chromium Jan 30, 2023, 06:29 PM | Jan 30, 2023, 06:29 PM |
Version: 109.0.5414.119-alt1
|
Summary: An open source web browser developed by Google
|
Changelog: |
- New version (109.0.5414.119).
- Add a workaround to make the https_proxy environment variable work (ALT#44986).
- Security fixes:
- CVE-2023-0471: Use after free in WebTransport.
- CVE-2023-0472: Use after free in WebRTC.
- CVE-2023-0473: Type Confusion in ServiceWorker API.
- CVE-2023-0474: Use after free in GuestView. |
bind Jan 25, 2023, 08:52 PM | Jan 25, 2023, 08:52 PM |
Version: 9.16.37-alt1
|
Summary: ISC BIND - DNS server
|
Changelog: |
- 9.16.36 -> 9.16.37 (fixes: CVE-2022-3094, CVE-2022-3736, CVE-2022-3924). |
thunderbird Jan 24, 2023, 10:34 AM | Jan 24, 2023, 10:34 AM |
Version: 102.7.0-alt1
|
Summary: Thunderbird is Mozilla's e-mail client
|
Changelog: |
- New version.
- Security fixes:
+ CVE-2022-46871 libusrsctp library out of date
+ CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux
+ CVE-2023-23599 Malicious command could be hidden in devtools output on Windows
+ CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation
+ CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
+ CVE-2022-46877 Fullscreen notification bypass
+ CVE-2023-23603 Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
+ CVE-2023-23605 Memory safety bugs fixed in Thunderbird 102.7 |
sudo Jan 22, 2023, 08:28 PM | Jan 22, 2023, 08:28 PM |
Version: 1.9.12p2-alt1
|
Summary: Allows command execution as another user
|
Changelog: |
- Update to latest stable bugfix and security release (closes: 44965).
- Fixed a compilation error on Linux/aarch64 (GitHub#197).
- Fixed a potential crash introduced in the fix for (GitHub#134):
+ If a user's sudoers entry did not have any RunAs user's set, running
"sudo -U otheruser -l" would dereference a NULL pointer.
- Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating
a I/O files when the "iolog_file" sudoers setting contains six or more Xs.
- Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka
sudoedit) that could allow a malicious user with sudoedit privileges to edit
arbitrary files. |
firefox Jan 18, 2023, 05:53 PM | Jan 18, 2023, 05:53 PM |
Version: 109.0-alt1
|
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
|
Changelog: |
- New release (109.0).
- Security fixes:
+ CVE-2023-23597: Logic bug in process allocation allowed to read arbitrary files
+ CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
+ CVE-2023-23599: Malicious command could be hidden in devtools output on Windows
+ CVE-2023-23600: Notification permissions persisted between Normal and Private Browsing on Android
+ CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation
+ CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
+ CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
+ CVE-2023-23604: Creation of duplicate <code>SystemPrincipal</code> from less secure contexts
+ CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
+ CVE-2023-23606: Memory safety bugs fixed in Firefox 109 |
libXpm Jan 18, 2023, 11:34 AM | Jan 18, 2023, 11:34 AM |
Version: 3.5.15-alt1
|
Summary: X Pixmap Library
|
Changelog: |
- 3.5.15 (fixes: CVE-2022-46285, CVE-2022-44617, CVE-2022-4883) |
redis Jan 15, 2023, 02:09 AM | Jan 15, 2023, 02:09 AM |
Version: 6.2.8-alt1
|
Summary: Redis is an advanced key-value store
|
Changelog: |
- New version
- Security fixes:
+ CVE-2022-24736: server crash by a specially crafted Lua script
+ CVE-2022-24735: overcome ACL rules via Lua scripts manipulation |
php8.0 Jan 9, 2023, 12:04 PM | Jan 9, 2023, 12:04 PM |
Version: 8.0.27-alt1
|
Summary: The PHP scripting language
|
Changelog: |
- 8.0.26 -> 8.0.27 (Fixes: CVE-2022-31631) |
php8.1 Jan 9, 2023, 11:41 AM | Jan 9, 2023, 11:41 AM |
Version: 8.1.14-alt1
|
Summary: The PHP scripting language
|
Changelog: |
- 8.1.13 -> 8.1.14 (Fixes: CVE-2022-31631) |
dotnet-bootstrap-6.0 Dec 27, 2022, 02:05 AM | Dec 27, 2022, 02:05 AM |
Version: 6.0.12-alt1
|
Summary: .NET Core SDK binaries
|
Changelog: |
- The .NET 6.0.12 and .NET SDK 6.0.112 releases
- CVE-2022-41032: .NET Elevation of Privilege Vulnerability
- CVE-2022-38013: .NET Denial of Service Vulnerability
- CVE-2022-34716: .NET Information Disclosure Vulnerability |
systemd Dec 23, 2022, 01:03 PM | Dec 23, 2022, 01:03 PM |
Version: 251.10-alt1
|
Summary: System and Session Manager
|
Changelog: |
- 251.10 (Fixes: CVE-2022-4415) |
libcairo Dec 22, 2022, 10:23 AM | Dec 22, 2022, 10:23 AM |
Version: 1.16.0-alt2
|
Summary: Multi-platform 2D graphics library
|
Changelog: |
- cherry pick upstream fixes for CVE-2018-19876, CVE-2020-35492 |
curl Dec 21, 2022, 11:16 AM | Dec 21, 2022, 11:16 AM |
Version: 7.87.0-alt1
|
Summary: Gets a file from a FTP, GOPHER or HTTP server
|
Changelog: |
- 7.86.0 -> 7.87.0
- Fixes:
* CVE-2022-43551: Another HSTS bypass via IDN
* CVE-2022-43552: HTTP Proxy deny use-after-free |
libetpan Dec 20, 2022, 07:34 PM | Dec 20, 2022, 07:34 PM |
Version: 1.9.4-alt3
|
Summary: This mail library provide a portable, efficient middleware for different kinds of mail access
|
Changelog: |
- Fixed libssl knob.
- Fixed License tag.
- Added Vcs tag.
- Patch from upstream:
+ Fixed crash when st_info_list is NULL (fixes: CVE-2022-4121). |
libtiff Dec 18, 2022, 03:00 AM | Dec 18, 2022, 03:00 AM |
Version: 4.4.0-alt2
|
Summary: Library of functions for manipulating TIFF format image files
|
Changelog: |
- Applied SUSE patches (fixed tiff-CVE-2022-2056, CVE-2022-2057, CVE-2022-2058,
CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-3597, CVE-2022-3598,
CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970 and
CVE-2022-34526) (closes #44499). |
samba Dec 15, 2022, 09:51 PM | Dec 15, 2022, 09:51 PM |
Version: 4.16.8-alt1
|
Summary: The Samba4 CIFS and AD client and server suite
|
Changelog: |
- Update to maintenance release of Samba 4.16 with fixes of the Samba CVE for
the Windows Kerberos Elevation of Privilege Vulnerability disclosed by
Microsoft on Nov 8 2022 (CVE-2022-37967, CVE-2022-37966).
- Security fixes:
+ CVE-2022-37966: A Samba Active Directory DC will issue weak rc4-hmac
session keys for use between modern clients and servers
despite all modern Kerberos implementations supporting
the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy' would force
rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96
(Samba#13135, Samba#15219, Samba#15237).
https://www.samba.org/samba/security/CVE-2022-37966.html
+ CVE-2022-37967: A service account with the special constrained
delegation permission could forge a more powerful
ticket than the one it was presented with (Samba#15231).
https://www.samba.org/samba/security/CVE-2022-37967.html
+ CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
same algorithms as rc4-hmac cryptography in Kerberos,
and so must also be assumed to be weak (Samba#15240).
https://www.samba.org/samba/security/CVE-2022-38023.html |
firefox-esr Dec 14, 2022, 09:34 PM | Dec 14, 2022, 09:34 PM |
Version: 102.6.0-alt1
|
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
|
Changelog: |
- New ESR version.
- Security fixes
+ CVE-2022-46880 Use-after-free in WebGL
+ CVE-2022-46872 Arbitrary file read from a compromised content process
+ CVE-2022-46881 Memory corruption in WebGL
+ CVE-2022-46874 Drag and Dropped Filenames could have been truncated to malicious extensions
+ CVE-2022-46875 Download Protections were bypassed by .atloc and .ftploc files on Mac OS
+ CVE-2022-46882 Use-after-free in WebGL
+ CVE-2022-46878 Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6 |
prometheus-node_exporter Dec 9, 2022, 06:58 PM | Dec 9, 2022, 06:58 PM |
Version: 1.5.0-alt1
|
Summary: Prometheus exporter for hardware and OS metrics exposed by *NIX kernels.
|
Changelog: |
- 1.5.0 (Fixes: CVE-2022-46146) |
cri-o Dec 8, 2022, 03:39 AM | Dec 8, 2022, 03:39 AM |
Version: 1.24.3-alt1
|
Summary: Kubernetes Container Runtime Interface for OCI-based containers
|
Changelog: |
- 1.24.3
- Fixes: CVE-2022-1708 |
helm Dec 8, 2022, 02:04 AM | Dec 8, 2022, 02:04 AM |
Version: 3.10.2-alt1
|
Summary: The Kubernetes Package Manager
|
Changelog: |
- new version 3.10.2
- (Fixes: CVE-2022-36055 CVE-2022-36049 CVE-2021-32690 CVE-2021-21303) |