Fedora Security Advisories

FEDORA-2024-0c9d3b51d4 Packages in this update:

• tpm2-tools-5.7-1.fc40
• tpm2-tss-4.1.0-1.fc40

Update description:

tpm2-tss:

Fixed CVE-2024-29040

tpm2-tools:

Fixed CVE-2024-29038 Fixed CVE-2024-29039

FEDORA-2024-4512dc54af Packages in this update:

• tpm2-tools-5.5.1-1.fc39
• tpm2-tss-4.0.2-1.fc39

Update description:

tpm2-tss:

Fixed CVE-2024-29040

tpm2-tools:

Fixed CVE-2024-29038 Fixed CVE-2024-29039

FEDORA-2024-3265d70b61 Packages in this update:

• tpm2-tools-5.5.1-1.fc38
• tpm2-tss-4.0.2-1.fc38

Update description:

tpm2-tss:

Fixed CVE-2024-29040

tpm2-tools:

Fixed CVE-2024-29038 Fixed CVE-2024-29039

FEDORA-2024-a1246372a4 Packages in this update:

• webkit2gtk4.0-2.44.1-1.fc40

Update description:

Update to 2.44.1

FEDORA-2024-11821b16ac Packages in this update:

• gdcm-3.0.23-5.fc39

Update description: Security fixes

• TALOS-2024-1924, CVE-2024-22391: heap overflow
• TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
• TALOS-2024-1944, CVE-2024-25569: out-of-bounds read

Bug fixes

• Replace deprecated PyEval_CallObject for compatibility with Python 3.13

FEDORA-EPEL-2024-f5884f808a Packages in this update:

• gdcm-3.0.12-7.el9

Update description: Security fixes

• TALOS-2024-1924, CVE-2024-22391: heap overflow
• TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
• TALOS-2024-1944, CVE-2024-25569: out-of-bounds read

Bug fixes

• Replace deprecated PyEval_CallObject for compatibility with Python 3.13

FEDORA-2024-7a57842ec3 Packages in this update:

• gdcm-3.0.21-4.fc38

Update description: Security fixes

• TALOS-2024-1924, CVE-2024-22391: heap overflow
• TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
• TALOS-2024-1944, CVE-2024-25569: out-of-bounds read

Bug fixes

• Replace deprecated PyEval_CallObject for compatibility with Python 3.13

FEDORA-2024-fae33e6e9f Packages in this update:

• gdcm-3.0.23-5.fc40

Update description: Security fixes

• TALOS-2024-1924, CVE-2024-22391: heap overflow
• TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
• TALOS-2024-1944, CVE-2024-25569: out-of-bounds read

Bug fixes

• Replace deprecated PyEval_CallObject for compatibility with Python 3.13

FEDORA-2024-c5909efa5c Packages in this update:

• gdcm-3.0.23-5.fc41

Update description:

Automatic update for gdcm-3.0.23-5.fc41.

Changelog * Fri Apr 26 2024 Sandro <devel@penguinpee.nl> - 3.0.23-5 - Apply security patches - Fix TALOS-2024-1924, CVE-2024-22391 (RHBZ#2277288) - Fix TALOS-2024-1935, CVE-2024-22373 (RHBZ#2277292) - Fix TALOS-2024-1944, CVE-2024-25569 (RHBZ#2277296) * Fri Apr 19 2024 Sandro <devel@penguinpee.nl> - 3.0.23-4 - Replace deprecated PyEval_CallObject() (RHBZ#2245816) * Fri Mar 22 2024 Sérgio M. Basto <sergio@serjux.com> - 3.0.23-3 - Update URL

FEDORA-2024-29120efcc4 Packages in this update:

• et-6.2.1-15.fc38

Update description:

Unbundle cpp-httlib, fixing CVE-2023-26130

FEDORA-2024-a09bfceb28 Packages in this update:

• et-6.2.1-15.fc39

Update description:

Unbundle cpp-httlib, fixing CVE-2023-26130

FEDORA-2024-cd94b2df32 Packages in this update:

• et-6.2.1-15.fc40

Update description:

Unbundle cpp-httlib, fixing CVE-2023-26130

FEDORA-2024-34474f346b Packages in this update:

• clamav-1.0.6-1.fc40

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

• Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

  • Fixed a bug causing some text to be truncated when converting from UTF-16.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

  • Fixed assorted complaints identified by Coverity static analysis.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

  • Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

  • Added the new 'valhalla' database name to the list of optional databases in preparation for future work.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

  • Silenced a warning "Unexpected early end-of-file" that occured when scanning some PNG files.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

FEDORA-2024-1a79c2ef63 Packages in this update:

• clamav-1.0.6-1.fc39

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

• Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

  • Fixed a bug causing some text to be truncated when converting from UTF-16.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

  • Fixed assorted complaints identified by Coverity static analysis.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

  • Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

  • Added the new 'valhalla' database name to the list of optional databases in preparation for future work.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

  • Silenced a warning "Unexpected early end-of-file" that occured when scanning some PNG files.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

FEDORA-EPEL-2024-25c9732d41 Packages in this update:

• clamav-1.0.6-1.el9

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

• Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

  • Fixed a bug causing some text to be truncated when converting from UTF-16.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

  • Fixed assorted complaints identified by Coverity static analysis.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

  • Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

  • Added the new 'valhalla' database name to the list of optional databases in preparation for future work.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

  • Silenced a warning "Unexpected early end-of-file" that occured when scanning some PNG files.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

FEDORA-2024-92b8ac25a5 Packages in this update:

• clamav-1.0.6-1.fc38

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

• Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

  • Fixed a bug causing some text to be truncated when converting from UTF-16.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

  • Fixed assorted complaints identified by Coverity static analysis.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

  • Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

  • Added the new 'valhalla' database name to the list of optional databases in preparation for future work.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

  • Silenced a warning "Unexpected early end-of-file" that occured when scanning some PNG files.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

FEDORA-2024-48bdd3abbf Packages in this update:

• ruby-3.2.4-182.fc38

Update description:

Upgrade to Ruby 3.2.4.

FEDORA-2024-31cac8b8ec Packages in this update:

• ruby-3.2.4-182.fc39

Update description:

Upgrade to Ruby 3.2.4.

FEDORA-EPEL-2024-0c24da3136 Packages in this update:

• chromium-124.0.6367.78-1.el9

Update description:

update to 124.0.6367.78

* Critical CVE-2024-4058: Type Confusion in ANGLE * High CVE-2024-4059: Out of bounds read in V8 API * High CVE-2024-4060: Use after free in Dawn

update to 124.0.6367.60

• High CVE-2024-3832: Object corruption in V8
• High CVE-2024-3833: Object corruption in WebAssembly
• High CVE-2024-3914: Use after free in V8
• High CVE-2024-3834: Use after free in Downloads
• Medium CVE-2024-3837: Use after free in QUIC
• Medium CVE-2024-3838: Inappropriate implementation in Autofill
• Medium CVE-2024-3839: Out of bounds read in Fonts
• Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
• Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
• Medium CVE-2024-3843: Insufficient data validation in Downloads
• Low CVE-2024-3844: Inappropriate implementation in Extensions
• Low CVE-2024-3845: Inappropriate implementation in Network
• Low CVE-2024-3846: Inappropriate implementation in Prompts
• Low CVE-2024-3847: Insufficient policy enforcement in WebUI

update to 123.0.6312.122

• High CVE-2024-3157: Out of bounds write in Compositing
• High CVE-2024-3516: Heap buffer overflow in ANGLE
• High CVE-2024-3515: Use after free in Dawn

FEDORA-2024-2c9be9d949 Packages in this update:

• chromium-124.0.6367.78-1.fc38

Update description:

update to 124.0.6367.78

* Critical CVE-2024-4058: Type Confusion in ANGLE * High CVE-2024-4059: Out of bounds read in V8 API * High CVE-2024-4060: Use after free in Dawn