As correcções de segurança
thunderbird-102.7.1-alt1
build Pavel Vasenkov,
2023-02-03
- New version.
- Security fixes:
+ CVE-2023-0430 Revocation status of S/Mime signature certificates was not checked
apache2-2.4.55-alt1 build Anton Farygin, 2023-02-01
- 2.4.55 (Fixes: CVE-2022-37436, CVE-2006-20001, CVE-2022-36760)
bind-9.16.37-alt1 build Stanislav Levin, 2023-01-25
- 9.16.36 -> 9.16.37 (fixes: CVE-2022-3094, CVE-2022-3736, CVE-2022-3924).
vim-9.0.1238-alt1 build Alexander Danilov, 2023-01-24
- Updated to v9.0.1238 (fixes CVE-2023-0288).
thunderbird-102.7.0-alt1 build Pavel Vasenkov, 2023-01-24
- New version.
- Security fixes:
+ CVE-2022-46871 libusrsctp library out of date
+ CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux
+ CVE-2023-23599 Malicious command could be hidden in devtools output on Windows
+ CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation
+ CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
+ CVE-2022-46877 Fullscreen notification bypass
+ CVE-2023-23603 Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
+ CVE-2023-23605 Memory safety bugs fixed in Thunderbird 102.7
sudo-1.9.12p2-alt1 build Evgeny Sinelnikov, 2023-01-22
- Update to latest stable bugfix and security release (closes: 44965).
- Fixed a compilation error on Linux/aarch64 (GitHub#197).
- Fixed a potential crash introduced in the fix for (GitHub#134):
+ If a user's sudoers entry did not have any RunAs user's set, running
"sudo -U otheruser -l" would dereference a NULL pointer.
- Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating
a I/O files when the "iolog_file" sudoers setting contains six or more Xs.
- Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka
sudoedit) that could allow a malicious user with sudoedit privileges to edit
arbitrary files.
cve-manager-0.71.5-alt1 build Alexey Appolonov, 2023-01-22
- Backslashes, which may be part of the names of vendors and products imported
from NVD lists, are ignored (they are used to escape special symbols in the
names and at the same time they complicate the processing or require the use
of escape symbols in the "cve-manager-inner-knowledge" lists).
libXpm-3.5.15-alt1 build Valery Inozemtsev, 2023-01-18
- 3.5.15 (fixes: CVE-2022-46285, CVE-2022-44617, CVE-2022-4883)
rust-1.66.1-alt1 build Alexey Gladkov, 2023-01-18
- New version (1.66.1).
- Security fixes:
+ CVE-2022-46176: Cargo did not verify SSH host keys.
firefox-109.0-alt1 build Alexey Gladkov, 2023-01-18
- New release (109.0).
- Security fixes:
+ CVE-2023-23597: Logic bug in process allocation allowed to read arbitrary files
+ CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
+ CVE-2023-23599: Malicious command could be hidden in devtools output on Windows
+ CVE-2023-23600: Notification permissions persisted between Normal and Private Browsing on Android
+ CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation
+ CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
+ CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
+ CVE-2023-23604: Creation of duplicate <code>SystemPrincipal</code> from less secure contexts
+ CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
+ CVE-2023-23606: Memory safety bugs fixed in Firefox 109
kernel-image-centos-5.14.0.236-alt1.el9 build Alexey Gladkov, 2023-01-17
- Updated to kernel-5.14.0-236.el9 (fixes: CVE-2022-2964, CVE-2022-4139):
+ [9.2] MEI Backport for Intel DG2 support
+ Add support for second RPL-S CPUID
+ ADL-N: Fix multiple packages shown on a single-package system
+ bpf, xdp: update to 6.0
+ cpu/hotplug: Fix some cpuhp->target issues
+ crypto: xts - drop xts_check_key()
+ drm/i915: fix TLB invalidation for Gen12 video and compute engines
+ During DLPAR operations in shared mode and dedicated mode with smt loop, device tree entries are not getting populated
+ fs: add mode_strip_sgid() helper
+ KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails
+ mmc: bcm2835: stop setting chan_config->slave_id
+ net: skb free reason sync part 2
+ net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
+ net: vrf: determine the dst using the original ifindex for multicast
+ pNFS/filelayout: Fix coalescing test for single DS
+ Revert "nvme: warn about shared namespaces without CONFIG_NVME_MULTIPATH"
+ sched/core: Fix bugs in user_cpus_ptr handling
+ scsi: target: core: Fix hard lockup when executing a compare-and-write command
+ [SPR] CPU: AMX: Improve the init_fpstate setup code
+ tracing: Add linear buckets to histogram logic
+ vmxnet3: correctly report csum_level for encapsulated packet
+ vxlan: Backport vxlan file split
+ x86: remove vendor checks from prefer_mwait_c1_over_halt
cve-manager-inner-knowledge-2023.01.16-alt2 build Alexey Appolonov, 2023-01-16
- Updated lists (for the release of cve-manager version 0.71.4).
redis-6.2.8-alt1 build Nikolay A. Fetisov, 2023-01-14
- New version
- Security fixes:
+ CVE-2022-24736: server crash by a specially crafted Lua script
+ CVE-2022-24735: overcome ACL rules via Lua scripts manipulation
vim-9.0.1174-alt1 build Alexander Danilov, 2023-01-11
- Updated to v9.0.1174 (fixes CVE-2023-0054, CVE-2023-0051, CVE-2023-0049).
php8.0-8.0.27-alt1 build Anton Farygin, 2023-01-09
- 8.0.26 -> 8.0.27 (Fixes: CVE-2022-31631)
php8.1-8.1.14-alt1 build Anton Farygin, 2023-01-09
- 8.1.13 -> 8.1.14 (Fixes: CVE-2022-31631)
php8.2-8.1.14-alt1 build Anton Farygin, 2023-01-09
- 8.1.13 -> 8.1.14 (Fixes: CVE-2022-31631)
kernel-image-centos-5.14.0.229-alt1.el9 build Alexey Gladkov, 2023-01-06
- Updated to kernel-5.14.0-229.el9 (fixes: CVE-2022-4129):
+ eBPF enhancements in kernel for Power
+ hwmon: (coretemp) Check for null before removing sysfs attrs
+ l2tp: Serialize access to sk_user_data with sk_callback_lock
+ RHEL: ALSA: add kunit module soc-utils-test to mod-internal.list
+ [s390]: RHEL9 - zfcp: fix double free of FSF request when qdio send fails
+ scsi: target: iscsi: Fix a race condition between login_work and the login thread
dotnet-bootstrap-6.0-6.0.12-alt1 build Vitaly Lipatov, 2022-12-27
- The .NET 6.0.12 and .NET SDK 6.0.112 releases
- CVE-2022-41032: .NET Elevation of Privilege Vulnerability
- CVE-2022-38013: .NET Denial of Service Vulnerability
- CVE-2022-34716: .NET Information Disclosure Vulnerability
dotnet-runtime-6.0-6.0.12-alt1 build Vitaly Lipatov, 2022-12-27
- new version 6.0.12 (with rpmrb script)
- CVE-2022-41032: .NET Elevation of Privilege Vulnerability
- CVE-2022-38013: .NET Denial of Service Vulnerability
- CVE-2022-34716: .NET Information Disclosure Vulnerability
dotnet-runtime-7.0-6.0.12-alt1 build Vitaly Lipatov, 2022-12-27
- new version 6.0.12 (with rpmrb script)
- CVE-2022-41032: .NET Elevation of Privilege Vulnerability
- CVE-2022-38013: .NET Denial of Service Vulnerability
- CVE-2022-34716: .NET Information Disclosure Vulnerability
thunderbird-102.6.1-alt1 build Pavel Vasenkov, 2022-12-23
- New version.
- Security fixes:
+ CVE-2022-46874 Drag and Dropped Filenames could have been truncated to malicious extensions
kernel-image-centos-5.14.0.226-alt1.el9 build Alexey Gladkov, 2022-12-23
- Updated to kernel-5.14.0-226.el9 (fixes: CVE-2022-21505, CVE-2022-3628, CVE-2022-42896):
+ Backport Aspeed conversion to shmem
+ block: Do not reread partition table on exclusively open device
+ Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
+ bonding: driver update to v6.1
+ CNB: ipsec: be explicit with XFRM offload direction
+ hwmon: (pwm-fan) Refactor fan power on/off
+ iavf driver update
+ igbvf: Driver Update
+ lib/irq_poll: Prevent softirq pending leak in irq_poll_cpu_dead()
+ lockdown: Fix kexec lockdown bypass with ima policy
+ macsec: backports from upstream
+ net: tls: rebase to 6.0+
+ net/tunnel: wait until all sk_user_data reader finish before releasing the sock
+ [s390]: RHEL9 - KVM: s390: pv: don't allow userspace to set the clock under PV
+ tipc: re-fetch skb cb after tipc_msg_validate
+ v5.18 backports for s390 expolines
+ wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
+ wireless: update to v6.0
+ wireless update to v6.0: base with all dependencies
+ x86/bugs: Add late bug fixes to x86 speculation bugs
libcairo-1.16.0-alt2 build Valery Inozemtsev, 2022-12-22
- cherry pick upstream fixes for CVE-2018-19876, CVE-2020-35492
systemd-251.10-alt1 build Alexey Shabalin, 2022-12-22
projeto & código: Vladimir Lettiev aka crux © 2004-2005,
Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009