Updating System Modules and Components in VEOS 8.8
Updated Modules
- Python: updated from version 3.6 to 3.9.
- Nginx: updated from version 1.16.1 to 1.20.1.
- Node.js: updated from version 14.x to 18.x.
Updated Components
- PHP: updated from version 7.2.24 to 7.2.34.
- Ruby: updated from version 2.5.9 to 3.1.2.
- MariaDB: updated from version 10.3 to 10.5.
- LLVM: updated from version 14.0.6 to 16.0.6.
Performance and Debugging Tools
- NetworkManager: updated to version 1.40.16-4.el8_8.
Security Updates
- Kernel Update:
- The kernel has been updated from version 4.18.0-425.19.2 to 4.18.0-477.13.1.
- Vulnerabilities in nf_tables and other netfilter components have been addressed (CVE-2023-32233, CVE-2023-0386).
- Enhanced buffer overflow protection in NFSv2 and NFSv3 (CVE-2022-43945).
- Strengthened data integrity checks in crypto: jitter and crypto: hmac for FIPS mode.
- Updated kernel configuration parameters to prevent privilege escalation and data leaks.
- Libreswan:
- Fixed an issue in handling IKEv1 packets (aggressive mode) to prevent potential vulnerabilities.
- SELinux:
- Updated from version 3.14.3-117 to 3.14.3-139.
- Fixed file handling in the opencryptoki cryptographic library located in /dev/shm.
- Allowed httpd access to tokens in /dev/shm.
- Updated policies for system_cronjob_t and rpm_script_t.
Package Changes
Added
- efitools: Tools for working with EFI.
- perl-IO-Tty: Dependencies for working with TTY.
- perl-YAML-LibYAML: YAML support for Perl.
- sbsigntools: Tools for signing Secure Boot.
- perl-IO-stringy: Tools for working with text data as file descriptors.
- perl-IPC-Run: Process and stream management (stdin, stdout, stderr) in Perl.
Removed
- dvd+rw-tools: Replaced with more modern utilities.
- perl-Digest-SHA1: Replaced with modern cryptographic libraries.
- zabbix: Deprecated monitoring package.
- guava20: Java library with extended collections, thread utilities, caching, and string processing.