Репозиторий Sisyphus
Последнее обновление: 1 февраля 2023 | Пакетов: 18157 | Посещений: 26607020
en ru br
Исправления уязвимостей

bind-9.16.37-alt1   сборка Stanislav Levin, 2023-01-25


- 9.16.36 -> 9.16.37 (fixes: CVE-2022-3094, CVE-2022-3736, CVE-2022-3924).

vim-9.0.1238-alt1   сборка Alexander Danilov, 2023-01-24


- Updated to v9.0.1238 (fixes CVE-2023-0288).

thunderbird-102.7.0-alt1   сборка Pavel Vasenkov, 2023-01-24


- New version.
- Security fixes:
+ CVE-2022-46871 libusrsctp library out of date
+ CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux
+ CVE-2023-23599 Malicious command could be hidden in devtools output on Windows
+ CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation
+ CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
+ CVE-2022-46877 Fullscreen notification bypass
+ CVE-2023-23603 Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
+ CVE-2023-23605 Memory safety bugs fixed in Thunderbird 102.7

sudo-1.9.12p2-alt1   сборка Evgeny Sinelnikov, 2023-01-22


- Update to latest stable bugfix and security release (closes: 44965).
- Fixed a compilation error on Linux/aarch64 (GitHub#197).
- Fixed a potential crash introduced in the fix for (GitHub#134):
+ If a user's sudoers entry did not have any RunAs user's set, running
"sudo -U otheruser -l" would dereference a NULL pointer.
- Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating
a I/O files when the "iolog_file" sudoers setting contains six or more Xs.
- Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka
sudoedit) that could allow a malicious user with sudoedit privileges to edit
arbitrary files.

cve-manager-0.71.5-alt1   сборка Alexey Appolonov, 2023-01-22


- Backslashes, which may be part of the names of vendors and products imported
from NVD lists, are ignored (they are used to escape special symbols in the
names and at the same time they complicate the processing or require the use
of escape symbols in the "cve-manager-inner-knowledge" lists).

libXpm-3.5.15-alt1   сборка Valery Inozemtsev, 2023-01-18


- 3.5.15 (fixes: CVE-2022-46285, CVE-2022-44617, CVE-2022-4883)

rust-1.66.1-alt1   сборка Alexey Gladkov, 2023-01-18


- New version (1.66.1).
- Security fixes:
+ CVE-2022-46176: Cargo did not verify SSH host keys.

firefox-109.0-alt1   сборка Alexey Gladkov, 2023-01-18


- New release (109.0).
- Security fixes:
+ CVE-2023-23597: Logic bug in process allocation allowed to read arbitrary files
+ CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
+ CVE-2023-23599: Malicious command could be hidden in devtools output on Windows
+ CVE-2023-23600: Notification permissions persisted between Normal and Private Browsing on Android
+ CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation
+ CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
+ CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
+ CVE-2023-23604: Creation of duplicate <code>SystemPrincipal</code> from less secure contexts
+ CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
+ CVE-2023-23606: Memory safety bugs fixed in Firefox 109

kernel-image-centos-5.14.0.236-alt1.el9   сборка Alexey Gladkov, 2023-01-17


- Updated to kernel-5.14.0-236.el9 (fixes: CVE-2022-2964, CVE-2022-4139):
+ [9.2] MEI Backport for Intel DG2 support
+ Add support for second RPL-S CPUID
+ ADL-N: Fix multiple packages shown on a single-package system
+ bpf, xdp: update to 6.0
+ cpu/hotplug: Fix some cpuhp->target issues
+ crypto: xts - drop xts_check_key()
+ drm/i915: fix TLB invalidation for Gen12 video and compute engines
+ During DLPAR operations in shared mode and dedicated mode with smt loop, device tree entries are not getting populated
+ fs: add mode_strip_sgid() helper
+ KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails
+ mmc: bcm2835: stop setting chan_config->slave_id
+ net: skb free reason sync part 2
+ net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
+ net: vrf: determine the dst using the original ifindex for multicast
+ pNFS/filelayout: Fix coalescing test for single DS
+ Revert "nvme: warn about shared namespaces without CONFIG_NVME_MULTIPATH"
+ sched/core: Fix bugs in user_cpus_ptr handling
+ scsi: target: core: Fix hard lockup when executing a compare-and-write command
+ [SPR] CPU: AMX: Improve the init_fpstate setup code
+ tracing: Add linear buckets to histogram logic
+ vmxnet3: correctly report csum_level for encapsulated packet
+ vxlan: Backport vxlan file split
+ x86: remove vendor checks from prefer_mwait_c1_over_halt

cve-manager-inner-knowledge-2023.01.16-alt2   сборка Alexey Appolonov, 2023-01-16


- Updated lists (for the release of cve-manager version 0.71.4).

redis-6.2.8-alt1   сборка Nikolay A. Fetisov, 2023-01-14


- New version
- Security fixes:
+ CVE-2022-24736: server crash by a specially crafted Lua script
+ CVE-2022-24735: overcome ACL rules via Lua scripts manipulation

vim-9.0.1174-alt1   сборка Alexander Danilov, 2023-01-11


- Updated to v9.0.1174 (fixes CVE-2023-0054, CVE-2023-0051, CVE-2023-0049).

php8.0-8.0.27-alt1   сборка Anton Farygin, 2023-01-09


- 8.0.26 -> 8.0.27 (Fixes: CVE-2022-31631)

php8.1-8.1.14-alt1   сборка Anton Farygin, 2023-01-09


- 8.1.13 -> 8.1.14 (Fixes: CVE-2022-31631)

php8.2-8.1.14-alt1   сборка Anton Farygin, 2023-01-09


- 8.1.13 -> 8.1.14 (Fixes: CVE-2022-31631)

kernel-image-centos-5.14.0.229-alt1.el9   сборка Alexey Gladkov, 2023-01-06


- Updated to kernel-5.14.0-229.el9 (fixes: CVE-2022-4129):
+ eBPF enhancements in kernel for Power
+ hwmon: (coretemp) Check for null before removing sysfs attrs
+ l2tp: Serialize access to sk_user_data with sk_callback_lock
+ RHEL: ALSA: add kunit module soc-utils-test to mod-internal.list
+ [s390]: RHEL9 - zfcp: fix double free of FSF request when qdio send fails
+ scsi: target: iscsi: Fix a race condition between login_work and the login thread

dotnet-bootstrap-6.0-6.0.12-alt1   сборка Vitaly Lipatov, 2022-12-27


- The .NET 6.0.12 and .NET SDK 6.0.112 releases
- CVE-2022-41032: .NET Elevation of Privilege Vulnerability
- CVE-2022-38013: .NET Denial of Service Vulnerability
- CVE-2022-34716: .NET Information Disclosure Vulnerability

dotnet-runtime-6.0-6.0.12-alt1   сборка Vitaly Lipatov, 2022-12-27


- new version 6.0.12 (with rpmrb script)
- CVE-2022-41032: .NET Elevation of Privilege Vulnerability
- CVE-2022-38013: .NET Denial of Service Vulnerability
- CVE-2022-34716: .NET Information Disclosure Vulnerability

dotnet-runtime-7.0-6.0.12-alt1   сборка Vitaly Lipatov, 2022-12-27


- new version 6.0.12 (with rpmrb script)
- CVE-2022-41032: .NET Elevation of Privilege Vulnerability
- CVE-2022-38013: .NET Denial of Service Vulnerability
- CVE-2022-34716: .NET Information Disclosure Vulnerability

kernel-image-centos-5.14.0.226-alt1.el9   сборка Alexey Gladkov, 2022-12-23


- Updated to kernel-5.14.0-226.el9 (fixes: CVE-2022-21505, CVE-2022-3628, CVE-2022-42896):
+ Backport Aspeed conversion to shmem
+ block: Do not reread partition table on exclusively open device
+ Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
+ bonding: driver update to v6.1
+ CNB: ipsec: be explicit with XFRM offload direction
+ hwmon: (pwm-fan) Refactor fan power on/off
+ iavf driver update
+ igbvf: Driver Update
+ lib/irq_poll: Prevent softirq pending leak in irq_poll_cpu_dead()
+ lockdown: Fix kexec lockdown bypass with ima policy
+ macsec: backports from upstream
+ net: tls: rebase to 6.0+
+ net/tunnel: wait until all sk_user_data reader finish before releasing the sock
+ [s390]: RHEL9 - KVM: s390: pv: don't allow userspace to set the clock under PV
+ tipc: re-fetch skb cb after tipc_msg_validate
+ v5.18 backports for s390 expolines
+ wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
+ wireless: update to v6.0
+ wireless update to v6.0: base with all dependencies
+ x86/bugs: Add late bug fixes to x86 speculation bugs

thunderbird-102.6.1-alt1   сборка Pavel Vasenkov, 2022-12-23


- New version.
- Security fixes:
+ CVE-2022-46874 Drag and Dropped Filenames could have been truncated to malicious extensions

libcairo-1.16.0-alt2   сборка Valery Inozemtsev, 2022-12-22


- cherry pick upstream fixes for CVE-2018-19876, CVE-2020-35492

systemd-251.10-alt1   сборка Alexey Shabalin, 2022-12-22


- 251.10 (Fixes: CVE-2022-4415)

curl-7.87.0-alt1   сборка Anton Farygin, 2022-12-21


- 7.86.0 -> 7.87.0
- Fixes:
* CVE-2022-43551: Another HSTS bypass via IDN
* CVE-2022-43552: HTTP Proxy deny use-after-free

kernel-image-centos-5.14.0.219-alt1.el9   сборка Alexey Gladkov, 2022-12-21


- Updated to kernel-5.14.0-219.el9 (fixes: CVE-2022-2873):
+ Add fixes to drivers/misc/sram to support NVIDIA Orin
+ Bring MD code the latest upstream
+ CNB: fortify: Provide a memcpy trap door for sharp corners
+ CNB: tracing/events: Add __vstring() and __assign_vstr() helper macros
+ crypto: backport wireguard s390 fix
+ hyper-v: Video and HID driver updates for RHEL-9.2
+ i2c: ismt: Fix an out-of-bounds bug in ismt_access()
+ kernfs: switch global kernfs_rwsem lock to per-fs lock
+ powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address
+ redhat/configs: Enable CONFIG_CRYPTO_CURVE25519
+ Redo missing uapi/linux/stddef.h: Add include guards
+ vmxnet3: driver update to v6.0
+ x86/fpu: Drop fpregs lock before inheriting FPU permissions
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin