ALT repositories
Last updated at Sat, 04 Dec 2021 00:42:24 +0000 | SRPMs: 17636
en ru
Security fixes

freeswitch-1:1.10.7-alt1.src.rpm  build 2021-11-26

Group: System/Servers
Summary: FreeSWITCH open source telephony platform
Changes:

- 1.10.6 -> 1.10.7 (Fixes: CVE-2021-41158, CVE-2021-41145, CVE-2021-41157,
CVE-2021-41105, CVE-2021-37624, CVE-2021-36513)

kernel-image-std-def-2:5.10.82-alt1.src.rpm  build 2021-11-26

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v5.10.82 (Fixes: CVE-2020-27820, CVE-2021-43267)

php8.0-8.0.13-alt1.src.rpm  build 2021-11-20

Group: Development/Other
Summary: The PHP scripting language
Changes:

- 8.0.13 (Fixes: CVE-2021-21707)

kernel-image-un-def-1:5.14.20-alt1.src.rpm  build 2021-11-19

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v5.14.20 (Fixes: CVE-2021-3640)

kernel-image-un-def-1:5.14.21-alt1.src.rpm  build 2021-11-19

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v5.14.20 (Fixes: CVE-2021-3640)

kernel-image-std-def-2:5.10.82-alt1.src.rpm  build 2021-11-19

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v5.10.80 (Fixes: CVE-2021-3640)

php7-7.4.26-alt1.src.rpm  build 2021-11-18

Group: Development/Other
Summary: The PHP7 scripting language
Changes:

- 7.4.26 (Fixes: CVE-2021-21707)

chromium-96.0.4664.45-alt2.p10.1.src.rpm  build 2021-11-16

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (96.0.4664.45).
- Security fixes:
- CVE-2021-38005: Use after free in loader.
- CVE-2021-38006: Use after free in storage foundation.
- CVE-2021-38007: Type Confusion in V8.
- CVE-2021-38008: Use after free in media.
- CVE-2021-38009: Inappropriate implementation in cache.
- CVE-2021-38010: Inappropriate implementation in service workers.
- CVE-2021-38011: Use after free in storage foundation.
- CVE-2021-38012: Type Confusion in V8.
- CVE-2021-38013: Heap buffer overflow in fingerprint recognition.
- CVE-2021-38014: Out of bounds write in Swiftshader.
- CVE-2021-38015: Inappropriate implementation in input.
- CVE-2021-38016: Insufficient policy enforcement in background fetch.
- CVE-2021-38017: Insufficient policy enforcement in iframe sandbox.
- CVE-2021-38018: Inappropriate implementation in navigation.
- CVE-2021-38019: Insufficient policy enforcement in CORS.
- CVE-2021-38020: Insufficient policy enforcement in contacts picker.
- CVE-2021-38021: Inappropriate implementation in referrer.
- CVE-2021-38022: Inappropriate implementation in WebAuthentication.

chromium-gost-96.0.4664.45-alt2.p10.1.src.rpm  build 2021-11-16

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (96.0.4664.45).
- Security fixes:
- CVE-2021-38005: Use after free in loader.
- CVE-2021-38006: Use after free in storage foundation.
- CVE-2021-38007: Type Confusion in V8.
- CVE-2021-38008: Use after free in media.
- CVE-2021-38009: Inappropriate implementation in cache.
- CVE-2021-38010: Inappropriate implementation in service workers.
- CVE-2021-38011: Use after free in storage foundation.
- CVE-2021-38012: Type Confusion in V8.
- CVE-2021-38013: Heap buffer overflow in fingerprint recognition.
- CVE-2021-38014: Out of bounds write in Swiftshader.
- CVE-2021-38015: Inappropriate implementation in input.
- CVE-2021-38016: Insufficient policy enforcement in background fetch.
- CVE-2021-38017: Insufficient policy enforcement in iframe sandbox.
- CVE-2021-38018: Inappropriate implementation in navigation.
- CVE-2021-38019: Insufficient policy enforcement in CORS.
- CVE-2021-38020: Insufficient policy enforcement in contacts picker.
- CVE-2021-38021: Inappropriate implementation in referrer.
- CVE-2021-38022: Inappropriate implementation in WebAuthentication.

qemu-6.1.0-alt2.src.rpm  build 2021-11-15

Group: Emulators
Summary: QEMU CPU Emulator
Changes:

- Backport patches from upstream:
+ qemu-sockets: fix unix socket path copy (again)
+ tests: tcg: Fix PVH test with binutils 2.36+
+ qxl: fix pre-save logic
+ ebpf: only include in system emulators
+ virtio-net: fix use after unmap/free for sg (Fixes: CVE-2021-3748)
+ e1000: fix tx re-entrancy problem (CVE-2021-20257)
+ Fix virtio-net-pci* "vectors" compat
+ hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands
(Fixes: CVE-2021-3930)

mailman-5:2.1.37-alt1.src.rpm  build 2021-11-13

Group: System/Servers
Summary: Mailing list manager with built in web access
Changes:

- 2.1.36 -> 2.1.37 (fixes bug in the fix for CVE-2021-43332).

mailman-5:2.1.37-alt1.src.rpm  build 2021-11-13

Group: System/Servers
Summary: Mailing list manager with built in web access
Changes:

- Updated to 2.1.36.
- Security fixes:
+ CVE-2021-43331: A potential XSS attack via the user options.
+ CVE-2021-43332: A potential for for a list moderator to carry out an
off-line brute force attack to obtain the list
admin password.

postgresql10-10.19-alt1.src.rpm  build 2021-11-10

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 10.19 (Fixes CVE-2021-23214, CVE-2021-23222)

postgresql11-11.14-alt1.src.rpm  build 2021-11-10

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 11.14 (Fixes CVE-2021-23214, CVE-2021-23222)

postgresql12-12.9-alt1.src.rpm  build 2021-11-10

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 12.8 (Fixes CVE-2021-23214, CVE-2021-23222)

postgresql13-13.5-alt1.src.rpm  build 2021-11-10

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 13.5 (Fixes CVE-2021-23214, CVE-2021-23222)

postgresql14-14.1-alt1.src.rpm  build 2021-11-10

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 14.1 (Fixes CVE-2021-23214, CVE-2021-23222)

postgresql9.6-9.6.24-alt1.src.rpm  build 2021-11-10

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.6.24 (Fixes CVE-2021-23214, CVE-2021-23222)

postgresql13-1C-13.3-alt5.src.rpm  build 2021-11-10

Group: Databases
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Changes:

- Fixes CVE-2021-23214, CVE-2021-23222

samba-4.14.10-alt2.src.rpm  build 2021-11-07

Group: System/Servers
Summary: The Samba4 CIFS and AD client and server suite
Changes:

- Update to latest security release of Samba 4.14
- Security fixes:
+ CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
authentication.
https://www.samba.org/samba/security/CVE-2016-2124.html
+ CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
+ CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets
issued by an RODC.
https://www.samba.org/samba/security/CVE-2020-25718.html
+ CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in
Kerberos tickets.
https://www.samba.org/samba/security/CVE-2020-25719.html
+ CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
(eg objectSid).
https://www.samba.org/samba/security/CVE-2020-25721.html
+ CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
checking of data stored.
https://www.samba.org/samba/security/CVE-2020-25722.html
+ CVE-2021-3738: Use after free in Samba AD DC RPC server.
https://www.samba.org/samba/security/CVE-2021-3738.html
+ CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
https://www.samba.org/samba/security/CVE-2021-23192.html

sssd-2.6.1-alt2.src.rpm  build 2021-11-07

Group: System/Servers
Summary: System Security Services Daemon
Changes:

- Update to 2.6.0 (with upstream fixes from master - 7bfdd3db8e4c).
- Security issue in the sssctl command - shell command injection via the
logs-fetch and cache-expire subcommands (fixes: CVE-2021-3621).
- pam_sss: Allow offline authentication against non-ipa-desktopprofiles aware DC
- Add filter for Active Directory trusted domains which are not trusted (one-way
trust) or are from a different forest (direct trust). Both should be ignored
because they are not trusted or can currently not be handled properly.

mailman-5:2.1.37-alt1.src.rpm  build 2021-11-06

Group: System/Servers
Summary: Mailing list manager with built in web access
Changes:

- Updated to 2.1.35:
- Security fixes:
+ CVE-2021-42096: Attack to obtain the list admin password.
+ CVE-2021-42097: A CSRF attack via the user options page
could allow takeover of a users

golang-1.16.10-alt1.src.rpm  build 2021-11-04

Group: Development/Other
Summary: The Go Programming Language
Changes:

- New version (1.16.10) (Fixes: CVE-2021-41771, CVE-2021-41772)

kernel-image-un-def-1:5.14.17-alt1.src.rpm  build 2021-11-04

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v5.14.16 (Fixes: CVE-2021-42327)

kernel-image-un-def-1:5.14.18-alt1.src.rpm  build 2021-11-04

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v5.14.16 (Fixes: CVE-2021-42327)

kernel-image-un-def-1:5.14.20-alt1.src.rpm  build 2021-11-04

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v5.14.16 (Fixes: CVE-2021-42327)

kernel-image-un-def-1:5.14.21-alt1.src.rpm  build 2021-11-04

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v5.14.16 (Fixes: CVE-2021-42327)

rust-1:1.56.1-alt1.src.rpm  build 2021-11-03

Group: Development/Other
Summary: The Rust Programming Language
Changes:

- New version (1.56.1).
- Security fixes:
+ CVE-2021-42574: rustc 1.56.0 and bidirectional-override codepoints in source code

thunderbird-91.3.0-alt1.src.rpm  build 2021-11-03

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version.
- Security fixes:
+ CVE-2021-38503 iframe sandbox rules did not apply to XSLT stylesheets
+ CVE-2021-38504 Use-after-free in file picker dialog
+ CVE-2021-38505 Windows 10 Cloud Clipboard may have recorded sensitive user data
+ CVE-2021-38506 Thunderbird could be coaxed into going into fullscreen mode without notification or warning
+ CVE-2021-38507 Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
+ CVE-2021-38508 Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
+ CVE-2021-38509 Javascript alert box could have been spoofed onto an arbitrary domain
+ CVE-2021-38510 Download Protections were bypassed by .inetloc files on Mac OS
- Disable telemetry by default.

thunderbird-91.3.2-alt1.src.rpm  build 2021-11-03

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version.
- Security fixes:
+ CVE-2021-38503 iframe sandbox rules did not apply to XSLT stylesheets
+ CVE-2021-38504 Use-after-free in file picker dialog
+ CVE-2021-38505 Windows 10 Cloud Clipboard may have recorded sensitive user data
+ CVE-2021-38506 Thunderbird could be coaxed into going into fullscreen mode without notification or warning
+ CVE-2021-38507 Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
+ CVE-2021-38508 Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
+ CVE-2021-38509 Javascript alert box could have been spoofed onto an arbitrary domain
+ CVE-2021-38510 Download Protections were bypassed by .inetloc files on Mac OS
- Disable telemetry by default.

firefox-esr-91.3.0-alt1.src.rpm  build 2021-11-02

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
Changes:

- New ESR version.
- Security fixes:
+ CVE-2021-38503 iframe sandbox rules did not apply to XSLT stylesheets
+ CVE-2021-38504 Use-after-free in file picker dialog
+ CVE-2021-38505 Windows 10 Cloud Clipboard may have recorded sensitive user data
+ CVE-2021-38506 Firefox could be coaxed into going into fullscreen mode without notification or warning
+ CVE-2021-38507 Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
+ CVE-2021-38508 Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
+ CVE-2021-38509 Javascript alert box could have been spoofed onto an arbitrary domain
+ CVE-2021-38510 Download Protections were bypassed by .inetloc files on Mac OS

firefox-94.0-alt1.src.rpm  build 2021-11-02

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (94.0).
- Security fixes:
+ CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
+ CVE-2021-38504: Use-after-free in file picker dialog
+ CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data
+ CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning
+ CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
+ MOZ-2021-0003: Universal XSS in Firefox for Android via QR Code URLs
+ CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
+ MOZ-2021-0004: Web Extensions could access pre-redirect URL when their context menu was triggered by a user
+ CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain
+ CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
+ MOZ-2021-0005: 'Copy Image Link' context menu action could have been abused to see authentication tokens
+ MOZ-2021-0006: URL Parsing may incorrectly parse internationalized domains
+ MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3

firefox-esr-91.3.0-alt2.src.rpm  build 2021-11-02

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
Changes:

- New ESR version.
- Security fixes:
+ CVE-2021-38503 iframe sandbox rules did not apply to XSLT stylesheets
+ CVE-2021-38504 Use-after-free in file picker dialog
+ CVE-2021-38505 Windows 10 Cloud Clipboard may have recorded sensitive user data
+ CVE-2021-38506 Firefox could be coaxed into going into fullscreen mode without notification or warning
+ CVE-2021-38507 Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
+ CVE-2021-38508 Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
+ CVE-2021-38509 Javascript alert box could have been spoofed onto an arbitrary domain
+ CVE-2021-38510 Download Protections were bypassed by .inetloc files on Mac OS

chromium-96.0.4664.45-alt2.p10.1.src.rpm  build 2021-11-02

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (95.0.4638.69).
- Security fixes:
- CVE-2021-37997: Use after free in Sign-In.
- CVE-2021-37998: Use after free in Garbage Collection.
- CVE-2021-37999: Insufficient data validation in New Tab Page.
- CVE-2021-38000: Insufficient validation of untrusted input in Intents.
- CVE-2021-38001: Type Confusion in V8.
- CVE-2021-38002: Use after free in Web Transport.
- CVE-2021-38003: Inappropriate implementation in V8.

chromium-gost-96.0.4664.45-alt2.p10.1.src.rpm  build 2021-11-02

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (95.0.4638.69).
- Security fixes:
- CVE-2021-37997: Use after free in Sign-In.
- CVE-2021-37998: Use after free in Garbage Collection.
- CVE-2021-37999: Insufficient data validation in New Tab Page.
- CVE-2021-38000: Insufficient validation of untrusted input in Intents.
- CVE-2021-38001: Type Confusion in V8.
- CVE-2021-38002: Use after free in Web Transport.
- CVE-2021-38003: Inappropriate implementation in V8.

samba-4.14.10-alt2.src.rpm  build 2021-11-01

Group: System/Servers
Summary: The Samba4 CIFS and AD client and server suite
Changes:

- Update to latest security release of Samba 4.14
- Backport bronze bit fixes, tests, and selftest improvements. Provide a fix
for MS in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation
bypass in Samba with embedded Heimdal (Fixes: CVE-2020-17049).

golang-1.16.9-alt1.src.rpm  build 2021-10-31

Group: Development/Other
Summary: The Go Programming Language
Changes:

- New version (1.16.9) (Fixes: CVE-2021-38297).

golang-1.16.9-alt1.src.rpm  build 2021-10-31

Group: Development/Other
Summary: The Go Programming Language
Changes:

- New version (1.16.8) (Fixes: CVE-2021-39293).

golang-1.16.10-alt1.src.rpm  build 2021-10-31

Group: Development/Other
Summary: The Go Programming Language
Changes:

- New version (1.16.9) (Fixes: CVE-2021-38297).

golang-1.16.10-alt1.src.rpm  build 2021-10-31

Group: Development/Other
Summary: The Go Programming Language
Changes:

- New version (1.16.8) (Fixes: CVE-2021-39293).

php7-7.4.25-alt1.src.rpm  build 2021-10-28

Group: Development/Other
Summary: The PHP7 scripting language
Changes:

- 7.4.25 (Fixes: CVE-2021-21703)

php8.0-8.0.12-alt1.src.rpm  build 2021-10-28

Group: Development/Other
Summary: The PHP scripting language
Changes:

- 8.0.12 (Fixes: CVE-2021-21703)

bind-9.11.36-alt1.src.rpm  build 2021-10-28

Group: System/Servers
Summary: ISC BIND - DNS server
Changes:

- 9.11.32 -> 9.11.36 (fixes: CVE-2021-25219).

php7-7.4.26-alt1.src.rpm  build 2021-10-28

Group: Development/Other
Summary: The PHP7 scripting language
Changes:

- 7.4.25 (Fixes: CVE-2021-21703)

php8.0-8.0.13-alt1.src.rpm  build 2021-10-28

Group: Development/Other
Summary: The PHP scripting language
Changes:

- 8.0.12 (Fixes: CVE-2021-21703)

java-11-openjdk-0:11.0.13.8-alt1_1jpp11.src.rpm  build 2021-10-23

Group: Development/Java
Summary: OpenJDK Runtime Environment 11
Changes:

- New version.
- Security fixes:
+ CVE-2021-35550 Update the default enabled cipher suites preference
+ CVE-2021-35565 com.sun.net.HttpsServer spins on TLS session close
+ CVE-2021-35556 Richer Text Editors
+ CVE-2021-35559 Enhanced style for RTF kit
+ CVE-2021-35561 Better hashing support
+ CVE-2021-35564 Improve Keystore integrity
+ CVE-2021-35567 More Constrained Delegation
+ CVE-2021-35578 Improve TLS client handshaking
+ CVE-2021-35586 Better BMP support
+ CVE-2021-35603 Better session identification

java-11-openjdk-0:11.0.13.8-alt2_1jpp11.src.rpm  build 2021-10-23

Group: Development/Java
Summary: OpenJDK Runtime Environment 11
Changes:

- New version.
- Security fixes:
+ CVE-2021-35550 Update the default enabled cipher suites preference
+ CVE-2021-35565 com.sun.net.HttpsServer spins on TLS session close
+ CVE-2021-35556 Richer Text Editors
+ CVE-2021-35559 Enhanced style for RTF kit
+ CVE-2021-35561 Better hashing support
+ CVE-2021-35564 Improve Keystore integrity
+ CVE-2021-35567 More Constrained Delegation
+ CVE-2021-35578 Improve TLS client handshaking
+ CVE-2021-35586 Better BMP support
+ CVE-2021-35603 Better session identification

thunderbird-91.2.1-alt1.src.rpm  build 2021-10-22

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version.
- Security fixes:
+ CVE-2021-38502 Downgrade attack on SMTP STARTTLS connections
+ CVE-2021-38496 Use-after-free in MessageTask
+ CVE-2021-38497 Validation message could have been overlaid on another origin
+ CVE-2021-38498 Use-after-free of nsLanguageAtomService object
+ CVE-2021-32810 Data race in crossbeam-deque
+ CVE-2021-38500 Memory safety bugs fixed in Thunderbird 91.2
+ CVE-2021-38501 Memory safety bugs fixed in Thunderbird 91.2

thunderbird-91.3.0-alt1.src.rpm  build 2021-10-22

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version.
- Security fixes:
+ CVE-2021-38502 Downgrade attack on SMTP STARTTLS connections
+ CVE-2021-38496 Use-after-free in MessageTask
+ CVE-2021-38497 Validation message could have been overlaid on another origin
+ CVE-2021-38498 Use-after-free of nsLanguageAtomService object
+ CVE-2021-32810 Data race in crossbeam-deque
+ CVE-2021-38500 Memory safety bugs fixed in Thunderbird 91.2
+ CVE-2021-38501 Memory safety bugs fixed in Thunderbird 91.2

thunderbird-91.3.2-alt1.src.rpm  build 2021-10-22

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version.
- Security fixes:
+ CVE-2021-38502 Downgrade attack on SMTP STARTTLS connections
+ CVE-2021-38496 Use-after-free in MessageTask
+ CVE-2021-38497 Validation message could have been overlaid on another origin
+ CVE-2021-38498 Use-after-free of nsLanguageAtomService object
+ CVE-2021-32810 Data race in crossbeam-deque
+ CVE-2021-38500 Memory safety bugs fixed in Thunderbird 91.2
+ CVE-2021-38501 Memory safety bugs fixed in Thunderbird 91.2

  1         3     4     5            Last »  

 
Branches:
hide window
The Geyser project is based on code from Prometheus2.0, which had been made available under the MIT License.