As correcções de segurança
java-1.8.0-openjdk-1.8.0.312.b07-alt1_1jpp8
build Andrey Cherepanov,
2021-10-23
- New version.
- Security fixes:
+ CVE-2021-35588 InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0
+ CVE-2021-35550 Update the default enabled cipher suites preference
+ CVE-2021-35565 com.sun.net.HttpsServer spins on TLS session close
+ CVE-2021-35556 Richer Text Editors
+ CVE-2021-35559 Enhanced style for RTF kit
+ CVE-2021-35561 Better hashing support
+ CVE-2021-35564 Improve Keystore integrity
+ CVE-2021-35567 More Constrained Delegation
+ CVE-2021-35578 Improve TLS client handshaking
+ CVE-2021-35586 Better BMP support
+ CVE-2021-35603 Better session identification
java-11-openjdk-11.0.13.8-alt1_1jpp11 build Andrey Cherepanov, 2021-10-23
- New version.
- Security fixes:
+ CVE-2021-35550 Update the default enabled cipher suites preference
+ CVE-2021-35565 com.sun.net.HttpsServer spins on TLS session close
+ CVE-2021-35556 Richer Text Editors
+ CVE-2021-35559 Enhanced style for RTF kit
+ CVE-2021-35561 Better hashing support
+ CVE-2021-35564 Improve Keystore integrity
+ CVE-2021-35567 More Constrained Delegation
+ CVE-2021-35578 Improve TLS client handshaking
+ CVE-2021-35586 Better BMP support
+ CVE-2021-35603 Better session identification
qutebrowser-2.4.0-alt1 build Ilya Mashkin, 2021-10-22
- 2.4.0 (Fixes: CVE-2021-41146)
thunderbird-91.2.1-alt1 build Andrey Cherepanov, 2021-10-22
- New version.
- Security fixes:
+ CVE-2021-38502 Downgrade attack on SMTP STARTTLS connections
+ CVE-2021-38496 Use-after-free in MessageTask
+ CVE-2021-38497 Validation message could have been overlaid on another origin
+ CVE-2021-38498 Use-after-free of nsLanguageAtomService object
+ CVE-2021-32810 Data race in crossbeam-deque
+ CVE-2021-38500 Memory safety bugs fixed in Thunderbird 91.2
+ CVE-2021-38501 Memory safety bugs fixed in Thunderbird 91.2
freerdp-2.4.1-alt1 build Andrey Cherepanov, 2021-10-21
- New version.
- Security fixes:
+ CVE-2021-41159 Improper client input validation for gateway connections allows to overwrite memory
+ CVE-2021-41160 Improper region checks in all clients allow out of bound write to memory
chromium-95.0.4638.54-alt1 build Alexey Gladkov, 2021-10-21
- New version (95.0.4638.54<F2>).
- Security fixes:
- CVE-2021-37981: Heap buffer overflow in Skia.
- CVE-2021-37982: Use after free in Incognito.
- CVE-2021-37983: Use after free in Dev Tools.
- CVE-2021-37984: Heap buffer overflow in PDFium.
- CVE-2021-37985: Use after free in V8.
- CVE-2021-37986: Heap buffer overflow in Settings.
- CVE-2021-37987: Use after free in Network APIs.
- CVE-2021-37988: Use after free in Profiles.
- CVE-2021-37989: Inappropriate implementation in Blink.
- CVE-2021-37990: Inappropriate implementation in WebView.
- CVE-2021-37991: Race in V8.
- CVE-2021-37992: Out of bounds read in WebAudio.
- CVE-2021-37993: Use after free in PDF Accessibility.
- CVE-2021-37994: Inappropriate implementation in iFrame Sandbox.
- CVE-2021-37995: Inappropriate implementation in WebApp Installer.
- CVE-2021-37996: Insufficient validation of untrusted input in Downloads.
glpi-9.5.6-alt1 build Pavel Zilke, 2021-10-12
- New version 9.5.6
- This is a security release, upgrading is recommended
- Security fixes:
+ CVE-2021-39211 : Disclosure of GLPI and server informations in telemetry endpoint
+ CVE-2021-39210 : Autologin cookie accessible by scripts
+ CVE-2021-39209 : Bypassable CSRF protection on ajax endpoints
+ CVE-2021-39213 : Bypassable IP restriction on GLPI API using custom header injection
cve-manager-inner-knowledge-2021.10.04-alt2 build Alexey Appolonov, 2021-10-11
- Enhanced cve-manager-knowledge-miner utility.
golang-1.17.2-alt1 build Alexey Shabalin, 2021-10-11
- New version (1.17.2).
- Fixes:
+ CVE-2021-38297
apache2-2.4.51-alt1 build Anton Farygin, 2021-10-10
- 2.4.51 (Fixes: CVE-2021-42013)
python-2.7.18-alt8 build Vladimir D. Seleznev, 2021-10-08
- Fixed CVE-2021-3733 and CVE-2021-3737.
chromium-94.0.4606.81-alt1 build Alexey Gladkov, 2021-10-08
- New version (94.0.4606.81).
- Security fixes:
- CVE-2021-37977: Use after free in Garbage Collection.
- CVE-2021-37978: Heap buffer overflow in Blink.
- CVE-2021-37979: Heap buffer overflow in WebRTC.
- CVE-2021-37980: Inappropriate implementation in Sandbox.
apache2-2.4.50-alt1 build Anton Farygin, 2021-10-07
- 2.4.50 (Fixes: CVE-2021-41773, CVE-2021-41524)
kernel-image-un-def-5.14.10-alt1 build Kernel Bot, 2021-10-07
- v5.14.10 (Fixes: CVE-2021-3653, CVE-2021-3656)
samba-4.14.8-alt1 build Evgeny Sinelnikov, 2021-10-06
- Update to latest security release of Samba 4.14
- Fix performance regressions in lsa_LookupSids3/LookupNames4 since Samba 4.9 by
using an explicit database handle cache and address a signifcant in database
access in the AD DC since Samba 4.12.
- Fix an unuthenticated user can crash the AD DC KDC by omitting the server name
in a TGS-REQ (Fixes: CVE-2021-3671).
containerd-1.4.11-alt1 build Vladimir Didenko, 2021-10-06
- 1.4.11 (Fixes: CVE-2021-41103)
firefox-93.0-alt1 build Alexey Gladkov, 2021-10-06
- New release (93.0).
- Security fixes:
+ CVE-2021-38496: Use-after-free in MessageTask
+ CVE-2021-38497: Validation message could have been overlaid on another origin
+ CVE-2021-38498: Use-after-free of nsLanguageAtomService object
+ CVE-2021-32810: Data race in crossbeam-deque
+ CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
+ CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
+ CVE-2021-38499: Memory safety bugs fixed in Firefox 93
docker-engine-20.10.9-alt1 build Vladimir Didenko, 2021-10-06
- 20.10.9 (Fixes: CVE-2021-39293)
kernel-image-std-def-5.10.71-alt1 build Kernel Bot, 2021-10-06
- v5.10.71 (Fixes: CVE-2021-3653, CVE-2021-3656)
kernel-image-std-pae-5.10.71-alt1 build Kernel Bot, 2021-10-06
- v5.10.71 (Fixes: CVE-2021-3653, CVE-2021-3656)
kernel-image-std-debug-5.10.71-alt1 build Kernel Bot, 2021-10-06
- v5.10.71 (Fixes: CVE-2021-3653, CVE-2021-3656)
firefox-esr-91.2.0-alt1 build Andrey Cherepanov, 2021-10-05
- New ESR version.
- Security fixes:
+ CVE-2021-38496 Use-after-free in MessageTask
+ CVE-2021-38497 Validation message could have been overlaid on another origin
+ CVE-2021-38498 Use-after-free of nsLanguageAtomService object
+ CVE-2021-32810 Data race in crossbeam-deque
+ CVE-2021-38500 Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
+ CVE-2021-38501 Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
cve-manager-0.56.0-alt1 build Alexey Appolonov, 2021-10-04
- Fixed cpe-map-choice module (the bug was introduced in the cve-manager v0.55);
- Improved user interface of the cve-monitor;
- Slightly changed format of cve-monitor "diff" reports (a modified header and
an absence of a footer).
chromium-94.0.4606.71-alt1 build Alexey Gladkov, 2021-10-01
- New version (94.0.4606.71).
- Security fixes:
- CVE-2021-37974 : Use after free in Safe Browsing.
- CVE-2021-37975 : Use after free in V8.
- CVE-2021-37976 : Information leak in core.
chromium-gost-94.0.4606.71-alt1 build Alexey Gladkov, 2021-10-01
- New version (94.0.4606.71).
- Security fixes:
- CVE-2021-37974 : Use after free in Safe Browsing.
- CVE-2021-37975 : Use after free in V8.
- CVE-2021-37976 : Information leak in core.
projeto & código: Vladimir Lettiev aka crux © 2004-2005,
Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009