Fedora Security Advisories

FEDORA-FLATPAK-2024-de95fc1445 Packages in this update:

• thunderbird-flatpak-115.10.1-1

Update description:

Thunderbird 115.10.1 release.

FEDORA-2024-450b75e4a0 Packages in this update:

• libcoap-4.3.4a-2.fc39

Update description:

Patch to fix CVE-2024-31031

FEDORA-2024-7be0693731 Packages in this update:

• matrix-synapse-1.105.1-1.fc38
• rust-pythonize-0.21.1-1.fc38

Update description:

Update matrix-synapse to v1.105.1 (CVE-2024-31208)

Update to v1.105.0

FEDORA-2024-d408b654d6 Packages in this update:

• matrix-synapse-1.105.1-1.fc39
• rust-pythonize-0.21.1-1.fc39

Update description:

Update matrix-synapse to v1.105.1 (CVE-2024-31208)

Update to v1.105.0

FEDORA-2024-3ff83cb806 Packages in this update:

• matrix-synapse-1.105.1-1.fc40
• rust-pythonize-0.21.1-1.fc40

Update description:

Update matrix-synapse to v1.105.1 (CVE-2024-31208)

Update to v1.105.0

FEDORA-2024-81c9a3fe50 Packages in this update:

• thunderbird-115.10.1-4.fc39

Update description:

Update to 115.10.1

• https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/
• Fix https://bugzilla.redhat.com/show_bug.cgi?id=2276078

Including security update to 115.10.0

• https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/
• https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/

FEDORA-2024-15b892ebd3 Packages in this update:

• thunderbird-115.10.1-4.fc38

Update description:

Update to 115.10.1

• https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/
• Fix https://bugzilla.redhat.com/show_bug.cgi?id=2276078

Including security update to 115.10.0

• https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/
• https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/

FEDORA-EPEL-2024-bab8814ee2 Packages in this update:

• python-aiohttp-3.9.5-1.el9

Update description:

Security update for CVE-2024-27306

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4

FEDORA-FLATPAK-2024-435e56c0b9 Packages in this update:

• flatpak-runtime-f39-24
• flatpak-sdk-f39-15

Update description:

Updated flatpak runtime and SDK, including latest Fedora 39 security and bug-fix errata.

FEDORA-2024-f34786d26f Packages in this update:

• python-aiohttp-3.9.5-1.fc38

Update description:

Security update for CVE-2024-27306

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4

FEDORA-2024-e0057e6044 Packages in this update:

• python-aiohttp-3.9.5-1.fc39

Update description:

Security update for CVE-2024-27306

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4

FEDORA-2024-000a25f3fc Packages in this update:

• python-aiohttp-3.9.5-1.fc40
• python-openapi-core-0.19.1-3.fc40

Update description:

Security update for CVE-2024-27306

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4

FEDORA-2024-7fecec055b Packages in this update:

• golang-github-git-5-5.12.0-1.fc41

Update description:

Automatic update for golang-github-git-5-5.12.0-1.fc41.

Changelog * Tue Apr 23 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 5.12.0-1 - Update to 5.12.0 - Closes rhbz#2214601 rhbz#2255090 rhbz#2259808 rhbz#2259817 rhbz#2259827 rhbz#2259832

FEDORA-2024-982a7184e0 Packages in this update:

• freerdp2-2.11.7-1.fc40

Update description:

Update to 2.11.7 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460, CVE-2024-32662)

FEDORA-2024-c702ea0fb1 Packages in this update:

• freerdp-2.11.7-1.fc38

Update description:

Update to 2.11.7 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460, CVE-2024-32662)

FEDORA-2024-1b11432d52 Packages in this update:

• freerdp-2.11.7-1.fc39

Update description:

Update to 2.11.7 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460, CVE-2024-32662)

FEDORA-2024-8b50ca2e22 Packages in this update:

• chromium-124.0.6367.60-2.fc40

Update description:

update to 124.0.6367.60

• High CVE-2024-3832: Object corruption in V8
• High CVE-2024-3833: Object corruption in WebAssembly
• High CVE-2024-3914: Use after free in V8
• High CVE-2024-3834: Use after free in Downloads
• Medium CVE-2024-3837: Use after free in QUIC
• Medium CVE-2024-3838: Inappropriate implementation in Autofill
• Medium CVE-2024-3839: Out of bounds read in Fonts
• Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
• Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
• Medium CVE-2024-3843: Insufficient data validation in Downloads
• Low CVE-2024-3844: Inappropriate implementation in Extensions
• Low CVE-2024-3845: Inappropriate implementation in Network
• Low CVE-2024-3846: Inappropriate implementation in Prompts
• Low CVE-2024-3847: Insufficient policy enforcement in WebUI

FEDORA-2024-27eafd0e65 Packages in this update:

• php-tcpdf-6.7.5-1.fc40

Update description:

Version 6.7.5 (2024-04-20)

• Update GitHub actions
• fix: CSV-2024-22640 (#712)

FEDORA-EPEL-2024-b002585dd2 Packages in this update:

• openssl3-3.2.1-1.1.el8

Update description:

Merge in changes from c9s' openssl to pick up various CVE fixes and other bugfixes

FEDORA-2024-d67f9827b2 Packages in this update:

• nextcloud-28.0.4-2.fc38

Update description:

Fix typo and 2 RPM build warnings

• update to 28.0.3
• fix CVE-2024-22403