Fedora Security Advisories

FEDORA-2023-5beead493f Packages in this update:

• python-jupyter-server-2.7.2-2.fc39

Update description:

Security fix for CVE-2023-49080 (rhbz#2252897)

FEDORA-2023-8816029058 Packages in this update:

• python-jupyter-server-2.1.0-3.fc38

Update description:

Security fix for CVE-2023-49080

FEDORA-2023-b4b9b38f23 Packages in this update:

• perl-CryptX-0.080-1.fc38

Update description:

Update to 0.080 Fix CVE-2019-17362 in bundled libtomcrypt

FEDORA-2023-d07e885d26 Packages in this update:

• perl-CryptX-0.080-1.fc37

Update description:

Update to 0.080 Fix CVE-2019-17362 in bundled libtomcrypt

FEDORA-2023-1f0ac1260e Packages in this update:

• perl-CryptX-0.080-1.fc39

Update description:

Update to 0.080 Fix CVE-2019-17362 in bundled libtomcrypt

FEDORA-2023-083a5e41cd Packages in this update:

• firefox-120.0.1-1.fc37

Update description:

• Updated to latest upstream (120.0.1)

• Fixed freezes on Google Maps

• Updated to latest upstream (120.0)

FEDORA-2023-14a33318b8 Packages in this update:

• golang-github-prometheus-prom2json-1.3.3-1.fc40

Update description:

Automatic update for golang-github-prometheus-prom2json-1.3.3-1.fc40.

Changelog * Sun Dec 3 2023 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 1.3.3-1 - Update to 1.3.3 - Closes rhbz#2076982 rhbz#2248331 rhbz#2163210 * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

FEDORA-2023-654e0ddfd8 Packages in this update:

• golang-github-prometheus-node-exporter-1.6.1-1.fc40

Update description:

Automatic update for golang-github-prometheus-node-exporter-1.6.1-1.fc40.

Changelog * Thu Nov 9 2023 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 1.6.1-1 - Update to 1.6.1 - Closes rhbz#2210487 rhbz#2178447 rhbz#2163209

FEDORA-2023-d5bd6b62e4 Packages in this update:

• python-aiohttp-3.9.1-1.fc40
• python-pysqueezebox-0.5.5-11.fc40
• python-wled-0.4.4-11.fc40

Update description:

Security fix for CVE-2023-49081, CVE-2023-49082.

Update python-aiohttp to 3.9.1.

Patch python-pysqeezebox and python-wled so they do not have an implicit dependency on python-async-timeout via python-aiohttp.

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.0

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.1

FEDORA-2023-d4a0f2caf1 Packages in this update:

• java-1.8.0-openjdk-1.8.0.392.b08-4.fc37

Update description:

updated to jdk8u392+b08

FEDORA-2023-7f704380a0 Packages in this update:

• java-1.8.0-openjdk-1.8.0.392.b08-4.fc38

Update description:

updated to jdk8u392+b08

FEDORA-2023-6a3c2aeeee Packages in this update:

• java-1.8.0-openjdk-1.8.0.392.b08-4.fc39

Update description:

updated to jdk8u392+b08

FEDORA-EPEL-2023-3d9a822df5 Packages in this update:

• rust-pore-0.1.8-5.el9

Update description:

Affected applications were rebuilt against version 0.10.60 of the the openssl crate (the Rust bindings for OpenSSL) to address two security advisories:

• https://rustsec.org/advisories/RUSTSEC-2023-0044.html
• https://rustsec.org/advisories/RUSTSEC-2023-0072.html

FEDORA-2023-6215ea423b Packages in this update:

• clevis-pin-tpm2-0.5.3-2.fc38
• keyring-ima-signer-0.1.0-11.fc38
• libkrun-1.5.0-7.fc38
• rust-bodhi-cli-2.1.1-2.fc38
• rust-coreos-installer-0.18.0-2.fc38
• rust-fedora-update-feedback-2.1.3-2.fc38
• rust-gst-plugin-reqwest-0.11.1-2.fc38
• rust-pore-0.1.8-5.fc38
• rust-rpm-sequoia-1.5.0-2.fc38
• rust-sequoia-octopus-librnp-1.5.0-4.fc38
• rust-sequoia-policy-config-0.6.0-6.fc38
• rust-sequoia-sq-0.26.0-10.fc38
• rust-sequoia-wot-0.5.0-4.fc38
• rust-sevctl-0.3.2-5.fc38
• rust-tealdeer-1.6.1-5.fc38

Update description:

Affected applications were rebuilt against version 0.10.60 of the the openssl crate (the Rust bindings for OpenSSL) to address two security advisories:

• https://rustsec.org/advisories/RUSTSEC-2023-0044.html
• https://rustsec.org/advisories/RUSTSEC-2023-0072.html

FEDORA-2023-9790b327cb Packages in this update:

• clevis-pin-tpm2-0.5.3-2.fc39
• keyring-ima-signer-0.1.0-11.fc39
• rust-bodhi-cli-2.1.1-2.fc39
• rust-coreos-installer-0.18.0-2.fc39
• rust-fedora-update-feedback-2.1.3-2.fc39
• rust-gst-plugin-reqwest-0.11.1-2.fc39
• rust-pore-0.1.8-5.fc39
• rust-rpm-sequoia-1.5.0-2.fc39
• rust-sequoia-octopus-librnp-1.5.0-4.fc39
• rust-sequoia-policy-config-0.6.0-6.fc39
• rust-sequoia-sq-0.26.0-10.fc39
• rust-sequoia-wot-0.5.0-4.fc39
• rust-sevctl-0.4.3-2.fc39
• rust-snphost-0.1.2-2.fc39
• rust-tealdeer-1.6.1-5.fc39

Update description:

Affected applications were rebuilt against version 0.10.60 of the the openssl crate (the Rust bindings for OpenSSL) to address two security advisories:

• https://rustsec.org/advisories/RUSTSEC-2023-0044.html
• https://rustsec.org/advisories/RUSTSEC-2023-0072.html

FEDORA-2023-af8489dc5b Packages in this update:

• clevis-pin-tpm2-0.5.3-2.fc40
• keyring-ima-signer-0.1.0-11.fc40
• python-cryptography-41.0.5-2.fc40
• rust-bodhi-cli-2.1.1-2.fc40
• rust-coreos-installer-0.18.0-2.fc40
• rust-fedora-update-feedback-2.1.3-2.fc40
• rust-gst-plugin-reqwest-0.11.1-2.fc40
• rust-pore-0.1.8-5.fc40
• rust-rpm-sequoia-1.5.0-2.fc40
• rust-sequoia-octopus-librnp-1.5.0-4.fc40
• rust-sequoia-policy-config-0.6.0-6.fc40
• rust-sequoia-sq-0.26.0-10.fc40
• rust-sequoia-wot-0.5.0-4.fc40
• rust-sevctl-0.4.3-2.fc40
• rust-snphost-0.1.2-2.fc40
• rust-tealdeer-1.6.1-5.fc40

Update description:

Affected applications were rebuilt against version 0.10.60 of the the openssl crate (the Rust bindings for OpenSSL) to address two security advisories:

• https://rustsec.org/advisories/RUSTSEC-2023-0044.html
• https://rustsec.org/advisories/RUSTSEC-2023-0072.html

FEDORA-EPEL-2023-46696cc30b Packages in this update:

• chromium-119.0.6045.199-1.el7

Update description:

update to 119.0.6045.199, upstream security release

• High CVE-2023-6348: Type Confusion in Spellcheck
• High CVE-2023-6347: Use after free in Mojo
• High CVE-2023-6346: Use after free in WebAudio
• High CVE-2023-6350: Out of bounds memory access in libavif
• High CVE-2023-6351: Use after free in libavif
• High CVE-2023-6345: Integer overflow in Skia

FEDORA-EPEL-2023-d47bce8e4e Packages in this update:

• chromium-119.0.6045.199-1.el8

Update description:

update to 119.0.6045.199, upstream security release

• High CVE-2023-6348: Type Confusion in Spellcheck
• High CVE-2023-6347: Use after free in Mojo
• High CVE-2023-6346: Use after free in WebAudio
• High CVE-2023-6350: Out of bounds memory access in libavif
• High CVE-2023-6351: Use after free in libavif
• High CVE-2023-6345: Integer overflow in Skia

FEDORA-EPEL-2023-2537ccf8b5 Packages in this update:

• chromium-119.0.6045.199-1.el9

Update description:

update to 119.0.6045.199, upstream security release

• High CVE-2023-6348: Type Confusion in Spellcheck
• High CVE-2023-6347: Use after free in Mojo
• High CVE-2023-6346: Use after free in WebAudio
• High CVE-2023-6350: Out of bounds memory access in libavif
• High CVE-2023-6351: Use after free in libavif
• High CVE-2023-6345: Integer overflow in Skia

FEDORA-2023-c67f4dbf13 Packages in this update:

• perl-5.38.2-502.fc39
• perl-Devel-Cover-1.40-5.fc39
• perl-PAR-Packer-1.059-2.fc39
• polymake-4.11-2.fc39

Update description:

Security fix for CVE-2023-47038