Security

libopenjpeg2.0 May 14, 2022, 12:52 AMMay 14, 2022, 12:52 AM
Version: 2.5.0-alt1
Summary: JPEG 2000 codec library (API version 2.0)
Changelog:
- 2.5.0 (fixed CVE-2013-4289, CVE-2013-4290, CVE-2019-6988, 
  CVE-2018-20846, CVE-2018-16376, CVE-2021-29338)
curl May 11, 2022, 11:29 AMMay 11, 2022, 11:29 AM
Version: 7.83.1-alt1
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changelog:
- 7.83.1
- Fixes:
  * CVE-2022-30115: HSTS bypass via trailing dot
  * CVE-2022-27782: TLS and SSH connection too eager reuse
  * CVE-2022-27781: CERTINFO never-ending busy-loop
  * CVE-2022-27780: percent-encoded path separator in URL host
  * CVE-2022-27779: cookie for trailing dot TLD
  * CVE-2022-27778: curl removes wrong file on error
postgresql14-1C May 11, 2022, 10:39 AMMay 11, 2022, 10:39 AM
Version: 14.3-alt1
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Changelog:
- 14.3 (Fixes CVE-2022-1552)
postgresql13 May 11, 2022, 10:01 AMMay 11, 2022, 10:01 AM
Version: 13.7-alt1
Summary: PostgreSQL client programs and libraries
Changelog:
- 13.7 (Fixes CVE-2022-1552)
postgresql12 May 11, 2022, 09:37 AMMay 11, 2022, 09:37 AM
Version: 12.11-alt1
Summary: PostgreSQL client programs and libraries
Changelog:
- 12.11 (Fixes CVE-2022-1552)
postgresql11 May 11, 2022, 09:14 AMMay 11, 2022, 09:14 AM
Version: 11.16-alt1
Summary: PostgreSQL client programs and libraries
Changelog:
- 11.16 (Fixes CVE-2022-1552)
postgresql10 May 11, 2022, 08:20 AMMay 11, 2022, 08:20 AM
Version: 10.21-alt1
Summary: PostgreSQL client programs and libraries
Changelog:
- 10.21 (Fixes CVE-2022-1552)
postgresql14 May 11, 2022, 07:35 AMMay 11, 2022, 07:35 AM
Version: 14.3-alt1
Summary: PostgreSQL client programs and libraries
Changelog:
- 14.3 (Fixes CVE-2022-1552)
grafana Apr 27, 2022, 06:06 PMApr 27, 2022, 06:06 PM
Version: 8.5.0-alt1
Summary: Metrics dashboard and graph editor
Changelog:
- 8.5.0
- Use pre-builded frontend
- Fixes:
  + CVE-2022-24812
  + CVE-2022-21702
  + CVE-2022-21703
  + CVE-2022-21713
  + CVE-2021-43813
  + CVE-2021-43815
  + CVE-2021-41244
  + CVE-2021-41174
java-1.8.0-openjdk Apr 25, 2022, 07:12 AMApr 25, 2022, 07:12 AM
Version: 1.8.0.332.b09-alt0_0.1.eajpp8
Summary: OpenJDK Runtime Environment 8
Changelog:
- New version.
- Seciruty fixes:
  + JDK-8270504, CVE-2022-21426: Better XPath expression handling
  + JDK-8275151, CVE-2022-21443: Improved Object Identification
  + JDK-8277672, CVE-2022-21434: Better invocation handler handling
  + JDK-8278008, CVE-2022-21476: Improve Santuario processing
  + JDK-8278972, CVE-2022-21496: Improve URL supports
node Apr 23, 2022, 05:07 PMApr 23, 2022, 05:07 PM
Version: 14.19.1-alt1
Summary: Evented I/O for V8 Javascript
Changelog:
- new version 14.19.1 (with rpmrb script)
- set openssl >= 1.1.1n
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)
libinput Apr 20, 2022, 10:27 AMApr 20, 2022, 10:27 AM
Version: 1.19.4-alt1
Summary: Input devices library
Changelog:
- 1.19.4 (fixed CVE-2022-1215)
golang Apr 15, 2022, 05:35 PMApr 15, 2022, 05:35 PM
Version: 1.17.9-alt1.p10
Summary: The Go Programming Language
Changelog:
- New version (1.17.9) (Fixes: CVE-2022-24675, CVE-2022-28327, CVE-2022-27536).
python3-module-django Apr 12, 2022, 08:26 AMApr 12, 2022, 08:26 AM
Version: 3.2.13-alt1
Summary: A high-level Python 3 Web framework that encourages rapid development and clean, pragmatic design.
Changelog:
- 3.2.12 -> 3.2.13
- Fixes:
  * CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra()
  * CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL
gzip Apr 8, 2022, 04:54 AMApr 8, 2022, 04:54 AM
Version: 1.12-alt1
Summary: The GNU data compression program
Changelog:
- gzip: v1.10-31-g34db0a2 -> v1.12-3-g83c65d1 (fixes: CVE-2022-1271).
docker-engine Mar 28, 2022, 06:21 PMMar 28, 2022, 06:21 PM
Version: 20.10.14-alt1
Summary: The open-source application container engine
Changelog:
- 20.10.14 (Fixes: CVE-2022-24769)
git Mar 24, 2022, 02:31 AMMar 24, 2022, 02:31 AM
Version: 2.33.2-alt1
Summary: Git core and tools
Changelog:
- 2.33.1 -> 2.33.2 (fixes: CVE-2022-24765).
openssh Mar 22, 2022, 07:40 PMMar 22, 2022, 07:40 PM
Version: 7.9p1-alt4.p10.1
Summary: OpenSSH free Secure Shell (SSH) implementation
Changelog:
- Backported upstream security fixes (fixes CVE-2019-6111, CVE-2019-6109).
cri-o Mar 21, 2022, 06:15 PMMar 21, 2022, 06:15 PM
Version: 1.22.3-alt2
Summary: Kubernetes Container Runtime Interface for OCI-based containers
Changelog:
- Add cve fix to changelog
- Fixes: CVE-2022-0811
apache2 Mar 20, 2022, 02:55 PMMar 20, 2022, 02:55 PM
Version: 2.4.53-alt1
Summary: The most widely used Web server on the Internet
Changelog:
- 2.4.53 (Fixes:  CVE-2022-23943, CVE-2022-22721,  CVE-2022-22720, CVE-2022-22719)
bind Mar 17, 2022, 04:28 PMMar 17, 2022, 04:28 PM
Version: 9.11.37-alt1
Summary: ISC BIND - DNS server
Changelog:
- 9.11.36 -> 9.11.37 (fixes: CVE-2021-25220).
krb5 Mar 15, 2022, 01:17 PMMar 15, 2022, 01:17 PM
Version: 1.19.3-alt1
Summary: The Kerberos network authentication system
Changelog:
- 1.19.2 (Fixes: CVE-2021-37750)
thunderbird Mar 14, 2022, 12:16 AMMar 14, 2022, 12:16 AM
Version: 91.7.0-alt1
Summary: Thunderbird is Mozilla's e-mail client
Changelog:
- New version.
- Security fixes:
  + CVE-2022-26383 Browser window spoof using fullscreen mode
  + CVE-2022-26384 iframe allow-scripts sandbox bypass
  + CVE-2022-26387 Time-of-check time-of-use bug when verifying add-on signatures
  + CVE-2022-26381 Use-after-free in text reflows
  + CVE-2022-26386 Temporary files downloaded to /tmp and accessible by other local users
glpi Mar 11, 2022, 09:50 AMMar 11, 2022, 09:50 AM
Version: 9.5.7-alt1
Summary: IT and asset management software
Changelog:
- New version 9.5.7
- This is a security release, upgrading is recommended
- Security fixes:
 + CVE-2022-21720 : SQL injection using custom CSS administration form
 + CVE-2022-21719 : Reflected XSS using reload button
polkit Feb 28, 2022, 04:00 PMFeb 28, 2022, 04:00 PM
Version: 0.120-alt1.qa2
Summary: PolicyKit Authorization Framework
Changelog:
- upplied upstream fix for CVE-2021-4115 (GHSL-2021-077)
qemu Feb 24, 2022, 04:04 PMFeb 24, 2022, 04:04 PM
Version: 6.1.1-alt1
Summary: QEMU CPU Emulator
Changelog:
- 6.1.1
- Fixes for the following security vulnerabilities:
  + CVE-2021-3713 uas: add stream number sanity checks
  + CVE-2021-3947 hw/nvme: fix buffer overrun in nvme_changed_nslist
  + CVE-2021-20196 hw/block/fdc: Kludge missing floppy drive
  + CVE-2021-20203 net: vmxnet3: validate configuration values during activate
  + CVE-2021-4158 acpi: validate hotplug selector on access
  + CVE-2022-0358 virtiofsd: Drop membership of all supplementary groups
  + CVE-2021-3929 hw/nvme: fix
- 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread
tcpreplay Feb 23, 2022, 09:56 AMFeb 23, 2022, 09:56 AM
Version: 4.4.1-alt1
Summary: A tool to replay captured network traffic
Changelog:
- 4.4.1 (Fixes: CVE-2021-45387, CVE-2021-45386)
snapd Feb 20, 2022, 02:59 PMFeb 20, 2022, 02:59 PM
Version: 2.54.3-alt1
Summary: A transactional software package manager
Changelog:
- 2.54.3 (Fixes: CVE-2021-44730, CVE-2021-44731, CVE-2021-4120)
php7 Feb 19, 2022, 11:19 AMFeb 19, 2022, 11:19 AM
Version: 7.4.28-alt1
Summary: The PHP7 scripting language
Changelog:
- 7.4.28 (Fixes: CVE-2021-21708)
java-11-openjdk Feb 18, 2022, 05:21 PMFeb 18, 2022, 05:21 PM
Version: 11.0.14.1.1-alt1_1jpp11
Summary: OpenJDK Runtime Environment 11
Changelog:
- New version.
- Security fixes
  + JDK-8217375: jarsigner breaks old signature with long lines in manifest
  + JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside
  + JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
  + JDK-8268488: More valuable DerValues
  + JDK-8268494: Better inlining of inlined interfaces
  + JDK-8268512: More content for ContentInfo
  + JDK-8268795: Enhance digests of Jar files
  + JDK-8268801: Improve PKCS attribute handling
  + JDK-8268813, CVE-2022-21283: Better String matching
  + JDK-8269151: Better construction of EncryptedPrivateKeyInfo
  + JDK-8269944: Better HTTP transport redux
  + JDK-8270386, CVE-2022-21291: Better verification of scan methods
  + JDK-8270392, CVE-2022-21293: Improve String constructions
  + JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
  + JDK-8270492, CVE-2022-21282: Better resolution of URIs
  + JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
  + JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
  + JDK-8270952, CVE-2022-21277: Improve TIFF file handling
  + JDK-8271962: Better TrueType font loading
  + JDK-8271968: Better canonical naming
  + JDK-8271987: Manifest improved manifest entries
  + JDK-8272014, CVE-2022-21305: Better array indexing
  + JDK-8272026, CVE-2022-21340: Verify Jar Verification
  + JDK-8272236, CVE-2022-21341: Improve serial forms for transport
  + JDK-8272272: Enhance jcmd communication
  + JDK-8272462: Enhance image handling
  + JDK-8273290: Enhance sound handling
  + JDK-8273756, CVE-2022-21360: Enhance BMP image support
  + JDK-8273838, CVE-2022-21365: Enhanced BMP processing
  + JDK-8274096, CVE-2022-21366: Improve decoding of image files
  + JDK-8279541: Improve HarfBuzz
- Fixed linking libraries.
- Removed duplicated files with legal information from packages.
Back to Top