Security

openvpn May 21, 2022, 07:21 AMMay 21, 2022, 07:21 AM
Version: 2.5.6-alt1
Summary: a full-featured SSL VPN solution
Changelog:
- New version (Closes: 42217)
- Security fixes:
  + CVE-2022-0547: possible authentication bypass if multiple
    authentication plugins tries to do deferred authentication
- Fix build with new python3-module-docutils
clamav May 20, 2022, 01:30 PMMay 20, 2022, 01:30 PM
Version: 0.103.6-alt1
Summary: Clam Antivirus scanner
Changelog:
- 0.103.6
  + CVE-2022-20770
  + CVE-2022-20796
  + CVE-2022-20771
  + CVE-2022-20785
  + CVE-2022-20792
xpdf May 15, 2022, 08:57 PMMay 15, 2022, 08:57 PM
Version: 4.04-alt1
Summary: The PDF viewer and tools
Changelog:
- Version bump
- Many bugfixes, including security, including:
  Fixes: CVE-2022-24106, CVE-2022-27135
unrar May 15, 2022, 08:53 AMMay 15, 2022, 08:53 AM
Version: 6.1.7-alt1
Summary: RAR unarchiver
Changelog:
- Autobuild version bump to 6.1.7
- Fixes: CVE-2022-30333
libopenjpeg2.0 May 14, 2022, 12:52 AMMay 14, 2022, 12:52 AM
Version: 2.5.0-alt1
Summary: JPEG 2000 codec library (API version 2.0)
Changelog:
- 2.5.0 (fixed CVE-2013-4289, CVE-2013-4290, CVE-2019-6988, 
  CVE-2018-20846, CVE-2018-16376, CVE-2021-29338)
curl May 11, 2022, 11:29 AMMay 11, 2022, 11:29 AM
Version: 7.83.1-alt1
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changelog:
- 7.83.1
- Fixes:
  * CVE-2022-30115: HSTS bypass via trailing dot
  * CVE-2022-27782: TLS and SSH connection too eager reuse
  * CVE-2022-27781: CERTINFO never-ending busy-loop
  * CVE-2022-27780: percent-encoded path separator in URL host
  * CVE-2022-27779: cookie for trailing dot TLD
  * CVE-2022-27778: curl removes wrong file on error
libxml2 May 2, 2022, 10:20 PMMay 2, 2022, 10:20 PM
Version: 2.9.14-alt1
Summary: The library for manipulating XML files
Changelog:
- 2.9.14 (Fixes: CVE-2022-29824, CVE-2022-23308)
subversion Apr 15, 2022, 02:16 PMApr 15, 2022, 02:16 PM
Version: 1.14.2-alt1
Summary: A version control system
Changelog:
- New version.
- Security fixes:
  + CVE-2021-28544 Subversion servers reveal copyfrom paths that should be hidden according to configured path-based authorization (authz) rules.
  + CVE-2022-24070 mod_dav_svn is prone to a use-after-free vulnerability when looking up path-based authorization rules, which can result in denial of service (crash of HTTPD worker handling the request).
python3-module-django Apr 12, 2022, 08:26 AMApr 12, 2022, 08:26 AM
Version: 3.2.13-alt1
Summary: A high-level Python 3 Web framework that encourages rapid development and clean, pragmatic design.
Changelog:
- 3.2.12 -> 3.2.13
- Fixes:
  * CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra()
  * CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL
zlib Mar 28, 2022, 02:05 AMMar 28, 2022, 02:05 AM
Version: 1.2.12-alt1
Summary: The zlib compression and decompression library
Changelog:
- v1.2.11 -> v1.2.12 (fixes: CVE-2018-25032).
apache2 Mar 20, 2022, 02:55 PMMar 20, 2022, 02:55 PM
Version: 2.4.53-alt1
Summary: The most widely used Web server on the Internet
Changelog:
- 2.4.53 (Fixes:  CVE-2022-23943, CVE-2022-22721,  CVE-2022-22720, CVE-2022-22719)
bind Mar 17, 2022, 04:28 PMMar 17, 2022, 04:28 PM
Version: 9.11.37-alt1
Summary: ISC BIND - DNS server
Changelog:
- 9.11.36 -> 9.11.37 (fixes: CVE-2021-25220).
krb5 Mar 15, 2022, 01:17 PMMar 15, 2022, 01:17 PM
Version: 1.19.3-alt1
Summary: The Kerberos network authentication system
Changelog:
- 1.19.2 (Fixes: CVE-2021-37750)
python Mar 12, 2022, 04:28 PMMar 12, 2022, 04:28 PM
Version: 2.7.18-alt9
Summary: An interpreted, interactive object-oriented programming language
Changelog:
- Security update (fixed: CVE-2021-4189 and CVE-2022-0391);
- Fixed FTBFS against libexpat >= 2.4.5.
expat Mar 9, 2022, 10:54 AMMar 9, 2022, 10:54 AM
Version: 2.4.7-alt1
Summary: An XML parser written in C
Changelog:
- Updated to 2.4.7 (relax fix to CVE-2022-25236).
xorg-server Mar 8, 2022, 12:41 AMMar 8, 2022, 12:41 AM
Version: 1.20.13-alt2.E2K.1
Summary: Xserver - X Window System display server
Changelog:
- E2K:
  + added mcst patches, mostly as-is except:
    - 0003-Add-copy-optimizations.patch: partially obsolete
    - 0006-Add-bug-workaround.patch: obsolete for arch > e2kv2
    - 0010-Restore-DRI1-support.{add,mod}.patch: need more reverts
    - 0040-Fix-CVE-2018-14665.patch: applied elsewhere upstream
    and specifically, including:
    - 0010-restore-DRI1-support-for-e1c.patch
    - mga2 related patch from mcst#5155
  + warning-related ftbfs workarounds
polkit Mar 8, 2022, 12:02 AMMar 8, 2022, 12:02 AM
Version: 0.115-alt2.2
Summary: PolicyKit Authorization Framework
Changelog:
- NMU (fixes: CVE-2021-4034).
- Applied upstream fix for a trivially exploitable local root vulnerability,
  see https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
ffmpeg3.3 Mar 7, 2022, 10:46 PMMar 7, 2022, 10:46 PM
Version: 3.3.9-alt2.E2K.1
Summary: A command line toolbox to manipulate, convert and stream multimedia content
Changelog:
- E2K: apply mcst patches, including CVE-2018-6621 fix
tcpreplay Feb 23, 2022, 09:56 AMFeb 23, 2022, 09:56 AM
Version: 4.4.1-alt1
Summary: A tool to replay captured network traffic
Changelog:
- 4.4.1 (Fixes: CVE-2021-45387, CVE-2021-45386)
php7 Feb 19, 2022, 11:19 AMFeb 19, 2022, 11:19 AM
Version: 7.4.28-alt1
Summary: The PHP7 scripting language
Changelog:
- 7.4.28 (Fixes: CVE-2021-21708)
zsh Feb 12, 2022, 10:06 PMFeb 12, 2022, 10:06 PM
Version: 5.8.1-alt1
Summary: A shell with lots of features
Changelog:
- 5.8 -> 5.8.1.
- Fixes:
  + CVE-2021-45444
connman Feb 3, 2022, 04:52 PMFeb 3, 2022, 04:52 PM
Version: 1.41-alt1
Summary: ConnMan is a daemon for managing internet connections.
Changelog:
- new version 1.41 (Fixes: CVE-2022-23096, CVE-2022-23097, CVE-2022-23098)
flatpak Jan 19, 2022, 02:12 PMJan 19, 2022, 02:12 PM
Version: 1.12.4-alt1
Summary: Application deployment framework for desktop apps
Changelog:
- 1.12.4 (fixed CVE-2022-21682, CVE-2021-43860)
cryptsetup Jan 18, 2022, 02:22 AMJan 18, 2022, 02:22 AM
Version: 2.4.3-alt1
Summary: Utility to setup a encrypted disks with LUKS support
Changelog:
- 2.4.3 (Fixes: CVE-2021-4122).
mailman Dec 14, 2021, 03:13 PMDec 14, 2021, 03:13 PM
Version: 2.1.39-alt1
Summary: Mailing list manager with built in web access
Changelog:
- 2.1.38 -> 2.1.39 (fixes for CVE-2021-42097 and CVE-2021-44227).
lldpd Dec 2, 2021, 01:02 AMDec 2, 2021, 01:02 AM
Version: 1.0.13-alt1
Summary: Link Layer Discovery Protocol Daemon
Changelog:
- new version 1.0.13 (Fixes: CVE-2021-43612)
- migrate /var/run -> /run
freeswitch Nov 26, 2021, 01:39 PMNov 26, 2021, 01:39 PM
Version: 1.10.7-alt1
Summary: FreeSWITCH open source telephony platform
Changelog:
- 1.10.6 -> 1.10.7 (Fixes: CVE-2021-41158, CVE-2021-41145, CVE-2021-41157,
  CVE-2021-41105, CVE-2021-37624, CVE-2021-36513)
redis Nov 20, 2021, 03:26 PMNov 20, 2021, 03:26 PM
Version: 6.2.6-alt1
Summary: Redis is an advanced key-value store
Changelog:
- New version
- Security fixes:
  + CVE-2021-41099: buffer overflow with non-default configuration
  + CVE-2021-32762: buffer overflow issue in redis-cli and redis-sentinel
  + CVE-2021-32687: buffer overflow with non-default configuration
  + CVE-2021-32675: Denial Of Service when processing RESP request payloads
  + CVE-2021-32672: random heap reading issue with Lua Debugger
  + CVE-2021-32628: buffer overflow with non-default configuration
  + CVE-2021-32627: buffer overflow with non-default configuration
  + CVE-2021-32626: Lua scripts may result with Heap buffer overflow
  + CVE-2021-32761: integer overflow in BITFIELD on 32-bit versions
screen Nov 11, 2021, 03:28 PMNov 11, 2021, 03:28 PM
Version: 4.8.0-alt2
Summary: A screen manager that supports multiple sessions on one terminal
Changelog:
- Applied SUSE combchar.diff to prevent DoS via crafted UTF-8 character
  sequence (fixes CVE-2021-26937).
gptfdisk Nov 1, 2021, 02:01 PMNov 1, 2021, 02:01 PM
Version: 1.0.8-alt1
Summary: GPT partitioning and MBR repair software
Changelog:
- 1.0.8 (Fixes: CVE-2020-0256, CVE-2021-0308)
Back to Top