Fedora 40 Update: chromium-133.0.6943.126-1.fc40
Fedora 40 Update: proftpd-1.3.8c-3.fc40
Fedora 41 Update: proftpd-1.3.8c-3.fc41
[SECURITY] Fedora 40 Update: chromium-133.0.6943.126-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c0c371a0b6
2025-02-22 01:28:28.213453+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 40
Version : 133.0.6943.126
Release : 1.fc40
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 133.0.6943.126
CVE-2025-0999: Heap buffer overflow in V8
CVE-2025-1426: Heap buffer overflow in GPU
CVE-2025-1006: Use after free in Network
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 19 2025 Than Ngo [than@redhat.com] - 133.0.6943.126-1
- Update to 133.0.6943.126
* CVE-2025-0999: Heap buffer overflow in V8
* CVE-2025-1426: Heap buffer overflow in GPU
* CVE-2025-1006: Use after free in Network
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c0c371a0b6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: proftpd-1.3.8c-3.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d37ad923f5
2025-02-22 01:28:28.213407+00:00
--------------------------------------------------------------------------------
Name : proftpd
Product : Fedora 40
Version : 1.3.8c
Release : 3.fc40
URL : http://www.proftpd.org/
Summary : Flexible, stable and highly-configurable FTP server
Description :
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory
visibility.
This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by systemd instead are included.
--------------------------------------------------------------------------------
Update Information:
This update addresses a null pointer dereferencing issue that could cause the
session for a client that sent specially-crafted commands to the server to crash
(not the sessions of other clients).
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 13 2025 Paul Howarth - 1.3.8c-3
- Avoid NULL pointer dereferences in mod_ls (CVE-2024-57392)
- https://github.com/proftpd/proftpd/issues/1866
- Add explicit BR: libxcrypt-devel
* Fri Jan 17 2025 Paul Howarth - 1.3.8c-2
- Fixes for C23 compatibility
- Update mod_vroot to 0.9.12
- Implement a realpath(3) callback for the FSIO API, for better
interoperability of other modules when mod_vroot is in effect
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2344418 - CVE-2024-57392 proftpd: Buffer Overflow in ProFTPD [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2344418
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d37ad923f5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: proftpd-1.3.8c-3.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-835949b994
2025-02-22 01:20:10.690084+00:00
--------------------------------------------------------------------------------
Name : proftpd
Product : Fedora 41
Version : 1.3.8c
Release : 3.fc41
URL : http://www.proftpd.org/
Summary : Flexible, stable and highly-configurable FTP server
Description :
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory
visibility.
This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by systemd instead are included.
--------------------------------------------------------------------------------
Update Information:
This update addresses a null pointer dereferencing issue that could cause the
session for a client that sent specially-crafted commands to the server to crash
(not the sessions of other clients).
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 13 2025 Paul Howarth - 1.3.8c-3
- Avoid NULL pointer dereferences in mod_ls (CVE-2024-57392)
- https://github.com/proftpd/proftpd/issues/1866
- Add explicit BR: libxcrypt-devel
* Fri Jan 17 2025 Paul Howarth - 1.3.8c-2
- Fixes for C23 compatibility
- Update mod_vroot to 0.9.12
- Implement a realpath(3) callback for the FSIO API, for better
interoperability of other modules when mod_vroot is in effect
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2344418 - CVE-2024-57392 proftpd: Buffer Overflow in ProFTPD [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2344418
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-835949b994' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
