Summary: Xserver - X Window System display server
Changes:
- fixes: CVE-2020-25712, CVE-2020-14360
Summary: The Kubernetes Package Manager
Changes:
- Updated to upstream version 3.4.1 (Fixes: CVE-2020-4053, CVE-2020-11013,
CVE-2020-15184, CVE-2020-15185, CVE-2020-15186, CVE-2020-15187).
Summary: The complete RRDTool-based graphing solution.
Changes:
- Updated to upstream version 1.2.15 (Fixes: CVE-2020-13230, CVE-2020-13231).
Summary: The Linux kernel (the core of the Linux operating system)
Changes:
- v5.4.79 (Fixes: CVE-2020-4788)
Summary: A decoder implementation of the JBIG2 image compression format
Changes:
- Updated to upstream version 0.19 (Fixes: CVE-2016-9601, CVE-2020-12268).
Summary: Consul is a tool for service discovery and configuration
Changes:
- Updated to upstream version 1.8.6 (Fixes: CVE-2019-9764, CVE-2019-12291,
CVE-2020-7219, CVE-2020-7955, CVE-2020-12797, CVE-2020-13170, CVE-2020-13250).
Summary: The Kerberos network authentication system
Changes:
- 1.17.2 (Fixes: CVE-2020-28196)
Summary: User space components of the Ceph file system
Changes:
- 14.2.14
- Fixes for the following security vulnerabilities:
+ CVE-2020-25660 Fix a regression in Messenger V2 replay attacks
Summary: Utilities for doing and managing mounts of the Linux CIFS filesystem
Changes:
- Updated to upstream version 6.11 (Fixes: CVE-2020-14342).
Summary: User space components of the Ceph file system
Changes:
- 14.2.14
- Fixes for the following security vulnerabilities:
+ CVE-2020-25660 Fix a regression in Messenger V2 replay attacks
Summary: Thunderbird is Mozilla's e-mail client
Changes:
- New version (78.5.0).
- Fixes:
+ CVE-2020-26951 Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
+ CVE-2020-16012 Variable time processing of cross-origin images during drawImage calls
+ CVE-2020-26953 Fullscreen could be enabled without displaying the security UI
+ CVE-2020-26956 XSS through paste (manual and clipboard API)
+ CVE-2020-26958 Requests intercepted through ServiceWorkers lacked MIME type restrictions
+ CVE-2020-26959 Use-after-free in WebRequestService
+ CVE-2020-26960 Potential use-after-free in uses of nsTArray
+ CVE-2020-15999 Heap buffer overflow in freetype
+ CVE-2020-26961 DoH did not filter IPv4 mapped IP Addresses
+ CVE-2020-26965 Software keyboards may have remembered typed passwords
+ CVE-2020-26966 Single-word search queries were also broadcast to local network
+ CVE-2020-26968 Memory safety bugs fixed in Thunderbird 78.5
- Fix guess timezone for calendar (ALT #38081).
Summary: Practical Extraction and Report Language
Changes:
- p9 build
- 5.28.3
- fixes CVE-2020-10543,CVE-2020-10878,CVE-2020-12723
Summary: X Render Library
Changes:
- 0.9.10
- securuty fixes: CVE-2016-7949, CVE-2016-7950
Summary: The Xtst Library
Changes:
- 1.2.3
- securuty fixes: CVE-2016-7951, CVE-2016-7952
Summary: QEMU CPU Emulator
Changes:
- Fixes: CVE-2020-15863, CVE-2020-24352, CVE-2020-14364
Summary: A library that performs asynchronous DNS operations
Changes:
- added 0d252eb commit from upstream to resolve security issue (fixes: CVE-2020-8277)
Summary: Bluetooth utilities
Changes:
- 5.55;
- securuty fixes:
+ CVE-2020-27153 (closes #39291)
Summary: Library providing XSLT support
Changes:
- Backported to p9 (fixes CVE-2019-11068, CVE-2019-13117 and CVE-2019-13118).
Summary: a full-featured SSL VPN solution
Changes:
- New version
- Security fixes:
+ CVE-2020-11810: race condition allowes one client kills other
client session via false client floating (Closes: 39122)
Summary: The GNU libc libraries
Changes:
- Updated to glibc-2.27-155-gdaf88b1dd1 from 2.27 branch
(fixes: CVE-2020-1752, CVE-2020-6096).
Summary: An Interpreted Object-Oriented Scripting Language
Changes:
- ^ 2.5.5 -> 2.5.9
- Fixes:
+ CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
(closes #39292)
+ CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
+ CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and
File.fnmatch?
+ CVE-2019-16201: Regular Expression Denial of Service vulnerability of
WEBrick's Digest access authentication
Summary: Evented I/O for V8 Javascript
Changes:
- new version 14.15.1 (with rpmrb script)
- set c-ares >= 1.16.1-alt2
- CVE-2020-8277: Denial of Service through DNS request (High)
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:
- New version (78.5.0).
- Fixes:
+ CVE-2020-26951 Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
+ CVE-2020-16012 Variable time processing of cross-origin images during drawImage calls
+ CVE-2020-26953 Fullscreen could be enabled without displaying the security UI
+ CVE-2020-26956 XSS through paste (manual and clipboard API)
+ CVE-2020-26958 Requests intercepted through ServiceWorkers lacked MIME type restrictions
+ CVE-2020-26959 Use-after-free in WebRequestService
+ CVE-2020-26960 Potential use-after-free in uses of nsTArray
+ CVE-2020-15999 Heap buffer overflow in freetype
+ CVE-2020-26961 DoH did not filter IPv4 mapped IP Addresses
+ CVE-2020-26965 Software keyboards may have remembered typed passwords
+ CVE-2020-26966 Single-word search queries were also broadcast to local network
+ CVE-2020-26968 Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
Summary: The Go Programming Language
Changes:
- New version (1.14.12).
- Fixes:
+ CVE-2020-28362
+ CVE-2020-28366
+ CVE-2020-28367
Summary: An utility for unpacking zip archives
Changes:
- Build with bzip2 compression method support
- Massive apply security patches from Fedora and openSUSE
- Fixes:
+ CVE-2014-8139 CRC32 verification heap-based buffer overread
+ CVE-2014-8140 out-of-bounds write issue in test_compr_eb()
+ CVE-2014-8141 getZip64Data() out-of-bounds read issues
+ CVE-2014-9913 buffer overflow in zipinfo
+ CVE-2014-9636 out-of-bounds read or write and crash
+ CVE-2015-7696 fix for heap overflow
+ CVE-2015-7697 fix infinite loop when extracting empty bzip2 data
+ CVE-2016-9844 buffer overflow in zipinfo in similar way like fix for CVE-2014-9913
+ CVE-2018-1000035 heap based buffer overflow when opening password protected files
+ CVE-2018-18384 buffer overflow, when a ZIP archive specially crafted
Summary: A very fast and reliable SQL database engine
Changes:
- 10.4.17
- backport fix for MDEV-24096, MDEV-24121, MDEV-24134
- Fixes for the following security vulnerabilities:
+ CVE-2020-14812
+ CVE-2020-14765
+ CVE-2020-14776
+ CVE-2020-14789
+ CVE-2020-15180
Summary: A library handling all the details of proxy configuration
Changes:
- Applied security fixes from upstream (Fixes: CVE-2020-25219, CVE-2020-26154)
Summary: Thunderbird is Mozilla's e-mail client
Changes:
- New version (78.4.2).
- Fixes:
+ CVE-2020-26950 Write side effects in MCallGetProperty opcode not accounted for
Summary: Thunderbird is Mozilla's e-mail client
Changes:
- New version (78.4.2).
- Fixes:
+ CVE-2020-26950 Write side effects in MCallGetProperty opcode not accounted for
Summary: Portable library for SSA/ASS subtitles rendering
Changes:
- Updated to upstream version 0.15.0 (Fixes: CVE-2020-26682).
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:
- New version (78.4.1).
- Fixes:
+ CVE-2020-26950 Write side effects in MCallGetProperty opcode not accounted for
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:
- New version (78.4.1).
- Fixes:
+ CVE-2020-26950 Write side effects in MCallGetProperty opcode not accounted for
Summary: The library for manipulating XML files
Changes:
- Applied security fixes from upstream (Fixes: CVE-2019-20388, CVE-2020-7595,
CVE-2020-24977).
Summary: Server automation framework and application
Changes:
- Updated to upstream version 6.13.0 (Fixes: CVE-2020-7943).
Summary: The Linux kernel (the core of the Linux operating system)
Changes:
- v5.4.75 (Fixes: CVE-2020-25656)
Summary: The Linux kernel (the core of the Linux operating system)
Changes:
- v5.4.75 (Fixes: CVE-2020-25656)
Summary: The Linux kernel (the core of the Linux operating system)
Changes:
- v5.4.75 (Fixes: CVE-2020-25656)
Summary: High quality ascii-art image (pnm) browser and animation (fli/flc) player
Changes:
- Switched to CVE-2008-4935 fix from Debian.
- Added -Werror=implicit-function-declaration compiler flag.
Summary: Lightweight QML-based display manager
Changes:
- fix X not having access control on startup (fixes: CVE-2020-28049)
- add fix against graphical glitches on nvidia after VT switching
Summary: Lightweight QML-based display manager
Changes:
- fix X not having access control on startup (fixes: CVE-2020-28049)
- add fix against graphical glitches on nvidia after VT switching
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changes:
- 3.2.8
- fixes:
* CVE-2020-28030 the GQUIC dissector could crash.
* CVE-2020-26575 the Facebook Zero Protocol (aka FBZERO) dissector
could enter an infinite loop.
Summary: LD_PRELOAD-able library for using SDP
Changes:
- Updated to upstream version 1.1.108-0.17.ga6958ef (Fixes: CVE-2010-4173).
Summary: Mimetex ets you easily embed LaTeX math in your html pages
Changes:
- Updated to version 1.76 from Debian (Fixes: CVE-2009-1382, CVE-2009-2459).
Summary: ACE unarchiver
Changes:
- Cleaned up sources by importing sources from Debian.
- Forced using system build flags.
- Updated fix for CVE-2015-2063.
Summary: C library for manipulating POSIX tar files
Changes:
- Applied patches from Debian (Fixes: CVE-2013-4420).
Summary: Antiword an application to display Microsoft(R) Word files
Changes:
- Applied patches from Debian (Fixes: CVE-2014-8123).
Summary: Mount ISO filesystem images as a non-root user
Changes:
- Applied patches from Gentoo (Fixes: CVE-2015-8836, CVE-2015-8837).
Summary: A free and portable font rendering engine
Changes:
- Fixed CVE-2020-15999.
Summary: The Samba4 CIFS and AD client and server suite
Changes:
- Update to latest stable security release of the Samba 4.11
- Security fixes:
+ CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify
+ CVE-2020-14323: Unprivileged user can crash winbind
+ CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records
Summary: Network Block Device user space tools
Changes:
- Updated to upstream version 3.20 (Fixes: CVE-2013-6410, CVE-2013-7441, CVE-2015-0847).
