server
March 27, 2024 Anton Farygin:
- 8.6.0 -> 8.7.1
- Fixes:
   * CVE-2024-2398: HTTP/2 push headers memory-leak
   * CVE-2024-2004: Usage of disabled protocol
Mar 26, 2024, 09:53 AM

libvirt-libs

Version: 8.0.0-alt3  9.7.0-alt2.p10.2
Summary: Client side libraries
March 21, 2024 Alexander Kuznetsov:
- Check for negative array lengths before allocation (Fixes: CVE-2024-2494)
Mar 26, 2024, 09:53 AM

libvirt-client

Version: 8.0.0-alt3  9.7.0-alt2.p10.2
Summary: Client side utilities of the libvirt library
March 21, 2024 Alexander Kuznetsov:
- Check for negative array lengths before allocation (Fixes: CVE-2024-2494)
Mar 25, 2024, 10:23 AM

python3-module-jinja2

Version: 3.0.1-alt1  3.0.1-alt1.p10.1
Summary: The new and improved version of a small but fast template engine
Feb. 26, 2024 Andrey Cherepanov:
- Fixed CVE-2024-22195.
Mar 20, 2024, 04:32 PM

thunderbird

Version: 102.6.1-alt1  115.8.1-alt1
Summary: Thunderbird is Mozilla's e-mail client
March 12, 2024 Pavel Vasenkov:
- New version.
- Security fixes:
  + CVE-2024-1936 Leaking of encrypted email subjects to other conversations
Mar 18, 2024, 12:54 PM

openssh-common-gostcrypto

Version: 7.9p1-alt4.gost  7.9p1-alt4.gost.p10.1
Summary: OpenSSH common files
March 13, 2024 Gleb Fotengauer-Malinovskiy:
- Updated -gostcrypto version to fix security issues (CVE-2019-6111,
  CVE-2019-6109, CVE-2023-38408 CVE-2023-48795).
Mar 18, 2024, 12:54 PM

openssh-server-gostcrypto

Version: 7.9p1-alt4.gost  7.9p1-alt4.gost.p10.1
Summary: OpenSSH Secure Shell protocol daemon
March 13, 2024 Gleb Fotengauer-Malinovskiy:
- Updated -gostcrypto version to fix security issues (CVE-2019-6111,
  CVE-2019-6109, CVE-2023-38408 CVE-2023-48795).
Mar 18, 2024, 12:54 PM

openssh-clients-gostcrypto

Version: 7.9p1-alt4.gost  7.9p1-alt4.gost.p10.1
Summary: OpenSSH Secure Shell protocol clients
March 13, 2024 Gleb Fotengauer-Malinovskiy:
- Updated -gostcrypto version to fix security issues (CVE-2019-6111,
  CVE-2019-6109, CVE-2023-38408 CVE-2023-48795).
Mar 18, 2024, 12:54 PM

openssh-gostcrypto

Version: 7.9p1-alt4.gost  7.9p1-alt4.gost.p10.1
Summary: OpenSSH free Secure Shell (SSH) implementation
March 13, 2024 Gleb Fotengauer-Malinovskiy:
- Updated -gostcrypto version to fix security issues (CVE-2019-6111,
  CVE-2019-6109, CVE-2023-38408 CVE-2023-48795).
Mar 18, 2024, 12:54 PM

openssh-server-control-gostcrypto

Version: 7.9p1-alt4.gost  7.9p1-alt4.gost.p10.1
Summary: Control rules for the OpenSSH server configuration
March 13, 2024 Gleb Fotengauer-Malinovskiy:
- Updated -gostcrypto version to fix security issues (CVE-2019-6111,
  CVE-2019-6109, CVE-2023-38408 CVE-2023-48795).
Mar 18, 2024, 12:54 PM

openssh-askpass-common-gostcrypto

Version: 7.9p1-alt4.gost  7.9p1-alt4.gost.p10.1
Summary: OpenSSH common passphrase dialog infrastructure
March 13, 2024 Gleb Fotengauer-Malinovskiy:
- Updated -gostcrypto version to fix security issues (CVE-2019-6111,
  CVE-2019-6109, CVE-2023-38408 CVE-2023-48795).
Mar 15, 2024, 10:40 AM

curl

Version: 7.87.0-alt1  8.6.0-alt1
Summary: Gets a file from a FTP, GOPHER or HTTP server
Jan. 31, 2024 Anton Farygin:
- 8.5.0 -> 8.6.0
- Fixes:
   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse
Mar 15, 2024, 10:40 AM

libcurl

Version: 7.87.0-alt1  8.6.0-alt1
Summary: The shared library for file transfer
Jan. 31, 2024 Anton Farygin:
- 8.5.0 -> 8.6.0
- Fixes:
   * CVE-2024-0853 : OCSP verification bypass with TLS session reuse
Mar 12, 2024, 11:04 PM

libswscale5

Version: 4.4.2-alt1  4.4.4-alt1
Summary: FFmpeg image scaling and colorspace and pixel format conversion library
June 20, 2023 Anton Farygin:
- 4.4.3 -> 4.4.4 (Fixes: CVE-2022-3964, CVE-2022-3341, CVE-2022-3109)
Mar 12, 2024, 11:04 PM

libavdevice58

Version: 4.4.2-alt1  4.4.4-alt1
Summary: FFmpeg device handling library
June 20, 2023 Anton Farygin:
- 4.4.3 -> 4.4.4 (Fixes: CVE-2022-3964, CVE-2022-3341, CVE-2022-3109)
Mar 12, 2024, 11:04 PM

libavformat58

Version: 4.4.2-alt1  4.4.4-alt1
Summary: FFmpeg audio, video and subtitle streams (de)multiplexing library
June 20, 2023 Anton Farygin:
- 4.4.3 -> 4.4.4 (Fixes: CVE-2022-3964, CVE-2022-3341, CVE-2022-3109)
Mar 12, 2024, 11:04 PM

libavcodec58

Version: 4.4.2-alt1  4.4.4-alt1
Summary: provides implementation of a wider range of codecs
June 20, 2023 Anton Farygin:
- 4.4.3 -> 4.4.4 (Fixes: CVE-2022-3964, CVE-2022-3341, CVE-2022-3109)
Mar 12, 2024, 11:04 PM

libswresample3

Version: 4.4.2-alt1  4.4.4-alt1
Summary: FFmpeg audio resampling, rematrixing and sample format conversion library
June 20, 2023 Anton Farygin:
- 4.4.3 -> 4.4.4 (Fixes: CVE-2022-3964, CVE-2022-3341, CVE-2022-3109)
Mar 12, 2024, 11:04 PM

libpostproc55

Version: 4.4.2-alt1  4.4.4-alt1
Summary: FFmpeg postprocessing library
June 20, 2023 Anton Farygin:
- 4.4.3 -> 4.4.4 (Fixes: CVE-2022-3964, CVE-2022-3341, CVE-2022-3109)
Mar 12, 2024, 11:04 PM

libavutil56

Version: 4.4.2-alt1  4.4.4-alt1
Summary: Utility library to aid portable multimedia programming
June 20, 2023 Anton Farygin:
- 4.4.3 -> 4.4.4 (Fixes: CVE-2022-3964, CVE-2022-3341, CVE-2022-3109)
Mar 12, 2024, 11:04 PM

libavresample4

Version: 4.4.2-alt1  4.4.4-alt1
Summary: FFmpeg video postprocessing library
June 20, 2023 Anton Farygin:
- 4.4.3 -> 4.4.4 (Fixes: CVE-2022-3964, CVE-2022-3341, CVE-2022-3109)
Mar 12, 2024, 11:04 PM

libavfilter7

Version: 4.4.2-alt1  4.4.4-alt1
Summary: FFmpeg filter layer library
June 20, 2023 Anton Farygin:
- 4.4.3 -> 4.4.4 (Fixes: CVE-2022-3964, CVE-2022-3341, CVE-2022-3109)
Mar 9, 2024, 05:03 PM

python3

Version: 3.9.6-alt1  3.9.18-alt1
Summary: Version 3 of the Python programming language aka Python 3000
Feb. 15, 2024 Grigory Ustinov:
- Updated to upstream version 3.9.18 (Closes: #49415).
- Fixed CVE's (Fixes: CVE-2023-0286, CVE-2022-4303, CVE-2023-40217, CVE-2023-24329).
Mar 9, 2024, 05:03 PM

python3-modules-sqlite3

Version: 3.9.6-alt1  3.9.18-alt1
Summary: DB-API 2.0 interface for SQLite databases
Feb. 15, 2024 Grigory Ustinov:
- Updated to upstream version 3.9.18 (Closes: #49415).
- Fixed CVE's (Fixes: CVE-2023-0286, CVE-2022-4303, CVE-2023-40217, CVE-2023-24329).
Mar 9, 2024, 05:03 PM

libpython3

Version: 3.9.6-alt1  3.9.18-alt1
Summary: Python3 shared library
Feb. 15, 2024 Grigory Ustinov:
- Updated to upstream version 3.9.18 (Closes: #49415).
- Fixed CVE's (Fixes: CVE-2023-0286, CVE-2022-4303, CVE-2023-40217, CVE-2023-24329).
Mar 9, 2024, 05:03 PM

python3-dev

Version: 3.9.6-alt1  3.9.18-alt1
Summary: Libraries and header files needed for Python 3 development
Feb. 15, 2024 Grigory Ustinov:
- Updated to upstream version 3.9.18 (Closes: #49415).
- Fixed CVE's (Fixes: CVE-2023-0286, CVE-2022-4303, CVE-2023-40217, CVE-2023-24329).
Mar 9, 2024, 05:03 PM

python3-modules-curses

Version: 3.9.6-alt1  3.9.18-alt1
Summary: Python3 "curses" module
Feb. 15, 2024 Grigory Ustinov:
- Updated to upstream version 3.9.18 (Closes: #49415).
- Fixed CVE's (Fixes: CVE-2023-0286, CVE-2022-4303, CVE-2023-40217, CVE-2023-24329).
Mar 9, 2024, 05:03 PM

python3-base

Version: 3.9.6-alt1  3.9.18-alt1
Summary: Python 3 runtime libraries
Feb. 15, 2024 Grigory Ustinov:
- Updated to upstream version 3.9.18 (Closes: #49415).
- Fixed CVE's (Fixes: CVE-2023-0286, CVE-2022-4303, CVE-2023-40217, CVE-2023-24329).
Mar 9, 2024, 12:39 PM

libvirt-libs

Version: 8.0.0-alt3  9.7.0-alt2.p10.1
Summary: Client side libraries
March 5, 2024 Alexander Kuznetsov:
- Fix off-by-one error in udevListInterfacesByStatus (Fixes: CVE-2024-1441)
Mar 9, 2024, 12:39 PM

libvirt-client

Version: 8.0.0-alt3  9.7.0-alt2.p10.1
Summary: Client side utilities of the libvirt library
March 5, 2024 Alexander Kuznetsov:
- Fix off-by-one error in udevListInterfacesByStatus (Fixes: CVE-2024-1441)
Mar 6, 2024, 05:40 PM

zabbix-common

Version: 6.0.12-alt2  6.0.27-alt0.p10.1
Summary: zabbix network monitor (common stuff)
Feb. 27, 2024 Alexei Takaseev:
- 6.0.27 (Fixes: CVE-2023-32725, CVE-2023-32726, CVE-2023-32727
                 CVE-2023-32728, CVE-2024-22119)
Mar 6, 2024, 05:40 PM

zabbix-agent-sudo

Version: 6.0.12-alt2  6.0.27-alt0.p10.1
Summary: sudo entry for zabbix agent
Feb. 27, 2024 Alexei Takaseev:
- 6.0.27 (Fixes: CVE-2023-32725, CVE-2023-32726, CVE-2023-32727
                 CVE-2023-32728, CVE-2024-22119)
Mar 6, 2024, 05:40 PM

zabbix-agent

Version: 6.0.12-alt2  6.0.27-alt0.p10.1
Summary: zabbix agent
Feb. 27, 2024 Alexei Takaseev:
- 6.0.27 (Fixes: CVE-2023-32725, CVE-2023-32726, CVE-2023-32727
                 CVE-2023-32728, CVE-2024-22119)
Mar 5, 2024, 08:25 PM

firefox-esr

Version: 102.6.0-alt1  115.8.0-alt1
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
Feb. 21, 2024 Pavel Vasenkov:
- New ESR version.
- Security fixes
  + CVE-2024-1546 Out-of-bounds memory read in networking channels
  + CVE-2024-1547 Alert dialog could have been spoofed on another site
  + CVE-2024-1548 Fullscreen Notification could have been hidden by select element
  + CVE-2024-1549 Custom cursor could obscure the permission dialog
  + CVE-2024-1550 Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
  + CVE-2024-1551 Multipart HTTP Responses would accept the Set-Cookie header in response parts
  + CVE-2024-1552 Incorrect code generation on 32-bit ARM devices
  + CVE-2024-1553 Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
Feb 26, 2024, 01:07 PM

dnsmasq

Version: 2.88-alt1  2.90-alt1
Summary: A lightweight caching nameserver
Feb. 19, 2024 Mikhail Efremov:
- Fixed different signedness comparison on 32bit systems.
- Dropped obsoleted patches.
- Patches from upstream git:
  + Add missing CHANGELOG entries for 2.90;
  + Fix spurious "resource limit exceeded" messages.
- Updated to 2.90 (fixes: CVE-2023-50387,CVE 2023-50868).
Feb 26, 2024, 10:03 AM

sqlite3

Version: 3.35.5-alt1  3.35.5-alt1.p10.1
Summary: An Embeddable SQL Database Engine
Feb. 17, 2024 Andrey Cherepanov:
- Fixed CVE-2023-7104.
Feb 26, 2024, 10:03 AM

libsqlite3

Version: 3.35.5-alt1  3.35.5-alt1.p10.1
Summary: An Embeddable SQL Database Engine (shared library)
Feb. 17, 2024 Andrey Cherepanov:
- Fixed CVE-2023-7104.
Feb 16, 2024, 06:12 PM

libpq5

Version: 15.1-alt1  16.2-alt0.p10.1
Summary: The shared libraries required for any PostgreSQL clients
Feb. 12, 2024 Alexei Takaseev:
- 16.2 (Fixes CVE-2024-0985)
Feb 16, 2024, 06:12 PM

postgresql14-server

Version: 14.6-alt1  14.11-alt0.p10.1
Summary: The programs needed to create and run a PostgreSQL server
Feb. 13, 2024 Alexei Takaseev:
- 14.11 (Fixes CVE-2024-0985)
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top