Fedora Security Advisories

FEDORA-2024-2b545d3085 Packages in this update:

• grub2-2.06-121.fc40

Update description:

Security fix for CVE-2023-4692

Security fix for CVE-2023-4693

Fri Apr 12 2024 Nicolas Frayer nfrayer@redhat.com - 2.06-121

• fs/xfs: Handle non-continuous data blocks in directory extents
• Related: #2254370

Fri Mar 08 2024 Nicolas Frayer nfrayer@redhat.com - 2.06-120

• GRUB2 NTFS driver vulnerabilities
• (CVE-2023-4692)
• (CVE-2023-4693)
• Resolves: #2236613
• Resolves: #2241978
• Resolves: #2241976
• Resolves: #2238343

FEDORA-2024-050266dc33 Packages in this update:

• freerdp-3.5.0-1.fc40

Update description:

Update to 3.5.0 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460)

FEDORA-2024-bd8c6c6926 Packages in this update:

• squid-6.9-1.fc39

Update description:

• New squid 6.9
• security update

FEDORA-2024-a414a81d47 Packages in this update:

• squid-6.9-1.fc38

Update description:

• New squid 6.9
• security update

FEDORA-2024-ce2eefc399 Packages in this update:

• kubernetes-1.29.4-1.fc40

Update description:

Update Kubernetes to v1.29.4 for Fedora 40. Resolves CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin.

Additional bug and regression fixes include a bump to Golang.org/x/net to v0.23.0 to address CVE-2023-45288 .

FEDORA-2024-662a8b6005 Packages in this update:

• kubernetes-1.27.13-1.fc39

Update description:

Updates Fedora 30 to Kubernetes 1.27.13. Resolves CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin. In addition, a few bug and regression fixes.

FEDORA-EPEL-2024-3a714d30a3 Packages in this update:

• python-pydantic-1.10.14-1.el9

Update description:

Security fix for CVE-2024-3772 (regular expression denial of service via crafted email string). Update to latest 1.10.x release: https://github.com/pydantic/pydantic/blob/v1.10.14/HISTORY.md

FEDORA-2024-cc8fcab025 Packages in this update:

• etcd-3.5.13-1.fc41

Update description:

Automatic update for etcd-3.5.13-1.fc41.

Changelog * Tue Apr 16 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 3.5.13-1 - Update to 3.5.13 - Closes rhbz#2225797 rhbz#2171486 rhbz#2170782 rhbz#2236640 rhbz#2243321 rhbz#2248266 rhbz#2251230 * Tue Apr 16 2024 Pete Zaitcev <zaitcev@kotori.zaitcev.us> - 3.5.11-1 - Update to 3.5.11

FEDORA-2024-0489e7ba1e Packages in this update:

• filezilla-3.67.0-1.fc38
• libfilezilla-0.47.0-1.fc38

Update description:

Fix for CVE-2024-31497

FEDORA-2024-8401d42de6 Packages in this update:

• filezilla-3.67.0-1.fc39
• libfilezilla-0.47.0-1.fc39

Update description:

Fix for CVE-2024-31497

FEDORA-2024-ff9a2fb31c Packages in this update:

• filezilla-3.67.0-1.fc40
• libfilezilla-0.47.0-1.fc40

Update description:

Fix for CVE-2024-31497

FEDORA-2024-fc5dc50bb6 Packages in this update:

• python-pydantic-1.10.14-5.fc38

Update description:

Security fix for CVE-2024-3772 (regular expression denial of service via crafted email string). Update to latest 1.10.x release: https://github.com/pydantic/pydantic/blob/v1.10.14/HISTORY.md

FEDORA-2024-121f5cec9f Packages in this update:

• firefox-125.0-1.fc39

Update description:

• New upstream release (125.0)

FEDORA-2024-966e16bfa3 Packages in this update:

• firefox-125.0-1.fc38

Update description:

• New upstream release (125.0)

FEDORA-2024-c6a1d4e0ec Packages in this update:

• firefox-125.0-1.fc40

Update description:

• New upstream release (125.0)

• New upstream release (124.0.2)

FEDORA-2024-f04c2ec90b Packages in this update:

• pgadmin4-7.8-5.fc39

Update description:

Backport fix for CVE-2024-3116.

FEDORA-2024-1230cb2cd6 Packages in this update:

• mingw-python-idna-3.7-1.fc40

Update description:

Update to idna-3.7.

FEDORA-2024-83ef5f3c4f Packages in this update:

• mingw-python-idna-3.7-1.fc39

Update description:

Update to idna-3.7.

FEDORA-2024-831b7c8340 Packages in this update:

• mingw-python-idna-3.7-1.fc38

Update description:

Update to idna-3.7.

FEDORA-EPEL-2024-2445965799 Packages in this update:

• chromium-123.0.6312.122-1.el9

Update description:

update to 123.0.6312.122

• High CVE-2024-3157: Out of bounds write in Compositing
• High CVE-2024-3516: Heap buffer overflow in ANGLE
• High CVE-2024-3515: Use after free in Dawn