OpenSSH, Squid, PostgreSQL Update in Tumbleweed

15. Oct 2021 | Douglas DeMaio | CC-BY-SA-3.0

OpenSSH, Squid, PostgreSQL Update in Tumbleweed

Three openSUSE Tumbleweed snapshots released this week have brought updates for text editors, browsers, emails clients, database management systems and many other pieces of software.

Mozilla Firefox, Thunderbird, nano, and PostgreSQL were all in the latest 20211012 snapshot. A new major version of Firefox 93.0 added support for the optimised image format AVIF, which offers a significant file size reduction as opposed to other image formats. The browser also improved web compatibility for privacy protections and fixed more than a handful of Common Vulnerabilities and Exposures. Thunderbird 91.2.0 addressed many of the same CVEs, fixed some issues with the calendar and fixed the new mail notifications that did not properly take subfolders into account. The 5.9 version of text editor nano added syntax highlighting for YAML files and fetchmail 6.4.22 added a few patches, addressed a CVE related to an IMAP connections and now highlights being compatible with OpenSSL 1.1.1 and 3.0.0. The new major version of postgresql 14 provided improvements for heavy workloads, enhanced distributed workloads and added a couple more predefined roles like pg_read_all_data, pg_write_all_data and pg_database_owner. Other packages to update in the snapshot were GNOME’s document viewer evince 41.2, Flatpak 1.12.1, graphics library gegl 0.4.32, glusterfs 9.3 and many RubyGems and YaST package updates.

Snapshot 20211011 also added several RubyGems like style guide package rubygem-rubocop 1.22.1, which added new features like a Safety section to documentation for all cops that are Safe: false or SafeAutoCorrect: false. Another gem update was made to rubygem-spring 3.0, which added new Ruby and Rails dependencies. The update of ImageMagick squashed “a dump truck load of VisualStudio compiler warnings” and had an impressive amount of CVE fixes. The update of libreoffice made a change to add poppler as a vendor for all codestreams except Tumbleweed. OpenSSH 8.8 added some new features and security fixes; the release disables RSA signatures using the SHA-1 hash algorithm by default since the SHA-1 hash algorithm is cryptographically broken, according to the changelog. A major version of the openSUSE package checkmedia updated from version 5.4 to 6.1, which provided an add version option to tag media and fixed the auto-detect of a suitable signature location for Red Hat media. Other packages in the snapshot to update were libvirt 7.8.0, libzypp 17.28.5, firewalld 1.0.1 and more.

The new 5.2 major version of caching proxy squid was among the many packages updated in snapshot 20211008. The Web supporting package for HTTP, HTTPS and FTP added a Kerberos Group Helper and Loop Detection in Content Delivery Networks. The new version also fixes issues with Web Cache Communication Protocol that could have led to information being disclosed based on CVE-2021-28116. Linux Kernel 5.14.9 provided multiple USB additions and added a Memory Tagging Extension support check to thread switching and syscall entry/exit for AArch64. CVE-2021-42013 was fixed with the apache2 2.4.51 update. The update of redis 6.2.6 focused on fixing bugs that involved behavior changes and made some improvements by adding a latency monitor sample when a key is deleted via a lazy expire. Samoa has made the decision to no longer observe Daylight Saving Time and Jordan shifted its DST to the last Thursday of February, which was reflected in the timezone 2021c package update. Other packages to update in the snapshot were libsolv 0.7.20, Samba 4.15.0, libstorage-ng 4.4.43 and the 21.08.1 versions of KDE Gear’s umbrello and yakuake packages.

Share this post: