Fedora Linux 8811 Published by

Fedora Linux has been updated with security updates for versions 39, 40, and 41:

Fedora 39 Update: chromium-130.0.6723.116-1.fc39
Fedora 41 Update: llvm-test-suite-19.1.0-4.fc41
Fedora 40 Update: llvm-test-suite-18.1.8-3.fc40




[SECURITY] Fedora 39 Update: chromium-130.0.6723.116-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-9c44ad3527
2024-11-20 14:03:07.848458
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 39
Version : 130.0.6723.116
Release : 1.fc39
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 130.0.6723.116
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 10 2024 Than Ngo [than@redhat.com] - 130.0.6723.116-1
- Update to 130.0.6723.116
* High CVE-2024-10826: Use after free in Family Experience
* High CVE-2024-10827: Use after free in Serial
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2324200 - CVE-2024-10827 chromium: Use after free in Serial [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2324200
[ 2 ] Bug #2324201 - CVE-2024-10827 chromium: Use after free in Serial [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2324201
[ 3 ] Bug #2324202 - CVE-2024-10827 chromium: Use after free in Serial [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2324202
[ 4 ] Bug #2324203 - CVE-2024-10827 chromium: Use after free in Serial [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2324203
[ 5 ] Bug #2324204 - CVE-2024-10827 chromium: Use after free in Serial [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2324204
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-9c44ad3527' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: llvm-test-suite-19.1.0-4.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-6d9aba8c3c
2024-11-20 16:45:33.837285
--------------------------------------------------------------------------------

Name : llvm-test-suite
Product : Fedora 41
Version : 19.1.0
Release : 4.fc41
URL : http://llvm.org
Summary : C/C++ Compiler Test Suite
Description :
C/C++ Compiler Test Suite that is maintained as an LLVM sub-project. This test
suite can be run with any compiler, not just clang.

--------------------------------------------------------------------------------
Update Information:

Remove ClamAV subdirectory because of viruses in input files:
These were the findings:
MultiSource/Applications/ClamAV/inputs/rtf-test/rtf1.rtf: Eicar-Signature
MultiSource/Applications/ClamAV/inputs/clam.zip: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/docCLAMexe.rtf:
Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc11.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc1.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.cab: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc2.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.exe.bz2: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/doc3.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.exe: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc22.rtf: Clamav.Test.File-6
Remove broken links in source tarball
Before it wasn't possible to pass -DTEST_SUITE_SUBDIRS=CTMark to cmake
when configuring the llvm-test-suite:
-- Adding directory CTMark
CMake Error at CTMark/CMakeLists.txt:1 (add_subdirectory):
add_subdirectory given source "7zip" which is not an existing directory.
CMake Error at CTMark/CMakeLists.txt:5 (add_subdirectory):
add_subdirectory given source "lencod" which is not an existing directory.
The llvm-test-suite command script pkg_test_suite.sh removes
directories with BAD or unreviewed licenses. Currently this leaves at
least two directories in a broken state:
/usr/share/llvm-test-suite/CTMark/7zip -> ../MultiSource/Benchmarks/7zip
/usr/share/llvm-test-suite/CTMark/lencod ->
../MultiSource/Applications/JM/lencod
In both cases the link target is non-existent.
Therefore I find any broken symbolic links, remove them and adapt the
CMakeLists.txt to not have the add_subdirectory(broken_link) entry in
it. Here's an excerpt of what the pkg_test_suite.sh script shows when
running as a proof of the work it does now.
++ find test-suite-19.1.0.src -type l '!' -exec test -e '{}' ';' -print
+ broken_symlinks='test-suite-19.1.0.src/CTMark/7zip
test-suite-19.1.0.src/CTMark/lencod'
+ for f in $broken_symlinks
+ test -L test-suite-19.1.0.src/CTMark/7zip
+ rm -fv test-suite-19.1.0.src/CTMark/7zip
removed 'test-suite-19.1.0.src/CTMark/7zip'
++ dirname test-suite-19.1.0.src/CTMark/7zip
+ basedir=test-suite-19.1.0.src/CTMark
++ basename test-suite-19.1.0.src/CTMark/7zip
+ dir=7zip
+ cmake_file=test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ test -f test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ sed -i 's/add_subdirectory(7zip)//g' test-
suite-19.1.0.src/CTMark/CMakeLists.txt
+ for f in $broken_symlinks
+ test -L test-suite-19.1.0.src/CTMark/lencod
+ rm -fv test-suite-19.1.0.src/CTMark/lencod
removed 'test-suite-19.1.0.src/CTMark/lencod'
++ dirname test-suite-19.1.0.src/CTMark/lencod
+ basedir=test-suite-19.1.0.src/CTMark
++ basename test-suite-19.1.0.src/CTMark/lencod
+ dir=lencod
+ cmake_file=test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ test -f test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ sed -i 's/add_subdirectory(lencod)//g' test-
suite-19.1.0.src/CTMark/CMakeLists.txt
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 14 2024 Konrad Kleine [kkleine@redhat.com] - 19.1.0-4
- Remove MultiSource/Applications/ClamAV directory because of viruses in input files
* Wed Oct 9 2024 Konrad Kleine [kkleine@redhat.com] - 19.1.0-3
- Remove broken links in source tarball
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6d9aba8c3c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: llvm-test-suite-18.1.8-3.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-300397332b
2024-11-20 16:20:39.988964
--------------------------------------------------------------------------------

Name : llvm-test-suite
Product : Fedora 40
Version : 18.1.8
Release : 3.fc40
URL : http://llvm.org
Summary : C/C++ Compiler Test Suite
Description :
C/C++ Compiler Test Suite that is maintained as an LLVM sub-project. This test
suite can be run with any compiler, not just clang.

--------------------------------------------------------------------------------
Update Information:

Remove ClamAV subdirectory because of viruses in input files:
These were the findings:
MultiSource/Applications/ClamAV/inputs/rtf-test/rtf1.rtf: Eicar-Signature
MultiSource/Applications/ClamAV/inputs/clam.zip: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/docCLAMexe.rtf:
Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc11.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc1.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.cab: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc2.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.exe.bz2: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/doc3.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.exe: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc22.rtf: Clamav.Test.File-6
Remove broken links in source tarball
Before it wasn't possible to pass -DTEST_SUITE_SUBDIRS=CTMark to cmake
when configuring the llvm-test-suite:
-- Adding directory CTMark
CMake Error at CTMark/CMakeLists.txt:1 (add_subdirectory):
add_subdirectory given source "7zip" which is not an existing directory.
CMake Error at CTMark/CMakeLists.txt:5 (add_subdirectory):
add_subdirectory given source "lencod" which is not an existing directory.
The llvm-test-suite command script pkg_test_suite.sh removes
directories with BAD or unreviewed licenses. Currently this leaves at
least two directories in a broken state:
/usr/share/llvm-test-suite/CTMark/7zip -> ../MultiSource/Benchmarks/7zip
/usr/share/llvm-test-suite/CTMark/lencod ->
../MultiSource/Applications/JM/lencod
In both cases the link target is non-existent.
Therefore I find any broken symbolic links, remove them and adapt the
CMakeLists.txt to not have the add_subdirectory(broken_link) entry in
it. Here's an excerpt of what the pkg_test_suite.sh script shows when
running as a proof of the work it does now.
++ find test-suite-19.1.0.src -type l '!' -exec test -e '{}' ';' -print
+ broken_symlinks='test-suite-19.1.0.src/CTMark/7zip
test-suite-19.1.0.src/CTMark/lencod'
+ for f in $broken_symlinks
+ test -L test-suite-19.1.0.src/CTMark/7zip
+ rm -fv test-suite-19.1.0.src/CTMark/7zip
removed 'test-suite-19.1.0.src/CTMark/7zip'
++ dirname test-suite-19.1.0.src/CTMark/7zip
+ basedir=test-suite-19.1.0.src/CTMark
++ basename test-suite-19.1.0.src/CTMark/7zip
+ dir=7zip
+ cmake_file=test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ test -f test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ sed -i 's/add_subdirectory(7zip)//g' test-
suite-19.1.0.src/CTMark/CMakeLists.txt
+ for f in $broken_symlinks
+ test -L test-suite-19.1.0.src/CTMark/lencod
+ rm -fv test-suite-19.1.0.src/CTMark/lencod
removed 'test-suite-19.1.0.src/CTMark/lencod'
++ dirname test-suite-19.1.0.src/CTMark/lencod
+ basedir=test-suite-19.1.0.src/CTMark
++ basename test-suite-19.1.0.src/CTMark/lencod
+ dir=lencod
+ cmake_file=test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ test -f test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ sed -i 's/add_subdirectory(lencod)//g' test-
suite-19.1.0.src/CTMark/CMakeLists.txt
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Konrad Kleine [kkleine@redhat.com] - 18.1.8-3
- Remove MultiSource/Applications/ClamAV directory because of viruses in input files
* Thu Oct 10 2024 Konrad Kleine [kkleine@redhat.com] - 18.1.8-2
- Remove broken links in source tarball
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-300397332b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--