As correcções de segurança
helm-3.4.1-alt1
build Aleksei Nikiforov,
2020-11-23
- Updated to upstream version 3.4.1 (Fixes: CVE-2020-4053, CVE-2020-11013,
CVE-2020-15184, CVE-2020-15185, CVE-2020-15186, CVE-2020-15187).
cacti-1.2.15-alt1 build Aleksei Nikiforov, 2020-11-23
- Updated to upstream version 1.2.15 (Fixes: CVE-2020-13230, CVE-2020-13231).
kernel-image-std-def-5.4.79-alt1 build Kernel Bot, 2020-11-22
- v5.4.79 (Fixes: CVE-2020-4788)
kernel-image-std-pae-5.4.79-alt1 build Kernel Bot, 2020-11-22
- v5.4.79 (Fixes: CVE-2020-4788)
kernel-image-std-debug-5.4.79-alt1 build Kernel Bot, 2020-11-22
- v5.4.79 (Fixes: CVE-2020-4788)
chromium-87.0.4280.66-alt1 build Alexey Gladkov, 2020-11-21
- New version (87.0.4280.66).
- Security fixes:
- CVE-2019-8075: Insufficient data validation in Flash.
- CVE-2020-16012: Side-channel information leakage in graphics.
- CVE-2020-16014: Use after free in PPAPI.
- CVE-2020-16015: Insufficient data validation in WASM.
- CVE-2020-16018: Use after free in payments.
- CVE-2020-16019: Inappropriate implementation in filesystem.
- CVE-2020-16020: Inappropriate implementation in cryptohome.
- CVE-2020-16021: Race in ImageBurner.
- CVE-2020-16022: Insufficient policy enforcement in networking.
- CVE-2020-16023: Use after free in WebCodecs.
- CVE-2020-16024: Heap buffer overflow in UI.
- CVE-2020-16025: Heap buffer overflow in clipboard.
- CVE-2020-16026: Use after free in WebRTC.
- CVE-2020-16027: Insufficient policy enforcement in developer tools.
- CVE-2020-16028: Heap buffer overflow in WebRTC.
- CVE-2020-16029: Inappropriate implementation in PDFium.
- CVE-2020-16030: Insufficient data validation in Blink.
- CVE-2020-16031: Incorrect security UI in tab preview.
- CVE-2020-16032: Incorrect security UI in sharing.
- CVE-2020-16033: Incorrect security UI in WebUSB.
- CVE-2020-16034: Inappropriate implementation in WebRTC.
- CVE-2020-16035: Insufficient data validation in cros-disks.
- CVE-2020-16036: Inappropriate implementation in cookies.
jbig2dec-0.19-alt1 build Aleksei Nikiforov, 2020-11-20
- Updated to upstream version 0.19 (Fixes: CVE-2016-9601, CVE-2020-12268).
sqliteodbc-0.9996-alt3 build Aleksei Nikiforov, 2020-11-20
- Updated rpm post script (Fixes: CVE-2020-12050).
consul-1.8.6-alt1 build Aleksei Nikiforov, 2020-11-20
- Updated to upstream version 1.8.6 (Fixes: CVE-2019-9764, CVE-2019-12291,
CVE-2020-7219, CVE-2020-7955, CVE-2020-12797, CVE-2020-13170, CVE-2020-13250).
python-2.7.18-alt2 build Vladimir D. Seleznev, 2020-11-19
- Fixed CVE-2019-20907 and CVE-2019-CVE-2020-26116.
cifs-utils-6.11-alt1 build Aleksei Nikiforov, 2020-11-19
- Updated to upstream version 6.11 (Fixes: CVE-2020-14342).
dovecot-2.3.11.3-alt1 build Aleksei Nikiforov, 2020-11-19
- Updated to 2.3.11.3 (Fixes: CVE-2020-12100, CVE-2020-12673, CVE-2020-12674).
krb5-1.18.3-alt1 build Ivan A. Melnikov, 2020-11-19
- 1.18.3 (Fixes: CVE-2020-28196)
ceph-15.2.6-alt1 build Alexey Shabalin, 2020-11-19
- 15.2.6
- Fixes for the following security vulnerabilities:
+ CVE-2020-25660 Fix a regression in Messenger V2 replay attacks
thunderbird-78.5.0-alt1 build Andrey Cherepanov, 2020-11-19
- New version (78.5.0).
- Fixes:
+ CVE-2020-26951 Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
+ CVE-2020-16012 Variable time processing of cross-origin images during drawImage calls
+ CVE-2020-26953 Fullscreen could be enabled without displaying the security UI
+ CVE-2020-26956 XSS through paste (manual and clipboard API)
+ CVE-2020-26958 Requests intercepted through ServiceWorkers lacked MIME type restrictions
+ CVE-2020-26959 Use-after-free in WebRequestService
+ CVE-2020-26960 Potential use-after-free in uses of nsTArray
+ CVE-2020-15999 Heap buffer overflow in freetype
+ CVE-2020-26961 DoH did not filter IPv4 mapped IP Addresses
+ CVE-2020-26965 Software keyboards may have remembered typed passwords
+ CVE-2020-26966 Single-word search queries were also broadcast to local network
+ CVE-2020-26968 Memory safety bugs fixed in Thunderbird 78.5
- Fix guess timezone for calendar (ALT #38081).
libXrender-0.9.10-alt1 build Valery Inozemtsev, 2020-11-17
- 0.9.10
- securuty fixes: CVE-2016-7949, CVE-2016-7950
libXtst-1.2.3-alt1 build Valery Inozemtsev, 2020-11-17
- 1.2.3
- securuty fixes: CVE-2016-7951, CVE-2016-7952
firefox-83.0-alt1 build Alexey Gladkov, 2020-11-17
- New release (83.0).
- Security fixes:
+ CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
+ CVE-2020-26952: Out of memory handling of JITed, inlined functions could lead to a memory corruption
+ CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
+ CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
+ CVE-2020-26954: Local spoofing of web manifests for arbitrary pages in Firefox for Android
+ CVE-2020-26955: Cookies set during file downloads are shared between normal and Private Browsing Mode in Firefox for Android
+ CVE-2020-26956: XSS through paste (manual and clipboard API)
+ CVE-2020-26957: OneCRL was not working in Firefox for Android
+ CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
+ CVE-2020-26959: Use-after-free in WebRequestService
+ CVE-2020-26960: Potential use-after-free in uses of nsTArray
+ CVE-2020-15999: Heap buffer overflow in freetype
+ CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
+ CVE-2020-26962: Cross-origin iframes supported login autofill
+ CVE-2020-26963: History and Location interfaces could have been used to hang the browser
+ CVE-2020-26964: Firefox for Android's Remote Debugging via USB could have been abused by untrusted apps on older versions of Android
+ CVE-2020-26965: Software keyboards may have remembered typed passwords
+ CVE-2020-26966: Single-word search queries were also broadcast to local network
+ CVE-2020-26967: Mutation Observers could break or confuse Firefox Screenshots feature
+ CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
+ CVE-2020-26969: Memory safety bugs fixed in Firefox 83
firmware-intel-ucode-14-alt1.20201110 build L.A. Kostis, 2020-11-17
- Sync with Debian 3.20201110.1:
+ New upstream microcode datafile 20201110:
+ Implements mitigation for CVE-2020-8696 and CVE-2020-8698,
aka INTEL-SA-00381: AVX register information leakage;
Fast-Forward store predictor information leakage
+ Implements mitigation for CVE-2020-8695, Intel SGX information
disclosure via RAPL, aka INTEL-SA-00389
+ Fixes critical errata on several processor models
+ Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320)
for Skylake-U/Y, Skylake Xeon E3
+ New Microcodes:
sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648
sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768
sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184
sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208
sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184
sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184
+ Updated Microcodes:
sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816
sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472
sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792
sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840
sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224
sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224
sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408
sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360
sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472
sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776
sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568
sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448
sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448
sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448
sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448
sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448
sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448
sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424
sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448
sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424
sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424
sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208
+ 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED
FOR 0x806c1 TIGER LAKE PROCESSORS by this package update. Contact your
system vendor for a firmware update, or wait fo a possible fix in a future
Intel microcode release.
+ source: update symlinks to reflect id of the latest release, 20201110
+ source: ship new upstream documentation (security.md, releasenote.md)
tigervnc-1.10.1-alt4 build Fr. Br. George, 2020-11-17
- Fix CVE-2020-26117
c-ares-1.16.1-alt2 build Anton Farygin, 2020-11-17
- added 0d252eb commit from upstream to resolve security issue (fixes: CVE-2020-8277)
openvpn-2.4.9-alt1 build Nikolay A. Fetisov, 2020-11-16
- New version
- Security fixes:
+ CVE-2020-11810: race condition allowes one client kills other
client session via false client floating (Closes: 39122)
bluez-5.55-alt1 build Valery Inozemtsev, 2020-11-16
- 5.55;
- securuty fixes:
+ CVE-2020-27153 (closes #39291)
postgresql12-12.5-alt1 build Alexei Takaseev, 2020-11-16
- 12.5 (Fixes CVE-2020-25694, CVE-2020-25695, CVE-2020-25696)
node-14.15.1-alt1 build Vitaly Lipatov, 2020-11-16
- new version 14.15.1 (with rpmrb script)
- set c-ares >= 1.16.1-alt2
- CVE-2020-8277: Denial of Service through DNS request (High)
projeto & código: Vladimir Lettiev aka crux © 2004-2005,
Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009