Chromium, LibArchive, Rust, and more updates for Fedora

Fedora Linux 8745 Published by

Fedora Linux has implemented a series of security updates, which include chromium, libarchive, rust-tower-http, rust-rustls-native-certs, rust-tonic-types, oath-toolkit, libdigidocpp, rust-tonic-build, rust-tonic-hyper-rustls, oath-toolkit, libdigidocpp, rust-tower, rust-reqwest, thunderbird, and unbound.

Fedora 40 Update: chromium-130.0.6723.58-1.fc40
Fedora 40 Update: libarchive-3.7.2-7.fc40
Fedora 40 Update: rust-tower-http-0.6.1-1.fc40
Fedora 40 Update: rust-rustls-native-certs0.7-0.7.3-1.fc40
Fedora 40 Update: rust-rustls-native-certs-0.8.0-1.fc40
Fedora 40 Update: rust-tower-http0.5-0.5.2-1.fc40
Fedora 40 Update: rust-tower0.4-0.4.13-1.fc40
Fedora 40 Update: rust-reqwest-0.12.8-1.fc40
Fedora 40 Update: rust-tower-0.5.1-1.fc40
Fedora 40 Update: rust-tonic-types-0.12.3-1.fc40
Fedora 40 Update: rust-tonic-build-0.12.3-1.fc40
Fedora 40 Update: rust-tonic-0.12.3-1.fc40
Fedora 40 Update: rust-hyper-rustls-0.27.3-1.fc40
Fedora 40 Update: oath-toolkit-2.6.12-1.fc40
Fedora 40 Update: libdigidocpp-4.0.0-1.fc40
Fedora 39 Update: rust-tower0.4-0.4.13-1.fc39
Fedora 39 Update: rust-tonic-types-0.12.3-1.fc39
Fedora 39 Update: rust-rustls-native-certs-0.8.0-1.fc39
Fedora 39 Update: rust-tower-http-0.6.1-1.fc39
Fedora 39 Update: rust-rustls-native-certs0.7-0.7.3-1.fc39
Fedora 39 Update: rust-tower-0.5.1-1.fc39
Fedora 39 Update: rust-tonic-build-0.12.3-1.fc39
Fedora 39 Update: rust-tower-http0.5-0.5.2-1.fc39
Fedora 39 Update: rust-tonic-0.12.3-1.fc39
Fedora 39 Update: rust-hyper-rustls-0.27.3-1.fc39
Fedora 39 Update: rust-reqwest-0.12.8-1.fc39
Fedora 39 Update: thunderbird-115.16.0-1.fc39
Fedora 39 Update: oath-toolkit-2.6.12-1.fc39
Fedora 39 Update: unbound-1.21.1-3.fc39




[SECURITY] Fedora 40 Update: chromium-130.0.6723.58-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4d80983af6
2024-10-19 01:51:39.049981
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 40
Version : 130.0.6723.58
Release : 1.fc40
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 130.0.6723.58
* High CVE-2024-9954: Use after free in AI
* Medium CVE-2024-9955: Use after free in Web Authentication
* Medium CVE-2024-9956: Inappropriate implementation in Web Authentication
* Medium CVE-2024-9957: Use after free in UI
* Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture
* Medium CVE-2024-9959: Use after free in DevTools
* Medium CVE-2024-9960: Use after free in Dawn
* Medium CVE-2024-9961: Use after free in Parcel Tracking
* Medium CVE-2024-9962: Inappropriate implementation in Permissions
* Medium CVE-2024-9963: Insufficient data validation in Downloads
* Low CVE-2024-9964: Inappropriate implementation in Payments
* Low CVE-2024-9965: Insufficient data validation in DevTools
* Low CVE-2024-9966: Inappropriate implementation in Navigations
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 16 2024 Than Ngo [than@redhat.com] - 130.0.6723.58-1
- update to 130.0.6723.58
* High CVE-2024-9954: Use after free in AI
* Medium CVE-2024-9955: Use after free in Web Authentication
* Medium CVE-2024-9956: Inappropriate implementation in Web Authentication
* Medium CVE-2024-9957: Use after free in UI
* Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture
* Medium CVE-2024-9959: Use after free in DevTools
* Medium CVE-2024-9960: Use after free in Dawn
* Medium CVE-2024-9961: Use after free in Parcel Tracking
* Medium CVE-2024-9962: Inappropriate implementation in Permissions
* Medium CVE-2024-9963: Insufficient data validation in Downloads
* Low CVE-2024-9964: Inappropriate implementation in Payments
* Low CVE-2024-9965: Insufficient data validation in DevTools
* Low CVE-2024-9966: Inappropriate implementation in Navigations
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2318990 - CVE-2024-9957 chromium: Use after free in UI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318990
[ 2 ] Bug #2318991 - CVE-2024-9957 chromium: Use after free in UI [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318991
[ 3 ] Bug #2318992 - CVE-2024-9961 chromium: Use after free in Parcel Tracking [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318992
[ 4 ] Bug #2318993 - CVE-2024-9961 chromium: Use after free in Parcel Tracking [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318993
[ 5 ] Bug #2318996 - CVE-2024-9959 chromium: Use after free in DevTools [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318996
[ 6 ] Bug #2318998 - CVE-2024-9959 chromium: Use after free in DevTools [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318998
[ 7 ] Bug #2318999 - CVE-2024-9963 chromium: Insufficient data validation in Downloads [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318999
[ 8 ] Bug #2319000 - CVE-2024-9963 chromium: Insufficient data validation in Downloads [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319000
[ 9 ] Bug #2319001 - CVE-2024-9962 chromium: Inappropriate implementation in Permissions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319001
[ 10 ] Bug #2319002 - CVE-2024-9962 chromium: Inappropriate implementation in Permissions [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319002
[ 11 ] Bug #2319003 - CVE-2024-9964 chromium: Inappropriate implementation in Payments [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319003
[ 12 ] Bug #2319004 - CVE-2024-9964 chromium: Inappropriate implementation in Payments [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319004
[ 13 ] Bug #2319005 - CVE-2024-9960 chromium: Use after free in Dawn [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319005
[ 14 ] Bug #2319006 - CVE-2024-9960 chromium: Use after free in Dawn [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319006
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4d80983af6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: libarchive-3.7.2-7.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-80e4603b92
2024-10-19 01:51:39.049934
--------------------------------------------------------------------------------

Name : libarchive
Product : Fedora 40
Version : 3.7.2
Release : 7.fc40
URL : https://www.libarchive.org/
Summary : A library for handling streaming archive formats
Description :
Libarchive is a programming library that can create and read several different
streaming archive formats, including most popular tar variants, several cpio
formats, and both BSD and GNU ar variants. It can also write shar archives and
read ISO9660 CDROM images and ZIP archives.

--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2024-48957
Automatic update for libarchive-3.7.2-6.fc40.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 14 2024 Lukas Javorsky [ljavorsk@redhat.com] - 3.7.2-7
- Fix CVE-2024-48957
- Resolves: rhbz#2317764
* Tue Jul 2 2024 Lukas Javorsky [ljavorsk@redhat.com] - 3.7.2-6
- Fix licenses (convert to SPDX)
* Thu Jun 6 2024 Lukas Javorsky [ljavorsk@redhat.com] - 3.7.2-5
- Fix CVE-2024-20696
- Resolves: rhbz#2290449
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2317764 - CVE-2024-48957 libarchive: Out-of-bounds access in libarchive's archive file handling [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2317764
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-80e4603b92' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-tower-http-0.6.1-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bf524bf5c0
2024-10-19 01:51:39.049884
--------------------------------------------------------------------------------

Name : rust-tower-http
Product : Fedora 40
Version : 0.6.1
Release : 1.fc40
URL : https://crates.io/crates/tower-http
Summary : Tower middleware and utilities for HTTP clients and servers
Description :
Tower middleware and utilities for HTTP clients and servers.

--------------------------------------------------------------------------------
Update Information:

Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package
for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version
0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for
version 0.5.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 8 2024 Fabio Valentini [decathorpe@gmail.com] - 0.6.1-1
- Update to version 0.6.1; Fixes RHBZ#2313664
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bf524bf5c0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-rustls-native-certs0.7-0.7.3-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bf524bf5c0
2024-10-19 01:51:39.049884
--------------------------------------------------------------------------------

Name : rust-rustls-native-certs0.7
Product : Fedora 40
Version : 0.7.3
Release : 1.fc40
URL : https://crates.io/crates/rustls-native-certs
Summary : Allows rustls to use the platform native certificate store
Description :
Rustls-native-certs allows rustls to use the platform native certificate
store.

--------------------------------------------------------------------------------
Update Information:

Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package
for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version
0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for
version 0.5.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 9 2024 Fabio Valentini [decathorpe@gmail.com] - 0.7.3-1
- Initial import (rustls-native-certs 0.7 compat package)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bf524bf5c0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-rustls-native-certs-0.8.0-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bf524bf5c0
2024-10-19 01:51:39.049884
--------------------------------------------------------------------------------

Name : rust-rustls-native-certs
Product : Fedora 40
Version : 0.8.0
Release : 1.fc40
URL : https://crates.io/crates/rustls-native-certs
Summary : Allows rustls to use the platform native certificate store
Description :
Rustls-native-certs allows rustls to use the platform native certificate
store.

--------------------------------------------------------------------------------
Update Information:

Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package
for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version
0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for
version 0.5.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 8 2024 Fabio Valentini [decathorpe@gmail.com] - 0.8.0-1
- Update to version 0.8.0; Fixes RHBZ#2306094
* Sat Jul 20 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bf524bf5c0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-tower-http0.5-0.5.2-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bf524bf5c0
2024-10-19 01:51:39.049884
--------------------------------------------------------------------------------

Name : rust-tower-http0.5
Product : Fedora 40
Version : 0.5.2
Release : 1.fc40
URL : https://crates.io/crates/tower-http
Summary : Tower middleware and utilities for HTTP clients and servers
Description :
Tower middleware and utilities for HTTP clients and servers.

--------------------------------------------------------------------------------
Update Information:

Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package
for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version
0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for
version 0.5.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 10 2024 Fabio Valentini [decathorpe@gmail.com] - 0.5.2-1
- Initial import (tower-http 0.5 compat package)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bf524bf5c0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-tower0.4-0.4.13-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bf524bf5c0
2024-10-19 01:51:39.049884
--------------------------------------------------------------------------------

Name : rust-tower0.4
Product : Fedora 40
Version : 0.4.13
Release : 1.fc40
URL : https://crates.io/crates/tower
Summary : Modular and reusable components for building robust clients and servers
Description :
Tower is a library of modular and reusable components for building
robust clients and servers.

--------------------------------------------------------------------------------
Update Information:

Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package
for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version
0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for
version 0.5.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 10 2024 Fabio Valentini [decathorpe@gmail.com] - 0.4.13-1
- Initial import (tower 0.4 compat package)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bf524bf5c0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-reqwest-0.12.8-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bf524bf5c0
2024-10-19 01:51:39.049884
--------------------------------------------------------------------------------

Name : rust-reqwest
Product : Fedora 40
Version : 0.12.8
Release : 1.fc40
URL : https://crates.io/crates/reqwest
Summary : Higher level HTTP client library
Description :
Higher level HTTP client library.

--------------------------------------------------------------------------------
Update Information:

Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package
for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version
0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for
version 0.5.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 10 2024 Fabio Valentini [decathorpe@gmail.com] - 0.12.8-1
- Update to version 0.12.8; Fixes RHBZ#2315736
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bf524bf5c0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-tower-0.5.1-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bf524bf5c0
2024-10-19 01:51:39.049884
--------------------------------------------------------------------------------

Name : rust-tower
Product : Fedora 40
Version : 0.5.1
Release : 1.fc40
URL : https://crates.io/crates/tower
Summary : Modular and reusable components for building robust clients and servers
Description :
Tower is a library of modular and reusable components for building
robust clients and servers.

--------------------------------------------------------------------------------
Update Information:

Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package
for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version
0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for
version 0.5.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 8 2024 Fabio Valentini [decathorpe@gmail.com] - 0.5.1-1
- Update to version 0.5.1; Fixes RHBZ#2304674
* Sat Jul 20 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.4.13-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bf524bf5c0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-tonic-types-0.12.3-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bf524bf5c0
2024-10-19 01:51:39.049884
--------------------------------------------------------------------------------

Name : rust-tonic-types
Product : Fedora 40
Version : 0.12.3
Release : 1.fc40
URL : https://crates.io/crates/tonic-types
Summary : Collection of useful protobuf types that can be used with tonic
Description :
A collection of useful protobuf types that can be used with `tonic`.

--------------------------------------------------------------------------------
Update Information:

Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package
for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version
0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for
version 0.5.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 8 2024 Cristian Le [cristian.le@mpsd.mpg.de] - 0.12.3-1
- Update to version 0.12.3 (RHBZ#2314981)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bf524bf5c0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-tonic-build-0.12.3-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bf524bf5c0
2024-10-19 01:51:39.049884
--------------------------------------------------------------------------------

Name : rust-tonic-build
Product : Fedora 40
Version : 0.12.3
Release : 1.fc40
URL : https://crates.io/crates/tonic-build
Summary : Codegen module of tonic gRPC implementation
Description :
Codegen module of `tonic` gRPC implementation.

--------------------------------------------------------------------------------
Update Information:

Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package
for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version
0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for
version 0.5.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 8 2024 Cristian Le [cristian.le@mpsd.mpg.de] - 0.12.3-1
- Update to version 0.12.3 (RHBZ#2314946)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bf524bf5c0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-tonic-0.12.3-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bf524bf5c0
2024-10-19 01:51:39.049884
--------------------------------------------------------------------------------

Name : rust-tonic
Product : Fedora 40
Version : 0.12.3
Release : 1.fc40
URL : https://crates.io/crates/tonic
Summary : GRPC over HTTP/2 implementation
Description :
A gRPC over HTTP/2 implementation focused on high performance,
interoperability, and flexibility.

--------------------------------------------------------------------------------
Update Information:

Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package
for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version
0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for
version 0.5.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 8 2024 Cristian Le [cristian.le@mpsd.mpg.de] - 0.12.3-1
- Update to version 0.12.3 (RHBZ#2314947, RHBZ#2316020)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bf524bf5c0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-hyper-rustls-0.27.3-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bf524bf5c0
2024-10-19 01:51:39.049884
--------------------------------------------------------------------------------

Name : rust-hyper-rustls
Product : Fedora 40
Version : 0.27.3
Release : 1.fc40
URL : https://crates.io/crates/hyper-rustls
Summary : Rustls+hyper integration for pure rust HTTPS
Description :
Rustls+hyper integration for pure rust HTTPS.

--------------------------------------------------------------------------------
Update Information:

Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package
for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version
0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for
version 0.5.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 10 2024 Fabio Valentini [decathorpe@gmail.com] - 0.27.3-1
- Update to version 0.27.3; Fixes RHBZ#2309673
* Fri Jul 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.27.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bf524bf5c0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: oath-toolkit-2.6.12-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-cb2e1f0168
2024-10-19 01:51:39.049877
--------------------------------------------------------------------------------

Name : oath-toolkit
Product : Fedora 40
Version : 2.6.12
Release : 1.fc40
URL : https://www.nongnu.org/oath-toolkit/
Summary : One-time password components
Description :
The OATH Toolkit provide components for building one-time password
authentication systems. It contains shared libraries, command line tools and a
PAM module. Supported technologies include the event-based HOTP algorithm
(RFC4226) and the time-based TOTP algorithm (RFC6238). OATH stands for Open
AuTHentication, which is the organization that specify the algorithms. For
managing secret key files, the Portable Symmetric Key Container (PSKC) format
described in RFC6030 is supported.

--------------------------------------------------------------------------------
Update Information:

This is new version fixing possible local privilege escalation.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 10 2024 Jaroslav Škarvada - 2.6.12-1
- New version
Resolves: rhbz#2316447
- Dropped privileges when operating on user files
Resolves: CVE-2024-47191
* Thu Jul 25 2024 Miroslav Suchý - 2.6.11-6
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering - 2.6.11-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Apr 11 2024 Jaroslav Škarvada - 2.6.11-4
- Added gpg2 signature verification
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2316488 - CVE-2024-47191 oath-toolkit: Local root exploit in a PAM module
https://bugzilla.redhat.com/show_bug.cgi?id=2316488
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-cb2e1f0168' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 40 Update: libdigidocpp-4.0.0-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f7a5b49a73
2024-10-19 01:51:39.049737
--------------------------------------------------------------------------------

Name : libdigidocpp
Product : Fedora 40
Version : 4.0.0
Release : 1.fc40
URL : https://github.com/open-eid/libdigidocpp
Summary : Library offers creating, signing and verification of digitally signed documents
Description :
Libdigidocpp library offers creating, signing and verification of digitally
signed documents, according to XAdES and XML-DSIG standards. Documentation
http://open-eid.github.io/libdigidocpp

--------------------------------------------------------------------------------
Update Information:

Upstream release of libdigidocpp
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 8 2024 Dmitri Smirnov - 4.0.0-1
- 4.0.0 upstream release
* Mon Sep 2 2024 Miroslav Suchý - 3.17.1-3
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering - 3.17.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f7a5b49a73' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 39 Update: rust-tower0.4-0.4.13-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ff98facbc6
2024-10-19 01:18:49.824560
--------------------------------------------------------------------------------

Name : rust-tower0.4
Product : Fedora 39
Version : 0.4.13
Release : 1.fc39
URL : https://crates.io/crates/tower
Summary : Modular and reusable components for building robust clients and servers
Description :
Tower is a library of modular and reusable components for building
robust clients and servers.

--------------------------------------------------------------------------------
Update Information:

Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package
for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version
0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for
version 0.5.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 10 2024 Fabio Valentini [decathorpe@gmail.com] - 0.4.13-1
- Initial import (tower 0.4 compat package)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2316020 - CVE-2024-47609 rust-tonic: Remotely exploitable DoS in Tonic `

Fedora Linux 40-20241016 Updated ISOs released

Thunderbird, Buildah, PHP, Chromium updates for SUSE

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...