Security
May 30, 2023, 03:00 PM
openssl1.1
Version: 1.1.1u-alt1
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changelog:
- Updated to 1.1.1u (fixes CVE-2023-2650).
May 27, 2023, 05:06 AM
python3-module-django
Version: 3.2.19-alt1
Summary: A high-level Python 3 Web framework that encourages rapid development and clean, pragmatic design.
Changelog:
- New version 3.2.19. - Fixes for the following security vulnerabilities: + CVE-2023-31047 Potential bypass of validation when uploading multiple files using one form field
May 27, 2023, 04:58 AM
etcd
Version: 3.5.9-alt1
Summary: A highly-available key value store for shared configuration
Changelog:
- 3.5.9 (Fixes: CVE-2023-32082).
May 27, 2023, 03:54 AM
libtpms
Version: 0.9.6-alt1
Summary: Library providing Trusted Platform Module (TPM) functionality
Changelog:
- New version 0.9.6 (Fixes: CVE-2023-1017, CVE-2023-1018).
May 23, 2023, 12:02 PM
python3-module-requests
Version: 2.31.0-alt1
Summary: HTTP library, written in Python, for human beings
Changelog:
- 2.29.0 -> 2.31.0 (fixes: CVE-2023-32681).
May 21, 2023, 01:14 PM
samba
Version: 4.17.8-alt1
Summary: The Samba4 CIFS and AD client and server suite
Changelog:
- Update to maintenance release of Samba 4.18:
+ log flood: smbd_calculate_access_mask_fsp: Access denied: message level
should be lower (Samba#15302).
+ Floating point exception (FPE) via cli_pull_send at
source3/libsmb/clireadwrite.c (Samba#15306).
+ Reduce flapping of ridalloc test (Samba#15329).
+ large_ldap test is unreliable (Samba#15351).
+ New filename parser doesn't check veto files smb.conf parameter (Samba#15143).
+ mdssvc may crash when initializing (Samba#15354).
+ Large directory optimization broken for non-lcomp path elements (Samba#15313).
+ streams_depot fails to create streams (Samba#15357).
+ shadow_copy2 and streams_depot don't play well together (Samba#15358).
+ wbinfo -u fails on ad dc with >1000 users (Samba#15366).
+ winbindd idmap child contacts the domain controller without a
need (Samba#15317).
+ idmap_autorid may fail to map sids of trusted domains for the first
time (Samba#15318).
+ idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings (Samba#15319).
+ net ads search -P doesn't work against servers in other domains (Samba#15323).
+ DS ACEs might be inherited to unrelated object classes (Samba#15338).
+ Temporary smbXsrv_tcon_global.tdb can't be parsed (Samba#15353).
+ Setting veto files = /.*/ break listing directories (Samba#15360).
+ CVE-2020-25720 [SECURITY] Create Child permission should not
allow full write to all attributes (additional changes) (Samba#14810).
+ Reduce flapping of ridalloc test (Samba#15329).
+ dsgetdcname: assumes local system uses IPv4 (Samba#15325).May 4, 2023, 03:05 PM
wireshark
Version: 4.0.5-alt1
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changelog:
- 4.0.5
- Fixes:
* CVE-2023-1994 GQUIC dissector crash.
* CVE-2023-1993 LISP dissector large loop.
* CVE-2023-1992 RPCoRDMA dissector crash.
* CVE-2023-1161 ISO 15765 and ISO 10681 dissector crash.May 3, 2023, 09:20 PM
openvswitch
Version: 2.17.6-alt1
Summary: An open source, production quality, multilayer virtual switch
Changelog:
- 2.17.6 (Fixes: CVE-2021-3905, CVE-2023-1668, CVE-2022-4337, CVE-2022-4338)
May 2, 2023, 09:30 PM
golang
Version: 1.20.4-alt1
Summary: The Go Programming Language
Changelog:
- New version (1.20.4) (Fixes: CVE-2023-24539, CVE-2023-24540, CVE-2023-29400)
Apr 25, 2023, 11:28 PM
libxml2
Version: 2.10.4-alt1
Summary: The library for manipulating XML files
Changelog:
- 2.10.4 (Fixes: CVE-2023-29469, CVE-2023-28484)
Apr 17, 2023, 10:15 PM
git
Version: 2.33.8-alt1
Summary: Git core and tools
Changelog:
- 2.33.7 -> 2.33.8 (fixes: CVE-2023-25652, CVE-2023-25815, CVE-2023-29007).
Apr 13, 2023, 03:26 PM
ghostscript
Version: 10.01.1-alt1
Summary: PostScript interpreter and renderer, most printer drivers
Changelog:
- Autobuild version bump to 10.01.1 - (Fixes: CVE-2023-28879)
Apr 8, 2023, 03:00 AM
ctags
Version: 5.8-alt6
Summary: A C programming language indexing and/or cross-reference tool
Changelog:
- Fixed arbitrary command execution via a tag file with a crafted filename (fixes CVE-2022-4515).
Mar 30, 2023, 11:41 AM
libsixel
Version: 1.10.3-alt1
Summary: A SIXEL encoder/decoder implementation
Changelog:
- 1.10.3. - switch to meson. - Security fixes for CVE-2020-11721, CVE-2020-19668.
Mar 29, 2023, 12:03 PM
libmicrohttpd
Version: 0.9.76-alt1
Summary: Library providing compact API and implementation of an HTTP/1.1 webserver
Changelog:
- 0.9.76 released (fixes: CVE-2023-27371)
Mar 29, 2023, 07:29 AM
libmemcached
Version: 1.1.4-alt1
Summary: Client library to the memcached
Changelog:
- 1.1.4 (Fixes CVE-2023-27478) - Change URL to new upstream project - Use CMAKE
Mar 28, 2023, 03:21 PM
dnsmasq
Version: 2.89-alt2
Summary: A lightweight caching nameserver
Changelog:
- Added patches from upstream git:
+ Avoid undefined behaviour with the ctype(3) functions
+ Fix --rev-server option
+ Fix possible SEGV when no servers defined
+ Set the default maximum DNS UDP packet size to 1232
(fixes: CVE-2023-28450)
+ Fix DHCPv6 "use multicast" response which previously failedMar 21, 2023, 04:53 PM
firejail
Version: 0.9.72-alt1
Summary: Linux namespaces sandbox program
Changelog:
- 0.9.68 -> 0.9.72 (Fixes: CVE-2022-31214)
Mar 20, 2023, 06:36 PM
flatpak
Version: 1.14.4-alt1
Summary: Application deployment framework for desktop apps
Changelog:
- 1.14.4 (fixed CVE-2023-28100, CVE-2023-28101)
Mar 13, 2023, 11:01 PM
node
Version: 16.19.1-alt1
Summary: Evented I/O for V8 Javascript
Changelog:
- new version 16.19.1 (with rpmrb script) - CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High) - CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) - CVE-2023-23920: Node.js insecure loading of ICU data through ICU\_DATA environment variable (Low) - CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium) - CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low) - set openssl >= 1.1.1s - set npm >= 8.19.3
Mar 9, 2023, 11:59 AM
clamav
Version: 0.103.8-alt1
Summary: Clam Antivirus scanner
Changelog:
- 0.103.8 (CVE-2023-20032, CVE-2023-20052)
Feb 27, 2023, 02:59 PM
net-snmp40
Version: 5.9.3-alt1
Summary: Tools and servers for the SNMP protocol
Changelog:
- 5.9.3 - Fixes: CVE-2022-44792, CVE-2022-44793 - Add patches from fedora. - Drop libucd-snmp and libucd-snmp-devel packages. - Drop net-snmp-config package and move script net-snmp-config to devel. - Add libnet-snmp-agent package and move agent library.
Feb 18, 2023, 05:05 PM
tpm2-tss
Version: 4.0.1-alt1
Summary: TPM2.0 Software Stack
Changelog:
- 4.0.1 (Fixes: CVE-2023-22745)
Feb 17, 2023, 03:12 PM
gnutls30
Version: 3.7.9-alt1
Summary: A TLS protocol implementation
Changelog:
- Updated to 3.7.9 (fixes: CVE-2023-0361).
Feb 15, 2023, 01:10 AM
libbpf
Version: 0.8.1-alt2
Summary: Stand-alone build of libbpf from the Linux kernel
Changelog:
- (Fixes: CVE-2022-3534, CVE-2022-3606).
Feb 14, 2023, 10:03 PM
php8.0
Version: 8.0.28-alt1
Summary: The PHP scripting language
Changelog:
- 8.0.27 -> 8.0.28 (Fixes: CVE-2023-0567, CVE-2023-0568, CVE-2023-0662)
Feb 7, 2023, 07:29 PM
tmux
Version: 3.3a-alt2
Summary: Terminal multiplexer
Changelog:
- (Fixes: CVE-2022-47016).
Jan 18, 2023, 11:34 AM
libXpm
Version: 3.5.15-alt1
Summary: X Pixmap Library
Changelog:
- 3.5.15 (fixes: CVE-2022-46285, CVE-2022-44617, CVE-2022-4883)
Jan 15, 2023, 02:09 AM
redis
Version: 6.2.8-alt1
Summary: Redis is an advanced key-value store
Changelog:
- New version - Security fixes: + CVE-2022-24736: server crash by a specially crafted Lua script + CVE-2022-24735: overcome ACL rules via Lua scripts manipulation
Dec 23, 2022, 01:03 PM
systemd
Version: 251.10-alt1
Summary: System and Session Manager
Changelog:
- 251.10 (Fixes: CVE-2022-4415)
Dec 20, 2022, 07:34 PM
libetpan
Version: 1.9.4-alt3
Summary: This mail library provide a portable, efficient middleware for different kinds of mail access
Changelog:
- Fixed libssl knob. - Fixed License tag. - Added Vcs tag. - Patch from upstream: + Fixed crash when st_info_list is NULL (fixes: CVE-2022-4121).
Dec 5, 2022, 03:48 PM
libarchive
Version: 3.6.1-alt2
Summary: A library for handling streaming archive formats
Changelog:
- security (fixes: CVE-2022-36227)
Nov 14, 2022, 08:00 PM
qemu
Version: 7.1.0-alt1
Summary: QEMU CPU Emulator
Changelog:
- 7.1.0 (Fixes: CVE-2020-14394, CVE-2022-0216).
Nov 10, 2022, 05:19 PM
gmp
Version: 6.2.1-alt5
Summary: GNU MP arbitrary precision arithmetic library
Changelog:
- Backported upstream commit "mpz/inp_raw.c: Avoid bit size overflows" (thx Marco Bodrato) (fixes CVE-2021-43618).
Nov 8, 2022, 08:01 AM
ntfs-3g
Version: 2021.8.22-alt2
Summary: third generation Linux NTFS driver
Changelog:
- Fixes (CVE-2021-46790, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789, CVE-2022-40284)
Nov 5, 2022, 02:50 PM
libpixman
Version: 0.42.2-alt1
Summary: Pixel manipulation library
Changelog:
- 0.42.2 (fixed CVE-2022-44638)
Nov 2, 2022, 09:12 AM
perl-DBI
Version: 1.643-alt3
Summary: Database independent interface for Perl
Changelog:
- rename patch lib-DBD-File.pm-fix-CVE-2014-10401.patch - fixes changelog
Oct 29, 2022, 11:07 PM
expat
Version: 2.5.0-alt1
Summary: An XML parser written in C
Changelog:
- Updated to 2.5.0 (fixes: CVE-2022-43680 Fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations, DoS or potentially ACE).
Oct 26, 2022, 04:03 PM
libvncserver
Version: 0.9.13-alt3
Summary: An easy API to write one's own VNC server
Changelog:
- security (fixes: CVE-2020-29260)
Oct 25, 2022, 05:31 PM
arj
Version: 3.10.22-alt9
Summary: An compressor and uncompressor for .arj format archive files
Changelog:
- Fixes patch CVE-2015-0557-security-traversal-dir (ALT #44143).
Oct 18, 2022, 12:14 AM
adcli
Version: 0.9.2-alt1
Summary: Active Directory enrollment
Changelog:
- Add support LDAP add/mod operation to set/change password: + fix unable to join to active directory after KB5008380/CVE-2021-42287 with option '--ldap-passwd'; + https://gitlab.freedesktop.org/realmd/adcli/-/issues/27 - Add support fall back to LDAPS if CLDAP ping was not successful + If the --use-ldaps option is used and there is no reply on the CLDAP 389/udp port adcli will try to send the request to the LDAPS port 636/tcp. - Fix write SID before secret to Samba's db looks like 'net changesecretpw' - Add passwd-user sub-command for (re)set a user password. - Add dont-expire-password option for computer.
Oct 14, 2022, 03:47 PM
aspell
Version: 0.60.8-alt2
Summary: An Open Source interactive spelling checker program
Changelog:
- fixes CVE-2019-25051
Oct 12, 2022, 02:52 PM
lrzsz
Version: 0.12.20-alt2
Summary: Programs for communicating over Z-, Y- & X-modem protocols.
Changelog:
- fixes CVE-2018-10195.
Oct 12, 2022, 07:45 AM
unzip
Version: 6.0-alt5
Summary: An utility for unpacking zip archives
Changelog:
- fixes CVE-2021-4217
Oct 7, 2022, 08:03 PM
dhcp
Version: 4.4.3.P1-alt1
Summary: Dynamic Host Configuration Protocol (DHCP) distribution
Changelog:
- Updated to 4.4.3-P1 (fixes: CVE-2022-2928,CVE-2022-2929).
Aug 31, 2022, 02:17 AM
cifs-utils
Version: 6.15-alt1
Summary: Utilities for doing and managing mounts of the Linux CIFS filesystem
Changelog:
- Update to stable release 6.15 (Samba#15025, Samba#15026) - mount.cifs: fix length check for ip option parsing (fixes: CVE-2022-27239) - mount.cifs: fix verbose messages on option parsing (fixes: CVE-2022-29869)
Jun 17, 2022, 03:42 PM
python
Version: 2.7.18-alt10
Summary: An interpreted, interactive object-oriented programming language
Changelog:
- Secutiry update (fixed: CVE-2015-20107). - Fixed Url field.
May 15, 2022, 08:57 PM
xpdf
Version: 4.04-alt1
Summary: The PDF viewer and tools
Changelog:
- Version bump - Many bugfixes, including security, including: Fixes: CVE-2022-24106, CVE-2022-27135
May 15, 2022, 08:53 AM
unrar
Version: 6.1.7-alt1
Summary: RAR unarchiver
Changelog:
- Autobuild version bump to 6.1.7 - Fixes: CVE-2022-30333
May 14, 2022, 12:52 AM
libopenjpeg2.0
Version: 2.5.0-alt1
Summary: JPEG 2000 codec library (API version 2.0)
Changelog:
- 2.5.0 (fixed CVE-2013-4289, CVE-2013-4290, CVE-2019-6988, CVE-2018-20846, CVE-2018-16376, CVE-2021-29338)
Apr 15, 2022, 02:16 PM
subversion
Version: 1.14.2-alt1
Summary: A version control system
Changelog:
- New version. - Security fixes: + CVE-2021-28544 Subversion servers reveal copyfrom paths that should be hidden according to configured path-based authorization (authz) rules. + CVE-2022-24070 mod_dav_svn is prone to a use-after-free vulnerability when looking up path-based authorization rules, which can result in denial of service (crash of HTTPD worker handling the request).
Apr 8, 2022, 04:54 AM
gzip
Version: 1.12-alt1
Summary: The GNU data compression program
Changelog:
- gzip: v1.10-31-g34db0a2 -> v1.12-3-g83c65d1 (fixes: CVE-2022-1271).
Feb 28, 2022, 04:00 PM
polkit
Version: 0.120-alt1.qa2
Summary: PolicyKit Authorization Framework
Changelog:
- upplied upstream fix for CVE-2021-4115 (GHSL-2021-077)
Jan 18, 2022, 02:22 AM
cryptsetup
Version: 2.4.3-alt1
Summary: Utility to setup a encrypted disks with LUKS support
Changelog:
- 2.4.3 (Fixes: CVE-2021-4122).
Nov 11, 2021, 03:28 PM
screen
Version: 4.8.0-alt2
Summary: A screen manager that supports multiple sessions on one terminal
Changelog:
- Applied SUSE combchar.diff to prevent DoS via crafted UTF-8 character sequence (fixes CVE-2021-26937).
Oct 30, 2021, 09:02 AM
libgfbgraph
Version: 0.2.5-alt1
Summary: A GObject library for Facebook Graph API
Changelog:
- 0.2.5 (fixed CVE-2021-39358)
Sep 23, 2021, 02:36 PM
libiec61850
Version: 1.5.0-alt1
Summary: Open source libraries for IEC 61850 and IEC 60870-5-104
Changelog:
- New version (Fixes: CVE-2020-15158).
Sep 4, 2021, 11:19 PM
cyrus-imapd
Version: 3.2.8-alt1
Summary: A high-performance email, contacts and calendar server
Changelog:
- 3.2.8 (fixes: CVE-2021-33582)
Sep 2, 2021, 11:56 AM
libssh
Version: 0.9.6-alt1
Summary: C library to authenticate in a simple manner to one or more SSH servers
Changelog:
- new version - security (fixes: CVE-2021-3634)
Jun 15, 2021, 07:09 PM
gem-rubygems-update
Version: 3.2.19-alt1
Summary: Library packaging and distribution for Ruby
Changelog:
- ^ 3.0.4 -> 3.2.19 - ! CVE-2020-36327, CVE-2021-24105
Apr 28, 2021, 02:38 PM
avahi
Version: 0.8-alt2
Summary: Local network service discovery
Changelog:
- avoid infinite-loop in avahi-daemon (closes: #39357) (fixes: CVE-2021-3468)
Jan 21, 2021, 02:37 PM
fleet
Version: 3.6.0-alt1
Summary: The premier osquery fleet manager.
Changelog:
- Updated to upstream version 3.6.0 (Fixes: CVE-2020-26276).
Dec 18, 2020, 10:46 AM
icoutils
Version: 0.32.3-alt1
Summary: Utility for extracting and converting Microsoft icon and cursor files
Changelog:
- Updated to upstream version 0.32.3 (Fixes: CVE-2017-5208, CVE-2017-5331, CVE-2017-5332, CVE-2017-5333).
Dec 17, 2020, 04:07 PM
dnstracer
Version: 1.9-alt2
Summary: A tool to trace DNS queries
Changelog:
- Applied security patch from Gentoo (Fixes: CVE-2017-9430).
Dec 9, 2020, 02:46 PM
3proxy
Version: 0.6.1-alt2
Summary: Proxy server
Changelog:
- Applied security fix from upstream (Fixes: CVE-2019-14495).
Dec 8, 2020, 05:39 PM
irssi
Version: 1.2.2-alt1
Summary: Modular text mode IRC client with Perl scripting
Changelog:
- Updated to upstream version 1.2.2 (Fixes: CVE-2019-13045, CVE-2019-15717).
Dec 8, 2020, 11:09 AM
lout
Version: 3.40-alt4
Summary: The Lout document formatting language
Changelog:
- Applied security patch from Fedora (Fixes: CVE-2019-19917, CVE-2019-19918)
Nov 20, 2020, 12:52 PM
jbig2dec
Version: 0.19-alt1
Summary: A decoder implementation of the JBIG2 image compression format
Changelog:
- Updated to upstream version 0.19 (Fixes: CVE-2016-9601, CVE-2020-12268).
Nov 5, 2020, 12:41 PM
aview
Version: 1.3.0-alt3.rc1
Summary: High quality ascii-art image (pnm) browser and animation (fli/flc) player
Changelog:
- Switched to CVE-2008-4935 fix from Debian. - Added -Werror=implicit-function-declaration compiler flag.
Nov 5, 2020, 11:33 AM
mimetex
Version: 1.76-alt1
Summary: Mimetex ets you easily embed LaTeX math in your html pages
Changelog:
- Updated to version 1.76 from Debian (Fixes: CVE-2009-1382, CVE-2009-2459).
Nov 2, 2020, 05:47 PM
unace
Version: 1.2b-alt5
Summary: ACE unarchiver
Changelog:
- Cleaned up sources by importing sources from Debian. - Forced using system build flags. - Updated fix for CVE-2015-2063.
Oct 30, 2020, 01:04 PM
libtar
Version: 1.2.20-alt2.git.6d0ab4c
Summary: C library for manipulating POSIX tar files
Changelog:
- Applied patches from Debian (Fixes: CVE-2013-4420).
Oct 29, 2020, 06:33 PM
antiword
Version: 0.37-alt4
Summary: Antiword an application to display Microsoft(R) Word files
Changelog:
- Applied patches from Debian (Fixes: CVE-2014-8123).
Oct 29, 2020, 12:47 PM
fuseiso
Version: 20070708-alt3
Summary: Mount ISO filesystem images as a non-root user
Changelog:
- Applied patches from Gentoo (Fixes: CVE-2015-8836, CVE-2015-8837).
Oct 28, 2020, 05:23 PM
bchunk
Version: 1.2.2-alt1
Summary: A CD image format converter from .bin/.cue to .iso/.cdr/.wav
Changelog:
- Updated to upstream version 1.2.2 (Fixes: CVE-2017-15953, CVE-2017-15954, CVE-2017-15955).
Oct 26, 2020, 05:14 PM
inspircd
Version: 2.0.29-alt1
Summary: InspIRCd is a modular Internet Relay Chat (IRC) server
Changelog:
- Updated to upstream version 2.0.29 (Fixes: CVE-2019-20917, CVE-2020-25269).
Oct 22, 2020, 03:07 PM
xli
Version: 1.17.0-alt9
Summary: X11 Image Loading Utility
Changelog:
- Applied patches from Debian (Fixes: CVE-2005-3178).
Aug 22, 2019, 02:30 PM
rzip
Version: 2.1-alt3
Summary: A large-file compression program
Changelog:
- Applied security fix from Gentoo (Fixes: CVE-2017-8364)
Sep 27, 2017, 04:16 PM
libwmf
Version: 0.2.8.4-alt13
Summary: A library to convert wmf files
Changelog:
- Secutity (Fixes: CVE-2015-0848, CVE-2015-4588, CVE-2015-4695, CVE-2015-4696, CVE-2016-9011)
Jan 27, 2015, 03:50 AM
pxz
Version: 4.999.9beta-alt3
Summary: Parallel LZMA compressor using liblzma
Changelog:
- CVE-2015-1200 fix (patch from debian bug #775306)