Fedora Security Advisories

FEDORA-EPEL-2024-ac000e6379 Packages in this update:

• chromium-124.0.6367.155-1.el8

Update description:

• update to 124.0.6367.155

  • High CVE-2024-4558: Use after free in ANGLE
  • High CVE-2024-4559: Heap buffer overflow in WebAudio

update to 124.0.6367.118

• High CVE-2024-4331: Use after free in Picture In Picture
• High CVE-2024-4368: Use after free in Dawn

FEDORA-EPEL-2024-f74fbce604 Packages in this update:

• chromium-124.0.6367.155-1.el9

Update description:

• update to 124.0.6367.155

  • High CVE-2024-4558: Use after free in ANGLE
  • High CVE-2024-4559: Heap buffer overflow in WebAudio

update to 124.0.6367.118

* High CVE-2024-4331: Use after free in Picture In Picture * High CVE-2024-4368: Use after free in Dawn

update to 124.0.6367.91

update to 124.0.6367.78

* Critical CVE-2024-4058: Type Confusion in ANGLE * High CVE-2024-4059: Out of bounds read in V8 API * High CVE-2024-4060: Use after free in Dawn

update to 124.0.6367.60

• High CVE-2024-3832: Object corruption in V8
• High CVE-2024-3833: Object corruption in WebAssembly
• High CVE-2024-3914: Use after free in V8
• High CVE-2024-3834: Use after free in Downloads
• Medium CVE-2024-3837: Use after free in QUIC
• Medium CVE-2024-3838: Inappropriate implementation in Autofill
• Medium CVE-2024-3839: Out of bounds read in Fonts
• Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
• Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
• Medium CVE-2024-3843: Insufficient data validation in Downloads
• Low CVE-2024-3844: Inappropriate implementation in Extensions
• Low CVE-2024-3845: Inappropriate implementation in Network
• Low CVE-2024-3846: Inappropriate implementation in Prompts
• Low CVE-2024-3847: Insufficient policy enforcement in WebUI

update to 123.0.6312.122

• High CVE-2024-3157: Out of bounds write in Compositing
• High CVE-2024-3516: Heap buffer overflow in ANGLE
• High CVE-2024-3515: Use after free in Dawn

FEDORA-2024-92780a83f9 Packages in this update:

• chromium-124.0.6367.155-1.fc40

Update description:

• update to 124.0.6367.155

  • High CVE-2024-4558: Use after free in ANGLE
  • High CVE-2024-4559: Heap buffer overflow in WebAudio

FEDORA-2024-f93392509c Packages in this update:

• chromium-124.0.6367.155-1.fc38

Update description:

• update to 124.0.6367.155

  • High CVE-2024-4558: Use after free in ANGLE
  • High CVE-2024-4559: Heap buffer overflow in WebAudio

update to 124.0.6367.118

* High CVE-2024-4331: Use after free in Picture In Picture * High CVE-2024-4368: Use after free in Dawn

update to 124.0.6367.91

FEDORA-2024-55e7e839f1 Packages in this update:

• chromium-124.0.6367.155-1.fc39

Update description:

• update to 124.0.6367.155

  • High CVE-2024-4558: Use after free in ANGLE
  • High CVE-2024-4559: Heap buffer overflow in WebAudio

FEDORA-2024-fd2569c4e9 Packages in this update:

• glib2-2.78.6-1.fc39
• gnome-shell-45.6-2.fc39

Update description:

Resolve CVE-2024-34397 (GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing), and also update gnome-shell to ensure this fix does not break the screencast feature.

FEDORA-2024-635a54eb7e Packages in this update:

• glib2-2.80.2-1.fc40
• gnome-shell-46.1-2.fc40

Update description:

Resolve CVE-2024-34397 (GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing), and also update gnome-shell to ensure this fix does not break the screencast feature.

FEDORA-2024-2ce1c754f7 Packages in this update:

• mingw-glib2-2.80.1-1.fc40

Update description:

Update glib2 to fix CVE-2024-34397.

FEDORA-2024-be032e564d Packages in this update:

• mingw-glib2-2.78.5-1.fc39

Update description:

Update glib2 to fix CVE-2024-34397.

FEDORA-2024-775b385d13 Packages in this update:

• glib2-2.78.5-1.fc39

Update description:

Resolve CVE-2024-34397 (GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing), and also update gnome-shell to ensure this fix does not break the screencast feature.

FEDORA-2024-731f6da9a5 Packages in this update:

• glib2-2.80.1-1.fc40

Update description:

Resolve CVE-2024-34397 (GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing), and also update gnome-shell to ensure this fix does not break the screencast feature.

FEDORA-EPEL-2024-f7310355bb Packages in this update:

• djvulibre-3.5.28-5.el8

Update description:

Security fix for CVE-2021-46310 and CVE-2021-46312.

FEDORA-EPEL-2024-ff0fd23aa7 Packages in this update:

• djvulibre-3.5.28-4.el9

Update description:

Security fix for CVE-2021-46310 and CVE-2021-46312.

FEDORA-2024-e8b9bedd36 Packages in this update:

• djvulibre-3.5.28-6.fc38

Update description:

Security fix for CVE-2021-46310 and CVE-2021-46312.

FEDORA-2024-d20163632f Packages in this update:

• djvulibre-3.5.28-9.fc40

Update description:

Security fix for CVE-2021-46310 and CVE-2021-46312.

FEDORA-2024-891c09df97 Packages in this update:

• djvulibre-3.5.28-7.fc39

Update description:

Security fix for CVE-2021-46310 and CVE-2021-46312.

FEDORA-2024-e609c057ad Packages in this update:

• mingw-python-jinja2-3.1.4-1.fc39

Update description:

Update to jinja2-3.1.4, fixes CVE-2024-34064.

FEDORA-2024-e3caf31c98 Packages in this update:

• mingw-python-jinja2-3.1.4-1.fc40

Update description:

Update to jinja2-3.1.4, fixes CVE-2024-34064.

FEDORA-2024-8e8ff9d6ec Packages in this update:

• mingw-python-werkzeug-3.0.3-1.fc40

Update description:

Update to werkzeug-3.0.3, fixes CVE-2024-34069.

FEDORA-2024-24e4bba70f Packages in this update:

• python-tqdm-4.66.4-2.fc38

Update description:

Address CVE-2024-34062 (local code execution)