diff options
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r-- | ChangeLog.txt | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 1d3e8cf30..12f16b7eb 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,60 @@ +Wed Oct 11 06:37:21 UTC 2023 +a/kernel-generic-6.1.57-x86_64-1.txz: Upgraded. +a/kernel-huge-6.1.57-x86_64-1.txz: Upgraded. +a/kernel-modules-6.1.57-x86_64-1.txz: Upgraded. +d/kernel-headers-6.1.57-x86-1.txz: Upgraded. +k/kernel-source-6.1.57-noarch-1.txz: Upgraded. +n/c-ares-1.20.1-x86_64-1.txz: Upgraded. +n/curl-8.4.0-x86_64-1.txz: Upgraded. + This update fixes security issues: + Cookie injection with none file. + SOCKS5 heap buffer overflow. + For more information, see: + https://curl.se/docs/CVE-2023-38546.html + https://curl.se/docs/CVE-2023-38545.html + https://www.cve.org/CVERecord?id=CVE-2023-38546 + https://www.cve.org/CVERecord?id=CVE-2023-38545 + (* Security fix *) +n/nghttp2-1.57.0-x86_64-1.txz: Upgraded. + This release has a fix to mitigate the HTTP/2 Rapid Reset vulnerability. + For more information, see: + https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg + https://www.cve.org/CVERecord?id=CVE-2023-44487 + (* Security fix *) +n/samba-4.19.1-x86_64-1.txz: Upgraded. + This is a security release in order to address the following defects: + Unsanitized pipe names allow SMB clients to connect as root to existing + unix domain sockets on the file system. + SMB client can truncate files to 0 bytes by opening files with OVERWRITE + disposition when using the acl_xattr Samba VFS module with the smb.conf + setting "acl_xattr:ignore system acls = yes" + An RODC and a user with the GET_CHANGES right can view all attributes, + including secrets and passwords. Additionally, the access check fails + open on error conditions. + Calls to the rpcecho server on the AD DC can request that the server block + for a user-defined amount of time, denying service. + Samba can be made to start multiple incompatible RPC listeners, disrupting + service on the AD DC. + For more information, see: + https://www.samba.org/samba/security/CVE-2023-3961.html + https://www.samba.org/samba/security/CVE-2023-4091.html + https://www.samba.org/samba/security/CVE-2023-4154.html + https://www.samba.org/samba/security/CVE-2023-42669.html + https://www.samba.org/samba/security/CVE-2023-42670.html + https://www.cve.org/CVERecord?id=CVE-2023-3961 + https://www.cve.org/CVERecord?id=CVE-2023-4091 + https://www.cve.org/CVERecord?id=CVE-2023-4154 + https://www.cve.org/CVERecord?id=CVE-2023-42669 + https://www.cve.org/CVERecord?id=CVE-2023-42670 + (* Security fix *) +xap/mozilla-thunderbird-115.3.2-x86_64-1.txz: Upgraded. + This is a bugfix release. + For more information, see: + https://www.mozilla.org/en-US/thunderbird/115.3.2/releasenotes/ +isolinux/initrd.img: Rebuilt. +kernels/*: Upgraded. +usb-and-pxe-installers/usbboot.img: Rebuilt. ++--------------------------+ Tue Oct 10 19:27:56 UTC 2023 ap/sqlite-3.43.2-x86_64-1.txz: Upgraded. l/libcue-2.2.1-x86_64-4.txz: Rebuilt. |