Security
Apr 22, 2024, 10:15 AM
flatpak
Version: 1.14.6-alt1
Summary: Application deployment framework for desktop apps
Changelog:
- 1.14.6 (fixed CVE-2024-32462)
Apr 18, 2024, 06:09 PM
freerdp
Version: 2.11.6-alt1
Summary: Remote Desktop Protocol functionality
Changelog:
- New version - Security fixes: + CVE-2024-32041 [Low[ OutOfBound Read in zgfx_decompress_segment + CVE-2024-32039 Integer overflow & OutOfBound Write in clear_decompress_residual_data + CVE-2024-32040 integer underflow in nsc_rle_decode + CVE-2024-32458 OutOfBound Read in planar_skip_plane_rle + CVE-2024-32459 OutOfBound Read in ncrush_decompress + CVE-2024-32460 OutOfBound Read in interleaved_decompress
Apr 18, 2024, 05:55 PM
freerdp3
Version: 3.5.0-alt1
Summary: Remote Desktop Protocol functionality
Changelog:
- New version. - Security fixes: + CVE-2024-32041 OutOfBound Read in zgfx_decompress_segment + CVE-2024-32039 Integer overflow & OutOfBound Write in clear_decompress_residual_data + CVE-2024-32040 integer underflow in nsc_rle_decode + CVE-2024-32458 OutOfBound Read in planar_skip_plane_rle + CVE-2024-32459 OutOfBound Read in ncrush_decompress + CVE-2024-32460 OutOfBound Read in interleaved_decompress
Apr 16, 2024, 06:41 PM
firefox-esr
Version: 115.10.0-alt1
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
Changelog:
- New ESR version. - Security fixes + CVE-2024-3852 GetBoundName in the JIT returned the wrong object + CVE-2024-3854 Out-of-bounds-read after mis-optimized switch statement + CVE-2024-3857 Incorrect JITting of arguments led to use-after-free during garbage collection + CVE-2024-2609 Permission prompt input delay could expire when not in focus + CVE-2024-3859 Integer-overflow led to out-of-bounds-read in the OpenType sanitizer + CVE-2024-3861 Potential use-after-free due to AlignedBuffer self-move + CVE-2024-3863 Download Protections were bypassed by .xrm-ms files on Windows + CVE-2024-3302 Denial of Service using HTTP/2 CONTINUATION frames + CVE-2024-3864 Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
Apr 12, 2024, 07:46 PM
php8.2
Version: 8.2.18-alt1
Summary: The PHP scripting language
Changelog:
- 8.2.17 -> 8.2.18 (Fixes: CVE-2024-1874, CVE-2024-2756, CVE-2024-3096)
Apr 12, 2024, 07:36 PM
php8.1
Version: 8.1.28-alt1
Summary: The PHP scripting language
Changelog:
- 8.1.27 -> 8.1.28 (Fixes: CVE-2024-1874, CVE-2024-2756, CVE-2024-3096)
Apr 11, 2024, 12:17 PM
sox
Version: 14.4.2-alt7
Summary: A general purpose sound file conversion tool
Changelog:
- Added patches from debian and fix vulnerabilities (Fixes: CVE-2017-15371, CVE-2019-8355, CVE-2021-33844, CVE-2017-15370, CVE-2019-8356, CVE-2021-3643, CVE-2017-11332, CVE-2019-8357, CVE-2021-40426, CVE-2017-11359, CVE-2023-32627, CVE-2022-31650, CVE-2017-15372, CVE-2017-11358, CVE-2022-31651, CVE-2017-15642, CVE-2019-13590, CVE-2019-8354, CVE-2021-23159): + fixed hcom big endian + fixed resource leak comments + fixed resource leak hcom + added handle vorbis analysis headerout errors + added wavpack check errors + added xa validate channel count
Apr 10, 2024, 03:27 PM
openvswitch
Version: 2.17.9-alt1
Summary: An open source, production quality, multilayer virtual switch
Changelog:
- 2.17.9 (Fixes: CVE-2023-3966, CVE-2023-5366)
Apr 5, 2024, 11:00 AM
libnghttp2
Apr 5, 2024, 10:54 AM
apache2
Version: 2.4.59-alt1
Summary: The most widely used Web server on the Internet
Changelog:
- 2.4.58 -> 2.4.59 (Fixes: CVE-2023-38709, CVE-2024-24795, CVE-2024-27316)
Apr 4, 2024, 09:12 AM
xorg-server
Version: 1.20.14-alt12
Summary: Xserver - X Window System display server
Changelog:
- cherry pick upstream fixes for CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083
Apr 4, 2024, 09:11 AM
xorg-xwayland
Version: 23.1.1-alt5
Summary: Wayland X server
Changelog:
- cherry pick upstream fixes for CVE-2024-31080, CVE-2024-31081, CVE-2024-31083
Apr 3, 2024, 08:02 PM
golang
Version: 1.21.9-alt1
Summary: The Go Programming Language
Changelog:
- New version (1.21.9) (Fixes: CVE-2023-45288).
Apr 3, 2024, 10:18 AM
thunderbird
Version: 115.9.0-alt1
Summary: Thunderbird is Mozilla's e-mail client
Changelog:
- New version. - Security fixes: + CVE-2024-0743 Crash in NSS TLS method + CVE-2024-2605 Windows Error Reporter could be used as a Sandbox escape vector + CVE-2024-2607 JIT code failed to save return registers on Armv7-A + CVE-2024-2608 Integer overflow could have led to out of bounds write + CVE-2024-2616 Improve handling of out-of-memory conditions in ICU + CVE-2023-5388 NSS susceptible to timing attack against RSA decryption + CVE-2024-2610 Improper handling of html and body tags enabled CSP nonce leakage + CVE-2024-2611 Clickjacking vulnerability could have led to a user accidentally granting permissions + CVE-2024-2612 Self referencing object could have potentially led to a use-after-free + CVE-2024-2614 Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
Mar 29, 2024, 08:24 PM
gnutls30
Version: 3.6.16-alt5
Summary: A TLS protocol implementation
Changelog:
- Fix side-channel in the deterministic ECDSA (fixes: CVE-2024-28834). - tests: Add test for CVE-2024-28835. - rsa-psk: minimize branching after decryption (fixes: CVE-2024-0553). - x509: detect loop in certificate chain (fixes: CVE-2024-0567).
Mar 27, 2024, 09:57 PM
buildah
Version: 1.34.3-alt0.p10
Summary: A command line tool used to creating OCI Images
Changelog:
- New version 1.34.3 (Fixes: CVE-2024-1753, CVE-2024-24786 in protobuf module)
Mar 27, 2024, 09:42 PM
podman
Version: 4.9.4-alt0.p10
Summary: Manage pods, containers, and container images
Changelog:
- New version 4.9.4 (Fixes: CVE-2024-1753).
Mar 27, 2024, 12:10 PM
curl
Version: 8.7.1-alt1
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changelog:
- 8.6.0 -> 8.7.1 - Fixes: * CVE-2024-2398: HTTP/2 push headers memory-leak * CVE-2024-2004: Usage of disabled protocol
Mar 27, 2024, 11:45 AM
libfcgi
Mar 21, 2024, 10:28 AM
libvirt
Version: 9.7.0-alt2.p10.2
Summary: Library providing a simple API virtualization
Changelog:
- Check for negative array lengths before allocation (Fixes: CVE-2024-2494)
Mar 20, 2024, 09:57 PM
palemoon
Version: 33.0.1-alt1
Summary: The New Moon browser, an unofficial branding of the Pale Moon project browser
Changelog:
- Release 33.0.1 (CVE-2024-1551)
Mar 19, 2024, 03:17 PM
yandex-browser-stable
Version: 24.1.3.845-alt1
Summary: Yandex Browser
Changelog:
- Browser updated to 24.1.3.845 + High CVE-2024-0333: Insufficient data validation in Extensions. + High CVE-2024-0518: Type confusion in V8 + High CVE-2024-0517: Out of bounds write in V8 + High CVE-2024-0519: Out of bounds memory access in V8
Mar 13, 2024, 08:00 AM
openssh-gostcrypto
Version: 7.9p1-alt4.gost.p10.1
Summary: OpenSSH free Secure Shell (SSH) implementation
Changelog:
- Updated -gostcrypto version to fix security issues (CVE-2019-6111, CVE-2019-6109, CVE-2023-38408 CVE-2023-48795).
Mar 4, 2024, 10:19 AM
qt6-base
Version: 6.4.2-alt5
Summary: Qt6 - QtBase components
Changelog:
- add patches (fixes: CVE-2023-37369 CVE-2023-51714)
Feb 26, 2024, 03:17 PM
python3-module-jinja2
Version: 3.0.1-alt1.p10.1
Summary: The new and improved version of a small but fast template engine
Changelog:
- Fixed CVE-2024-22195.
Feb 19, 2024, 08:58 PM
dnsmasq
Version: 2.90-alt1
Summary: A lightweight caching nameserver
Changelog:
- Fixed different signedness comparison on 32bit systems. - Dropped obsoleted patches. - Patches from upstream git: + Add missing CHANGELOG entries for 2.90; + Fix spurious "resource limit exceeded" messages. - Updated to 2.90 (fixes: CVE-2023-50387,CVE 2023-50868).
Feb 19, 2024, 02:51 AM
dotnet-runtime-8.0
Version: 8.0.2-alt1
Summary: Microsoft .NET Runtime and Microsoft.NETCore.App
Changelog:
- .NET 8.0.2 release - CVE-2023-36038: .NET Denial of Service Vulnerability - CVE-2023-36049: .NET Elevation of Privilege Vulnerability - CVE-2023-36558: .NET Security Feature Bypass Vulnerability - CVE-2024-0056: Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider Information Disclosure Vulnerability - CVE-2024-0057: .NET Security Feature bypass Vulnerability - CVE-2024-21319: .NET Denial of Service Vulnerability - CVE-2024-21386: .NET Denial of Service Vulnerability - CVE-2024-21404: .NET Denial of Service Vulnerability
Feb 18, 2024, 11:04 PM
dotnet-bootstrap-8.0
Version: 8.0.2-alt1
Summary: .NET 8 SDK binaries
Changelog:
- The .NET 8.0.2 and .NET SDK 8.0.2 release - CVE-2023-36038: .NET Denial of Service Vulnerability - CVE-2023-36049: .NET Elevation of Privilege Vulnerability - CVE-2023-36558: .NET Security Feature Bypass Vulnerability - CVE-2024-0056: Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider Information Disclosure Vulnerability - CVE-2024-0057: .NET Security Feature bypass Vulnerability - CVE-2024-21319: .NET Denial of Service Vulnerability - CVE-2024-21386: .NET Denial of Service Vulnerability - CVE-2024-21404: .NET Denial of Service Vulnerability
Feb 17, 2024, 08:09 AM
python3
Version: 3.9.18-alt1
Summary: Version 3 of the Python programming language aka Python 3000
Changelog:
- Updated to upstream version 3.9.18 (Closes: #49415). - Fixed CVE's (Fixes: CVE-2023-0286, CVE-2022-4303, CVE-2023-40217, CVE-2023-24329).
Feb 17, 2024, 08:03 AM
sqlite3
Version: 3.35.5-alt1.p10.1
Summary: An Embeddable SQL Database Engine
Changelog:
- Fixed CVE-2023-7104.
Feb 12, 2024, 08:34 PM
postgresql15-1C
Version: 15.5-alt0.p10.3
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Changelog:
- Fixes CVE-2024-0985 - Update 1C patch
Feb 12, 2024, 08:32 PM
postgresql15
Version: 15.6-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 15.6 (Fixes CVE-2024-0985)
Feb 12, 2024, 08:28 PM
postgresql14
Version: 14.11-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 14.11 (Fixes CVE-2024-0985)
Feb 12, 2024, 08:26 PM
postgresql13
Version: 13.14-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 13.14 (Fixes CVE-2024-0985)
Feb 12, 2024, 08:24 PM
postgresql12
Version: 12.18-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 12.18 (Fixes CVE-2024-0985)
Feb 12, 2024, 08:21 PM
postgresql16
Version: 16.2-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 16.2 (Fixes CVE-2024-0985)
Feb 11, 2024, 04:47 AM
dropbear
Version: 2022.83-alt2
Summary: A smallish SSH server and client
Changelog:
- Backport the fix for the Terrapin attack (fixes CVE-2023-48795). - Undo static linking (ALT#49349).
Feb 10, 2024, 12:17 AM
knot-resolver
Feb 9, 2024, 06:29 PM
lxc
Version: 4.0.12-alt3
Summary: Linux Containers
Changelog:
- Add sysctl config with "fs.inotify.max_user_instances = 1024" (ALT#46072). - Disable build init.lxc.static. - Add subgids and subuids for root. - Backport patches form upstream stable-4.0 branch (Fixes: CVE-2022-47952).
Feb 5, 2024, 12:49 PM
java-17-openjdk
Version: 17.0.10.0.7-alt1
Summary: OpenJDK 17 Runtime Environment
Changelog:
- New version. - Security fixes: - CVE-2024-20918 - CVE-2024-20919 - CVE-2024-20921 - CVE-2024-20932 - CVE-2024-20945 - CVE-2024-20952
Feb 2, 2024, 05:31 PM
runc
Version: 1.1.12-alt1
Summary: CLI for running Open Containers
Changelog:
- New version 1.1.12 (Fixes: CVE-2024-21626). - Drop tmpfiles.d/runc.conf
Feb 1, 2024, 12:18 PM
shim
Version: 15.8-alt1
Summary: First-stage UEFI bootloader
Changelog:
- new version - update shim-15.8-alt-Bump-grub-SBAT-revocation-to-4 patch - Fixes: + CVE-2023-40546 mok: fix LogError() invocation + CVE-2023-40547 - avoid incorrectly trusting HTTP headers + CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system + CVE-2023-40549 Authenticode: verify that the signature header is in bounds. + CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat() + CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries
Jan 30, 2024, 08:37 AM
libssh2
Version: 1.11.0-alt2
Summary: A library implementing the SSH2 protocol
Changelog:
- Applied security fix from upstream (Fixes: CVE-2023-48795).
Jan 18, 2024, 11:08 PM
MySQL
Version: 8.0.36-alt1
Summary: A very fast and reliable SQL database engine
Changelog:
- new version + (fixes: CVE-2024-20960, CVE-2024-20961, CVE-2024-20962, CVE-2024-20963) + (fixes: CVE-2024-20964, CVE-2024-20965, CVE-2024-20966, CVE-2024-20967) + (fixes: CVE-2024-20968, CVE-2024-20969, CVE-2024-20970, CVE-2024-20971) + (fixes: CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20975) + (fixes: CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20981) + (fixes: CVE-2024-20982, CVE-2024-20983, CVE-2024-20984, CVE-2024-20985) - update mysql-shell 8.0.35 -> 8.0.36
Jan 16, 2024, 03:40 PM
frr
Version: 9.0.2-alt1
Summary: FRRouting Routing daemon
Changelog:
- 9.0.2 (Fixes: CVE-2023-46752, CVE-2023-46753, CVE-2023-47234, CVE-2023-47235)
Jan 16, 2024, 08:00 AM
openssh
Version: 7.9p1-alt4.p10.4
Summary: OpenSSH free Secure Shell (SSH) implementation
Changelog:
- Backported upstream security fix for Terrapin attack (fixes CVE-2023-48795).
Jan 15, 2024, 01:38 PM
krb5
Version: 1.19.4-alt3
Summary: The Kerberos network authentication system
Changelog:
- Backport fixes for bronze bit attack (fixes: CVE-2022-37967).
Jan 12, 2024, 10:52 AM
libssh
Version: 0.10.6-alt1
Summary: C library to authenticate in a simple manner to one or more SSH servers
Changelog:
- new version (fixes: CVE-2023-6004 CVE-2023-48795 CVE-2023-6918) (closes: 49050)
Jan 9, 2024, 02:05 AM
dotnet-runtime-6.0
Version: 6.0.25-alt1
Summary: Microsoft .NET Runtime and Microsoft.NETCore.App
Changelog:
- .NET 6.0.25 - CVE-2023-36049: .NET Elevation of Privilege Vulnerability - CVE-2023-36558: .NET Security Feature Bypass Vulnerability - CVE-2023-36792: .NET Remote Code Execution Vulnerability - CVE-2023-36793: .NET Remote Code Execution Vulnerability - CVE-2023-36794: .NET Remote Code Execution Vulnerability - CVE-2023-36796: .NET Remote Code Execution Vulnerability - CVE-2023-36799: .NET Denial of Service Vulnerability - CVE-2023-44487: .NET Denial of Service Vulnerability - CVE-2023-44487: .NET Denial of Service Vulnerability - CVE-2023-36792: .NET Remote Code Execution Vulnerability - CVE-2023-36793: .NET Remote Code Execution Vulnerability - CVE-2023-36794: .NET Remote Code Execution Vulnerability - CVE-2023-36796: .NET Remote Code Execution Vulnerability - CVE-2023-36799: .NET Denial of Service Vulnerability - CVE-2023-35390: .NET Remote Code Execution Vulnerability - CVE-2023-38180: .NET Denial of Service Vulnerability - CVE-2023-35391: .NET Information Disclosure Vulnerability
Jan 9, 2024, 02:01 AM
dotnet-bootstrap-6.0
Version: 6.0.25-alt1
Summary: .NET Core SDK binaries
Changelog:
- The .NET 6.0.25 and .NET SDK 6.0.125 releases - CVE-2023-36049: .NET Elevation of Privilege Vulnerability - CVE-2023-36558: .NET Security Feature Bypass Vulnerability - CVE-2023-36792: .NET Remote Code Execution Vulnerability - CVE-2023-36793: .NET Remote Code Execution Vulnerability - CVE-2023-36794: .NET Remote Code Execution Vulnerability - CVE-2023-36796: .NET Remote Code Execution Vulnerability - CVE-2023-36799: .NET Denial of Service Vulnerability - CVE-2023-44487: .NET Denial of Service Vulnerability - CVE-2023-44487: .NET Denial of Service Vulnerability - CVE-2023-36792: .NET Remote Code Execution Vulnerability - CVE-2023-36793: .NET Remote Code Execution Vulnerability - CVE-2023-36794: .NET Remote Code Execution Vulnerability - CVE-2023-36796: .NET Remote Code Execution Vulnerability - CVE-2023-36799: .NET Denial of Service Vulnerability - CVE-2023-35390: .NET Remote Code Execution Vulnerability - CVE-2023-38180: .NET Denial of Service Vulnerability - CVE-2023-35391: .NET Information Disclosure Vulnerability
Jan 9, 2024, 01:48 AM
dotnet-runtime-7.0
Version: 7.0.14-alt1
Summary: Microsoft .NET Runtime and Microsoft.NETCore.App
Changelog:
- .NET 7.0.14 - CVE-2023-36049: .NET Elevation of Privilege Vulnerability - CVE-2023-36558: .NET Security Feature Bypass Vulnerability - CVE-2023-36792: .NET Remote Code Execution Vulnerability - CVE-2023-36793: .NET Remote Code Execution Vulnerability - CVE-2023-36794: .NET Remote Code Execution Vulnerability - CVE-2023-36796: .NET Remote Code Execution Vulnerability - CVE-2023-36799: .NET Denial of Service Vulnerability - CVE-2023-44487: .NET Denial of Service Vulnerability - CVE-2023-38171: .NET Denial of Service Vulnerability - CVE-2023-36435: .NET Denial of Service Vulnerability - CVE-2023-44487: .NET Denial of Service Vulnerability - CVE-2023-38171: .NET Denial of Service Vulnerability - CVE-2023-36435: .NET Denial of Service Vulnerability - CVE-2023-38178: .NET Denial of Service Vulnerability - CVE-2023-35390: .NET Remote Code Execution Vulnerability - CVE-2023-38180: .NET Denial of Service Vulnerability - CVE-2023-35391: .NET Information Disclosure Vulnerability
Jan 9, 2024, 01:34 AM
dotnet-bootstrap-7.0
Version: 7.0.14-alt1
Summary: .NET Core SDK binaries
Changelog:
- The .NET 7.0.14 and .NET SDK 7.0.114 releases - CVE-2023-36049: .NET Elevation of Privilege Vulnerability - CVE-2023-36558: .NET Security Feature Bypass Vulnerability - CVE-2023-36792: .NET Remote Code Execution Vulnerability - CVE-2023-36793: .NET Remote Code Execution Vulnerability - CVE-2023-36794: .NET Remote Code Execution Vulnerability - CVE-2023-36796: .NET Remote Code Execution Vulnerability - CVE-2023-36799: .NET Denial of Service Vulnerability - CVE-2023-44487: .NET Denial of Service Vulnerability - CVE-2023-38171: .NET Denial of Service Vulnerability - CVE-2023-36435: .NET Denial of Service Vulnerability - CVE-2023-44487: .NET Denial of Service Vulnerability - CVE-2023-38171: .NET Denial of Service Vulnerability - CVE-2023-36435: .NET Denial of Service Vulnerability - CVE-2023-38178: .NET Denial of Service Vulnerability - CVE-2023-35390: .NET Remote Code Execution Vulnerability - CVE-2023-38180: .NET Denial of Service Vulnerability - CVE-2023-35391: .NET Information Disclosure Vulnerability
Jan 7, 2024, 08:42 PM
grub
Version: 2.06-alt17
Summary: GRand Unified Bootloader
Changelog:
- backport upstream NTFS patch set (fixes: CVE-2023-4692, CVE-2023-4693) + bump grub SBAT level to 4 and reset grub.altlinux - backport upstream ext2 fs patches (closes: #48343) - backport: Fix md array device enumeration (closes #47850) - return backward compatibility for grub config (closes: #48056)
Jan 4, 2024, 10:57 AM
itop
Version: 3.1.1.1-alt1
Summary: IT Operations Portal
Changelog:
- New version 3.1.1.1 - Security fixes: + CVE-2023-48710 : Restrict pages/exec.php to PHP files + CVE-2023-48709 : Fix CSV injection in Excel from an iTop CSV export file + CVE-2023-46734 : Fix potential XSS vulnerabilities in TWIG CodeExtension filters + CVE-2023-47123 : Fix XSS vulnerability in n:n relations "tagset" widget + CVE-2023-47622 : Fix XSS vulnerabilities in ajax operations + CVE-2023-47626 : Fix XSS vulnerabilities in authent token + CVE-2023-44396 : Fix XSS vulnerabilities in dashlet ajax operations + CVE-2023-43790 : Fix XSS vulnerabilities in friendlyname in object details + CVE-2023-38511 : Fix dashboard allowing to load multiple files and urls + CVE-2023-45808 : Fix object creation in non allowed org by forging http query in both Console and Portal
Dec 25, 2023, 12:08 PM
raptor2
Version: 2.0.16-alt1
Summary: RDF Parser Toolkit for Redland
Changelog:
- new version (fixes: CVE-2017-18926 CVE-2020-25713) (closes: 48916)
Dec 19, 2023, 02:07 AM
gst-plugins-bad1.0
Version: 1.20.6-alt3
Summary: A set of GStreamer plugins that need more quality
Changelog:
- fixed CVE-2023-44446
Dec 12, 2023, 07:19 PM
procps
Version: 3.3.17-alt7.g37f1060.p10.2
Summary: System and process monitoring utilities
Changelog:
- Patch from Fedora: + ps: Fix possible buffer overflow in -C option (fixes: CVE-2023-4016). - Fixed NEWS file. - spec: added a knob to build without systemd (by Alexey Sheplyakov) - Makefile.am: fixed build without systemd (by Alexey Sheplyakov)
Dec 4, 2023, 05:48 PM
nextcloud
Version: 27.1.4-alt1
Summary: Cloud platform
Changelog:
- New version (fixes: CVE-2023-48306, CVE-2023-48305, CVE-2023-48304, CVE-2023-48303, CVE-2023-48302, CVE-2023-48301, CVE-2023-48239, CVE-2023-45148).
Dec 1, 2023, 05:28 PM
kubernetes1.25
Version: 1.25.16-alt1
Summary: Container cluster management
Changelog:
- 1.25.15 -> 1.25.16 (Fixes: CVE-2023-5528)
Nov 29, 2023, 05:48 AM
vim
Version: 9.0.2136-alt1
Summary: VIsual editor iMproved
Changelog:
- Updated to v9.0.2136 (fixes CVE-2023-48237, CVE-2023-48236, CVE-2023-48235, CVE-2023-48234, CVE-2023-48233, CVE-2023-48232, CVE-2023-48231).
Nov 27, 2023, 11:11 AM
csync2
Version: 2.0-alt3
Summary: Csync2 is a cluster synchronization tool
Changelog:
- added commits from upstream git (Fixes: CVE-2019-15522, CVE-2019-15523)
Nov 23, 2023, 02:54 PM
rabbitmq-c
Nov 15, 2023, 12:54 AM
firmware-intel-ucode
Version: 23-alt1.20231114
Summary: Microcode definitions for Intel processors
Changelog:
- New upstream microcode datafile 20231114: + Security updates for INTEL-SA-00950 (CVE-2023-23583). + Updated microcodes: sig 0x000606a6, pf_mask 0x87, 2023-09-01, rev 0xd0003b9, size 299008 sig 0x000606c1, pf_mask 0x10, 2023-09-08, rev 0x1000268, size 290816 sig 0x000706e5, pf_mask 0x80, 2023-09-03, rev 0x00c2, size 113664 sig 0x000806c1, pf_mask 0x80, 2023-09-07, rev 0x00b4, size 111616 sig 0x000806c2, pf_mask 0xc2, 2023-09-07, rev 0x0034, size 98304 sig 0x000806d1, pf_mask 0xc2, 2023-09-07, rev 0x004e, size 104448 sig 0x000806f4, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416 sig 0x000806f4, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184 sig 0x000806f5, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416 sig 0x000806f5, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184 sig 0x000806f6, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416 sig 0x000806f6, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184 sig 0x000806f7, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416 sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416 sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184 sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208 sig 0x00090675, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208 sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160 sig 0x000906a4, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160 sig 0x000a0671, pf_mask 0x02, 2023-09-03, rev 0x005d, size 104448 sig 0x000b0671, pf_mask 0x32, 2023-08-29, rev 0x011d, size 210944 sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064 sig 0x000b06a3, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064 sig 0x000b06e0, pf_mask 0x11, 2023-06-26, rev 0x0012, size 136192 sig 0x000b06f2, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208 sig 0x000b06f5, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208 - source: update symlinks to reflect id of the latest release, 20231114.
Nov 9, 2023, 07:35 AM
postgresql11
Version: 11.22-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 11.22 (Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870) - Add Conflicts: postgresql16-server-devel
Nov 8, 2023, 06:40 AM
sudo
Version: 1.9.15p1-alt1
Summary: Allows command execution as another user
Changelog:
- Update to latest stable bugfix and security release (fixes: CVE-2023-42465): + The sudoers plugin has been modified to make it more resilient to ROWHAMMER attacks on authentication and policy matching. + The sudoers plugin now constructs the user time stamp file path name using the user-ID instead of the user name. This avoids a potential problem with user names that contain a path separator ('/') being interpreted as part of the path name. A similar issue in sudo-rs has been assigned CVE-2023-42456. - Fixes in behavior: + The visudo utility will no longer create an empty file when the specified sudoers file does not exist and the user exits the editor without making any changes (GitHub#294). + Fixed a bug where output could go to the wrong terminal if "use_pty" is enabled (the default) and the standard input, output or error is redirected to a different terminal. Bug #1056. + A path separator ('/') in a user, group or host name is now replaced with an underbar character ('_') when expanding escapes in @include and @includedir directives as well as the "iolog_file" and "iolog_dir" sudoers Default settings. - Fixes in user output: + Running "sudo -ll command" now produces verbose output that includes matching rule as well as the path to the sudoers file the matching rule came from. + Changes to terminal settings are now performed atomically, where possible. If the command is being run in a pseudo-terminal and the user's terminal is already in raw mode, sudo will not change the user's terminal settings. This prevents concurrent sudo processes from restoring the terminal settings to the wrong values (GitHub#312). + Better log message when rejecting a command if the "intercept" option is enabled and the "intercept_allow_setid" option is disabled. Previously, "command not allowed" would be logged and the user had no way of knowing what the actual problem was. - Fixes in logging: + The sudoers source is now logged in the JSON event log. This makes it possible to tell which rule resulted in a match. + Sudo will now log the invoking user's environment as "submitenv" in the JSON logs. The command's environment ("runenv") is no longer logged for commands rejected by the sudoers file or an approval plugin. + The sudo_logsrvd server will now raise its open file descriptor limit to the maximum allowed value when it starts up. Each connection can require up to nine open file descriptors so the default soft limit may be too low. - Fixed regressions: + Fixed the warning message for "sudo -l command" when the command is not permitted. There was a missing space between "list" and the actual command due to changes in sudo 1.9.14. + The "intercept_verify" sudoers option is now only applied when the "intercept" option is set in sudoers. Previously, it was also applied when "log_subcmds" was enabled. Sudo 1.9.14 contained an incorrect fix for this. + Reverted a change from sudo 1.9.4 that resulted in PAM session modules being called with the environment of the command to be run instead of the environment of the invoking user (GitHub#318).
Nov 7, 2023, 06:32 PM
libetpan
Version: 1.9.4-alt4
Summary: This mail library provide a portable, efficient middleware for different kinds of mail access
Changelog:
- Patches from upstream git: + Fix buffer overwrite for empty string in remove_trailing_eol (upstream issue #408); + Detect extra data after STARTTLS response and exit (upstrem issue #387) (fixes: CVE-2020-15953); + Missing boundary fix (upstream issue #384); + Fix potential null pointer deferenced (upstream issue #363); + Fix potential null pointer deferenced (upstream issue #361); + Fix potential null pointer deference (upstream issue #348).
Nov 7, 2023, 05:12 PM
redis
Version: 6.2.14-alt1
Summary: Redis is an advanced key-value store
Changelog:
- 6.2.14 (Fixes: CVE-2023-45145) - drop PrivateUsers=true for allow run unit in container (ALT#47882)
Oct 27, 2023, 05:27 PM
open-vm-tools
Version: 12.3.5-alt1
Summary: Open Virtual Machine Tools for virtual machines hosted on VMware
Changelog:
- 12.3.5 (CVE-2023-34058, CVE-2023-34059)
Oct 19, 2023, 05:11 PM
json-c
Version: 0.17-alt1
Summary: JSON implementation in C
Changelog:
- Updated to 0.17 (Fixes: CVE-2021-32292).
Oct 11, 2023, 04:19 PM
moodle
Version: 4.3.0-alt1
Summary: The world's open source learning platform
Changelog:
- New version. - Use PHP 8.2. - Security fixes: CVE-2023-40316, CVE-2023-40317, CVE-2023-40318, CVE-2023-40319, CVE-2023-40320, CVE-2022-39369, CVE-2023-40322, CVE-2023-40323, CVE-2023-40324, CVE-2023-40325 - Requires exif PHP module. - Set PHP parameter max_input_vars=5000.
Oct 11, 2023, 08:36 AM
libcue2
Version: 2.3.0-alt1
Summary: Cue sheet parser library
Changelog:
- new version 2.3.0 (with rpmrb script) - CVE-2023-43641
Oct 4, 2023, 09:14 AM
libX11
Oct 4, 2023, 08:58 AM
libXpm
Oct 3, 2023, 08:00 AM
glibc
Version: 2.32-alt5.p10.2
Summary: The GNU libc libraries
Changelog:
- Backported upstream fix for security vulnerability in the dynamic linker (fixes CVE-2023-4911) (thx Siddhesh Poyarekar).
Sep 29, 2023, 08:00 AM
openssl1.1
Version: 1.1.1w-alt0.p10.1
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changelog:
- Updated to v1.1.1w (fixes CVE-2023-3817, CVE-2023-3446, CVE-2023-4807).
Sep 28, 2023, 04:47 AM
netatalk
Version: 3.1.17-alt1
Summary: Open Source Apple Filing Protocol(AFP) File Server
Changelog:
- 3.1.17 (fixed CVE-2023-42464, CVE-2022-23121, CVE-2022-23123, CVE-2022-43634 and CVE-2022-45188) - Add /etc/netatalk/afppasswd (Closes: #46445) - Add /var/lib/netatalk (Closes: #46441) - Add Requires: cracklib-words (Closes: #46446)
Sep 14, 2023, 08:50 PM
php8.0
Version: 8.0.30-alt1
Summary: The PHP scripting language
Changelog:
- 8.0.29 -> 8.0.30 (Fixes: CVE-2023-3823, CVE-2023-3824) - for sisyphus and p11: added conflicts with the installer-stage3 to avoid using php8.0 in distributios: The first stage of EOL plan
Sep 14, 2023, 10:02 AM
libwebp
Version: 1.3.2-alt1
Summary: Library and tools for the WebP graphics format
Changelog:
- 1.3.2 (fixed CVE-2023-4863)
Aug 25, 2023, 01:15 PM
java-1.8.0-openjdk
Version: 1.8.0.382.b05-alt0_1jpp8
Summary: OpenJDK Runtime Environment 8
Changelog:
- New version. - Seciruty fixes: + CVE-2023-22045 + CVE-2023-22049 - Removed implicit requirements.
Aug 17, 2023, 10:33 AM
ImageMagick
Version: 6.9.12.93-alt1
Summary: An X application for displaying and manipulating images
Changelog:
- New version 6.9.12.93 (Fixes: CVE-2022-44268)
Aug 8, 2023, 08:16 PM
connman
Version: 1.42-alt1
Summary: ConnMan is a daemon for managing internet connections.
Changelog:
- New version 1.42. (Fixes: CVE-2022-32292, CVE-2022-32293, CVE-2023-28488)
Jun 20, 2023, 07:31 PM
ffmpeg
Version: 4.4.4-alt1
Summary: A command line toolbox to manipulate, convert and stream multimedia content
Changelog:
- 4.4.3 -> 4.4.4 (Fixes: CVE-2022-3964, CVE-2022-3341, CVE-2022-3109)
Jun 20, 2023, 06:10 PM
cups-filters
Version: 1.28.11-alt2
Summary: OpenPrinting CUPS filters and backends
Changelog:
- add upstream commit 93e60d3 (Fixes: CVE-2023-24805)
Jun 19, 2023, 04:15 PM
openldap
Version: 2.4.59-alt1.p10.2
Summary: LDAP libraries and sample clients
Changelog:
- fixes CVE-2022-29155.
Jun 14, 2023, 09:32 AM
yajl
May 27, 2023, 03:54 AM
libtpms
Version: 0.9.6-alt1
Summary: Library providing Trusted Platform Module (TPM) functionality
Changelog:
- New version 0.9.6 (Fixes: CVE-2023-1017, CVE-2023-1018).
May 16, 2023, 07:47 PM
phpipam
Version: 1.5.2-alt1
Summary: PHP-based virtual machine control tool
Changelog:
- 1.5.2 (Fixes: CVE-2023-0676, CVE-2023-0677, CVE-2023-0678, CVE-2023-1211, CVE-2023-1212).
Apr 17, 2023, 10:15 PM
git
Version: 2.33.8-alt1
Summary: Git core and tools
Changelog:
- 2.33.7 -> 2.33.8 (fixes: CVE-2023-25652, CVE-2023-25815, CVE-2023-29007).
Mar 30, 2023, 11:41 AM
libsixel
Version: 1.10.3-alt1
Summary: A SIXEL encoder/decoder implementation
Changelog:
- 1.10.3. - switch to meson. - Security fixes for CVE-2020-11721, CVE-2020-19668.
Mar 29, 2023, 12:03 PM
libmicrohttpd
Version: 0.9.76-alt1
Summary: Library providing compact API and implementation of an HTTP/1.1 webserver
Changelog:
- 0.9.76 released (fixes: CVE-2023-27371)
Mar 29, 2023, 07:29 AM
libmemcached
Version: 1.1.4-alt1
Summary: Client library to the memcached
Changelog:
- 1.1.4 (Fixes CVE-2023-27478) - Change URL to new upstream project - Use CMAKE
Mar 21, 2023, 04:53 PM
firejail
Version: 0.9.72-alt1
Summary: Linux namespaces sandbox program
Changelog:
- 0.9.68 -> 0.9.72 (Fixes: CVE-2022-31214)
Mar 13, 2023, 11:01 PM
node
Version: 16.19.1-alt1
Summary: Evented I/O for V8 Javascript
Changelog:
- new version 16.19.1 (with rpmrb script) - CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High) - CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) - CVE-2023-23920: Node.js insecure loading of ICU data through ICU\_DATA environment variable (Low) - CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium) - CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low) - set openssl >= 1.1.1s - set npm >= 8.19.3
Mar 13, 2023, 12:16 AM
dotnet-runtime-5.0
Version: 5.0.17-alt1
Summary: Microsoft .NET Runtime and Microsoft.NETCore.App
Changelog:
- new version (5.0.17) with rpmgs script - CVE-2022-29117: .NET Denial of Service Vulnerability - CVE-2022-29145: .NET Denial of Service Vulnerability - CVE-2022-23267: .NET Denial of Service Vulnerability
Mar 13, 2023, 12:06 AM
dotnet-aspnetcore-3.1
Version: 3.1.32-alt1
Summary: ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web application
Changelog:
- ASP.NET Core 3.1.32 - CVE-2022-38013: .NET Denial of Service Vulnerability
Mar 12, 2023, 11:59 PM
dotnet-bootstrap-5.0
Version: 5.0.17-alt1
Summary: .NET Core SDK binaries
Changelog:
- new version (5.0.17) with rpmgs script - CVE-2022-29117: .NET Denial of Service Vulnerability - CVE-2022-29145: .NET Denial of Service Vulnerability - CVE-2022-23267: .NET Denial of Service Vulnerability
Mar 12, 2023, 11:38 PM
dotnet-coreclr-3.1
Version: 3.1.32-alt1
Summary: .NET Core runtime, called CoreCLR, and the base library, called mscorlib
Changelog:
- .NET Core 3.1.32 - CVE-2022-41089: .NET Remote Code Execution Vulnerability - CVE-2022-41032: .NET Elevation of Privilege Vulnerability - CVE-2022-34716: .NET Information Disclosure Vulnerability
Mar 12, 2023, 11:33 PM
dotnet-bootstrap-3.1
Version: 3.1.32-alt1
Summary: .NET Core SDK binaries
Changelog:
- .NET Core 3.1.32 and .NET Core SDK 3.1.426 releases - CVE-2022-41089: .NET Remote Code Execution Vulnerability - CVE-2022-41032: .NET Elevation of Privilege Vulnerability - CVE-2022-38013: .NET Denial of Service Vulnerability - CVE-2022-34716: .NET Information Disclosure Vulnerability
Mar 9, 2023, 11:59 AM
clamav
Version: 0.103.8-alt1
Summary: Clam Antivirus scanner
Changelog:
- 0.103.8 (CVE-2023-20032, CVE-2023-20052)
Feb 15, 2023, 01:10 AM
libbpf
Version: 0.8.1-alt2
Summary: Stand-alone build of libbpf from the Linux kernel
Changelog:
- (Fixes: CVE-2022-3534, CVE-2022-3606).