Security

ntfs-3g Aug 31, 2021, 05:02 PMAug 31, 2021, 05:02 PM
Version: 2021.8.22-alt1
Summary: third generation Linux NTFS driver
Changelog:
- 2021.8.22 (Fixes: CVE-2021-33285, CVE-2021-35269, CVE-2021-35268, CVE-2021-33289,
  CVE-2021-33286, CVE-2021-35266, CVE-2021-33287, CVE-2021-35267, CVE-2021-39251,
  CVE-2021-39252, CVE-2021-39253, CVE-2021-39254, CVE-2021-39255, CVE-2021-39256,
  CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261,
  CVE-2021-39262, CVE-2021-39263)
openldap Aug 16, 2021, 03:47 PMAug 16, 2021, 03:47 PM
Version: 2.4.59-alt1
Summary: LDAP libraries and sample clients
Changelog:
- 2.4.59
- Fixes:
  + CVE-2021-27212 Fixed slapd validity checks for issuerAndThisUpdateCheck
- Enable experimental support for LDAP over UDP (LDAP_CONNECTIONLESS)
- Fix coverity issues
- Build without MP_2 support
dovecot Aug 12, 2021, 01:39 PMAug 12, 2021, 01:39 PM
Version: 2.3.16-alt1
Summary: Dovecot secure IMAP/POP3 server
Changelog:
- Updated to 2.3.16 (fixes CVE-2021-33515, CVE-2021-29157, CVE-2021-33515, CVE-2021-29157).
- Package watch file.
python Aug 4, 2021, 08:40 PMAug 4, 2021, 08:40 PM
Version: 2.7.18-alt6
Summary: An interpreted, interactive object-oriented programming language
Changelog:
- Adopted patches from Fedora project (fixed CVE-2020-27619, CVE-2021-3177 and
  CVE-2021-23336).
libslirp Jul 19, 2021, 06:15 PMJul 19, 2021, 06:15 PM
Version: 4.6.1-alt1
Summary: A general purpose TCP-IP emulator
Changelog:
- new version 4.6.1 (Fixes: CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595)
cacti Jul 17, 2021, 04:35 PMJul 17, 2021, 04:35 PM
Version: 1.2.18-alt1
Summary: The complete RRDTool-based graphing solution.
Changelog:
- 1.2.18
- Fixes:
  + CVE-2020-35701 SQL Injection was possible due to incorrect validation order
  + CVE-2020-14424 Lack of escaping on file input fields can lead to XSS exposure under midwinter theme
lasso Jul 12, 2021, 10:37 AMJul 12, 2021, 10:37 AM
Version: 2.7.0-alt1
Summary: Liberty Alliance Single Sign On
Changelog:
- New version.
- Upstream:
  + CVE-2021-28091: Fix signature checking on unsigned response with multiple assertions.
  + configure.ac: Disable java bindings.
mariadb Jul 11, 2021, 09:36 PMJul 11, 2021, 09:36 PM
Version: 10.4.20-alt1
Summary: A very fast and reliable SQL database engine
Changelog:
- 10.4.20 (ALT #40403)
- Fixes for the following security vulnerabilities:
  + CVE-2021-27928
  + CVE-2021-2166
  + CVE-2021-2154
glibc Jul 9, 2021, 07:46 AMJul 9, 2021, 07:46 AM
Version: 2.32-alt4
Summary: The GNU libc libraries
Changelog:
- Updated to glibc-2.32-50-g737efa27fc from 2.32 branch
  (fixes: CVE-2021-35942).
audiofile Jul 5, 2021, 02:34 PMJul 5, 2021, 02:34 PM
Version: 0.3.6-alt4
Summary: Library to handle various audio file formats
Changelog:
- applied debian patchset (fixed CVE-2018-13440, CVE-2018-17095)
- made flac support optional (enabled by default)
- made %check verbose
- enabled documentation
- fixed License tag
neomutt Jul 4, 2021, 09:50 PMJul 4, 2021, 09:50 PM
Version: 20210205-alt2
Summary: A version of Mutt with added features
Changelog:
- Fix CVE-2021-32055.
mediawiki-extensions-Widgets Jun 27, 2021, 10:12 PMJun 27, 2021, 10:12 PM
Version: 1.3.0-alt1git
Summary: Widgets extension allows adding widgets to wiki by just creating pages in Widget namespace
Changelog:
- new version (1.3.0) with rpmgs script
- CVE-2020-9382, CVE-2020-35625
squid Jun 24, 2021, 06:56 PMJun 24, 2021, 06:56 PM
Version: 4.15-alt1
Summary: The Squid proxy caching server
Changelog:
- 4.15
- Fixes:
  + CVE-2020-25097 HTTP Request Smuggling.
  + CVE-2021-28651 Denial of Service in URN processing.
  + CVE-2021-28652 Denial of Service issue in Cache Manager.
  + CVE-2021-28662 Denial of Service in HTTP Response Processing.
  + CVE-2021-31806 Improper input validation in HTTP Range header.
  + CVE-2021-31807 Incorrect memory management may lead to DoS.
  + CVE-2021-31808 An integer overflow may lead to a DoS.
  + CVE-2021-33620 Denial of Service in HTTP Response processing.
- update langpack to 20210511
libxml2 Jun 24, 2021, 05:22 PMJun 24, 2021, 05:22 PM
Version: 2.9.12-alt1
Summary: The library for manipulating XML files
Changelog:
- 2.9.12 (Fixes: CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541)
firmware-intel-ucode Jun 14, 2021, 04:40 PMJun 14, 2021, 04:40 PM
Version: 16-alt1.20210608
Summary: Microcode definitions for Intel processors
Changelog:
- Sync with Debian 3.20210608.1:
  + New upstream microcode datafile 20210608:
    + Implements mitigations for CVE-2020-24511 CVE-2020-24512
      (INTEL-SA-00464), information leakage through shared resources,
      and timing discrepancy sidechannels
    + Implements mitigations for CVE-2020-24513 (INTEL-SA-00465),
      Domain-bypass transient execution vulnerability in some Intel Atom
      Processors, affects Intel SGX.
    + Implements mitigations for CVE-2021-24489 (INTEL-SA-00442), Intel
      VT-d privilege escalation
    + Fixes critical errata on several processors
    + New Microcodes:
      sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104
      sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648
      sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648
      sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
      sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
      sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568
      sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208
      sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328
      sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456
      sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456
      sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352
    + Updated Microcodes:
      sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816
      sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456
      sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472
      sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744
      sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816
      sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864
      sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720
      sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720
      sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648
      sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576
      sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576
      sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456
      sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408
      sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360
      sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472
      sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264
      sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752
      sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776
      sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592
      sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768
      sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424
      sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400
      sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
      sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
      sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184
      sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208
      sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208
      sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208
      sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184
dhcp Jun 1, 2021, 06:29 PMJun 1, 2021, 06:29 PM
Version: 4.4.2.P1-alt1
Summary: Dynamic Host Configuration Protocol (DHCP) distribution
Changelog:
- Updated to 4.4.2-P1 (fixes: CVE-2021-25217).
gnutls30 May 31, 2021, 06:58 PMMay 31, 2021, 06:58 PM
Version: 3.6.16-alt1
Summary: A TLS protocol implementation
Changelog:
- Updated to 3.6.16 (fixes: CVE-2021-20305).
- Dropped obsoleted patches.
chess May 17, 2021, 08:27 PMMay 17, 2021, 08:27 PM
Version: 6.2.8-alt1
Summary: The GNU chess program
Changelog:
- Updated to 6.2.8.
- Updated book to 1.02.
- Fixed CVE-2021-30184.
- Packed watch and upstream public signing key to sourcerpm.
libpano13 May 12, 2021, 10:57 AMMay 12, 2021, 10:57 AM
Version: 2.9.20-alt1
Summary: libpano13 - library for panorama stitching programs. This is new generation and development version
Changelog:
- 2.9.20 (fixed CVE-2021-20307)
exim May 5, 2021, 10:12 PMMay 5, 2021, 10:12 PM
Version: 4.94.2-alt1
Summary: Exim MTA
Changelog:
- update to 4.94.2 (fix CVE-2020-28007 ... CVE-2020-28026 and CVE-2021-27216)
avahi Apr 28, 2021, 02:38 PMApr 28, 2021, 02:38 PM
Version: 0.8-alt2
Summary: Local network service discovery
Changelog:
- avoid infinite-loop in avahi-daemon (closes: #39357) (fixes: CVE-2021-3468)
SPICE Apr 22, 2021, 05:49 PMApr 22, 2021, 05:49 PM
Version: 0.15.0-alt1
Summary: Implements the SPICE protocol
Changelog:
- 0.15.0 (Fixes: CVE-2020-14355)
python3-module-Pillow Apr 8, 2021, 06:44 PMApr 8, 2021, 06:44 PM
Version: 8.1.2-alt1
Summary: Python Imaging Library
Changelog:
- 8.1.2 released (fixes: CVE-2021-27921, CVE-2021-27922, CVE-2021-27923)
ipmitool Feb 27, 2021, 12:46 PMFeb 27, 2021, 12:46 PM
Version: 1.8.18-alt4
Summary: ipmitool - Utility for IPMI control
Changelog:
- applied patches from upstream git to fix security issue (Fixes: CVE-2020-5208)
  see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
- added upstream fix FTBFS with gcc-10
xterm Feb 24, 2021, 03:22 PMFeb 24, 2021, 03:22 PM
Version: 366-alt1
Summary: A standard terminal emulator for the X Window System
Changelog:
- Autobuild version bump to 366
- CVE-2021-27135 (Closes: #39725)
dotnet-bootstrap-2.1 Feb 17, 2021, 02:52 PMFeb 17, 2021, 02:52 PM
Version: 2.1.25-alt1
Summary: .NET Core SDK binaries
Changelog:
- new version (2.1.25) with rpmgs script
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
subversion Feb 14, 2021, 09:22 PMFeb 14, 2021, 09:22 PM
Version: 1.14.1-alt1
Summary: A version control system
Changelog:
- New version.
- Fixes:
  + CVE-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn
trousers Jan 26, 2021, 12:56 PMJan 26, 2021, 12:56 PM
Version: 0.3.15-alt1
Summary: Implementation of the TCG's Software Stack
Changelog:
- 0.3.15 released
- Corrected mutliple security issues in tcsd
  (Fixes: CVE-2020-24332, CVE-2020-24330, CVE-2020-24331)
shellinabox Jan 22, 2021, 10:54 AMJan 22, 2021, 10:54 AM
Version: 2.20-alt2
Summary: AJAX based terminal emulator exporting a console to the browser
Changelog:
- Applied security fix from upstream (Fixes CVE-2018-16789).
libevt Jan 22, 2021, 10:20 AMJan 22, 2021, 10:20 AM
Version: 20140411-alt2
Summary: Library and tools to access the Windows Event Log (EVT) format
Changelog:
- Applied security fix from upstream (Fixes CVE-2018-8754).
Back to Top