As correcções de segurança
firmware-intel-ucode-18-alt1.20220510
build L.A. Kostis,
2022-05-16
- Sync with Debian 3.20220510.1:
+ New upstream microcode datafile 20220510
+ Fixes INTEL-SA-000617, CVE-2022-21151:
Processor optimization removal or modification of security-critical
code may allow an authenticated user to potentially enable information
disclosure via local access (closes: #1010947)
+ Fixes several errata (functional issues) on Xeon Scalable, Atom C3000,
Atom E3900
+ New Microcodes:
sig 0x00090672, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
sig 0x00090675, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
sig 0x000906a3, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
sig 0x000906a4, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
sig 0x000b06f2, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
sig 0x000b06f5, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
+ Updated Microcodes:
sig 0x00030679, pf_mask 0x0f, 2019-07-10, rev 0x090d, size 52224
sig 0x000406e3, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 106496
sig 0x00050653, pf_mask 0x97, 2021-11-13, rev 0x100015d, size 34816
sig 0x00050654, pf_mask 0xb7, 2021-11-13, rev 0x2006d05, size 43008
sig 0x00050656, pf_mask 0xbf, 2021-12-10, rev 0x4003302, size 37888
sig 0x00050657, pf_mask 0xbf, 2021-12-10, rev 0x5003302, size 37888
sig 0x0005065b, pf_mask 0xbf, 2021-11-19, rev 0x7002501, size 29696
sig 0x000506c9, pf_mask 0x03, 2021-11-16, rev 0x0048, size 17408
sig 0x000506e3, pf_mask 0x36, 2021-11-12, rev 0x00f0, size 109568
sig 0x000506f1, pf_mask 0x01, 2021-12-02, rev 0x0038, size 11264
sig 0x000606a6, pf_mask 0x87, 2022-03-30, rev 0xd000363, size 294912
sig 0x000706a1, pf_mask 0x01, 2021-11-22, rev 0x003a, size 75776
sig 0x000706a8, pf_mask 0x01, 2021-11-22, rev 0x001e, size 75776
sig 0x000706e5, pf_mask 0x80, 2022-03-09, rev 0x00b0, size 112640
sig 0x000806a1, pf_mask 0x10, 2022-03-26, rev 0x0031, size 34816
sig 0x000806c1, pf_mask 0x80, 2022-02-01, rev 0x00a4, size 109568
sig 0x000806c2, pf_mask 0xc2, 2021-12-07, rev 0x0026, size 97280
sig 0x000806d1, pf_mask 0xc2, 2021-12-07, rev 0x003e, size 102400
sig 0x000806e9, pf_mask 0x10, 2021-11-12, rev 0x00f0, size 105472
sig 0x000806e9, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
sig 0x000806ea, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
sig 0x000806eb, pf_mask 0xd0, 2021-11-15, rev 0x00f0, size 105472
sig 0x000806ec, pf_mask 0x94, 2021-11-17, rev 0x00f0, size 105472
sig 0x00090661, pf_mask 0x01, 2022-02-03, rev 0x0016, size 20480
sig 0x000906c0, pf_mask 0x01, 2022-02-19, rev 0x24000023, size 20480
sig 0x000906e9, pf_mask 0x2a, 2021-11-12, rev 0x00f0, size 108544
sig 0x000906ea, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
sig 0x000906eb, pf_mask 0x02, 2021-11-12, rev 0x00f0, size 105472
sig 0x000906ec, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
sig 0x000906ed, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 104448
sig 0x000a0652, pf_mask 0x20, 2021-11-16, rev 0x00f0, size 96256
sig 0x000a0653, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 97280
sig 0x000a0655, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 96256
sig 0x000a0660, pf_mask 0x80, 2021-11-15, rev 0x00f0, size 96256
sig 0x000a0661, pf_mask 0x80, 2021-11-16, rev 0x00f0, size 96256
sig 0x000a0671, pf_mask 0x02, 2022-03-09, rev 0x0053, size 103424
xpdf-4.04-alt1 build Andrew Savchenko, 2022-05-15
- Version bump
- Many bugfixes, including security, including:
Fixes: CVE-2022-24106, CVE-2022-27135
unrar-6.1.7-alt1 build Fr. Br. George, 2022-05-15
- Autobuild version bump to 6.1.7
- Fixes: CVE-2022-30333
libopenjpeg2.0-2.5.0-alt1 build Yuri N. Sedunov, 2022-05-13
- 2.5.0 (fixed CVE-2013-4289, CVE-2013-4290, CVE-2019-6988,
CVE-2018-20846, CVE-2018-16376, CVE-2021-29338)
runc-1.1.2-alt1 build Vladimir Didenko, 2022-05-12
- New version (Fixes: CVE-2022-29162)
postgresql12-12.11-alt1 build Alexei Takaseev, 2022-05-11
- 12.11 (Fixes CVE-2022-1552)
postgresql13-13.7-alt1 build Alexei Takaseev, 2022-05-11
- 13.7 (Fixes CVE-2022-1552)
postgresql10-10.21-alt1 build Alexei Takaseev, 2022-05-11
- 10.21 (Fixes CVE-2022-1552)
postgresql11-11.16-alt1 build Alexei Takaseev, 2022-05-11
- 11.16 (Fixes CVE-2022-1552)
postgresql14-14.3-alt1 build Alexei Takaseev, 2022-05-11
- 14.3 (Fixes CVE-2022-1552)
postgresql14-1C-14.3-alt1 build Alexei Takaseev, 2022-05-11
- 14.3 (Fixes CVE-2022-1552)
curl-7.83.1-alt1 build Anton Farygin, 2022-05-11
- 7.83.1
- Fixes:
* CVE-2022-30115: HSTS bypass via trailing dot
* CVE-2022-27782: TLS and SSH connection too eager reuse
* CVE-2022-27781: CERTINFO never-ending busy-loop
* CVE-2022-27780: percent-encoded path separator in URL host
* CVE-2022-27779: cookie for trailing dot TLD
* CVE-2022-27778: curl removes wrong file on error
kernel-image-centos-5.14.0.87-alt1.el9 build Alexey Gladkov, 2022-05-09
- Updated to kernel-5.14.0-87.el9 (fixes: CVE-2022-0617, CVE-2022-1353):
+ af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
+ Bring cifs.ko up to 5.16 plus some additional patches
+ cifs: destage any unwritten data to the server before calling copychunk_write
+ CNB: net: make use of helper netif_is_bridge_master()
+ CNB: xsk: Move tmp desc array from driver to pool
+ cpufreq: intel_pstate: updates
+ DAMON support
+ drivers/base/memory: determine and store zone for single-zone memory blocks
+ Fix CVE-2022-0617
+ General updates for kernel-rt
+ Information about perf-iostat is missing
+ macsec: backport fixes from upstream
+ mm: Optimize list lru memory consumption
+ proc/vmcore: pull back upstream commits to RHEL9
+ Redhat: enable Kfence on production servers
+ sctp: check asoc strreset_chunk in sctp_generate_reconf_event
+ tls: backport fixes from upstream
+ xfrm: backport fixes from upstream
kernel-image-std-def-5.15.37-alt1 build Vitaly Chikunov, 2022-05-04
- Update to v5.15.37 (2022-05-01). (Fixes: CVE-2022-1204, CVE-2022-1205,
CVE-2022-0500, CVE-2022-23222).
cve-manager-0.67.0-alt1 build Alexey Appolonov, 2022-05-04
- New ability to analyze the system on which the cve-manager is running;
- New cve-manager mode "offline", that skips the "download" step;
- Bin package names that have the "-common" suffix are excluded from the
analysis;
- New ability to specify multiple product names of an excluded CPE in a single
row.
kernel-image-centos-5.14.0.85-alt1.el9 build Alexey Gladkov, 2022-05-04
- Updated to kernel-5.14.0-85.el9 (fixes: CVE-2022-1015, CVE-2022-1016):
+ bnx2x: driver updates
+ CNB: net: annotate accesses to dev->gso_max_* fields
+ CNB: net_tstamp: add new flag HWTSTAMP_FLAG_BONDED_PHC_INDEX
+ CNB: string.h: Introduce memset_after and memset_startat helpers
+ DRM 5.18 backport dependencies
+ Fix for two recent CVEs
+ Fix SCTP client-side peeloff issues with SELinux
+ ipv6: 9.1 P1 stable backports from upstream
+ mm: backport folio support
+ netfilter: conntrack: Add and use nf_ct_set_auto_assign_helper_warned()
+ net: mana: Add handling of CQE_RX_TRUNCATED
+ redhat/configs: Enable CONFIG_NFT_SYNPROXY
+ redhat/configs: enable CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT
+ [RHEL-9.1.0] IPMI update to kernel v5.17
+ Update kernel's PCI subsystem to v5.17
firefox-esr-91.9.0-alt1 build Pavel Vasenkov, 2022-05-04
- New ESR version.
- Security fixes:
+ CVE-2022-29914 Fullscreen notification bypass using popups
+ CVE-2022-29909 Bypassing permission prompt in nested browsing contexts
+ CVE-2022-29916 Leaking browser history with CSS variables
+ CVE-2022-29911 iframe Sandbox bypass
+ CVE-2022-29912 Reader mode bypassed SameSite cookies
+ CVE-2022-29917 Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
firefox-100.0-alt1 build Alexey Gladkov, 2022-05-03
- New release (100.0).
- Security fixes:
+ CVE-2022-29914: Fullscreen notification bypass using popups
+ CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
+ CVE-2022-29916: Leaking browser history with CSS variables
+ CVE-2022-29911: iframe Sandbox bypass
+ CVE-2022-29912: Reader mode bypassed SameSite cookies
+ CVE-2022-29910: Firefox for Android forgot HTTP Strict Transport Security settings
+ CVE-2022-29915: Leaking cross-origin redirect through the Performance API
+ CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
+ CVE-2022-29918: Memory safety bugs fixed in Firefox 100
libxml2-2.9.14-alt1 build Alexey Shabalin, 2022-05-02
- 2.9.14 (Fixes: CVE-2022-29824, CVE-2022-23308)
curl-7.83.0-alt1 build Anton Farygin, 2022-04-28
- 7.83.0 (Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)
chromium-gost-101.0.4951.41-alt1 build Alexey Gladkov, 2022-04-27
- New version (101.0.4951.41).
- Security fixes:
- CVE-2022-1477: Use after free in Vulkan.
- CVE-2022-1478: Use after free in SwiftShader.
- CVE-2022-1479: Use after free in ANGLE.
- CVE-2022-1480: Use after free in Device API.
- CVE-2022-1481: Use after free in Sharing.
- CVE-2022-1482: Inappropriate implementation in WebGL.
- CVE-2022-1483: Heap buffer overflow in WebGPU.
- CVE-2022-1484: Heap buffer overflow in Web UI Settings.
- CVE-2022-1485: Use after free in File System API.
- CVE-2022-1486: Type Confusion in V8.
- CVE-2022-1487: Use after free in Ozone.
- CVE-2022-1488: Inappropriate implementation in Extensions API.
- CVE-2022-1489: Out of bounds memory access in UI Shelf.
- CVE-2022-1490: Use after free in Browser Switcher.
- CVE-2022-1491: Use after free in Bookmarks.
- CVE-2022-1492: Insufficient data validation in Blink Editing.
- CVE-2022-1493: Use after free in Dev Tools.
- CVE-2022-1494: Insufficient data validation in Trusted Types.
- CVE-2022-1495: Incorrect security UI in Downloads.
- CVE-2022-1496: Use after free in File Manager.
- CVE-2022-1497: Inappropriate implementation in Input.
- CVE-2022-1498: Inappropriate implementation in HTML Parser.
- CVE-2022-1499: Inappropriate implementation in WebAuthentication.
- CVE-2022-1500: Insufficient data validation in Dev Tools.
- CVE-2022-1501: Inappropriate implementation in iframe.
chromium-101.0.4951.41-alt1 build Alexey Gladkov, 2022-04-27
- New version (101.0.4951.41).
- Security fixes:
- CVE-2022-1477: Use after free in Vulkan.
- CVE-2022-1478: Use after free in SwiftShader.
- CVE-2022-1479: Use after free in ANGLE.
- CVE-2022-1480: Use after free in Device API.
- CVE-2022-1481: Use after free in Sharing.
- CVE-2022-1482: Inappropriate implementation in WebGL.
- CVE-2022-1483: Heap buffer overflow in WebGPU.
- CVE-2022-1484: Heap buffer overflow in Web UI Settings.
- CVE-2022-1485: Use after free in File System API.
- CVE-2022-1486: Type Confusion in V8.
- CVE-2022-1487: Use after free in Ozone.
- CVE-2022-1488: Inappropriate implementation in Extensions API.
- CVE-2022-1489: Out of bounds memory access in UI Shelf.
- CVE-2022-1490: Use after free in Browser Switcher.
- CVE-2022-1491: Use after free in Bookmarks.
- CVE-2022-1492: Insufficient data validation in Blink Editing.
- CVE-2022-1493: Use after free in Dev Tools.
- CVE-2022-1494: Insufficient data validation in Trusted Types.
- CVE-2022-1495: Incorrect security UI in Downloads.
- CVE-2022-1496: Use after free in File Manager.
- CVE-2022-1497: Inappropriate implementation in Input.
- CVE-2022-1498: Inappropriate implementation in HTML Parser.
- CVE-2022-1499: Inappropriate implementation in WebAuthentication.
- CVE-2022-1500: Insufficient data validation in Dev Tools.
- CVE-2022-1501: Inappropriate implementation in iframe.
composer-2.2.12-alt1 build Vitaly Lipatov, 2022-04-26
- new version 2.2.12 (with rpmrb script)
- switch to php8.1 by default
- drop selfupdate command
- CVE-2022-24828
grafana-8.5.0-alt1 build Alexey Shabalin, 2022-04-26
- 8.5.0
- Use pre-builded frontend
- Fixes:
+ CVE-2022-24812
+ CVE-2022-21702
+ CVE-2022-21703
+ CVE-2022-21713
+ CVE-2021-43813
+ CVE-2021-43815
+ CVE-2021-41244
+ CVE-2021-41174
java-1.8.0-openjdk-1.8.0.332.b09-alt0_0.1.eajpp8 build Andrey Cherepanov, 2022-04-25
- New version.
- Seciruty fixes:
+ JDK-8270504, CVE-2022-21426: Better XPath expression handling
+ JDK-8275151, CVE-2022-21443: Improved Object Identification
+ JDK-8277672, CVE-2022-21434: Better invocation handler handling
+ JDK-8278008, CVE-2022-21476: Improve Santuario processing
+ JDK-8278972, CVE-2022-21496: Improve URL supports
projeto & código: Vladimir Lettiev aka crux © 2004-2005,
Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009