openSUSE: 2022:10101-1 important: nim
Description
This update for nim fixes the following issues: Includes upstream security fixes for: * (boo#1175333, CVE-2020-15693) httpClient is vulnerable to a CR-LF injection * (boo#1175334, CVE-2020-15692) mishandle of argument to browsers.openDefaultBrowser * (boo#1175332, CVE-2020-15694) httpClient.get().contentLength() fails to properly validate the server response * (boo#1192712, CVE-2021-41259) null byte accepted in getContent function, leading to URI validation bypass * (boo#1185948, CVE-2021-29495) stdlib httpClient does not validate peer certificates by default * (boo#1185085, CVE-2021-21374) Improper verification of the SSL/TLS certificate * (boo#1185084, CVE-2021-21373) "nimble refresh" falls back to a non-TLS URL in case of error * (boo#1185083, CVE-2021-21372) doCmd can be leveraged to execute arbitrary commands * (boo#1181705, CVE-2020-15690) Standard library asyncftpclient lacks a check for newline character Update to 1.6.6 * standard library use consistent styles for variable names so it can be used in projects which force a consistent style with --styleCheck:usages option. * ARC/ORC are now considerably faster at method dispatching, bringing its performance back on the level of the refc memory management. * Full changelog: https://nim-lang.org/blog/2022/05/05/version-166-released.html - Previous updates and changelogs: * 1.6.4: https://nim-lang.org/blog/2022/02/08/version-164-released.html * 1.6.2: https://nim-lang.org/blog/2021/12/17/version-162-released.html * 1.6.0: https://nim-lang.org/blog/2021/10/19/version-160-released.html * 1.4.8: https://nim-lang.org/blog/2021/05/25/version-148-released.html * 1.4.6: https://nim-lang.org/blog/2021/04/15/versions-146-and-1212-released.html * 1.4.4: https://nim-lang.org/blog/2021/02/23/versions-144-and-1210-released.html * 1.4.2: https://nim-lang.org/blog/2020/12/01/version-142-released.html * 1.4.0: https://nim-lang.org/blog/2020/10/16/version-140-released.html update to 1.2.16 * oids: switch from PRNG to random module * nimc.rst: fix table markup * nimRawSetjmp: support Windows * correctly enable chronos * bigints are not supposed to work on 1.2.x * disable nimpy * misc bugfixes * fixes a 'mixin' statement handling regression [backport:1.2
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10101=1
Package List
- openSUSE Backports SLE-15-SP4 (aarch64 ppc64le x86_64): nim-1.6.6-bp154.2.3.1
References
https://www.suse.com/security/cve/CVE-2020-15690.html https://www.suse.com/security/cve/CVE-2020-15692.html https://www.suse.com/security/cve/CVE-2020-15693.html https://www.suse.com/security/cve/CVE-2020-15694.html https://www.suse.com/security/cve/CVE-2021-21372.html https://www.suse.com/security/cve/CVE-2021-21373.html https://www.suse.com/security/cve/CVE-2021-21374.html https://www.suse.com/security/cve/CVE-2021-29495.html https://www.suse.com/security/cve/CVE-2021-41259.html https://bugzilla.suse.com/1175332 https://bugzilla.suse.com/1175333 https://bugzilla.suse.com/1175334 https://bugzilla.suse.com/1181705 https://bugzilla.suse.com/1185083 https://bugzilla.suse.com/1185084 https://bugzilla.suse.com/1185085 https://bugzilla.suse.com/1185948 https://bugzilla.suse.com/1192712