Security
Sep 28, 2023, 04:47 AM
netatalk
Version: 3.1.17-alt1
Summary: Open Source Apple Filing Protocol(AFP) File Server
Changelog:
- 3.1.17 (fixed CVE-2023-42464, CVE-2022-23121, CVE-2022-23123, CVE-2022-43634 and CVE-2022-45188) - Add /etc/netatalk/afppasswd (Closes: #46445) - Add /var/lib/netatalk (Closes: #46441) - Add Requires: cracklib-words (Closes: #46446)
Sep 22, 2023, 06:05 AM
xrdp
Version: 0.9.23-alt1
Summary: An open source remote desktop protocol (RDP) server
Changelog:
- New version. - Security fixes: + CVE-2023-40184: Improper handling of session establishment errors allows bypassing OS-level session restrictions
Sep 21, 2023, 07:27 PM
bind
Version: 9.16.44-alt1
Summary: ISC BIND - DNS server
Changelog:
- 9.16.42 -> 9.16.44 (fixes: CVE-2023-3341).
Sep 14, 2023, 08:50 PM
php8.0
Version: 8.0.30-alt1
Summary: The PHP scripting language
Changelog:
- 8.0.29 -> 8.0.30 (Fixes: CVE-2023-3823, CVE-2023-3824) - for sisyphus and p11: added conflicts with the installer-stage3 to avoid using php8.0 in distributios: The first stage of EOL plan
Sep 11, 2023, 07:32 AM
vim
Version: 9.0.1893-alt1
Summary: VIsual editor iMproved
Changelog:
- Updated to v9.0.1893 (fixes CVE-2023-4781, CVE-2023-4752, CVE-2023-4750, CVE-2023-4733, CVE-2023-4738, CVE-2023-4736, CVE-2023-4735, CVE-2023-4734).
Sep 7, 2023, 02:26 PM
qemu
Version: 8.0.4-alt1.p10
Summary: QEMU CPU Emulator
Changelog:
- 8.0.4 (Fixes: CVE-2023-3301, CVE-2023-2861, CVE-2023-0330, CVE-2023-3255, CVE-2023-3354, CVE-2023-3180). - Backport fix oob memory read in fdp events log (Fixes: CVE-2023-4135). - Disabled support glusterfs for 32-bit arches and riscv64. - Add BR: /dev/kvm for tests. - Build with vitastor support.
Sep 6, 2023, 07:02 PM
golang
Version: 1.20.8-alt1
Summary: The Go Programming Language
Changelog:
- New version (1.20.8) (Fixes: CVE-2023-39318, CVE-2023-39319, CVE-2023-39320, CVE-2023-39321, CVE-2023-39322).
Aug 25, 2023, 01:15 PM
java-1.8.0-openjdk
Version: 1.8.0.382.b05-alt0_1jpp8
Summary: OpenJDK Runtime Environment 8
Changelog:
- New version. - Seciruty fixes: + CVE-2023-22045 + CVE-2023-22049 - Removed implicit requirements.
Aug 24, 2023, 01:59 PM
java-17-openjdk
Version: 17.0.8.0.7-alt1
Summary: OpenJDK 17 Runtime Environment
Changelog:
- New version. - Security fixes: + CVE-2023-22006 + CVE-2023-22036 + CVE-2023-22041 + CVE-2023-22044 + CVE-2023-22045 + CVE-2023-22049 + CVE-2023-25193 - Remove explicit requirements (ALT #47301).
Aug 21, 2023, 09:00 PM
haproxy
Version: 2.6.15-alt1
Summary: HA-Proxy is a TCP/HTTP reverse proxy for high availability environments
Changelog:
- 2.6.15 (Fixes: CVE-2023-40225)
Aug 17, 2023, 10:33 AM
ImageMagick
Version: 6.9.12.93-alt1
Summary: An X application for displaying and manipulating images
Changelog:
- New version 6.9.12.93 (Fixes: CVE-2022-44268)
Aug 9, 2023, 11:46 AM
postgresql14
Version: 14.9-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 14.9 (Fixes CVE-2023-39417)
Aug 9, 2023, 11:29 AM
postgresql13
Version: 13.12-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 13.12 (Fixes CVE-2023-39417)
Aug 9, 2023, 11:12 AM
postgresql12
Version: 12.16-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 12.16 (Fixes CVE-2023-39417)
Aug 9, 2023, 10:52 AM
postgresql11
Version: 11.21-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 11.21 (Fixes CVE-2023-39417)
Aug 9, 2023, 10:28 AM
postgresql15
Version: 15.4-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 15.4 (Fixes CVE-2023-39417, CVE-2023-39418)
Aug 8, 2023, 08:16 PM
connman
Version: 1.42-alt1
Summary: ConnMan is a daemon for managing internet connections.
Changelog:
- New version 1.42. (Fixes: CVE-2022-32292, CVE-2022-32293, CVE-2023-28488)
Jul 29, 2023, 05:59 PM
java-11-openjdk
Version: 11.0.19.0.7-alt1_1jpp11
Summary: OpenJDK Runtime Environment 11
Changelog:
- New version. - Security fixes + CVE-2023-21930 + CVE-2023-21937 + CVE-2023-21938 + CVE-2023-21939 + CVE-2023-21954 + CVE-2023-21967 + CVE-2023-21968
Jul 28, 2023, 12:48 AM
dotnet-runtime-7.0
Version: 7.0.9-alt1
Summary: Microsoft .NET Runtime and Microsoft.NETCore.App
Changelog:
- .NET 7.0.9 - CVE-2023-33127: .NET Remote Code Execution Vulnerability - CVE-2023-33170: .NET Security Feature Bypass Vulnerability - CVE-2023-24895: .NET Remote Code Execution Vulnerability - CVE-2023-24897: .NET Remote Code Execution Vulnerability - CVE-2023-24936: .NET Elevation of Privilege Vulnerability - CVE-2023-29331: .NET Denial of Service Vulnerability - CVE-2023-29337: NuGet Client Remote Code Execution Vulnerability - CVE-2023-32032: .NET Denial of Service Vulnerability - CVE-2023-33126: .NET Denial of Service Vulnerability - CVE-2023-33128: .NET Denial of Service Vulnerability - CVE-2023-33135: .NET Denial of Service Vulnerability - CVE-2023-28260: .NET Remote Code Execution Vulnerability
Jul 28, 2023, 12:47 AM
dotnet-bootstrap-7.0
Version: 7.0.9-alt1
Summary: .NET Core SDK binaries
Changelog:
- The .NET 7.0.9 and .NET SDK 7.0.109 releases - CVE-2023-33127: .NET Remote Code Execution Vulnerability - CVE-2023-33170: .NET Security Feature Bypass Vulnerability - CVE-2023-24895: .NET Remote Code Execution Vulnerability - CVE-2023-24897: .NET Remote Code Execution Vulnerability - CVE-2023-24936: .NET Elevation of Privilege Vulnerability - CVE-2023-29331: .NET Denial of Service Vulnerability - CVE-2023-29337: NuGet Client Remote Code Execution Vulnerability - CVE-2023-32032: .NET Denial of Service Vulnerability - CVE-2023-33126: .NET Denial of Service Vulnerability - CVE-2023-33128: .NET Denial of Service Vulnerability - CVE-2023-33135: .NET Denial of Service Vulnerability - CVE-2023-28260: .NET Remote Code Execution Vulnerability
Jul 28, 2023, 12:25 AM
dotnet-runtime-6.0
Version: 6.0.20-alt1
Summary: Microsoft .NET Runtime and Microsoft.NETCore.App
Changelog:
- .NET 6.0.20 - CVE-2023-33127: .NET Remote Code Execution Vulnerability - CVE-2023-33170: .NET Security Feature Bypass Vulnerability - CVE-2023-24895: .NET Remote Code Execution Vulnerability - CVE-2023-24897: .NET Remote Code Execution Vulnerability - CVE-2023-24936: .NET Elevation of Privilege Vulnerability - CVE-2023-29331: .NET Denial of Service Vulnerability - CVE-2023-29337: NuGet Client Remote Code Execution Vulnerability - CVE-2023-33126: .NET Denial of Service Vulnerability - CVE-2023-33128: .NET Denial of Service Vulnerability - CVE-2023-33135: .NET Denial of Service Vulnerability - CVE-2023-28260: .NET Remote Code Execution Vulnerability
Jul 28, 2023, 12:14 AM
dotnet-bootstrap-6.0
Version: 6.0.20-alt1
Summary: .NET Core SDK binaries
Changelog:
- The .NET 6.0.20 and .NET SDK 6.0.120 releases - CVE-2023-33127: .NET Remote Code Execution Vulnerability - CVE-2023-33170: .NET Security Feature Bypass Vulnerability - CVE-2023-24895: .NET Remote Code Execution Vulnerability - CVE-2023-24897: .NET Remote Code Execution Vulnerability - CVE-2023-24936: .NET Elevation of Privilege Vulnerability - CVE-2023-29331: .NET Denial of Service Vulnerability - CVE-2023-29337: NuGet Client Remote Code Execution Vulnerability - CVE-2023-33126: .NET Denial of Service Vulnerability - CVE-2023-33128: .NET Denial of Service Vulnerability - CVE-2023-33135: .NET Denial of Service Vulnerability - CVE-2023-28260: .NET Remote Code Execution Vulnerability
Jul 27, 2023, 03:17 PM
krb5
Version: 1.19.4-alt2
Summary: The Kerberos network authentication system
Changelog:
- Backport fix for use-after-free in kadmin5 (Fixes: CVE-2023-36054).
Jul 13, 2023, 04:48 PM
cacti
Version: 1.2.24-alt1
Summary: The complete RRDTool-based graphing solution.
Changelog:
- 1.2.24 - Fixes: + CVE-2022-46169 Unauthenticated Command Injection - switched to php8.0 by default
Jul 12, 2023, 03:22 PM
kubernetes
Version: 1.26.6-alt1
Summary: Container cluster management
Changelog:
- 1.26.3. -> 1.26.6 (Fixes: CVE-2023-2727, CVE-2023-2728). - Closes ALT#46869. - Fix build on %arm architectures. - Add CVE fixes information.
Jul 12, 2023, 02:59 PM
python3-module-django
Version: 3.2.20-alt1
Summary: A high-level Python 3 Web framework that encourages rapid development and clean, pragmatic design.
Changelog:
- New version 3.2.19. - Fixes for the following security vulnerabilities: + CVE-2023-36053: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator
Jul 5, 2023, 10:32 PM
c-ares
Version: 1.19.1-alt1
Summary: A library that performs asynchronous DNS operations
Changelog:
- 1.19.1 (Fixes: CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067)
Jul 5, 2023, 03:16 PM
dbus
Version: 1.14.8-alt1
Summary: D-BUS is a simple IPC framework based on messages.
Changelog:
- 1.14.8 (Fixes: CVE-2023-34969) (closes: #46767)
Jun 30, 2023, 05:36 PM
grafana
Version: 9.5.5-alt1
Summary: Metrics dashboard and graph editor
Changelog:
- 9.5.5 - Switch from separate server & cli to a unified grafana binary - Add wrapper scripts for grafana-cli and grafana-server - Fixes: + CVE-2023-0507 + CVE-2023-0594 + CVE-2023-1387 + CVE-2023-1410 + CVE-2023-2183 + CVE-2023-2801 + CVE-2023-22462 + CVE-2023-28119
Jun 20, 2023, 07:31 PM
ffmpeg
Version: 4.4.4-alt1
Summary: A command line toolbox to manipulate, convert and stream multimedia content
Changelog:
- 4.4.3 -> 4.4.4 (Fixes: CVE-2022-3964, CVE-2022-3341, CVE-2022-3109)
Jun 20, 2023, 06:10 PM
cups-filters
Version: 1.28.11-alt2
Summary: OpenPrinting CUPS filters and backends
Changelog:
- add upstream commit 93e60d3 (Fixes: CVE-2023-24805)
Jun 19, 2023, 04:15 PM
openldap
Version: 2.4.59-alt1.p10.2
Summary: LDAP libraries and sample clients
Changelog:
- fixes CVE-2022-29155.
Jun 14, 2023, 09:32 AM
yajl
Jun 14, 2023, 01:40 AM
open-vm-tools
Version: 12.2.5-alt1
Summary: Open Virtual Machine Tools for virtual machines hosted on VMware
Changelog:
- 12.2.5 (CVE-2023-20867)
May 30, 2023, 03:00 PM
openssl1.1
Version: 1.1.1u-alt1
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changelog:
- Updated to 1.1.1u (fixes CVE-2023-2650).
May 27, 2023, 08:30 PM
glpi
Version: 9.5.13-alt1
Summary: IT and asset management software
Changelog:
- New version 9.5.13 - This release fixes several security issues that have been recently discovered. Update is recommended! - Security fixes: + CVE-2023-28632 : Account takeover by authenticated user + CVE-2023-28838 : SQL injection through dynamic reports + CVE-2023-28852 : Stored XSS through dashboard administration + CVE-2023-28636 : Stored XSS on external links + CVE-2023-28639 : Reflected XSS in search pages + CVE-2023-28634 : Privilege Escalation from technician to super-admin + CVE-2023-28633 : Blind Server-Side Request Forgery (SSRF) in RSS feeds
May 27, 2023, 04:58 AM
etcd
Version: 3.5.9-alt1
Summary: A highly-available key value store for shared configuration
Changelog:
- 3.5.9 (Fixes: CVE-2023-32082).
May 27, 2023, 03:54 AM
libtpms
Version: 0.9.6-alt1
Summary: Library providing Trusted Platform Module (TPM) functionality
Changelog:
- New version 0.9.6 (Fixes: CVE-2023-1017, CVE-2023-1018).
May 17, 2023, 05:43 PM
thunderbird
Version: 102.11.0-alt1
Summary: Thunderbird is Mozilla's e-mail client
Changelog:
- New version. - Security fixes: + CVE-2023-32205 Browser prompts could have been obscured by popups + CVE-2023-32206 Crash in RLBox Expat driver + CVE-2023-32207 Potential permissions request bypass via clickjacking + CVE-2023-32211 Content process crash due to invalid wasm code + CVE-2023-32212 Potential spoof due to obscured address bar + CVE-2023-32213 Potential memory corruption in FileReader::DoReadData() + CVE-2023-32214 Potential DoS via exposed protocol handlers + CVE-2023-32215 Memory safety bugs fixed in Thunderbird 102.11
May 16, 2023, 07:47 PM
phpipam
Version: 1.5.2-alt1
Summary: PHP-based virtual machine control tool
Changelog:
- 1.5.2 (Fixes: CVE-2023-0676, CVE-2023-0677, CVE-2023-0678, CVE-2023-1211, CVE-2023-1212).
May 3, 2023, 09:20 PM
openvswitch
Version: 2.17.6-alt1
Summary: An open source, production quality, multilayer virtual switch
Changelog:
- 2.17.6 (Fixes: CVE-2021-3905, CVE-2023-1668, CVE-2022-4337, CVE-2022-4338)
May 3, 2023, 09:09 PM
dpdk
Version: 21.11.3-alt1
Summary: Set of libraries and drivers for fast packet processing
Changelog:
- Update to LTS release 21.11.3. - Fixes for the following security vulnerabilities: + CVE-2022-28199 mlx5 driver error recovery handling vulnerability + CVE-2022-2132 vhost: discard too small descriptor chains
Apr 17, 2023, 10:15 PM
git
Version: 2.33.8-alt1
Summary: Git core and tools
Changelog:
- 2.33.7 -> 2.33.8 (fixes: CVE-2023-25652, CVE-2023-25815, CVE-2023-29007).
Apr 13, 2023, 03:26 PM
ghostscript
Version: 10.01.1-alt1
Summary: PostScript interpreter and renderer, most printer drivers
Changelog:
- Autobuild version bump to 10.01.1 - (Fixes: CVE-2023-28879)
Mar 30, 2023, 11:41 AM
libsixel
Version: 1.10.3-alt1
Summary: A SIXEL encoder/decoder implementation
Changelog:
- 1.10.3. - switch to meson. - Security fixes for CVE-2020-11721, CVE-2020-19668.
Mar 29, 2023, 03:35 PM
xorg-server
Version: 1.20.14-alt8
Summary: Xserver - X Window System display server
Changelog:
- cherry pick upstream fixes for CVE-2023-1393
Mar 29, 2023, 12:03 PM
libmicrohttpd
Version: 0.9.76-alt1
Summary: Library providing compact API and implementation of an HTTP/1.1 webserver
Changelog:
- 0.9.76 released (fixes: CVE-2023-27371)
Mar 29, 2023, 07:29 AM
libmemcached
Version: 1.1.4-alt1
Summary: Client library to the memcached
Changelog:
- 1.1.4 (Fixes CVE-2023-27478) - Change URL to new upstream project - Use CMAKE
Mar 28, 2023, 03:21 PM
dnsmasq
Version: 2.89-alt2
Summary: A lightweight caching nameserver
Changelog:
- Added patches from upstream git: + Avoid undefined behaviour with the ctype(3) functions + Fix --rev-server option + Fix possible SEGV when no servers defined + Set the default maximum DNS UDP packet size to 1232 (fixes: CVE-2023-28450) + Fix DHCPv6 "use multicast" response which previously failed
Mar 27, 2023, 04:39 PM
cri-o
Version: 1.26.2-alt1
Summary: Kubernetes Container Runtime Interface for OCI-based containers
Changelog:
- 1.26.2 - Fixes: CVE-2022-2995, CVE-2022-27652, CVE-2022-4318
Mar 21, 2023, 04:53 PM
firejail
Version: 0.9.72-alt1
Summary: Linux namespaces sandbox program
Changelog:
- 0.9.68 -> 0.9.72 (Fixes: CVE-2022-31214)
Mar 21, 2023, 01:12 PM
python3
Version: 3.9.16-alt1
Summary: Version 3 of the Python programming language aka Python 3000
Changelog:
- Updated to upstream version 3.9.16 (Closes: #45598) (Fixes: CVE-2022-37454).
Mar 20, 2023, 06:36 PM
flatpak
Version: 1.14.4-alt1
Summary: Application deployment framework for desktop apps
Changelog:
- 1.14.4 (fixed CVE-2023-28100, CVE-2023-28101)
Mar 15, 2023, 05:53 PM
shim
Version: 15.7-alt3
Summary: First-stage UEFI bootloader
Changelog:
- grub 2.06-alt9 is missing fix for CVE-2022-28733, block SBAT grub.altlinux < 2 + add shim-15.7-alt-Add-grub.altlinux-2-to-SBAT-revocations patch
Mar 13, 2023, 11:01 PM
node
Version: 16.19.1-alt1
Summary: Evented I/O for V8 Javascript
Changelog:
- new version 16.19.1 (with rpmrb script) - CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High) - CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) - CVE-2023-23920: Node.js insecure loading of ICU data through ICU\_DATA environment variable (Low) - CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium) - CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low) - set openssl >= 1.1.1s - set npm >= 8.19.3
Mar 13, 2023, 12:16 AM
dotnet-runtime-5.0
Version: 5.0.17-alt1
Summary: Microsoft .NET Runtime and Microsoft.NETCore.App
Changelog:
- new version (5.0.17) with rpmgs script - CVE-2022-29117: .NET Denial of Service Vulnerability - CVE-2022-29145: .NET Denial of Service Vulnerability - CVE-2022-23267: .NET Denial of Service Vulnerability
Mar 13, 2023, 12:06 AM
dotnet-aspnetcore-3.1
Version: 3.1.32-alt1
Summary: ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web application
Changelog:
- ASP.NET Core 3.1.32 - CVE-2022-38013: .NET Denial of Service Vulnerability
Mar 12, 2023, 11:59 PM
dotnet-bootstrap-5.0
Version: 5.0.17-alt1
Summary: .NET Core SDK binaries
Changelog:
- new version (5.0.17) with rpmgs script - CVE-2022-29117: .NET Denial of Service Vulnerability - CVE-2022-29145: .NET Denial of Service Vulnerability - CVE-2022-23267: .NET Denial of Service Vulnerability
Mar 12, 2023, 11:38 PM
dotnet-coreclr-3.1
Version: 3.1.32-alt1
Summary: .NET Core runtime, called CoreCLR, and the base library, called mscorlib
Changelog:
- .NET Core 3.1.32 - CVE-2022-41089: .NET Remote Code Execution Vulnerability - CVE-2022-41032: .NET Elevation of Privilege Vulnerability - CVE-2022-34716: .NET Information Disclosure Vulnerability
Mar 12, 2023, 11:33 PM
dotnet-bootstrap-3.1
Version: 3.1.32-alt1
Summary: .NET Core SDK binaries
Changelog:
- .NET Core 3.1.32 and .NET Core SDK 3.1.426 releases - CVE-2022-41089: .NET Remote Code Execution Vulnerability - CVE-2022-41032: .NET Elevation of Privilege Vulnerability - CVE-2022-38013: .NET Denial of Service Vulnerability - CVE-2022-34716: .NET Information Disclosure Vulnerability
Mar 11, 2023, 07:30 PM
palemoon
Version: 32.0.1-alt1
Summary: The New Moon browser, an unofficial branding of the Pale Moon project browser
Changelog:
- Version 32.0.1 (CVE-2023-25733, CVE-2023-25739, CVE-2023-0767)
Mar 9, 2023, 11:59 AM
clamav
Version: 0.103.8-alt1
Summary: Clam Antivirus scanner
Changelog:
- 0.103.8 (CVE-2023-20032, CVE-2023-20052)
Feb 17, 2023, 03:59 PM
gnutls30
Version: 3.6.16-alt3
Summary: A TLS protocol implementation
Changelog:
- Patches from gnutls-3.7.9: + auth/rsa: side-step potential side-channel (fixes: CVE-2023-0361); + rsa: remove dead code.
Feb 15, 2023, 01:10 AM
libbpf
Version: 0.8.1-alt2
Summary: Stand-alone build of libbpf from the Linux kernel
Changelog:
- (Fixes: CVE-2022-3534, CVE-2022-3606).
Jan 24, 2023, 04:58 PM
libxml2
Version: 2.9.12-alt1.p10.1
Summary: The library for manipulating XML files
Changelog:
- Applied security fixes from upstream (Fixes: CVE-2022-23308, CVE-2022-29824, CVE-2022-40303, CVE-2022-40304).
Jan 21, 2023, 09:46 AM
ruby
Version: 3.1.2-alt0.1
Summary: An Interpreted Object-Oriented Scripting Language
Changelog:
- ^ 3.1.1 -> 3.1.2 - ! fix call to irb/erb (closes #43110) - ! fix CVEs + CVE-2022-28738: Double free in Regexp compilation + CVE-2022-28739: Buffer overrun in String-to-Float conversion
Jan 18, 2023, 11:34 AM
libXpm
Version: 3.5.15-alt1
Summary: X Pixmap Library
Changelog:
- 3.5.15 (fixes: CVE-2022-46285, CVE-2022-44617, CVE-2022-4883)
Dec 22, 2022, 10:23 AM
libcairo
Version: 1.16.0-alt2
Summary: Multi-platform 2D graphics library
Changelog:
- cherry pick upstream fixes for CVE-2018-19876, CVE-2020-35492
Dec 20, 2022, 07:34 PM
libetpan
Version: 1.9.4-alt3
Summary: This mail library provide a portable, efficient middleware for different kinds of mail access
Changelog:
- Fixed libssl knob. - Fixed License tag. - Added Vcs tag. - Patch from upstream: + Fixed crash when st_info_list is NULL (fixes: CVE-2022-4121).
Dec 18, 2022, 03:00 AM
libtiff
Version: 4.4.0-alt2
Summary: Library of functions for manipulating TIFF format image files
Changelog:
- Applied SUSE patches (fixed tiff-CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970 and CVE-2022-34526) (closes #44499).
Dec 9, 2022, 12:49 AM
podofo
Version: 0.9.8-alt1
Summary: PDF manipulation library and tools
Changelog:
- new version 0.9.8 (with rpmrb script) - CVE-2021-30469, CVE-2021-30470, CVE-2021-30471, CVE-2021-30472
Dec 8, 2022, 02:04 AM
helm
Version: 3.10.2-alt1
Summary: The Kubernetes Package Manager
Changelog:
- new version 3.10.2 - (Fixes: CVE-2022-36055 CVE-2022-36049 CVE-2021-32690 CVE-2021-21303)
Dec 5, 2022, 03:48 PM
libarchive
Version: 3.6.1-alt2
Summary: A library for handling streaming archive formats
Changelog:
- security (fixes: CVE-2022-36227)
Nov 30, 2022, 11:03 PM
edk2
Version: 20221117-alt1
Summary: EFI Development Kit II
Changelog:
- edk2-stable202211 (Fixes: CVE-2021-38578) - add 4M builds
Nov 30, 2022, 04:34 PM
edk2-tools
Version: 20221117-alt1
Summary: EFI Development Kit II Tools
Changelog:
- edk2-stable202211 (Fixes: CVE-2021-38578)
Nov 28, 2022, 10:52 AM
tcpreplay
Version: 4.4.2-alt1
Summary: A tool to replay captured network traffic
Changelog:
- 4.4.2 (Fixes: CVE-2022-28487, CVE-2022-27942, CVE-2022-27940, CVE-2022-37047, CVE-2022-37049, CVE-2022-27939, CVE-2022-25484, CVE-2022-27941)
Nov 10, 2022, 05:19 PM
gmp
Version: 6.2.1-alt5
Summary: GNU MP arbitrary precision arithmetic library
Changelog:
- Backported upstream commit "mpz/inp_raw.c: Avoid bit size overflows" (thx Marco Bodrato) (fixes CVE-2021-43618).
Nov 8, 2022, 08:01 AM
ntfs-3g
Version: 2021.8.22-alt2
Summary: third generation Linux NTFS driver
Changelog:
Nov 5, 2022, 02:50 PM
libpixman
Nov 3, 2022, 04:58 PM
php7
Version: 7.4.33-alt1
Summary: The PHP7 scripting language
Changelog:
- 7.4.32 -> 7.4.33 (Fixes: CVE-2022-31630, CVE-2022-37454)
Oct 29, 2022, 11:07 PM
expat
Version: 2.5.0-alt1
Summary: An XML parser written in C
Changelog:
- Updated to 2.5.0 (fixes: CVE-2022-43680 Fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations, DoS or potentially ACE).
Oct 28, 2022, 02:27 PM
openslp
Version: 2.0.0-alt3
Summary: OpenSLP implementation of Service Location Protocol V2
Changelog:
- Applied security fixes (fixes CVE-2021-4217).
Oct 26, 2022, 04:03 PM
libvncserver
Version: 0.9.13-alt3
Summary: An easy API to write one's own VNC server
Changelog:
- security (fixes: CVE-2020-29260)
Oct 25, 2022, 05:31 PM
arj
Version: 3.10.22-alt9
Summary: An compressor and uncompressor for .arj format archive files
Changelog:
- Fixes patch CVE-2015-0557-security-traversal-dir (ALT #44143).
Oct 21, 2022, 03:23 PM
perl-DBI
Oct 18, 2022, 12:14 AM
adcli
Version: 0.9.2-alt1
Summary: Active Directory enrollment
Changelog:
- Add support LDAP add/mod operation to set/change password: + fix unable to join to active directory after KB5008380/CVE-2021-42287 with option '--ldap-passwd'; + https://gitlab.freedesktop.org/realmd/adcli/-/issues/27 - Add support fall back to LDAPS if CLDAP ping was not successful + If the --use-ldaps option is used and there is no reply on the CLDAP 389/udp port adcli will try to send the request to the LDAPS port 636/tcp. - Fix write SID before secret to Samba's db looks like 'net changesecretpw' - Add passwd-user sub-command for (re)set a user password. - Add dont-expire-password option for computer.
Oct 14, 2022, 03:47 PM
aspell
Version: 0.60.8-alt2
Summary: An Open Source interactive spelling checker program
Changelog:
- fixes CVE-2019-25051
Oct 12, 2022, 02:52 PM
lrzsz
Version: 0.12.20-alt2
Summary: Programs for communicating over Z-, Y- & X-modem protocols.
Changelog:
- fixes CVE-2018-10195.
Oct 12, 2022, 07:45 AM
unzip
Oct 11, 2022, 01:38 PM
python3-module-paramiko
Version: 2.11.0-alt1
Summary: SSH2 protocol for python
Changelog:
- 2.8.1 -> 2.11.0 (fixes: CVE-2022-24302).
Oct 8, 2022, 03:25 PM
glibc
Version: 2.32-alt5
Summary: The GNU libc libraries
Changelog:
- Updated to glibc-2.32-118-g0c9137a444 from 2.32 branch (fixes CVE-2020-29562, CVE-2022-23218, CVE-2022-23219, CVE-2021-38604).
Oct 7, 2022, 08:03 PM
dhcp
Version: 4.4.3.P1-alt1
Summary: Dynamic Host Configuration Protocol (DHCP) distribution
Changelog:
- Updated to 4.4.3-P1 (fixes: CVE-2022-2928,CVE-2022-2929).
Aug 31, 2022, 02:17 AM
cifs-utils
Version: 6.15-alt1
Summary: Utilities for doing and managing mounts of the Linux CIFS filesystem
Changelog:
- Update to stable release 6.15 (Samba#15025, Samba#15026) - mount.cifs: fix length check for ip option parsing (fixes: CVE-2022-27239) - mount.cifs: fix verbose messages on option parsing (fixes: CVE-2022-29869)
Aug 15, 2022, 04:57 PM
mariadb
Version: 10.6.9-alt1
Summary: A very fast and reliable SQL database engine
Changelog:
- 10.6.9 - Fixes: CVE-2022-32082, CVE-2022-32089, CVE-2022-32081, CVE-2018-25032, CVE-2022-32091, CVE-2022-32084
Jun 24, 2022, 06:49 PM
mediawiki
Version: 1.37.2-alt1
Summary: A wiki engine, typical installation (with Apache2 and MySQL support)
Changelog:
- new version 1.37.2 (with rpmrb script) - (T297571, CVE-2022-28201) (T297731, CVE-2022-28203) - (T297754, CVE-2022-28204) (T297543, CVE-2022-28202)
Jun 22, 2022, 02:24 PM
openscad
Version: 2021.01-alt4
Summary: The Programmers Solid 3D CAD Modeller
Changelog:
- Fixes: + CVE-2022-0496 Out-of-bounds memory access in DXF loader (path identification) + CVE-2022-0497 Out-of-bounds memory access in comment parser + Fix build issue with overloaded join(). - cleanup spec
Jun 17, 2022, 03:42 PM
python
Version: 2.7.18-alt10
Summary: An interpreted, interactive object-oriented programming language
Changelog:
- Secutiry update (fixed: CVE-2015-20107). - Fixed Url field.
May 21, 2022, 07:21 AM
openvpn
Version: 2.5.6-alt1
Summary: a full-featured SSL VPN solution
Changelog:
- New version (Closes: 42217) - Security fixes: + CVE-2022-0547: possible authentication bypass if multiple authentication plugins tries to do deferred authentication - Fix build with new python3-module-docutils
May 15, 2022, 08:57 PM
xpdf
Version: 4.04-alt1
Summary: The PDF viewer and tools
Changelog:
- Version bump - Many bugfixes, including security, including: Fixes: CVE-2022-24106, CVE-2022-27135
May 15, 2022, 08:53 AM
unrar
Version: 6.1.7-alt1
Summary: RAR unarchiver
Changelog:
- Autobuild version bump to 6.1.7 - Fixes: CVE-2022-30333