Update against new Xonotic 0.8.5 upstream. DHCP client support - firecfg only fix dektop-files if started with sudo - SELinux labeling support - custom 32-bit seccomp filter support - restrict $(RUNUSER) in several profiles - blacklist shells such as bash in several profiles - whitelist globbing - mkdir and mkfile support for /run/user directory - support ignore for include -include on the command line - splitting up media players whitelists in whitelist-players.inc - new condition: HAS_NOSOUND - new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster - new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl - new profiles: pdflatex, tex, wpp, wpspdf, wps, et, multimc, mupdf-x11 - new profiles: gnome-hexgl,, mupdf-gl, mutool - new profiles: desktopeditors, impressive, planmaker18, planmaker18free - new profiles: presentations18, presentations18free, textmaker18, teams - new profiles: textmaker18free, xournal, gnome-screenshot, ripperX - new profiles: sound-juicer,, gnome-pomodoro - new profiles: gnome-todo, x2goclient, iagno, kmplayer, penguin-command - new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux - new profiles: ts3client_runscript.sh, ferdi, abiword, four-in-a-row - new profiles: gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin - new profiles: gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars - new profiles: hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless - new profiles: mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers - new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski - new profiles: swell-foop, fdns, five-or-more, steam-runtime - new profiles: nicotine, plv, mocp, apostrophe, quadrapassel, dino-im - new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, xonotic-sdl-wrapper - new profiles: gapplication, openarena_ded, element-desktop, cawbird - new profiles: freetube, strawberry, jitsi-meet-desktop - new profiles: homebank, mattermost-desktop, newsflash, - new profiles: sushi, xfce4-screenshooter,, lyx - new profiles: minitube, nuclear, mtpaint, minecraft-launcher, gnome-calendar - new profiles: vmware, git-cola, otter-browser, kazam, menulibre, musictube - new profiles: onboard, fractal, mirage, quaternion, spectral, man, psi - new profiles: smuxi-frontend-gnome, balsa, kube, trojita, youtube - new profiles: youtubemusic-nativefier, cola, dbus-send, notify-send - new profiles: qrencode, ytmdesktop, twitch - new profiles: xournalpp, chromium-freeworld, equalx - Make the AppArmor profile compatible with AppArmor 3.0 (add missing include ) Update to 0.9.62.4 - fix AppArmor broken in the previous release - miscellaneous fixes Update to 0.9.62.2 - fix CVE-2020-17367 - fix CVE-2020-17368 Solution Update the affected firejail packages.Pts/xonotic-1.6.0 Fri, 15:07:02 GMT With this version nodbus is deprecated, in favor of dbus-user none and dbus-system none and will be removed in a future version. xdg-dbus-proxy must be installed, if not D-Bus access will be allowed. Fine-grained D-Bus sandboxing with xdg-dbus-proxy. To get the previous behaviour, use -seccomp-error-action=kill or syscall:kill syntax when constructing filters, or override in /etc/firejail/nfig file. Update to version 0.9.64 : - replaced -nowrap option with -wrap in firemon - The blocking action of seccomp filters has been changed from killing the process to returning EPERM to the caller. Description This update for firejail fixes the following issues : firejail 0.9.64.4 is shipped to openSUSE Leap 15.2 - CVE-2021-26910: Fixed root privilege escalation due to race condition (boo#1181990) Update to 0.9.64.4 : - disabled overlayfs, pending multiple fixes - fixed launch firefox for open url in telegram-desktop.profile Update to 0.9.64.2 : - allow -tmpfs inside $HOME for unprivileged users -disable-usertmpfs compile time option - allow AF_BLUETOOTH via -protocol=bluetooth - setup guide for new users: contrib/firejail-welcome.sh - implement netns in profiles - added IPv6 network filter - new profiles: spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu, authenticator-rs, servo, npm, marker, yarn, lsar, unar, agetpkg, mdr, shotwell, qnapi, new profiles: guvcview, pkglog, kdiff3, CoyIM.
Synopsis The remote openSUSE host is missing a security update.
0 kommentar(er)
