Security

chromium Jan 30, 2023, 06:29 PMJan 30, 2023, 06:29 PM
Version: 109.0.5414.119-alt1
Summary: An open source web browser developed by Google
Changelog:
- New version (109.0.5414.119).
- Add a workaround to make the https_proxy environment variable work (ALT#44986).
- Security fixes:
  - CVE-2023-0471: Use after free in WebTransport.
  - CVE-2023-0472: Use after free in WebRTC.
  - CVE-2023-0473: Type Confusion in ServiceWorker API.
  - CVE-2023-0474: Use after free in GuestView.
bind Jan 25, 2023, 08:52 PMJan 25, 2023, 08:52 PM
Version: 9.16.37-alt1
Summary: ISC BIND - DNS server
Changelog:
- 9.16.36 -> 9.16.37 (fixes: CVE-2022-3094, CVE-2022-3736, CVE-2022-3924).
thunderbird Jan 24, 2023, 10:34 AMJan 24, 2023, 10:34 AM
Version: 102.7.0-alt1
Summary: Thunderbird is Mozilla's e-mail client
Changelog:
- New version.
- Security fixes:
  + CVE-2022-46871 libusrsctp library out of date
  + CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux
  + CVE-2023-23599 Malicious command could be hidden in devtools output on Windows
  + CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation
  + CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
  + CVE-2022-46877 Fullscreen notification bypass
  + CVE-2023-23603 Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
  + CVE-2023-23605 Memory safety bugs fixed in Thunderbird 102.7
sudo Jan 22, 2023, 08:28 PMJan 22, 2023, 08:28 PM
Version: 1.9.12p2-alt1
Summary: Allows command execution as another user
Changelog:
- Update to latest stable bugfix and security release (closes: 44965).
- Fixed a compilation error on Linux/aarch64 (GitHub#197).
- Fixed a potential crash introduced in the fix for (GitHub#134):
 + If a user's sudoers entry did not have any RunAs user's set, running
   "sudo -U otheruser -l" would dereference a NULL pointer.
- Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating
  a I/O files when the "iolog_file" sudoers setting contains six or more Xs.
- Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka
  sudoedit) that could allow a malicious user with sudoedit privileges to edit
  arbitrary files.
firefox Jan 18, 2023, 05:53 PMJan 18, 2023, 05:53 PM
Version: 109.0-alt1
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changelog:
- New release (109.0).
- Security fixes:
  + CVE-2023-23597: Logic bug in process allocation allowed to read arbitrary files
  + CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
  + CVE-2023-23599: Malicious command could be hidden in devtools output on Windows
  + CVE-2023-23600: Notification permissions persisted between Normal and Private Browsing on Android
  + CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation
  + CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
  + CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
  + CVE-2023-23604: Creation of duplicate <code>SystemPrincipal</code> from less secure contexts
  + CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
  + CVE-2023-23606: Memory safety bugs fixed in Firefox 109
libXpm Jan 18, 2023, 11:34 AMJan 18, 2023, 11:34 AM
Version: 3.5.15-alt1
Summary: X Pixmap Library
Changelog:
- 3.5.15 (fixes: CVE-2022-46285, CVE-2022-44617, CVE-2022-4883)
redis Jan 15, 2023, 02:09 AMJan 15, 2023, 02:09 AM
Version: 6.2.8-alt1
Summary: Redis is an advanced key-value store
Changelog:
- New version
- Security fixes:
  + CVE-2022-24736: server crash by a specially crafted Lua script
  + CVE-2022-24735: overcome ACL rules via Lua scripts manipulation
php8.0 Jan 9, 2023, 12:04 PMJan 9, 2023, 12:04 PM
Version: 8.0.27-alt1
Summary: The PHP scripting language
Changelog:
- 8.0.26 -> 8.0.27 (Fixes: CVE-2022-31631)
php8.1 Jan 9, 2023, 11:41 AMJan 9, 2023, 11:41 AM
Version: 8.1.14-alt1
Summary: The PHP scripting language
Changelog:
- 8.1.13 -> 8.1.14 (Fixes: CVE-2022-31631)
dotnet-bootstrap-6.0 Dec 27, 2022, 02:05 AMDec 27, 2022, 02:05 AM
Version: 6.0.12-alt1
Summary: .NET Core SDK binaries
Changelog:
- The .NET 6.0.12 and .NET SDK 6.0.112 releases
- CVE-2022-41032: .NET Elevation of Privilege Vulnerability
- CVE-2022-38013: .NET Denial of Service Vulnerability
- CVE-2022-34716: .NET Information Disclosure Vulnerability
systemd Dec 23, 2022, 01:03 PMDec 23, 2022, 01:03 PM
Version: 251.10-alt1
Summary: System and Session Manager
Changelog:
- 251.10 (Fixes: CVE-2022-4415)
libcairo Dec 22, 2022, 10:23 AMDec 22, 2022, 10:23 AM
Version: 1.16.0-alt2
Summary: Multi-platform 2D graphics library
Changelog:
- cherry pick upstream fixes for CVE-2018-19876, CVE-2020-35492
curl Dec 21, 2022, 11:16 AMDec 21, 2022, 11:16 AM
Version: 7.87.0-alt1
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changelog:
- 7.86.0 -> 7.87.0
- Fixes:
  * CVE-2022-43551: Another HSTS bypass via IDN
  * CVE-2022-43552: HTTP Proxy deny use-after-free
libetpan Dec 20, 2022, 07:34 PMDec 20, 2022, 07:34 PM
Version: 1.9.4-alt3
Summary: This mail library provide a portable, efficient middleware for different kinds of mail access
Changelog:
- Fixed libssl knob.
- Fixed License tag.
- Added Vcs tag.
- Patch from upstream:
  + Fixed crash when st_info_list is NULL (fixes: CVE-2022-4121).
libtiff Dec 18, 2022, 03:00 AMDec 18, 2022, 03:00 AM
Version: 4.4.0-alt2
Summary: Library of functions for manipulating TIFF format image files
Changelog:
- Applied SUSE patches (fixed tiff-CVE-2022-2056, CVE-2022-2057, CVE-2022-2058,
  CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-3597, CVE-2022-3598,
  CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970 and
  CVE-2022-34526) (closes #44499).
samba Dec 15, 2022, 09:51 PMDec 15, 2022, 09:51 PM
Version: 4.16.8-alt1
Summary: The Samba4 CIFS and AD client and server suite
Changelog:
- Update to maintenance release of Samba 4.16 with fixes of the Samba CVE for
  the Windows Kerberos Elevation of Privilege Vulnerability disclosed by
  Microsoft on Nov 8 2022 (CVE-2022-37967, CVE-2022-37966).
- Security fixes:
  + CVE-2022-37966: A Samba Active Directory DC will issue weak rc4-hmac
                    session keys for use between modern clients and servers
                    despite all modern Kerberos implementations supporting
                    the aes256-cts-hmac-sha1-96 cipher.
                    On Samba Active Directory DCs and members
                    'kerberos encryption types = legacy' would force
                    rc4-hmac as a client even if the server supports
                    aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96
                    (Samba#13135, Samba#15219, Samba#15237).
                     https://www.samba.org/samba/security/CVE-2022-37966.html

  + CVE-2022-37967: A service account with the special constrained
                    delegation permission could forge a more powerful
                    ticket than the one it was presented with (Samba#15231).
                     https://www.samba.org/samba/security/CVE-2022-37967.html

  + CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
                    same algorithms as rc4-hmac cryptography in Kerberos,
                    and so must also be assumed to be weak (Samba#15240).
                     https://www.samba.org/samba/security/CVE-2022-38023.html
firefox-esr Dec 14, 2022, 09:34 PMDec 14, 2022, 09:34 PM
Version: 102.6.0-alt1
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
Changelog:
- New ESR version.
- Security fixes
  + CVE-2022-46880 Use-after-free in WebGL
  + CVE-2022-46872 Arbitrary file read from a compromised content process
  + CVE-2022-46881 Memory corruption in WebGL
  + CVE-2022-46874 Drag and Dropped Filenames could have been truncated to malicious extensions
  + CVE-2022-46875 Download Protections were bypassed by .atloc and .ftploc files on Mac OS
  + CVE-2022-46882 Use-after-free in WebGL
  + CVE-2022-46878 Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
prometheus-node_exporter Dec 9, 2022, 06:58 PMDec 9, 2022, 06:58 PM
Version: 1.5.0-alt1
Summary: Prometheus exporter for hardware and OS metrics exposed by *NIX kernels.
Changelog:
- 1.5.0 (Fixes: CVE-2022-46146)
cri-o Dec 8, 2022, 03:39 AMDec 8, 2022, 03:39 AM
Version: 1.24.3-alt1
Summary: Kubernetes Container Runtime Interface for OCI-based containers
Changelog:
- 1.24.3
- Fixes: CVE-2022-1708
helm Dec 8, 2022, 02:04 AMDec 8, 2022, 02:04 AM
Version: 3.10.2-alt1
Summary: The Kubernetes Package Manager
Changelog:
- new version 3.10.2
- (Fixes: CVE-2022-36055 CVE-2022-36049 CVE-2021-32690 CVE-2021-21303)
Back to Top