Fedora Linux 8779 Published by

The following security updates have been released for Fedora Linux:

Fedora 39 Update: chromium-126.0.6478.182-1.fc39
Fedora 39 Update: fluent-bit-3.0.4-1.fc39
Fedora 39 Update: suricata-6.0.20-1.fc39
Fedora 39 Update: botan2-2.19.5-1.fc39
Fedora 40 Update: gtk3-3.24.43-1.fc40
Fedora 40 Update: fluent-bit-3.0.4-1.fc40
Fedora 40 Update: suricata-7.0.6-1.fc40
Fedora 40 Update: botan2-2.19.5-1.fc40




Fedora 39 Update: chromium-126.0.6478.182-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d9916cb7e2
2024-07-20 03:25:19.278221
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 39
Version : 126.0.6478.182
Release : 1.fc39
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

update to 126.0.6478.182
High CVE-2024-6772: Inappropriate implementation in V8
High CVE-2024-6773: Type Confusion in V8
High CVE-2024-6774: Use after free in Screen Capture
High CVE-2024-6775: Use after free in Media Stream
High CVE-2024-6776: Use after free in Audio
High CVE-2024-6777: Use after free in Navigation
High CVE-2024-6778: Race in DevTools
High CVE-2024-6779: Out of bounds memory access in V8
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 16 2024 Than Ngo [than@redhat.com] - 126.0.6478.182-1
- update to 126.0.6478.182
* High CVE-2024-6772: Inappropriate implementation in V8
* High CVE-2024-6773: Type Confusion in V8
* High CVE-2024-6774: Use after free in Screen Capture
* High CVE-2024-6775: Use after free in Media Stream
* High CVE-2024-6776: Use after free in Audio
* High CVE-2024-6777: Use after free in Navigation
* High CVE-2024-6778: Race in DevTools
* High CVE-2024-6779: Out of bounds memory access in V8
* Sun Jul 7 2024 Than Ngo [than@redhat.com] - 126.0.6478.126-2
- fixed rhbz#2293202, chromium Wayland UI regression
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2298405 - 126.0.6478.182 has been released, fixing 10 CVEs
https://bugzilla.redhat.com/show_bug.cgi?id=2298405
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d9916cb7e2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 39 Update: fluent-bit-3.0.4-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f3c8d05888
2024-07-20 03:25:19.278214
--------------------------------------------------------------------------------

Name : fluent-bit
Product : Fedora 39
Version : 3.0.4
Release : 1.fc39
URL : https://github.com/fluent/fluent-bit
Summary : Fluent Bit is a super fast, lightweight, and highly scalable logging and metrics processor and forwarder.
Description :
Fluent Bit is a high performance and multi-platform log forwarder.

--------------------------------------------------------------------------------
Update Information:

Update to 3.0.4
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 20 2024 Leoswaldo Macias Mancilla [lmaciasm10@gmail.com] - 3.0.4-1
- Update to 3.0.4
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2292245 - Fix Critical cve-2024-4323 to upgrade to 2.2.3 or 3.0.4+
https://bugzilla.redhat.com/show_bug.cgi?id=2292245
[ 2 ] Bug #2292249 - Upgrade to Fix Critical cve-2024-4323 to upgrade to 2.2.3 or 3.0.4+
https://bugzilla.redhat.com/show_bug.cgi?id=2292249
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f3c8d05888' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 39 Update: suricata-6.0.20-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-40179ecb37
2024-07-20 03:25:19.278169
--------------------------------------------------------------------------------

Name : suricata
Product : Fedora 39
Version : 6.0.20
Release : 1.fc39
URL : https://suricata-ids.org/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.

--------------------------------------------------------------------------------
Update Information:

New bugfix and security update
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 27 2024 Steve Grubb [sgrubb@redhat.com] 6.0.20-1
- New security and bugfix release
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-40179ecb37' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 39 Update: botan2-2.19.5-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-6d84a608f1
2024-07-20 03:25:19.278106
--------------------------------------------------------------------------------

Name : botan2
Product : Fedora 39
Version : 2.19.5
Release : 1.fc39
URL : https://botan.randombit.net/
Summary : Crypto and TLS for C++11
Description :
Botan is a BSD-licensed crypto library written in C++. It provides a
wide variety of basic cryptographic algorithms, X.509 certificates and
CRLs, PKCS \#10 certificate requests, a filter/pipe message processing
system, and a wide variety of other features, all written in portable
C++. The API reference, tutorial, and examples may help impart the
flavor of the library. This is the current stable release branch 2.x
of Botan.

--------------------------------------------------------------------------------
Update Information:

Rebase to v2.19.5
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 11 2024 Frantisek Sumsal [frantisek@sumsal.cz] - 2.19.5-1
- Rebase to v2.19.5
* Thu Apr 4 2024 Thomas Moschny [thomas.moschny@gmx.de] - 2.19.4-1
- Update to 2.19.4.
* Sun Feb 11 2024 Frantisek Sumsal [frantisek@sumsal.cz] - 2.19.3-8
- Fix test_compress with zlib-ng (rhbz#2261019)
* Tue Jan 23 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.19.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.19.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2294870 - CVE-2024-34703 botan2: botan: Denial of Service Due to Overly Large Elliptic Curve Parameters [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2294870
[ 2 ] Bug #2295888 - CVE-2024-34703 botan2: Denial of Service Due to Overly Large Elliptic Curve Parameters [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2295888
[ 3 ] Bug #2296358 - CVE-2024-39312 botan2: Improper certificate validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2296358
[ 4 ] Bug #2296360 - CVE-2024-34702 botan2: Assymetirc resource consumption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2296360
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6d84a608f1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 40 Update: gtk3-3.24.43-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-145e88df1c
2024-07-20 02:25:12.283416
--------------------------------------------------------------------------------

Name : gtk3
Product : Fedora 40
Version : 3.24.43
Release : 1.fc40
URL : https://gtk.org
Summary : GTK+ graphical user interface library
Description :
GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.

This package contains version 3 of GTK+.

--------------------------------------------------------------------------------
Update Information:

Update to 3.24.43
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 11 2024 nmontero [nmontero@redhat.com] - 3.24.43-1
- Update to 3.24.43
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-145e88df1c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 40 Update: fluent-bit-3.0.4-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-07db6333b0
2024-07-20 02:25:12.283401
--------------------------------------------------------------------------------

Name : fluent-bit
Product : Fedora 40
Version : 3.0.4
Release : 1.fc40
URL : https://github.com/fluent/fluent-bit
Summary : Fluent Bit is a super fast, lightweight, and highly scalable logging and metrics processor and forwarder.
Description :
Fluent Bit is a high performance and multi-platform log forwarder.

--------------------------------------------------------------------------------
Update Information:

Update to 3.0.4
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 20 2024 Leoswaldo Macias Mancilla [lmaciasm10@gmail.com] - 3.0.4-1
- Update to 3.0.4
* Mon Apr 1 2024 Leoswaldo Macias Mancilla [lmaciasm10@gmail.com] - 2.2.2-1
- Update to 2.2.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2292248 - Upgrade to Fix Critical cve-2024-4323 to upgrade to 2.2.3 or 3.0.4+
https://bugzilla.redhat.com/show_bug.cgi?id=2292248
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-07db6333b0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 40 Update: suricata-7.0.6-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-7fc32da8ad
2024-07-20 02:25:12.283354
--------------------------------------------------------------------------------

Name : suricata
Product : Fedora 40
Version : 7.0.6
Release : 1.fc40
URL : https://suricata-ids.org/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.

--------------------------------------------------------------------------------
Update Information:

New bugfix and security update
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 27 2024 Steve Grubb [sgrubb@redhat.com] 7.0.6-1
- New security and bugfix release
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-7fc32da8ad' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 40 Update: botan2-2.19.5-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-7f42bafbdb
2024-07-20 02:25:12.283275
--------------------------------------------------------------------------------

Name : botan2
Product : Fedora 40
Version : 2.19.5
Release : 1.fc40
URL : https://botan.randombit.net/
Summary : Crypto and TLS for C++11
Description :
Botan is a BSD-licensed crypto library written in C++. It provides a
wide variety of basic cryptographic algorithms, X.509 certificates and
CRLs, PKCS \#10 certificate requests, a filter/pipe message processing
system, and a wide variety of other features, all written in portable
C++. The API reference, tutorial, and examples may help impart the
flavor of the library. This is the current stable release branch 2.x
of Botan.

--------------------------------------------------------------------------------
Update Information:

Rebase to v2.19.5
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 11 2024 Frantisek Sumsal [frantisek@sumsal.cz] - 2.19.5-1
- Rebase to v2.19.5
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2294870 - CVE-2024-34703 botan2: botan: Denial of Service Due to Overly Large Elliptic Curve Parameters [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2294870
[ 2 ] Bug #2295888 - CVE-2024-34703 botan2: Denial of Service Due to Overly Large Elliptic Curve Parameters [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2295888
[ 3 ] Bug #2296358 - CVE-2024-39312 botan2: Improper certificate validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2296358
[ 4 ] Bug #2296360 - CVE-2024-34702 botan2: Assymetirc resource consumption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2296360
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-7f42bafbdb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--