Fedora Linux 8815 Published by

The following security updates have been released for Fedora Linux 40:

Fedora 40 Update: chromium-125.0.6422.76-1.fc40
Fedora 40 Update: libxml2-2.12.7-1.fc40
Fedora 40 Update: python-libgravatar-1.0.4-1.fc40
Fedora 40 Update: pgadmin4-8.6-1.fc40




Fedora 40 Update: chromium-125.0.6422.76-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-44edce9689
2024-05-23 01:08:07.997646
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 40
Version : 125.0.6422.76
Release : 1.fc40
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

update to 125.0.6422.76
* High CVE-2024-5157: Use after free in Scheduling
* High CVE-2024-5158: Type Confusion in V8
* High CVE-2024-5159: Heap buffer overflow in ANGLE
* High CVE-2024-5160: Heap buffer overflow in Dawn
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 22 2024 Than Ngo [than@redhat.com] - 125.0.6422.76-1
- fix bz#2282246, update to 125.0.6422.76
* High CVE-2024-5157: Use after free in Scheduling
* High CVE-2024-5158: Type Confusion in V8
* High CVE-2024-5159: Heap buffer overflow in ANGLE
* High CVE-2024-5160: Heap buffer overflow in Dawn
- cleanup
* Mon May 20 2024 Than Ngo [than@redhat.com] - 125.0.6422.60-3
- remove unneeded BRs
- workarounds for el7 build
* Sun May 19 2024 Than Ngo [than@redhat.com] - 125.0.6422.60-2
- fix build errors on el7
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2282246 - 125.0.6422.76 available, fixes multiple High CVES
https://bugzilla.redhat.com/show_bug.cgi?id=2282246
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-44edce9689' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: libxml2-2.12.7-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-08e01e9f2f
2024-05-23 01:08:07.997623
--------------------------------------------------------------------------------

Name : libxml2
Product : Fedora 40
Version : 2.12.7
Release : 1.fc40
URL : https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home
Summary : Library providing XML and HTML support
Description :
This library allows to manipulate XML files. It includes support
to read, modify and write XML and HTML files. There is DTDs support
this includes parsing and validation even with complex DtDs, either
at parse time or later once the document has been modified. The output
can be a simple SAX stream or and in-memory DOM like representations.
In this case one can use the built-in XPath and XPointer implementation
to select sub nodes or ranges. A flexible Input/Output mechanism is
available, with existing HTTP and FTP modules and combined to an
URI library.

--------------------------------------------------------------------------------
Update Information:

Update to 2.12.7
Fix CVE-2024-34459.
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 16 2024 David King [amigadave@amigadave.com] - 2.12.7-1
- Update to 2.12.7 (#2280532)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2280532 - CVE-2024-34459 libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c
https://bugzilla.redhat.com/show_bug.cgi?id=2280532
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-08e01e9f2f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: python-libgravatar-1.0.4-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4d4ceb61f7
2024-05-23 01:08:07.997409
--------------------------------------------------------------------------------

Name : python-libgravatar
Product : Fedora 40
Version : 1.0.4
Release : 1.fc40
URL : https://github.com/pabluk/libgravatar
Summary : Python interface for the Gravatar APIs
Description :
Python interface for the Gravatar API.

--------------------------------------------------------------------------------
Update Information:

Update to pgadmin4-8.6
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 11 2024 Sandro Mani [manisandro@gmail.com] - 1.0.4-1
- Update to 1.0.4
* Tue May 7 2024 Sandro Mani [manisandro@gmail.com] - 1.0.3-1
- Initial package
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2278856 - CVE-2024-4215 pgadmin4: multi-factor authentication bypass [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2278856
[ 2 ] Bug #2278857 - CVE-2024-4216 pgadmin4: XSS in /settings/store API response json payload [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2278857
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4d4ceb61f7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: pgadmin4-8.6-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4d4ceb61f7
2024-05-23 01:08:07.997409
--------------------------------------------------------------------------------

Name : pgadmin4
Product : Fedora 40
Version : 8.6
Release : 1.fc40
URL : https://www.pgadmin.org/
Summary : Administration tool for PostgreSQL
Description :
pgAdmin is the most popular and feature rich Open Source administration and development
platform for PostgreSQL, the most advanced Open Source database in the world.

--------------------------------------------------------------------------------
Update Information:

Update to pgadmin4-8.6
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 3 2024 Sandro Mani [manisandro@gmail.com] - 8.6-1
- Update to 8.6
* Sat Apr 13 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 8.5-2
- Adjust typer dependency for typer 0.12.1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2278856 - CVE-2024-4215 pgadmin4: multi-factor authentication bypass [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2278856
[ 2 ] Bug #2278857 - CVE-2024-4216 pgadmin4: XSS in /settings/store API response json payload [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2278857
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4d4ceb61f7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--