Fedora Linux 8791 Published by

The following three security updates have been released for Fedora Linux:

Fedora 38 Update: chromium-124.0.6367.60-1.fc38
Fedora 38 Update: firefox-125.0-1.fc38
Fedora 39 Update: python-pip-23.2.1-2.fc39




Fedora 38 Update: chromium-124.0.6367.60-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-5d8f4f86b0
2024-04-21 02:57:07.576641
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 38
Version : 124.0.6367.60
Release : 1.fc38
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

update to 124.0.6367.60
High CVE-2024-3832: Object corruption in V8
High CVE-2024-3833: Object corruption in WebAssembly
High CVE-2024-3914: Use after free in V8
High CVE-2024-3834: Use after free in Downloads
Medium CVE-2024-3837: Use after free in QUIC
Medium CVE-2024-3838: Inappropriate implementation in Autofill
Medium CVE-2024-3839: Out of bounds read in Fonts
Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
Medium CVE-2024-3843: Insufficient data validation in Downloads
Low CVE-2024-3844: Inappropriate implementation in Extensions
Low CVE-2024-3845: Inappropriate implementation in Network
Low CVE-2024-3846: Inappropriate implementation in Prompts
Low CVE-2024-3847: Insufficient policy enforcement in WebUI
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 16 2024 Than Ngo [than@redhat.com] - 124.0.6367.60-1
- update to 124.0.6367.60
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2275546
https://bugzilla.redhat.com/show_bug.cgi?id=2275546
[ 2 ] Bug #2275816
https://bugzilla.redhat.com/show_bug.cgi?id=2275816
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-5d8f4f86b0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: firefox-125.0-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-966e16bfa3
2024-04-21 02:57:07.576634
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 38
Version : 125.0
Release : 1.fc38
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

New upstream release (125.0)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 9 2024 Martin Stransky [stransky@redhat.com]- 125.0-1
- Updated to 125.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-966e16bfa3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: python-pip-23.2.1-2.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b72bc39c00
2024-04-21 01:19:45.336429
--------------------------------------------------------------------------------

Name : python-pip
Product : Fedora 39
Version : 23.2.1
Release : 2.fc39
URL : https://pip.pypa.io/
Summary : A tool for installing and managing Python packages
Description :
pip is a package management system used to install and manage software packages
written in Python. Many packages can be found in the Python Package Index
(PyPI). pip is a recursive acronym that can stand for either "Pip Installs
Packages" or "Pip Installs Python".

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-5752
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 17 2024 Charalampos Stratakis [cstratak@redhat.com] - 23.2.1-2
- Security fix for CVE-2023-5752
Resolves: rhbz#2263291
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263291
https://bugzilla.redhat.com/show_bug.cgi?id=2263291
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b72bc39c00' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--