Summary: A standard terminal emulator for the X Window System
Changes:
- Autobuild version bump to 366
- CVE-2021-27135 (Closes: #39725)
Summary: .NET Core SDK binaries
Changes:
- .NET 5.0.3 and .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
Summary: SDK for the .NET
Changes:
- .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
Summary: ASP.NET is a cross-platform .NET framework for building modern cloud-based web application
Changes:
- ASP.NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
Summary: Microsoft .NET Runtime and Microsoft.NETCore.App
Changes:
- new version (5.0.3) with rpmgs script
- .NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
Summary: Link Layer Discovery Protocol Daemon
Changes:
- new version 1.0.8 (Fixes: CVE-2020-27827)
- enable seccomp for x86_64
Summary: A version control system
Changes:
- New version.
- Fixes:
+ CVE-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn
Summary: LDAP libraries and sample clients
Changes:
- 2.4.57
- Fixes:
+ CVE-2020-36221 Fixed slapd crashes in Certificate Exact Assertion processing
+ CVE-2020-36222 Fixed slapd assertion failures in saslAuthzTo validation
+ CVE-2020-36223 Fixed slapd crash in Values Return Filter control handling
+ CVE-2020-36224 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36225 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36226 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36227 Fixed slapd infinite loop with Cancel operation
+ CVE-2020-36228 Fixed slapd crash in Certificate List Exact Assertion processing
+ CVE-2020-36229 Fixed slapd crash in X.509 DN parsing
+ CVE-2020-36230 Fixed slapd assertion failure in X.509 DN parsing
Summary: PostgreSQL client programs and libraries
Changes:
- 11.11 (Fixes CVE-2021-3393)
Summary: PostgreSQL client programs and libraries
Changes:
- 12.6 (Fixes CVE-2021-3393)
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Changes:
- Fix permission checks on constraint violation errors on partitions.
(Fixes CVE-2021-3393)
- Re-applay patch from 1C
Summary: The PHP7 scripting language
Changes:
- 7.3.27 (Fixes: CVE-2021-21702)
Summary: An open source web browser developed by Google
Changes:
- New version (88.0.4324.150).
- Security fixes:
- CVE-2021-21148: Heap buffer overflow in V8.
Summary: An open source web browser developed by Google
Changes:
- New version (88.0.4324.150).
- Security fixes:
- CVE-2021-21148: Heap buffer overflow in V8.
Summary: An open source web browser developed by Google
Changes:
- New version (88.0.4324.146).
- Security fixes:
- CVE-2021-21142: Use after free in Payments .
- CVE-2021-21143: Heap buffer overflow in Extensions.
- CVE-2021-21144: Heap buffer overflow in Tab Groups.
- CVE-2021-21145: Use after free in Fonts.
- CVE-2021-21146: Use after free in Navigation.
- CVE-2021-21147: Inappropriate implementation in Skia.
Summary: An open source web browser developed by Google
Changes:
- New version (88.0.4324.146).
- Security fixes:
- CVE-2021-21142: Use after free in Payments .
- CVE-2021-21143: Heap buffer overflow in Extensions.
- CVE-2021-21144: Heap buffer overflow in Tab Groups.
- CVE-2021-21145: Use after free in Fonts.
- CVE-2021-21146: Use after free in Navigation.
- CVE-2021-21147: Inappropriate implementation in Skia.
Summary: The PDF viewer and tools
Changes:
- Version bump
- Many bugfixes, including security, including, but not limited to:
Fixes: CVE-2020-25725, CVE-2020-35376
Summary: Common Unix Printing System - server package
Changes:
- Updated to upstream version 2.3.3 (Fixes CVE-2019-8842, CVE-2020-3898).
- Built with gnutls support re-enabled.
Gnutls support may be required by cups-filters.
Summary: Services and network monitoring system
Changes:
- Fixes:
+ CVE-2017-12847 Kill arbitrary processes by leveraging access to PID file.
- Don't install the PID file.
Summary: Allows command execution as another user
Changes:
- Update to latest security release (fixes: CVE-2021-3156) (closes: 39615)
- Added sudo-python package with Sudo Python Plugin API
- Added sudo-logsrvd package with High-performance log server
Summary: Services and network monitoring system
Changes:
- Fixes:
+ CVE-2016-8641 Privilege escalation via symbolic links.
+ CVE-2016-9566 Gaining root privileges via a symlink attack on the log file.
+ CVE-2014-1878 Possible segfault in cmd.cgi.
Summary: Thunderbird is Mozilla's e-mail client
Changes:
- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-15685 IMAP Response Injection when using STARTTLS
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Thunderbird 78.7
Summary: Thunderbird is Mozilla's e-mail client
Changes:
- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-15685 IMAP Response Injection when using STARTTLS
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Thunderbird 78.7
Summary: Implementation of the TCG's Software Stack
Changes:
- 0.3.15 released
- Corrected mutliple security issues in tcsd
(Fixes: CVE-2020-24332, CVE-2020-24330, CVE-2020-24331)
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:
- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:
- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
Summary: An open source web browser developed by Google
Changes:
- New version (88.0.4324.96).
- Security fixes:
- CVE-2020-16044: Use after free in WebRTC.
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
- CVE-2021-21118: Insufficient data validation in V8.
- CVE-2021-21119: Use after free in Media.
- CVE-2021-21120: Use after free in WebSQL.
- CVE-2021-21121: Use after free in Omnibox.
- CVE-2021-21122: Use after free in Blink.
- CVE-2021-21123: Insufficient data validation in File System API.
- CVE-2021-21124: Potential user after free in Speech Recognizer.
- CVE-2021-21125: Insufficient policy enforcement in File System API.
- CVE-2021-21126: Insufficient policy enforcement in extensions.
- CVE-2021-21127: Insufficient policy enforcement in extensions.
- CVE-2021-21128: Heap buffer overflow in Blink.
- CVE-2021-21129: Insufficient policy enforcement in File System API.
- CVE-2021-21130: Insufficient policy enforcement in File System API.
- CVE-2021-21131: Insufficient policy enforcement in File System API.
- CVE-2021-21132: Inappropriate implementation in DevTools.
- CVE-2021-21133: Insufficient policy enforcement in Downloads.
- CVE-2021-21134: Incorrect security UI in Page Info.
- CVE-2021-21135: Inappropriate implementation in Performance API.
- CVE-2021-21136: Insufficient policy enforcement in WebView.
- CVE-2021-21137: Inappropriate implementation in DevTools.
- CVE-2021-21138: Use after free in DevTools.
- CVE-2021-21139: Inappropriate implementation in iframe sandbox.
- CVE-2021-21140: Uninitialized Use in USB.
- CVE-2021-21141: Insufficient policy enforcement in File System API.
Summary: An open source web browser developed by Google
Changes:
- New version (88.0.4324.96).
- Security fixes:
- CVE-2020-16044: Use after free in WebRTC.
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
- CVE-2021-21118: Insufficient data validation in V8.
- CVE-2021-21119: Use after free in Media.
- CVE-2021-21120: Use after free in WebSQL.
- CVE-2021-21121: Use after free in Omnibox.
- CVE-2021-21122: Use after free in Blink.
- CVE-2021-21123: Insufficient data validation in File System API.
- CVE-2021-21124: Potential user after free in Speech Recognizer.
- CVE-2021-21125: Insufficient policy enforcement in File System API.
- CVE-2021-21126: Insufficient policy enforcement in extensions.
- CVE-2021-21127: Insufficient policy enforcement in extensions.
- CVE-2021-21128: Heap buffer overflow in Blink.
- CVE-2021-21129: Insufficient policy enforcement in File System API.
- CVE-2021-21130: Insufficient policy enforcement in File System API.
- CVE-2021-21131: Insufficient policy enforcement in File System API.
- CVE-2021-21132: Inappropriate implementation in DevTools.
- CVE-2021-21133: Insufficient policy enforcement in Downloads.
- CVE-2021-21134: Incorrect security UI in Page Info.
- CVE-2021-21135: Inappropriate implementation in Performance API.
- CVE-2021-21136: Insufficient policy enforcement in WebView.
- CVE-2021-21137: Inappropriate implementation in DevTools.
- CVE-2021-21138: Use after free in DevTools.
- CVE-2021-21139: Inappropriate implementation in iframe sandbox.
- CVE-2021-21140: Uninitialized Use in USB.
- CVE-2021-21141: Insufficient policy enforcement in File System API.
Summary: An open source web browser developed by Google
Changes:
- New version (88.0.4324.96).
- Security fixes:
- CVE-2020-16044: Use after free in WebRTC.
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
- CVE-2021-21118: Insufficient data validation in V8.
- CVE-2021-21119: Use after free in Media.
- CVE-2021-21120: Use after free in WebSQL.
- CVE-2021-21121: Use after free in Omnibox.
- CVE-2021-21122: Use after free in Blink.
- CVE-2021-21123: Insufficient data validation in File System API.
- CVE-2021-21124: Potential user after free in Speech Recognizer.
- CVE-2021-21125: Insufficient policy enforcement in File System API.
- CVE-2021-21126: Insufficient policy enforcement in extensions.
- CVE-2021-21127: Insufficient policy enforcement in extensions.
- CVE-2021-21128: Heap buffer overflow in Blink.
- CVE-2021-21129: Insufficient policy enforcement in File System API.
- CVE-2021-21130: Insufficient policy enforcement in File System API.
- CVE-2021-21131: Insufficient policy enforcement in File System API.
- CVE-2021-21132: Inappropriate implementation in DevTools.
- CVE-2021-21133: Insufficient policy enforcement in Downloads.
- CVE-2021-21134: Incorrect security UI in Page Info.
- CVE-2021-21135: Inappropriate implementation in Performance API.
- CVE-2021-21136: Insufficient policy enforcement in WebView.
- CVE-2021-21137: Inappropriate implementation in DevTools.
- CVE-2021-21138: Use after free in DevTools.
- CVE-2021-21139: Inappropriate implementation in iframe sandbox.
- CVE-2021-21140: Uninitialized Use in USB.
- CVE-2021-21141: Insufficient policy enforcement in File System API.
Summary: An open source web browser developed by Google
Changes:
- New version (88.0.4324.96).
- Security fixes:
- CVE-2020-16044: Use after free in WebRTC.
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
- CVE-2021-21118: Insufficient data validation in V8.
- CVE-2021-21119: Use after free in Media.
- CVE-2021-21120: Use after free in WebSQL.
- CVE-2021-21121: Use after free in Omnibox.
- CVE-2021-21122: Use after free in Blink.
- CVE-2021-21123: Insufficient data validation in File System API.
- CVE-2021-21124: Potential user after free in Speech Recognizer.
- CVE-2021-21125: Insufficient policy enforcement in File System API.
- CVE-2021-21126: Insufficient policy enforcement in extensions.
- CVE-2021-21127: Insufficient policy enforcement in extensions.
- CVE-2021-21128: Heap buffer overflow in Blink.
- CVE-2021-21129: Insufficient policy enforcement in File System API.
- CVE-2021-21130: Insufficient policy enforcement in File System API.
- CVE-2021-21131: Insufficient policy enforcement in File System API.
- CVE-2021-21132: Inappropriate implementation in DevTools.
- CVE-2021-21133: Insufficient policy enforcement in Downloads.
- CVE-2021-21134: Incorrect security UI in Page Info.
- CVE-2021-21135: Inappropriate implementation in Performance API.
- CVE-2021-21136: Insufficient policy enforcement in WebView.
- CVE-2021-21137: Inappropriate implementation in DevTools.
- CVE-2021-21138: Use after free in DevTools.
- CVE-2021-21139: Inappropriate implementation in iframe sandbox.
- CVE-2021-21140: Uninitialized Use in USB.
- CVE-2021-21141: Insufficient policy enforcement in File System API.
Summary: A daemon to control runC
Changes:
- 1.3.9 (Fixes: CVE-2020-15257)
Summary: AJAX based terminal emulator exporting a console to the browser
Changes:
- Applied security fix from upstream (Fixes CVE-2018-16789).
Summary: A lightweight caching nameserver
Changes:
- Use useradd -N instead of -n.
- Updated to 2.83 (fixes: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683,
CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687).
Summary: mail filtering utility
Changes:
- 2.7.5 (Fixes CVE-2016-10937).
Summary: Compressors and decompressors for Microsoft compression formats
Changes:
- Applied security fix from upstream (Fixes CVE-2018-18584).
Summary: Library and tools to access the Windows Event Log (EVT) format
Changes:
- Applied security fix from upstream (Fixes CVE-2018-8754).
Summary: rsync for cloud storage
Changes:
- New version 1.53.4 (Fixes: CVE-2020-28924).
Summary: Agent for Spice guests
Changes:
- new version 0.21.0 (Fixes CVE-2020-25650, CVE-2020-25651, CVE-2020-25652, CVE-2020-25653).
Summary: VNC server for real X displays
Changes:
- Applied security fix from upstream (Fixes: CVE-2020-29074).
Summary: A command line toolbox to manipulate, convert and stream multimedia content
Changes:
- Applied security fixes from upstream (Fixes: CVE-2020-35964, CVE-2020-35965).
Summary: A screen manager that supports multiple sessions on one terminal
Changes:
- Backported upstream commits (fixes CVE-2020-9366).
Summary: The Go Programming Language
Changes:
- New version (1.14.14).
- Fixes:
+ CVE-2021-3114
+ CVE-2021-3115
Summary: The Go Programming Language
Changes:
- New version (1.14.14).
- Fixes:
+ CVE-2021-3114
+ CVE-2021-3115
Summary: A GIF to PNG converter
Changes:
- Updated to latest upstream snapshot (Fixes: CVE-2019-17371).
Summary: libexif is a library for parsing, editing, and saving EXIF data
Changes:
- added upstream commit:
+ fixed a incorrect overflow check that could be optimized away
(fixes CVE-2020-0452)
Summary: An open source, production quality, multilayer virtual switch
Changes:
- 2.14.1 (Fixes: CVE-2015-8011, CVE-2020-27827)
Summary: The Linux kernel (the core of the Linux operating system)
Changes:
- v5.10.7 (Fixes: CVE-2020-28374)
Summary: The Linux kernel (the core of the Linux operating system)
Changes:
- v5.4.89 (Fixes: CVE-2020-28374)
Summary: The Linux kernel (the core of the Linux operating system)
Changes:
- v5.4.89 (Fixes: CVE-2020-28374)
Summary: The Linux kernel (the core of the Linux operating system)
Changes:
- v5.10.7 (Fixes: CVE-2020-28374)