Fedora Linux 8779 Published by

Fedora Linux has received a number of security updates, including chromium-129.0.6668.100-1.fc39, p7zip-16.02-31.fc39, podman-5.2.4-1.fc41, and buildah-1.37.4-1.fc41:

[SECURITY] Fedora 39 Update: chromium-129.0.6668.100-1.fc39
[SECURITY] Fedora 39 Update: p7zip-16.02-31.fc39
[SECURITY] Fedora 41 Update: podman-5.2.4-1.fc41
[SECURITY] Fedora 41 Update: buildah-1.37.4-1.fc41




[SECURITY] Fedora 39 Update: chromium-129.0.6668.100-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-5ee2c7c696
2024-10-13 01:32:00.358531
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 39
Version : 129.0.6668.100
Release : 1.fc39
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 129.0.6668.100
* CVE-2024-9602: Type Confusion in V8
* CVE-2024-9603: Type Confusion in V
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 9 2024 Than Ngo [than@redhat.com] - 129.0.6668.100-1
- update to 129.0.6668.100
* CVE-2024-9602: Type Confusion in V8
* CVE-2024-9603: Type Confusion in V8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2317469 - CVE-2024-9602 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2317469
[ 2 ] Bug #2317470 - CVE-2024-9602 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2317470
[ 3 ] Bug #2317471 - CVE-2024-9603 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2317471
[ 4 ] Bug #2317472 - CVE-2024-9603 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2317472
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-5ee2c7c696' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: p7zip-16.02-31.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ec78ab2c45
2024-10-13 01:32:00.358366
--------------------------------------------------------------------------------

Name : p7zip
Product : Fedora 39
Version : 16.02
Release : 31.fc39
URL : http://p7zip.sourceforge.net/
Summary : Very high compression ratio file archiver
Description :
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high
compression ratio. The original version can be found at http://www.7-zip.org/.

--------------------------------------------------------------------------------
Update Information:

Fix wrapper to hide password from process history
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 4 2024 Sérgio Basto - 16.02-31
- Fix wrapper to hide password from process history
* Wed Sep 4 2024 Miroslav Suchý - 16.02-30
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering - 16.02-29
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering - 16.02-28
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
- Fix the build by moving desktop files from kde4/services/ServiceMenus/ to kservices5
* Sun Jan 21 2024 Fedora Release Engineering - 16.02-27
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1547484 - Encryption password disclosure
https://bugzilla.redhat.com/show_bug.cgi?id=1547484
[ 2 ] Bug #2316073 - 7z wrapper jeopardizing the effort to hide password from commandline parameters
https://bugzilla.redhat.com/show_bug.cgi?id=2316073
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ec78ab2c45' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 41 Update: podman-5.2.4-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2e8c63e8bf
2024-10-13 00:40:50.283730
--------------------------------------------------------------------------------

Name : podman
Product : Fedora 41
Version : 5.2.4
Release : 1.fc41
URL : https://podman.io/
Summary : Manage Pods, Containers and Container Images
Description :
podman (Pod Manager) is a fully featured container engine that is a simple
daemonless tool. podman provides a Docker-CLI comparable command line that
eases the transition from other container engines and allows the management of
pods, containers and images. Simply put: alias docker=podman.
Most podman commands can be run as a regular user, without requiring
additional privileges.

podman uses Buildah(1) internally to create container images.
Both tools share image (not container) storage, hence each can use or
manipulate images (but not containers) created by the other.

--------------------------------------------------------------------------------
Update Information:

Automatic update for buildah-1.37.4-1.fc41, podman-5.2.4-1.fc41.
Changelog for buildah
* Mon Oct 07 2024 Packit [hello@packit.dev] - 2:1.37.4-1
- Update to 1.37.4 upstream release
Changelog for podman
* Mon Oct 07 2024 Packit [hello@packit.dev] - 5:5.2.4-1
- Update to 5.2.4 upstream release
Fixes CVE-2024-9341 and CVE-2024-9407.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 7 2024 Packit [hello@packit.dev] - 5:5.2.4-1
- Update to 5.2.4 upstream release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2315691 - CVE-2024-9341 Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library
https://bugzilla.redhat.com/show_bug.cgi?id=2315691
[ 2 ] Bug #2315887 - CVE-2024-9407 Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction
https://bugzilla.redhat.com/show_bug.cgi?id=2315887
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2e8c63e8bf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: buildah-1.37.4-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2e8c63e8bf
2024-10-13 00:40:50.283730
--------------------------------------------------------------------------------

Name : buildah
Product : Fedora 41
Version : 1.37.4
Release : 1.fc41
URL : https://buildah.io
Summary : A command line tool used for creating OCI Images
Description :
The buildah package provides a command line tool which can be used to
* create a working container from scratch
or
* create a working container from an image as a starting point
* mount/umount a working container's root file system for manipulation
* save container's root file system layer to create a new image
* delete a working container or an image

--------------------------------------------------------------------------------
Update Information:

Automatic update for buildah-1.37.4-1.fc41, podman-5.2.4-1.fc41.
Changelog for buildah
* Mon Oct 07 2024 Packit [hello@packit.dev] - 2:1.37.4-1
- Update to 1.37.4 upstream release
Changelog for podman
* Mon Oct 07 2024 Packit [hello@packit.dev] - 5:5.2.4-1
- Update to 5.2.4 upstream release
Fixes CVE-2024-9341 and CVE-2024-9407.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 7 2024 Packit [hello@packit.dev] - 2:1.37.4-1
- Update to 1.37.4 upstream release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2315691 - CVE-2024-9341 Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library
https://bugzilla.redhat.com/show_bug.cgi?id=2315691
[ 2 ] Bug #2315887 - CVE-2024-9407 Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction
https://bugzilla.redhat.com/show_bug.cgi?id=2315887
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2e8c63e8bf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--