diff options
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r-- | ChangeLog.txt | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 47ab1ac4d..c642a8aef 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,79 @@ +Wed Jul 19 20:36:46 UTC 2023 +a/kernel-firmware-20230707_d3f6606-noarch-1.txz: Upgraded. +a/kernel-generic-6.1.39-x86_64-1.txz: Upgraded. +a/kernel-huge-6.1.39-x86_64-1.txz: Upgraded. +a/kernel-modules-6.1.39-x86_64-1.txz: Upgraded. +a/xfsprogs-6.4.0-x86_64-1.txz: Upgraded. +d/cmake-3.27.0-x86_64-1.txz: Upgraded. +d/kernel-headers-6.1.39-x86-1.txz: Upgraded. +k/kernel-source-6.1.39-noarch-1.txz: Upgraded. +l/mpfr-4.2.0p12-x86_64-1.txz: Upgraded. +n/bind-9.18.17-x86_64-1.txz: Upgraded. +n/curl-8.2.0-x86_64-1.txz: Upgraded. + This update fixes a security issue: + fopen race condition. + For more information, see: + https://curl.se/docs/CVE-2023-32001.html + https://www.cve.org/CVERecord?id=CVE-2023-32001 + (* Security fix *) +n/dhcpcd-10.0.2-x86_64-1.txz: Upgraded. +n/openssh-9.3p2-x86_64-1.txz: Upgraded. + This update fixes a security issue: + ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code + execution relating to PKCS#11 providers. + The PKCS#11 support ssh-agent(1) could be abused to achieve remote code + execution via a forwarded agent socket if the following conditions are met: + * Exploitation requires the presence of specific libraries on the victim + system. + * Remote exploitation requires that the agent was forwarded to an + attacker-controlled system. + Exploitation can also be prevented by starting ssh-agent(1) with an empty + PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that + contains only specific provider libraries. + This vulnerability was discovered and demonstrated to be exploitable by the + Qualys Security Advisory team. + Potentially-incompatible changes: + * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules + issued by remote clients by default. A flag has been added to restore the + previous behaviour: "-Oallow-remote-pkcs11". + For more information, see: + https://www.openssh.com/txt/release-9.3p2 + https://www.cve.org/CVERecord?id=CVE-2023-38408 + (* Security fix *) +n/samba-4.18.5-x86_64-1.txz: Upgraded. + This update fixes security issues: + When winbind is used for NTLM authentication, a maliciously crafted request + can trigger an out-of-bounds read in winbind and possibly crash it. + SMB2 packet signing is not enforced if an admin configured + "server signing = required" or for SMB2 connections to Domain Controllers + where SMB2 packet signing is mandatory. + An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be + triggered by an unauthenticated attacker by issuing a malformed RPC request. + Missing type validation in Samba's mdssvc RPC service for Spotlight can be + used by an unauthenticated attacker to trigger a process crash in a shared + RPC mdssvc worker process. + As part of the Spotlight protocol Samba discloses the server-side absolute + path of shares and files and directories in search results. + For more information, see: + https://www.samba.org/samba/security/CVE-2022-2127.html + https://www.samba.org/samba/security/CVE-2023-3347.html + https://www.samba.org/samba/security/CVE-2023-34966.html + https://www.samba.org/samba/security/CVE-2023-34967.html + https://www.samba.org/samba/security/CVE-2023-34968.html + https://www.cve.org/CVERecord?id=CVE-2022-2127 + https://www.cve.org/CVERecord?id=CVE-2023-3347 + https://www.cve.org/CVERecord?id=CVE-2023-34966 + https://www.cve.org/CVERecord?id=CVE-2023-34967 + https://www.cve.org/CVERecord?id=CVE-2023-34968 + (* Security fix *) +xap/mozilla-firefox-115.0.3esr-x86_64-1.txz: Upgraded. + This is a bugfix release. + For more information, see: + https://www.mozilla.org/en-US/firefox/115.0.3esr/releasenotes/ +isolinux/initrd.img: Rebuilt. +kernels/*: Upgraded. +usb-and-pxe-installers/usbboot.img: Rebuilt. ++--------------------------+ Tue Jul 18 19:58:10 UTC 2023 a/tar-1.35-x86_64-1.txz: Upgraded. x/mesa-23.2.0_rc1-x86_64-1.txz: Upgraded. |