Sisyphus repositório
Última atualização: 28 junho 2022 | SRPMs: 17498 | Visitas: 24457963
en ru br
As correcções de segurança

kernel-image-centos-5.14.0.120-alt1.el9   build Alexey Gladkov, 2022-06-27


- Updated to kernel-5.14.0-120.el9 (fixes: CVE-2022-1998, CVE-2022-2078):
+ block: update with 5.18 for rhel 9.1
+ fanotify: Fix stale file descriptor in copy_event_to_user()
+ netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
+ ntb: update from upstream v5.17
+ redhat: spec: trigger dracut when modules are installed separately
+ [s390] s390/zcrypt: Add admask to zcdn
+ scsi: mpi3mr: Add bsg device support
+ tcp: Don't acquire inet_listen_hashbucket::lock with disabled BH.
+ vmxnet3: Update network driver for RHEL 9.1

chromium-103.0.5060.53-alt1   build Alexey Gladkov, 2022-06-25


- New version (103.0.5060.53).
- Security fixes:
- CVE-2022-2156: Use after free in Base.
- CVE-2022-2157: Use after free in Interest groups.
- CVE-2022-2158: Type Confusion in V8.
- CVE-2022-2160: Insufficient policy enforcement in DevTools.
- CVE-2022-2161: Use after free in WebApp Provider.
- CVE-2022-2162: Insufficient policy enforcement in File System API.
- CVE-2022-2163: Use after free in Cast UI and Toolbar.
- CVE-2022-2164: Inappropriate implementation in Extensions API.
- CVE-2022-2165: Insufficient data validation in URL formatting.

mediawiki-1.37.2-alt1   build Vitaly Lipatov, 2022-06-24


- new version 1.37.2 (with rpmrb script)
- (T297571, CVE-2022-28201) (T297731, CVE-2022-28203)
- (T297754, CVE-2022-28204) (T297543, CVE-2022-28202)

openssl1.1-1.1.1p-alt1   build Gleb F-Malinovskiy, 2022-06-22


- Updated to 1.1.1p (fixes CVE-2022-1292, CVE-2022-2068).

openscad-2021.01-alt4   build Anton Midyukov, 2022-06-20


- Fixes:
+ CVE-2022-0496 Out-of-bounds memory access in DXF loader (path
identification)
+ CVE-2022-0497 Out-of-bounds memory access in comment parser
+ Fix build issue with overloaded join().
- cleanup spec

dropbear-2022.82-alt1   build Vitaly Chikunov, 2022-06-19


- Update to DROPBEAR_2022.82 (2022-04-01). (Fixes: CVE-2018-15599,
CVE-2018-5399, CVE-2018-20685, CVE-2019-12953, CVE-2020-15833,
CVE-2020-36254).
- Disable DSS keys.
- Allow password auth.
- Undo authkey_fp patch (as it does not apply to the new codebase).
- Use bundled libtom{crypt,math} maintained by the authors of Dropbear.
- Doc and client packages are merged into main package.
- Add systemd services.
- Correct sftp-server path (to openssh-server binary).

apache2-2.4.54-alt1   build Anton Farygin, 2022-06-19


- 2.4.54 (Fixes: CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404,
CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377)

kernel-image-un-def-5.17.15-alt2   build Vitaly Chikunov, 2022-06-18


- Pick fixes of Intel-specific processor MMIO stale-data vulnerabilities.
(Fixes: CVE-2022-21166, CVE-2022-21125, CVE-2022-21123).

tor-0.4.7.8-alt1   build Hihin Ruslan, 2022-06-18


- Update version
- CVE-2021-3838

python-2.7.18-alt10   build Vladimir D. Seleznev, 2022-06-17


- Secutiry update (fixed: CVE-2015-20107).
- Fixed Url field.

kernel-image-centos-5.14.0.114-alt1.el9   build Alexey Gladkov, 2022-06-17


- Updated to kernel-5.14.0-114.el9 (fixes: CVE-2022-1729):
+ block: ignore RWF_HIPRI hint for sync dio
+ lpfc cs9 (rhel9.1) update
+ perf: Fix sys_perf_event_open() race against self
+ redhat/configs: Drop outdated CRYPTO_ECDH and unify CRYPTO_USER configs
+ [s390] Upgrade the zfcp driver to latest from upstream, e.g. kernel 5.18
+ Update ext4 and jbd2 to upstream v5.17

php7-7.4.30-alt1   build Anton Farygin, 2022-06-16


- 7.4.28 -> 7.4.30 (Fixes: CVE-2022-31626, CVE-2022-31625)

php8.0-8.0.20-alt1   build Anton Farygin, 2022-06-16


- 8.0.19 -> 8.0.20 (Fixes: CVE-2022-31626, CVE-2022-31625)

php8.1-8.1.7-alt1   build Anton Farygin, 2022-06-16


- 8.1.6 -> 8.1.7 (Fixes: CVE-2022-31626, CVE-2022-31625)

libexo-4.17.2-alt1   build Mikhail Efremov, 2022-06-14


- Updated Url tag.
- Updated to 4.17.2 (fixes: CVE-2022-32278).

kernel-image-centos-5.14.0.111-alt1.el9   build Alexey Gladkov, 2022-06-14


- Updated to kernel-5.14.0-111.el9 (fixes: CVE-2022-1966):
+ Add pinctrl support for ADL-N
+ block, loop: support partitions without scanning
+ [Intel 9.1 FEAT] [RPL-P] perf: PerfMon support
+ ipv4: do not use per netns icmp sockets
+ netfilter: nf_tables: disallow non-stateful expression in sets earlier
+ remoteproc: updates
+ scsi: fnic: Finish scsi_cmnd before dropping the spinlock
+ turbostat: fix PC6 displaying on some systems

golang-1.18.3-alt1   build Alexey Shabalin, 2022-06-12


- New version (1.18.3) (Fixes: CVE-2022-30580, CVE-2022-30634, CVE-2022-30629, CVE-2022-29804).

containerd-1.6.6-alt1   build Vladimir Didenko, 2022-06-08


- 1.6.6 (Fixes: CVE-2022-31030)

qemu-7.0.0-alt1   build Alexey Shabalin, 2022-06-07


- 7.0.0.
- Split out qemu-virtiofsd subpackage.
- Backport patches from upstream for fix virtio-scsi.
- Fixes for the following security vulnerabilities:
+ CVE-2021-3507 hw/block/fdc: Prevent end-of-track overrun
+ CVE-2021-4206 ui/cursor: fix integer overflow in cursor_alloc
+ CVE-2021-4207 display/qxl-render: fix race condition in qxl_cursor
+ CVE-2021-3611 hw/audio/intel-hda: Restrict DMA engine to memories
+ CVE-2022-26353 virtio-net: fix map leaking on error during receive
+ CVE-2022-26354 vhost-vsock: detach the virqueue element in case of error
+ CVE-2021-3929 hw/nvme: fix

kernel-image-centos-5.14.0.106-alt1.el9   build Alexey Gladkov, 2022-06-07


- Updated to kernel-5.14.0-106.el9 (fixes: CVE-2022-24448):
+ clk: qcom: rpmhcc: add sc8280xp support to the RPMh clock controller
+ Documentation: add description for net.core.gro_normal_batch
+ Documentation/sysctl: document max_rcu_stall_to_panic
+ drivers/char: fix unused variable warning in mem.c
+ Fixes for nfs_atomic_open()
+ mm, compaction: fast_find_migrateblock() should return pfn in the target zone
+ PTP: backport fixes from upstream
+ [RHEL 9.1.0] IDXD fixes
+ [s390] Upgrade the qeth driver to latest from upstream

vim-8.2.5062-alt1   build Alexander Danilov, 2022-06-06


- Updated to 8.2.5062 (fixes CVE-2022-1898).

rsyslog-8.2204.1-alt1   build Alexey Shabalin, 2022-06-06


- 8.2204.1 (Fixes: CVE-2022-24903)

firefox-esr-91.10.0-alt1   build Pavel Vasenkov, 2022-06-03


- New ESR version.
- Security fixes:
+ CVE-2022-31736 Cross-Origin resource's length leaked
+ CVE-2022-31737 Heap buffer overflow in WebGL
+ CVE-2022-31738 Browser window spoof using fullscreen mode
+ CVE-2022-31739 Attacker-influenced path traversal when saving downloaded files
+ CVE-2022-31740 Register allocation problem in WASM on arm64
+ CVE-2022-31741 Uninitialized variable leads to invalid memory read
+ CVE-2022-31742 Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
+ CVE-2022-31747 Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10

thunderbird-91.10.0-alt1   build Pavel Vasenkov, 2022-06-03


- New version.
- Security fixes:
+ CVE-2022-31736 Cross-Origin resource's length leaked
+ CVE-2022-31737 Heap buffer overflow in WebGL
+ CVE-2022-31738 Browser window spoof using fullscreen mode
+ CVE-2022-31739 Attacker-influenced path traversal when saving downloaded files
+ CVE-2022-31740 Register allocation problem in WASM on arm64
+ CVE-2022-31741 Uninitialized variable leads to invalid memory read
+ CVE-2022-1834 Braille space character caused incorrect sender email to be shown for a digitally signed email
+ CVE-2022-31742 Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
+ CVE-2022-31747 Memory safety bugs fixed in Thunderbird 91.10

firefox-101.0-alt1   build Alexey Gladkov, 2022-06-01


- New release (101.0).
- Use internal cbindgen again.
- Security fixes:
+ CVE-2022-31736: Cross-Origin resource's length leaked
+ CVE-2022-31737: Heap buffer overflow in WebGL
+ CVE-2022-31738: Browser window spoof using fullscreen mode
+ CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files
+ CVE-2022-31740: Register allocation problem in WASM on arm64
+ CVE-2022-31741: Uninitialized variable leads to invalid memory read
+ CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
+ CVE-2022-31743: HTML Parsing incorrectly ended HTML comments prematurely
+ CVE-2022-31744: CSP bypass enabling stylesheet injection
+ CVE-2022-31745: Incorrect Assertion caused by unoptimized array shift operations
+ CVE-2022-1919: Memory Corruption when manipulating webp images
+ CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
+ CVE-2022-31748: Memory safety bugs fixed in Firefox 101
 
projeto & código: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009