Security

dhcp June 1, 2021, 6:29 p.m. June 1, 2021, 6:29 p.m.
Version: 4.4.2.P1-alt1
Summary: Dynamic Host Configuration Protocol (DHCP) distribution
Changelog:
- Updated to 4.4.2-P1 (fixes: CVE-2021-25217).
gnutls30 May 31, 2021, 6:58 p.m. May 31, 2021, 6:58 p.m.
Version: 3.6.16-alt1
Summary: A TLS protocol implementation
Changelog:
- Updated to 3.6.16 (fixes: CVE-2021-20305).
- Dropped obsoleted patches.
chess May 17, 2021, 8:27 p.m. May 17, 2021, 8:27 p.m.
Version: 6.2.8-alt1
Summary: The GNU chess program
Changelog:
- Updated to 6.2.8.
- Updated book to 1.02.
- Fixed CVE-2021-30184.
- Packed watch and upstream public signing key to sourcerpm.
libpano13 May 12, 2021, 10:57 a.m. May 12, 2021, 10:57 a.m.
Version: 2.9.20-alt1
Summary: libpano13 - library for panorama stitching programs. This is new generation and development version
Changelog:
- 2.9.20 (fixed CVE-2021-20307)
tcpreplay May 11, 2021, 4:46 p.m. May 11, 2021, 4:46 p.m.
Version: 4.3.4-alt1
Summary: A tool to replay captured network traffic
Changelog:
- 4.3.4 (Fixes: CVE-2020-24266, CVE-2020-24265)
exim May 5, 2021, 10:12 p.m. May 5, 2021, 10:12 p.m.
Version: 4.94.2-alt1
Summary: Exim MTA
Changelog:
- update to 4.94.2 (fix CVE-2020-28007 ... CVE-2020-28026 and CVE-2021-27216)
avahi April 28, 2021, 2:38 p.m. April 28, 2021, 2:38 p.m.
Version: 0.8-alt2
Summary: Local network service discovery
Changelog:
- avoid infinite-loop in avahi-daemon (closes: #39357) (fixes: CVE-2021-3468)
SPICE April 22, 2021, 5:49 p.m. April 22, 2021, 5:49 p.m.
Version: 0.15.0-alt1
Summary: Implements the SPICE protocol
Changelog:
- 0.15.0 (Fixes: CVE-2020-14355)
python3-module-Pillow April 8, 2021, 6:44 p.m. April 8, 2021, 6:44 p.m.
Version: 8.1.2-alt1
Summary: Python Imaging Library
Changelog:
- 8.1.2 released (fixes: CVE-2021-27921, CVE-2021-27922, CVE-2021-27923)
wpa_supplicant March 1, 2021, 1:53 p.m. March 1, 2021, 1:53 p.m.
Version: 2.9-alt4
Summary: wpa_supplicant is an implementation of the WPA Supplicant component
Changelog:
- P2P: Fix a corner case in peer addition based on PD Request
  (Fixes: CVE-2021-27803)
ipmitool Feb. 27, 2021, 12:46 p.m. Feb. 27, 2021, 12:46 p.m.
Version: 1.8.18-alt4
Summary: ipmitool - Utility for IPMI control
Changelog:
- applied patches from upstream git to fix security issue (Fixes: CVE-2020-5208)
  see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
- added upstream fix FTBFS with gcc-10
xterm Feb. 24, 2021, 3:22 p.m. Feb. 24, 2021, 3:22 p.m.
Version: 366-alt1
Summary: A standard terminal emulator for the X Window System
Changelog:
- Autobuild version bump to 366
- CVE-2021-27135 (Closes: #39725)
dotnet-bootstrap-2.1 Feb. 17, 2021, 2:52 p.m. Feb. 17, 2021, 2:52 p.m.
Version: 2.1.25-alt1
Summary: .NET Core SDK binaries
Changelog:
- new version (2.1.25) with rpmgs script
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
subversion Feb. 14, 2021, 9:22 p.m. Feb. 14, 2021, 9:22 p.m.
Version: 1.14.1-alt1
Summary: A version control system
Changelog:
- New version.
- Fixes:
  + CVE-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn
java-1.8.0-openjdk Feb. 3, 2021, 9:29 p.m. Feb. 3, 2021, 9:29 p.m.
Version: 1.8.0.282.b08-alt1_0jpp8
Summary: OpenJDK Runtime Environment 8
Changelog:
- New version (ALT #39635)
- Require ca-trust-java instead of ca-trust (ALT #35690)
- Package nss.cfg
- Security fixes since 1.8.0.212.b04-alt2_0jpp8:
  + JDK-8247619 Improve Direct Buffering of Characters
  + CVE-2020-14779 Enhance support of Proxy class.
  + CVE-2020-14781 Enhanced LDAP contexts.
  + CVE-2020-14782 Enhance certificate processing.
  + CVE-2020-14792 Better range handling.
  + CVE-2020-14796 Improved URI Support.
  + CVE-2020-14797 Better Path Validation.
  + CVE-2020-14798 Enhanced buffer support.
  + CVE-2020-14803 Improved Buffer supports.
  + CVE-2020-14779 Enhance support of Proxy class
  + CVE-2020-14781 Enhanced LDAP contexts
  + CVE-2020-14782 Enhance certificate processing
  + CVE-2020-14792 Better range handling
  + CVE-2020-14796 Improved URI Support
  + CVE-2020-14797 Better Path Validation
  + CVE-2020-14798 Enhanced buffer support
  + CVE-2020-14803 Improved Buffer supports
  + CVE-2020-14579 NullPointerException in DerValue.equals(DerValue)
  + CVE-2020-14578 NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
  + CVE-2020-14556 Better ForkJoinPool behavior
  + CVE-2020-14577 Enhance certificate verification
  + CVE-2020-14581 Better matrix operations
  + CVE-2020-14583 Better Buffer support
  + CVE-2020-14593 Less Affine Transformations
  + CVE-2020-14621 Better XML namespace handling
  + CVE-2020-2754 Forward references to Nashorn
  + CVE-2020-2755 Improve Nashorn matching
  + CVE-2020-2756 Better mapping of serial ENUMs
  + CVE-2020-2757 Less Blocking Array Queues
  + CVE-2020-2773 Better signatures in XML
  + CVE-2020-2781 Improve TLS session handling
  + CVE-2020-2800 Better Headings for HTTP Servers
  + CVE-2020-2803 Enhance buffering of byte buffers
  + CVE-2020-2805 Enhance typing of methods
  + CVE-2020-2830 Better Scanner conversions
  + CVE-2019-2933 Windows file handling redux.
  + CVE-2019-2945 Better socket support.
  + CVE-2019-2949 Better Kerberos ccache handling.
  + CVE-2019-2958 Build Better Processes.
  + CVE-2019-2964 Better support for patterns.
  + CVE-2019-2962 Better Glyph Images.
  + CVE-2019-2973 Better pattern compilation.
  + CVE-2019-2975 Unexpected exception in jjs.
  + CVE-2019-2978 Improved handling of jar files.
  + CVE-2019-2981 Better Path supports.
  + CVE-2019-2983 Better serial attributes.
  + CVE-2019-2987 Better rendering of native glyphs.
  + CVE-2019-2988 Better Graphics2D drawing.
  + CVE-2019-2989 Improve TLS connection support.
  + CVE-2019-2992 Enhance font glyph mapping.
  + CVE-2019-2999 Commentary on Javadoc comments.
  + CVE-2019-2894 Enhance ECDSA operations.
  + CVE-2019-2745 Improved ECC Implementation.
  + CVE-2019-2762 Exceptional throw cases.
  + CVE-2019-2766 Improve file protocol handling.
  + CVE-2019-2769 Better copies of CopiesList.
  + CVE-2019-2786 More limited privilege usage.
  + CVE-2019-7317 Improve PNG support options.
  + CVE-2019-2816 Normalize normalization.
  + CVE-2019-2842 Extended AES support.
trousers Jan. 26, 2021, 12:56 p.m. Jan. 26, 2021, 12:56 p.m.
Version: 0.3.15-alt1
Summary: Implementation of the TCG's Software Stack
Changelog:
- 0.3.15 released
- Corrected mutliple security issues in tcsd
  (Fixes: CVE-2020-24332, CVE-2020-24330, CVE-2020-24331)
shellinabox Jan. 22, 2021, 10:54 a.m. Jan. 22, 2021, 10:54 a.m.
Version: 2.20-alt2
Summary: AJAX based terminal emulator exporting a console to the browser
Changelog:
- Applied security fix from upstream (Fixes CVE-2018-16789).
libevt Jan. 22, 2021, 10:20 a.m. Jan. 22, 2021, 10:20 a.m.
Version: 20140411-alt2
Summary: Library and tools to access the Windows Event Log (EVT) format
Changelog:
- Applied security fix from upstream (Fixes CVE-2018-8754).
libmspack Jan. 21, 2021, 6:16 p.m. Jan. 21, 2021, 6:16 p.m.
Version: 0.6-alt2
Summary: Compressors and decompressors for Microsoft compression formats
Changelog:
- Applied security fix from upstream (Fixes CVE-2018-18584).
spice-vdagent Jan. 21, 2021, 3:40 p.m. Jan. 21, 2021, 3:40 p.m.
Version: 0.21.0-alt1
Summary: Agent for Spice guests
Changelog:
- new version 0.21.0 (Fixes CVE-2020-25650, CVE-2020-25651, CVE-2020-25652, CVE-2020-25653).
fleet Jan. 21, 2021, 2:37 p.m. Jan. 21, 2021, 2:37 p.m.
Version: 3.6.0-alt1
Summary: The premier osquery fleet manager.
Changelog:
- Updated to upstream version 3.6.0 (Fixes: CVE-2020-26276).
rclone Jan. 21, 2021, 11:53 a.m. Jan. 21, 2021, 11:53 a.m.
Version: 1.53.4-alt1
Summary: rsync for cloud storage
Changelog:
- New version 1.53.4 (Fixes: CVE-2020-28924).
x11vnc Jan. 21, 2021, 9:31 a.m. Jan. 21, 2021, 9:31 a.m.
Version: 0.9.16-alt2
Summary: VNC server for real X displays
Changelog:
- Applied security fix from upstream (Fixes: CVE-2020-29074).
libexif Jan. 19, 2021, 1:26 a.m. Jan. 19, 2021, 1:26 a.m.
Version: 0.6.22-alt3
Summary: libexif is a library for parsing, editing, and saving EXIF data
Changelog:
- added upstream commit:
  + fixed a incorrect overflow check that could be optimized away
    (fixes CVE-2020-0452)
edk2-tools Dec. 25, 2020, 10:38 p.m. Dec. 25, 2020, 10:38 p.m.
Version: 20201127-alt1
Summary: EFI Development Kit II Tools
Changelog:
- edk2-stable202011 (Fixes: CVE-2019-14584, CVE-2019-11098)
a2ps Dec. 18, 2020, 3:52 p.m. Dec. 18, 2020, 3:52 p.m.
Version: 4.14-alt3
Summary: Any to PostScript filter
Changelog:
- Applied security patches from Debian and Gentoo (Fixes: CVE-2014-0466, CVE-2015-8107).
icoutils Dec. 18, 2020, 10:46 a.m. Dec. 18, 2020, 10:46 a.m.
Version: 0.32.3-alt1
Summary: Utility for extracting and converting Microsoft icon and cursor files
Changelog:
- Updated to upstream version 0.32.3 (Fixes: CVE-2017-5208,
  CVE-2017-5331, CVE-2017-5332, CVE-2017-5333).
dnstracer Dec. 17, 2020, 4:07 p.m. Dec. 17, 2020, 4:07 p.m.
Version: 1.9-alt2
Summary: A tool to trace DNS queries
Changelog:
- Applied security patch from Gentoo (Fixes: CVE-2017-9430).
mgetty Dec. 17, 2020, 12:24 p.m. Dec. 17, 2020, 12:24 p.m.
Version: 1.2.1-alt1
Summary: A getty replacement for use with data and fax modems
Changelog:
- Updated to upstream version 1.2.1 (Fixes: CVE-2018-16741, CVE-2018-16742,
  CVE-2018-16743, CVE-2018-16744, CVE-2018-16745, CVE-2019-1010189, CVE-2019-1010190).
3proxy Dec. 9, 2020, 2:46 p.m. Dec. 9, 2020, 2:46 p.m.
Version: 0.6.1-alt2
Summary: Proxy server
Changelog:
- Applied security fix from upstream (Fixes: CVE-2019-14495).
Back to Top