[SECURITY] Fedora 40 Update: chromium-129.0.6668.89-1.fc40
[SECURITY] Fedora 41 Update: aws-24.0.0-3.fc41
[SECURITY] Fedora 41 Update: python-gcsfs-2024.9.0-1.fc41
[SECURITY] Fedora 41 Update: znc-clientbuffer-0-0.28.20190129git9766a4a.fc41
[SECURITY] Fedora 41 Update: znc-push-2.0.0-10.20210311git4243934.fc41
[SECURITY] Fedora 41 Update: znc-1.9.1-4.fc41
[SECURITY] Fedora 40 Update: chromium-129.0.6668.89-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-452b60addf
2024-10-05 01:52:51.350116
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 40
Version : 129.0.6668.89
Release : 1.fc40
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
update to 129.0.6668.89
High CVE-2024-7025: Integer overflow in Layout
High CVE-2024-9369: Insufficient data validation in Mojo
High CVE-2024-9370: Inappropriate implementation in V8
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 2 2024 Than Ngo [than@redhat.com] - 129.0.6668.89-1
- update to 129.0.6668.89
* High CVE -2024-7025: Integer overflow in Layout
* High CVE-2024-9369: Insufficient data validation in Mojo
* High CVE-2024-9370: Inappropriate implementation in V8
* Mon Sep 30 2024 Than Ngo [than@redhat.com] - 129.0.6668.70-3
- add clang-19 support
* Fri Sep 27 2024 Dominik Mierzejewski [dominik@greysector.net] - 129.0.6668.70-2
- Rebuilt for FFmpeg 7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2314382 - CVE-2021-38023 chromium: Use after free in Extensions in Google Chrome [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2314382
[ 2 ] Bug #2314384 - CVE-2018-20072 chromium: Insufficient data validation in PDF in Google Chrome [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2314384
[ 3 ] Bug #2314582 - CVE-2024-9121 chromium: Inappropriate implementation in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2314582
[ 4 ] Bug #2314584 - CVE-2024-9120 chromium: Use after free in Dawn [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2314584
[ 5 ] Bug #2314589 - CVE-2024-9123 chromium: Integer overflow in Skia in Google Chrome [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2314589
[ 6 ] Bug #2314590 - CVE-2024-9122 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2314590
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-452b60addf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: aws-24.0.0-3.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-7908ee39a9
2024-10-05 00:15:27.673762
--------------------------------------------------------------------------------
Name : aws
Product : Fedora 41
Version : 24.0.0
Release : 3.fc41
URL : https://github.com/AdaCore/aws
Summary : The Ada Web Server
Description :
AWS is a complete framework to develop Web based applications. The main part
of the framework is the embedded Web server. This small yet powerful Web
server can be embedded into your application so your application will be able
to talk with a standard Web browser.
--------------------------------------------------------------------------------
Update Information:
CVE-2024-41708: Ada Web Server did not use a cryptographically secure
pseudorandom number generator.
AWS.Utils.Random and AWS.Utils.Random_String used Ada.Numerics.Discrete_Random,
which is not designed to be cryptographically secure. Random_String also
introduced a bias in the generated pseudorandom string values, where the values
"1" and "2" had a much higher frequency than any other character.
The internal state of the Mersenne Twister PRNG could be revealed, and lead to a
session hijacking attack.
This update fixes the problem by using /dev/urandom instead of Discrete_Random.
More details: https://docs.adacore.com/corp/security-
advisories/SEC.AWS-0040-v2.pdf
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 26 2024 Björn Persson - 2:24.0.0-3
- Fixed to use /dev/urandom instead of a non-cryptographic PRNG.
Resolves: CVE-2024-41708 (RHBZ#2314766)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2314766 - CVE-2024-41708 aws: Random Number Generator of Ada is not cryptographically secure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2314766
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-7908ee39a9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
-
[SECURITY] Fedora 41 Update: python-gcsfs-2024.9.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-9e55564ca7
2024-10-05 00:15:27.673712
--------------------------------------------------------------------------------
Name : python-gcsfs
Product : Fedora 41
Version : 2024.9.0
Release : 1.fc41
URL : https://github.com/fsspec/gcsfs
Summary : Convenient Filesystem interface over GCS
Description :
Pythonic file-system for Google Cloud Storage.
--------------------------------------------------------------------------------
Update Information:
Update to new upstream version (closes rhbz#2237124)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 26 2024 Fabian Affolter - 2024.9.0-1
- Update to new upstream version (closes rhbz#2237124)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2261909 - CVE-2024-23829 python-aiohttp: http request smuggling
https://bugzilla.redhat.com/show_bug.cgi?id=2261909
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-9e55564ca7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: znc-clientbuffer-0-0.28.20190129git9766a4a.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-1c078a4771
2024-10-05 00:15:27.673611
--------------------------------------------------------------------------------
Name : znc-clientbuffer
Product : Fedora 41
Version : 0
Release : 0.28.20190129git9766a4a.fc41
URL : https://github.com/CyberShadow/znc-clientbuffer
Summary : ZNC module for client specific buffers
Description :
The client buffer module maintains client specific buffers for identified
clients.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2024-39844
https://wiki.znc.in/ChangeLog/1.9.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 25 2024 Neil Hanlon