Security
Jan 4, 2024, 10:57 AM
itop
Version: 3.1.1.1-alt1
Summary: IT Operations Portal
Changelog:
- New version 3.1.1.1 - Security fixes: + CVE-2023-48710 : Restrict pages/exec.php to PHP files + CVE-2023-48709 : Fix CSV injection in Excel from an iTop CSV export file + CVE-2023-46734 : Fix potential XSS vulnerabilities in TWIG CodeExtension filters + CVE-2023-47123 : Fix XSS vulnerability in n:n relations "tagset" widget + CVE-2023-47622 : Fix XSS vulnerabilities in ajax operations + CVE-2023-47626 : Fix XSS vulnerabilities in authent token + CVE-2023-44396 : Fix XSS vulnerabilities in dashlet ajax operations + CVE-2023-43790 : Fix XSS vulnerabilities in friendlyname in object details + CVE-2023-38511 : Fix dashboard allowing to load multiple files and urls + CVE-2023-45808 : Fix object creation in non allowed org by forging http query in both Console and Portal
Dec 25, 2023, 12:08 PM
raptor2
Version: 2.0.16-alt1
Summary: RDF Parser Toolkit for Redland
Changelog:
- new version (fixes: CVE-2017-18926 CVE-2020-25713) (closes: 48916)
Dec 15, 2023, 05:08 PM
libxml2
Version: 2.12.3-alt1
Summary: The library for manipulating XML files
Changelog:
- 2.12.3 (Fixes: CVE-2023-45322)
Dec 6, 2023, 12:02 PM
curl
Version: 8.5.0-alt1
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changelog:
- 8.4.0 -> 8.5.0 - Fixes: * CVE-2023-46218: cookie mixed case PSL bypass * CVE-2023-46219: HSTS long file name clears contents
Dec 5, 2023, 10:22 PM
golang
Version: 1.21.5-alt1
Summary: The Go Programming Language
Changelog:
- New version (1.21.5) (Fixes: CVE-2023-39326, CVE-2023-45285, CVE-2023-45283).
Nov 29, 2023, 05:48 AM
vim
Version: 9.0.2136-alt1
Summary: VIsual editor iMproved
Changelog:
- Updated to v9.0.2136 (fixes CVE-2023-48237, CVE-2023-48236, CVE-2023-48235, CVE-2023-48234, CVE-2023-48233, CVE-2023-48232, CVE-2023-48231).
Nov 28, 2023, 04:54 PM
python3-module-cryptography
Version: 41.0.7-alt1
Summary: Cryptographic recipes and primitives to Python developers
Changelog:
- new version (Fixes: CVE-2023-49083) - fix spec to own dist-info folder (Closes: #48610)
Nov 28, 2023, 09:55 AM
exim
Version: 4.97-alt1
Summary: Exim MTA
Changelog:
- update to 4.97 (fix CVE-2023-42114 ... CVE-2023-42116) - fix RM_COMMAND in scripts (#47254 #47255)
Nov 27, 2023, 11:11 AM
csync2
Version: 2.0-alt3
Summary: Csync2 is a cluster synchronization tool
Changelog:
- added commits from upstream git (Fixes: CVE-2019-15522, CVE-2019-15523)
Nov 24, 2023, 11:27 AM
tang
Nov 23, 2023, 06:36 PM
gnutls30
Version: 3.8.2-alt1
Summary: A TLS protocol implementation
Changelog:
- Dropped obsoleted patch. - Updated to 3.8.2 (closes: #48558) (fixes: CVE-2023-5981).
Nov 23, 2023, 02:54 PM
rabbitmq-c
Nov 22, 2023, 11:15 AM
uwsgi
Version: 2.0.23-alt1
Summary: fast (pure C), self-healing, developer-friendly WSGI server
Changelog:
- update to 2.0.23 (Fixes: CVE-2023-27522)
Nov 9, 2023, 05:57 PM
nginx
Version: 1.24.0-alt5
Summary: Fast HTTP server
Changelog:
- added upstream change 9165:cdda286c0f1b to improve the per-iteration stream handling limit for HTTP2 protocol (in is related to CVE-2023-44487)
Nov 7, 2023, 06:32 PM
libetpan
Version: 1.9.4-alt4
Summary: This mail library provide a portable, efficient middleware for different kinds of mail access
Changelog:
- Patches from upstream git: + Fix buffer overwrite for empty string in remove_trailing_eol (upstream issue #408); + Detect extra data after STARTTLS response and exit (upstrem issue #387) (fixes: CVE-2020-15953); + Missing boundary fix (upstream issue #384); + Fix potential null pointer deferenced (upstream issue #363); + Fix potential null pointer deferenced (upstream issue #361); + Fix potential null pointer deference (upstream issue #348).
Nov 7, 2023, 05:18 PM
redis
Version: 7.2.3-alt1
Summary: Redis is an advanced key-value store
Changelog:
- 7.2.3 (Fixes: CVE-2023-45145)
Nov 2, 2023, 02:56 PM
salt
Version: 3006.4-alt1
Summary: Tool to manage your infrastructure
Changelog:
- New version. - Security fix for CVE-2023-34049.
Oct 24, 2023, 04:41 PM
openssl3
Version: 3.1.4-alt1
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changelog:
- Updated to 3.1.4 (fixes CVE-2023-5363).
Oct 20, 2023, 02:46 PM
apache2-mod_http2
Version: 2.0.25-alt1
Summary: module implementing HTTP/2 for Apache 2
Changelog:
- 2.0.24 -> 2.0.25 (Fixes: CVE-2023-45802)
Oct 19, 2023, 05:11 PM
json-c
Version: 0.17-alt1
Summary: JSON implementation in C
Changelog:
- Updated to 0.17 (Fixes: CVE-2021-32292).
Oct 19, 2023, 04:50 PM
libfastjson
Version: 1.2304.0-alt1
Summary: A JSON implementation in C
Changelog:
- New version 1.2304.0 (Fixed: CVE-2020-12762).
Oct 11, 2023, 11:05 AM
libnghttp2
Oct 11, 2023, 08:36 AM
libcue2
Version: 2.3.0-alt1
Summary: Cue sheet parser library
Changelog:
- new version 2.3.0 (with rpmrb script) - CVE-2023-43641
Oct 7, 2023, 07:00 AM
netatalk
Version: 3.1.18-alt1
Summary: Open Source Apple Filing Protocol(AFP) File Server
Changelog:
- 3.1.18 (fixed CVE-2022-22995)
Oct 4, 2023, 09:14 AM
libX11
Oct 4, 2023, 08:58 AM
libXpm
Sep 29, 2023, 03:25 PM
libppd
Version: 2.0.0-alt1
Summary: Library for retro-fitting legacy printer drivers
Changelog:
- 2.0.0 (Fixes: CVE-2023-4504)
Sep 29, 2023, 08:00 AM
openssl1.1
Version: 1.1.1w-alt1
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changelog:
- Updated to 1.1.1w (fixes CVE-2023-3817, CVE-2023-3446, CVE-2023-4807).
Sep 14, 2023, 10:02 AM
libwebp
Version: 1.3.2-alt1
Summary: Library and tools for the WebP graphics format
Changelog:
- 1.3.2 (fixed CVE-2023-4863)
Aug 16, 2023, 01:37 PM
krb5
Version: 1.21.2-alt1
Summary: The Kerberos network authentication system
Changelog:
- 1.21.2 (Fixes: CVE-2023-39975)
Aug 12, 2023, 07:49 AM
mediawiki
Version: 1.40.0-alt1
Summary: A wiki engine, typical installation (php8.1 with Apache2 and MySQL support)
Changelog:
- new version 1.40.0 (with rpmrb script) - disable AutoReq - (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker. - (T335203, CVE-2023-29197) Upgrade guzzlehttp/psr7 to >= 1.9.1/2.4.5. - (T335612, CVE-2023-36674) Manualthumb bypasses badFile lookup. - (T332889, CVE-2023-36675) XSS in BlockLogFormatter due to unsafe message use.
Jul 24, 2023, 01:32 AM
samba
Version: 4.17.10-alt1
Summary: The Samba4 CIFS and AD client and server suite
Changelog:
- Update to maintenance release of Samba 4.17: + Secure channel faulty since Windows 10/11 update 07/2023 (KB5028166). - Security fixes (Samba#15418): + CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html + CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. https://www.samba.org/samba/security/CVE-2023-3347.html + CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. https://www.samba.org/samba/security/CVE-2023-34966.html + CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. https://www.samba.org/samba/security/CVE-2023-34967.html + CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server- side absolute path of shares and files and directories in search results. https://www.samba.org/samba/security/CVE-2023-34968.html
Jul 13, 2023, 05:12 PM
less
Version: 633-alt1
Summary: A text file browser similar to more, but better
Changelog:
- New version (633). - Security fixes: + CVE-2022-46663: less -R filtering bypass.
Jun 14, 2023, 09:32 AM
yajl
May 27, 2023, 04:58 AM
etcd
Version: 3.5.9-alt1
Summary: A highly-available key value store for shared configuration
Changelog:
- 3.5.9 (Fixes: CVE-2023-32082).
May 27, 2023, 03:54 AM
libtpms
Version: 0.9.6-alt1
Summary: Library providing Trusted Platform Module (TPM) functionality
Changelog:
- New version 0.9.6 (Fixes: CVE-2023-1017, CVE-2023-1018).
May 23, 2023, 12:02 PM
python3-module-requests
Version: 2.31.0-alt1
Summary: HTTP library, written in Python, for human beings
Changelog:
- 2.29.0 -> 2.31.0 (fixes: CVE-2023-32681).
Apr 13, 2023, 03:26 PM
ghostscript
Version: 10.01.1-alt1
Summary: PostScript interpreter and renderer, most printer drivers
Changelog:
- Autobuild version bump to 10.01.1 - (Fixes: CVE-2023-28879)
Apr 8, 2023, 03:00 AM
ctags
Version: 5.8-alt6
Summary: A C programming language indexing and/or cross-reference tool
Changelog:
- Fixed arbitrary command execution via a tag file with a crafted filename (fixes CVE-2022-4515).
Mar 30, 2023, 11:41 AM
libsixel
Version: 1.10.3-alt1
Summary: A SIXEL encoder/decoder implementation
Changelog:
- 1.10.3. - switch to meson. - Security fixes for CVE-2020-11721, CVE-2020-19668.
Mar 29, 2023, 07:29 AM
libmemcached
Version: 1.1.4-alt1
Summary: Client library to the memcached
Changelog:
- 1.1.4 (Fixes CVE-2023-27478) - Change URL to new upstream project - Use CMAKE
Mar 28, 2023, 03:21 PM
dnsmasq
Version: 2.89-alt2
Summary: A lightweight caching nameserver
Changelog:
- Added patches from upstream git: + Avoid undefined behaviour with the ctype(3) functions + Fix --rev-server option + Fix possible SEGV when no servers defined + Set the default maximum DNS UDP packet size to 1232 (fixes: CVE-2023-28450) + Fix DHCPv6 "use multicast" response which previously failed
Mar 21, 2023, 04:53 PM
firejail
Version: 0.9.72-alt1
Summary: Linux namespaces sandbox program
Changelog:
- 0.9.68 -> 0.9.72 (Fixes: CVE-2022-31214)
Mar 9, 2023, 11:59 AM
clamav
Version: 0.103.8-alt1
Summary: Clam Antivirus scanner
Changelog:
- 0.103.8 (CVE-2023-20032, CVE-2023-20052)
Feb 18, 2023, 05:05 PM
tpm2-tss
Feb 15, 2023, 01:10 AM
libbpf
Version: 0.8.1-alt2
Summary: Stand-alone build of libbpf from the Linux kernel
Changelog:
- (Fixes: CVE-2022-3534, CVE-2022-3606).
Feb 14, 2023, 10:03 PM
php8.0
Version: 8.0.28-alt1
Summary: The PHP scripting language
Changelog:
- 8.0.27 -> 8.0.28 (Fixes: CVE-2023-0567, CVE-2023-0568, CVE-2023-0662)
Feb 7, 2023, 07:29 PM
tmux
Jan 21, 2023, 12:40 AM
gem-rails
Version: 6.1.7.1-alt1
Summary: Ruby on Rails
Changelog:
- ^ 6.1.7 -> 6.1.7.1 - ! CVEs + CVE-2023-22794 + CVE-2023-22795 + CVE-2023-22796 + CVE-2023-22792 + CVE-2022-44566
Dec 9, 2022, 12:49 AM
podofo
Version: 0.9.8-alt1
Summary: PDF manipulation library and tools
Changelog:
- new version 0.9.8 (with rpmrb script) - CVE-2021-30469, CVE-2021-30470, CVE-2021-30471, CVE-2021-30472
Dec 5, 2022, 03:48 PM
libarchive
Version: 3.6.1-alt2
Summary: A library for handling streaming archive formats
Changelog:
- security (fixes: CVE-2022-36227)
Nov 28, 2022, 12:58 PM
libopenimageio
Version: 2.3.21.0-alt1
Summary: Library for reading and writing images
Changelog:
- Updated to upstream version 2.3.21.0 (fixes CVE-2022-36354, CVE-2022-41977, CVE-2022-41639, CVE-2022-41988)
Nov 5, 2022, 02:50 PM
libpixman
Nov 3, 2022, 04:58 PM
php7
Version: 7.4.33-alt1
Summary: The PHP7 scripting language
Changelog:
- 7.4.32 -> 7.4.33 (Fixes: CVE-2022-31630, CVE-2022-37454)
Nov 2, 2022, 09:12 AM
perl-DBI
Version: 1.643-alt3
Summary: Database independent interface for Perl
Changelog:
- rename patch lib-DBD-File.pm-fix-CVE-2014-10401.patch - fixes changelog
Oct 29, 2022, 11:07 PM
expat
Version: 2.5.0-alt1
Summary: An XML parser written in C
Changelog:
- Updated to 2.5.0 (fixes: CVE-2022-43680 Fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations, DoS or potentially ACE).
Oct 26, 2022, 04:03 PM
libvncserver
Version: 0.9.13-alt3
Summary: An easy API to write one's own VNC server
Changelog:
- security (fixes: CVE-2020-29260)
Oct 25, 2022, 05:31 PM
arj
Version: 3.10.22-alt9
Summary: An compressor and uncompressor for .arj format archive files
Changelog:
- Fixes patch CVE-2015-0557-security-traversal-dir (ALT #44143).
Oct 18, 2022, 12:14 AM
adcli
Version: 0.9.2-alt1
Summary: Active Directory enrollment
Changelog:
- Add support LDAP add/mod operation to set/change password: + fix unable to join to active directory after KB5008380/CVE-2021-42287 with option '--ldap-passwd'; + https://gitlab.freedesktop.org/realmd/adcli/-/issues/27 - Add support fall back to LDAPS if CLDAP ping was not successful + If the --use-ldaps option is used and there is no reply on the CLDAP 389/udp port adcli will try to send the request to the LDAPS port 636/tcp. - Fix write SID before secret to Samba's db looks like 'net changesecretpw' - Add passwd-user sub-command for (re)set a user password. - Add dont-expire-password option for computer.
Oct 14, 2022, 03:47 PM
aspell
Version: 0.60.8-alt2
Summary: An Open Source interactive spelling checker program
Changelog:
- fixes CVE-2019-25051
Oct 12, 2022, 02:52 PM
lrzsz
Version: 0.12.20-alt2
Summary: Programs for communicating over Z-, Y- & X-modem protocols.
Changelog:
- fixes CVE-2018-10195.
Oct 12, 2022, 07:45 AM
unzip
May 15, 2022, 08:57 PM
xpdf
Version: 4.04-alt1
Summary: The PDF viewer and tools
Changelog:
- Version bump - Many bugfixes, including security, including: Fixes: CVE-2022-24106, CVE-2022-27135
May 15, 2022, 08:53 AM
unrar
Version: 6.1.7-alt1
Summary: RAR unarchiver
Changelog:
- Autobuild version bump to 6.1.7 - Fixes: CVE-2022-30333
May 14, 2022, 12:52 AM
libopenjpeg2.0
Version: 2.5.0-alt1
Summary: JPEG 2000 codec library (API version 2.0)
Changelog:
- 2.5.0 (fixed CVE-2013-4289, CVE-2013-4290, CVE-2019-6988, CVE-2018-20846, CVE-2018-16376, CVE-2021-29338)
Apr 8, 2022, 04:54 AM
gzip
Version: 1.12-alt1
Summary: The GNU data compression program
Changelog:
- gzip: v1.10-31-g34db0a2 -> v1.12-3-g83c65d1 (fixes: CVE-2022-1271).
Feb 10, 2022, 07:20 PM
pgbouncer
Version: 1.16.1-alt1
Summary: Lightweight connection pooler for PostgreSQL
Changelog:
- 1.16.1 (Fixes: CVE-2021-3935).
Feb 3, 2022, 04:52 PM
connman
Version: 1.41-alt1
Summary: ConnMan is a daemon for managing internet connections.
Changelog:
- new version 1.41 (Fixes: CVE-2022-23096, CVE-2022-23097, CVE-2022-23098)
Dec 14, 2021, 03:13 PM
mailman
Version: 2.1.39-alt1
Summary: Mailing list manager with built in web access
Changelog:
- 2.1.38 -> 2.1.39 (fixes for CVE-2021-42097 and CVE-2021-44227).
Nov 11, 2021, 03:28 PM
screen
Version: 4.8.0-alt2
Summary: A screen manager that supports multiple sessions on one terminal
Changelog:
- Applied SUSE combchar.diff to prevent DoS via crafted UTF-8 character sequence (fixes CVE-2021-26937).
Oct 30, 2021, 09:02 AM
libgfbgraph
Version: 0.2.5-alt1
Summary: A GObject library for Facebook Graph API
Changelog:
- 0.2.5 (fixed CVE-2021-39358)
Aug 12, 2021, 01:39 PM
dovecot
Version: 2.3.16-alt1
Summary: Dovecot secure IMAP/POP3 server
Changelog:
- Updated to 2.3.16 (fixes CVE-2021-33515, CVE-2021-29157, CVE-2021-33515, CVE-2021-29157). - Package watch file.
Aug 12, 2021, 12:06 AM
c-ares
Version: 1.17.2-alt1
Summary: A library that performs asynchronous DNS operations
Changelog:
- 1.17.2 (Fixes: CVE-2021-3672)
Jun 27, 2021, 10:12 PM
mediawiki-extensions-Widgets
Version: 1.3.0-alt1git
Summary: Widgets extension allows adding widgets to wiki by just creating pages in Widget namespace
Changelog:
- new version (1.3.0) with rpmgs script - CVE-2020-9382, CVE-2020-35625
Jun 15, 2021, 07:09 PM
gem-rubygems-update
Version: 3.2.19-alt1
Summary: Library packaging and distribution for Ruby
Changelog:
- ^ 3.0.4 -> 3.2.19 - ! CVE-2020-36327, CVE-2021-24105
Apr 28, 2021, 02:38 PM
avahi
Version: 0.8-alt2
Summary: Local network service discovery
Changelog:
- avoid infinite-loop in avahi-daemon (closes: #39357) (fixes: CVE-2021-3468)
Jan 22, 2021, 10:54 AM
shellinabox
Version: 2.20-alt2
Summary: AJAX based terminal emulator exporting a console to the browser
Changelog:
- Applied security fix from upstream (Fixes CVE-2018-16789).
Dec 18, 2020, 10:46 AM
icoutils
Version: 0.32.3-alt1
Summary: Utility for extracting and converting Microsoft icon and cursor files
Changelog:
- Updated to upstream version 0.32.3 (Fixes: CVE-2017-5208, CVE-2017-5331, CVE-2017-5332, CVE-2017-5333).
Dec 17, 2020, 04:07 PM
dnstracer
Version: 1.9-alt2
Summary: A tool to trace DNS queries
Changelog:
- Applied security patch from Gentoo (Fixes: CVE-2017-9430).
Dec 17, 2020, 12:24 PM
mgetty
Version: 1.2.1-alt1
Summary: A getty replacement for use with data and fax modems
Changelog:
- Updated to upstream version 1.2.1 (Fixes: CVE-2018-16741, CVE-2018-16742, CVE-2018-16743, CVE-2018-16744, CVE-2018-16745, CVE-2019-1010189, CVE-2019-1010190).
Dec 9, 2020, 02:46 PM
3proxy
Version: 0.6.1-alt2
Summary: Proxy server
Changelog:
- Applied security fix from upstream (Fixes: CVE-2019-14495).
Dec 9, 2020, 01:25 PM
mupdf
Version: 1.18.0-alt1
Summary: A lightweight PDF viewer and toolkit
Changelog:
- Updated to upstream version 1.18.0 (Fixes: CVE-2017-5991, CVE-2018-10289, CVE-2018-16647, CVE-2018-16648, CVE-2019-14975, CVE-2020-26519).
Dec 8, 2020, 05:39 PM
irssi
Version: 1.2.2-alt1
Summary: Modular text mode IRC client with Perl scripting
Changelog:
- Updated to upstream version 1.2.2 (Fixes: CVE-2019-13045, CVE-2019-15717).
Dec 8, 2020, 11:09 AM
lout
Version: 3.40-alt4
Summary: The Lout document formatting language
Changelog:
- Applied security patch from Fedora (Fixes: CVE-2019-19917, CVE-2019-19918)
Nov 20, 2020, 12:52 PM
jbig2dec
Version: 0.19-alt1
Summary: A decoder implementation of the JBIG2 image compression format
Changelog:
- Updated to upstream version 0.19 (Fixes: CVE-2016-9601, CVE-2020-12268).
Nov 5, 2020, 11:33 AM
mimetex
Version: 1.76-alt1
Summary: Mimetex ets you easily embed LaTeX math in your html pages
Changelog:
- Updated to version 1.76 from Debian (Fixes: CVE-2009-1382, CVE-2009-2459).
Nov 2, 2020, 05:47 PM
unace
Version: 1.2b-alt5
Summary: ACE unarchiver
Changelog:
- Cleaned up sources by importing sources from Debian. - Forced using system build flags. - Updated fix for CVE-2015-2063.
Oct 29, 2020, 06:33 PM
antiword
Version: 0.37-alt4
Summary: Antiword an application to display Microsoft(R) Word files
Changelog:
- Applied patches from Debian (Fixes: CVE-2014-8123).
Oct 27, 2020, 12:48 PM
snmptt
Version: 1.4.2-alt1
Summary: An SNMP trap handler written in Perl
Changelog:
- Updated to upstream version 1.4.2 (Fixes: CVE-2020-24361).
Oct 22, 2020, 03:07 PM
xli
Version: 1.17.0-alt9
Summary: X11 Image Loading Utility
Changelog:
- Applied patches from Debian (Fixes: CVE-2005-3178).
Oct 22, 2020, 10:43 AM
pstotext
Version: 1.9-alt3
Summary: PostScript to text converter
Changelog:
- Applied patches from Debian and Gentoo (Fixes: CVE-2005-2536, CVE-2006-5869). - Build now respects %optflags.
Aug 22, 2019, 02:30 PM
rzip
Version: 2.1-alt3
Summary: A large-file compression program
Changelog:
- Applied security fix from Gentoo (Fixes: CVE-2017-8364)
Sep 27, 2017, 04:16 PM
libwmf
Version: 0.2.8.4-alt13
Summary: A library to convert wmf files
Changelog:
- Secutity (Fixes: CVE-2015-0848, CVE-2015-4588, CVE-2015-4695, CVE-2015-4696, CVE-2016-9011)
Jan 27, 2015, 03:47 AM
pxz
Version: 4.999.9beta-alt3
Summary: Parallel LZMA compressor using liblzma
Changelog:
- CVE-2015-1200 fix (patch from debian bug #775306)