Chromium, Posman, EDK2, and more updates for Fedora

Fedora Linux 8754 Published 2024-10-28 05:22 by Philipp Esselbach

News

Fedora Linux has been updated with several security enhancements, including chromium-130.0.6723.69-1.fc40, prometheus-podman-exporter-1.13.3-1.fc40, podman-tui-1.2.3-1.fc40, edk2-20240813-2.fc40, chromium-130.0.6723.69-1.fc39, glibc-2.38-19.fc39, and podman-tui-1.2.3-1.fc41:

Fedora 40 Update: chromium-130.0.6723.69-1.fc40
Fedora 40 Update: prometheus-podman-exporter-1.13.3-1.fc40
Fedora 40 Update: podman-tui-1.2.3-1.fc40
Fedora 40 Update: edk2-20240813-2.fc40
Fedora 39 Update: chromium-130.0.6723.69-1.fc39
Fedora 39 Update: prometheus-podman-exporter-1.13.3-1.fc39
Fedora 39 Update: podman-tui-1.2.3-1.fc39
Fedora 39 Update: glibc-2.38-19.fc39
Fedora 41 Update: chromium-130.0.6723.69-1.fc41
Fedora 41 Update: prometheus-podman-exporter-1.13.3-1.fc41
Fedora 41 Update: podman-tui-1.2.3-1.fc41

[SECURITY] Fedora 40 Update: chromium-130.0.6723.69-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f1117faa03
2024-10-28 03:52:20.506444
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 40
Version : 130.0.6723.69
Release : 1.fc40
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

update to 130.0.6723.69
* High CVE-2024-10229: Inappropriate implementation in Extensions
* High CVE-2024-10230: Type Confusion in V8
* High CVE-2024-10231: Type Confusion in V8
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 26 2024 Than Ngo [than@redhat.com] - 130.0.6723.69-1
- update to 130.0.6723.69
* High CVE-2024-10229: Inappropriate implementation in Extensions
* High CVE-2024-10230: Type Confusion in V8
* High CVE-2024-10231: Type Confusion in V8
* Mon Oct 21 2024 Than Ngo [than@redhat.com] - 130.0.6723.58-2
- Add missing pthread stack size for ppc64 (openpower-patches)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2319007 - CVE-2024-9955 chromium: Use after free in WebAuthentication [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319007
[ 2 ] Bug #2319008 - CVE-2024-9955 chromium: Use after free in WebAuthentication [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319008
[ 3 ] Bug #2319009 - CVE-2024-9954 chromium: Use after free in AI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319009
[ 4 ] Bug #2319010 - CVE-2024-9954 chromium: Use after free in AI [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319010
[ 5 ] Bug #2319011 - CVE-2024-9966 chromium: Inappropriate implementation in Navigations [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319011
[ 6 ] Bug #2319012 - CVE-2024-9966 chromium: Inappropriate implementation in Navigations [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319012
[ 7 ] Bug #2319013 - CVE-2024-9958 chromium: Inappropriate implementation in PictureInPicture [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319013
[ 8 ] Bug #2319014 - CVE-2024-9958 chromium: Inappropriate implementation in PictureInPicture [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319014
[ 9 ] Bug #2321525 - CVE-2024-10231 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321525
[ 10 ] Bug #2321526 - CVE-2024-10231 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321526
[ 11 ] Bug #2321527 - CVE-2024-10229 chromium: Inappropriate implementation in Extensions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321527
[ 12 ] Bug #2321528 - CVE-2024-10229 chromium: Inappropriate implementation in Extensions [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321528
[ 13 ] Bug #2321529 - CVE-2024-10230 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321529
[ 14 ] Bug #2321530 - CVE-2024-10230 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321530
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f1117faa03' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 40 Update: prometheus-podman-exporter-1.13.3-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-69528c0ba6
2024-10-28 03:52:20.506230
--------------------------------------------------------------------------------

Name : prometheus-podman-exporter
Product : Fedora 40
Version : 1.13.3
Release : 1.fc40
URL : https://github.com/containers/prometheus-podman-exporter
Summary : Prometheus exporter for podman environment
Description :
Prometheus exporter for podman environments exposing containers, pods, images,
volumes and networks information.

--------------------------------------------------------------------------------
Update Information:

release 1.13.3
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 19 2024 Navid Yaghoobi [navidys@fedoraproject.org] - 1.13.3-1
- release v1.13.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2317466 - CVE-2024-9675 prometheus-podman-exporter: Buildah allows arbitrary directory mount [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2317466
[ 2 ] Bug #2318177 - [Major Incident] CVE-2024-21626 prometheus-podman-exporter: file descriptor leak [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2318177
[ 3 ] Bug #2318188 - [Major Incident] CVE-2024-21626 prometheus-podman-exporter: file descriptor leak [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2318188
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-69528c0ba6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 40 Update: podman-tui-1.2.3-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-afa796a751
2024-10-28 03:52:20.506223
--------------------------------------------------------------------------------

Name : podman-tui
Product : Fedora 40
Version : 1.2.3
Release : 1.fc40
URL : https://github.com/containers/podman-tui
Summary : Podman Terminal User Interface
Description :

podman-tui is a terminal user interface for Podman v4 and v5.
podman-tui is using podman.socket service to communicate with podman environment
and SSH to connect to remote podman machines.

--------------------------------------------------------------------------------
Update Information:

release 1.2.3
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 19 2024 Navid Yaghoobi [navidys@fedoraproject.org] - 1.2.3-1
- release v1.2.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2317465 - CVE-2024-9675 podman-tui: Buildah allows arbitrary directory mount [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2317465
[ 2 ] Bug #2318187 - [Major Incident] CVE-2024-21626 podman-tui: file descriptor leak [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2318187
[ 3 ] Bug #2319020 - CVE-2024-9676 podman-tui: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319020
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-afa796a751' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 40 Update: edk2-20240813-2.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-45df72afc6
2024-10-28 03:52:20.506083
--------------------------------------------------------------------------------

Name : edk2
Product : Fedora 40
Version : 20240813
Release : 2.fc40
URL : http://www.tianocore.org
Summary : UEFI firmware for 64-bit virtual machines
Description :
EDK II is a modern, feature-rich, cross-platform firmware development
environment for the UEFI and PI specifications. This package contains sample
64-bit UEFI firmware builds for QEMU and KVM.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-6237 (openssl: Excessive time spent checking invalid
RSA public keys)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 11 2024 Paolo Bonzini [pbonzini@redhat.com] - 20240813-2
- add openssl fix for CVE-2023-6237
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2258506 - CVE-2023-6237 edk2: openssl: Excessive time spent checking invalid RSA public keys [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2258506
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-45df72afc6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 39 Update: chromium-130.0.6723.69-1.fc39

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-6a0e07c9c7
2024-10-28 01:03:30.677578
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 39
Version : 130.0.6723.69
Release : 1.fc39
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

update to 130.0.6723.69
* High CVE-2024-10229: Inappropriate implementation in Extensions
* High CVE-2024-10230: Type Confusion in V8
* High CVE-2024-10231: Type Confusion in V8
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 26 2024 Than Ngo [than@redhat.com] - 130.0.6723.69-1
- update to 130.0.6723.69
* High CVE-2024-10229: Inappropriate implementation in Extensions
* High CVE-2024-10230: Type Confusion in V8
* High CVE-2024-10231: Type Confusion in V8
* Mon Oct 21 2024 Than Ngo [than@redhat.com] - 130.0.6723.58-2
- Add missing pthread stack size for ppc64 (openpower-patches)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2319007 - CVE-2024-9955 chromium: Use after free in WebAuthentication [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319007
[ 2 ] Bug #2319008 - CVE-2024-9955 chromium: Use after free in WebAuthentication [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319008
[ 3 ] Bug #2319009 - CVE-2024-9954 chromium: Use after free in AI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319009
[ 4 ] Bug #2319010 - CVE-2024-9954 chromium: Use after free in AI [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319010
[ 5 ] Bug #2319011 - CVE-2024-9966 chromium: Inappropriate implementation in Navigations [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319011
[ 6 ] Bug #2319012 - CVE-2024-9966 chromium: Inappropriate implementation in Navigations [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319012
[ 7 ] Bug #2319013 - CVE-2024-9958 chromium: Inappropriate implementation in PictureInPicture [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319013
[ 8 ] Bug #2319014 - CVE-2024-9958 chromium: Inappropriate implementation in PictureInPicture [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319014
[ 9 ] Bug #2321525 - CVE-2024-10231 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321525
[ 10 ] Bug #2321526 - CVE-2024-10231 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321526
[ 11 ] Bug #2321527 - CVE-2024-10229 chromium: Inappropriate implementation in Extensions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321527
[ 12 ] Bug #2321528 - CVE-2024-10229 chromium: Inappropriate implementation in Extensions [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321528
[ 13 ] Bug #2321529 - CVE-2024-10230 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321529
[ 14 ] Bug #2321530 - CVE-2024-10230 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321530
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6a0e07c9c7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.13.3-1.fc39

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ee9f0f22b6
2024-10-28 01:03:30.677371
--------------------------------------------------------------------------------

Name : prometheus-podman-exporter
Product : Fedora 39
Version : 1.13.3
Release : 1.fc39
URL : https://github.com/containers/prometheus-podman-exporter
Summary : Prometheus exporter for podman environment
Description :
Prometheus exporter for podman environments exposing containers, pods, images,
volumes and networks information.

--------------------------------------------------------------------------------
Update Information:

release 1.13.3
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 19 2024 Navid Yaghoobi [navidys@fedoraproject.org] - 1.13.3-1
- release v1.13.3
* Fri Sep 27 2024 Navid Yaghoobi [navidys@fedoraproject.org] - 1.13.2-1
- release v1.13.2
* Sat Aug 24 2024 Navid Yaghoobi [navidys@fedoraproject.org] - 1.13.1-1
- release v1.13.1
* Sat Aug 3 2024 Navid Yaghoobi [navidys@fedoraproject.org] - 1.13.0-1
- release v1.13.0
* Fri Jul 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.12.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jun 26 2024 Yaakov Selkowitz [yselkowi@redhat.com] - 1.12.0-2
- Use go-rpm-macros on RHEL 10+
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2317466 - CVE-2024-9675 prometheus-podman-exporter: Buildah allows arbitrary directory mount [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2317466
[ 2 ] Bug #2318177 - [Major Incident] CVE-2024-21626 prometheus-podman-exporter: file descriptor leak [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2318177
[ 3 ] Bug #2318188 - [Major Incident] CVE-2024-21626 prometheus-podman-exporter: file descriptor leak [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2318188
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ee9f0f22b6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 39 Update: podman-tui-1.2.3-1.fc39

--

[SECURITY] Fedora 39 Update: glibc-2.38-19.fc39

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-df41d584d0
2024-10-28 01:03:30.677266
--------------------------------------------------------------------------------

Name : glibc
Product : Fedora 39
Version : 2.38
Release : 19.fc39
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

--------------------------------------------------------------------------------
Update Information:

Auto-sync with upstream branch release/2.38/master
Add BuildRequires:gzip for compressed character maps and info files.
Upstream commit: 4dd8641461463b667b5503ab0ea4abcf261378a9
Add crt1-2.0.o for glibc 2.0 compatibility tests
libio: Attempt wide backup free only for non-legacy code
nptl: Use facilities in tst-setuid3
posix: Use facilities in tst-truncate and tst-truncate64
ungetc: Fix backup buffer leak on program exit [BZ #27821]
ungetc: Fix uninitialized read when putting into unused streams [BZ #27821]
Make tst-ungetc use libsupport
stdio-common: Add test for vfscanf with matches longer than INT_MAX [BZ #27650]
support: Add FAIL test failure helper
x86: Fix bug in strchrnul-evex512 [BZ #32078]
Fix name space violation in fortify wrappers (bug 32052)
resolv: Fix tst-resolv-short-response for older GCC (bug 32042)
Update syscall lists for Linux 6.5
Add mremap tests
mremap: Update manual entry
linux: Update the mremap C implementation [BZ #31968]
resolv: Track single-request fallback via _res._flags (bug 31476)
resolv: Do not wait for non-existing second DNS response after error (bug 30081)
resolv: Allow short error responses to match any query (bug 31890)
Linux: Make __rseq_size useful for feature detection (bug 31965)
elf: Make dl-rseq-symbols Linux only
nptl: fix potential merge of __rseq_* relro symbols
s390x: Fix segfault in wcsncmp [BZ #31934]
misc: Add support for Linux uio.h RWF_NOAPPEND flag
i386: Disable Intel Xeon Phi tests for GCC 15 and above (BZ 31782)
Force DT_RPATH for --enable-hardcoded-path-in-tests
resolv: Fix some unaligned accesses in resolver [BZ #30750]
nscd: Use time_t for return type of addgetnetgrentX
elf: Also compile dl-misc.os with $(rtld-early-cflags)
CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in
addgetnetgrentX (bug 31680)
CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug
31678)
CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX
(bug 31678)
CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)
i386: ulp update for SSE2 --disable-multi-arch configurations
nptl: Fix tst-cancel30 on kernels without ppoll_time64 support
login: structs utmp, utmpx, lastlog _TIME_BITS independence (bug 30701)
login: Check default sizes of structs utmp, utmpx, lastlog
sparc: Remove 64 bit check on sparc32 wordsize (BZ 27574)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 10 2024 Carlos O'Donell [carlos@redhat.com] - 2.38-19
- Add BuildRequires:gzip for compressed character maps and info files.
- Auto-sync with upstream branch release/2.38/master,
commit 4dd8641461463b667b5503ab0ea4abcf261378a9:
- Add crt1-2.0.o for glibc 2.0 compatibility tests
- libio: Attempt wide backup free only for non-legacy code
- nptl: Use facilities in tst-setuid3
- posix: Use facilities in tst-truncate and tst-truncate64
- ungetc: Fix backup buffer leak on program exit [BZ #27821]
- ungetc: Fix uninitialized read when putting into unused streams [BZ #27821]
- Make tst-ungetc use libsupport
- stdio-common: Add test for vfscanf with matches longer than INT_MAX [BZ #27650]
- support: Add FAIL test failure helper
- x86: Fix bug in strchrnul-evex512 [BZ #32078]
- Fix name space violation in fortify wrappers (bug 32052)
- resolv: Fix tst-resolv-short-response for older GCC (bug 32042)
- Update syscall lists for Linux 6.5
- Add mremap tests
- mremap: Update manual entry
- linux: Update the mremap C implementation [BZ #31968]
- resolv: Track single-request fallback via _res._flags (bug 31476)
- resolv: Do not wait for non-existing second DNS response after error (bug 30081)
- resolv: Allow short error responses to match any query (bug 31890)
- Linux: Make __rseq_size useful for feature detection (bug 31965)
- elf: Make dl-rseq-symbols Linux only
- nptl: fix potential merge of __rseq_* relro symbols
- s390x: Fix segfault in wcsncmp [BZ #31934]
- misc: Add support for Linux uio.h RWF_NOAPPEND flag
- i386: Disable Intel Xeon Phi tests for GCC 15 and above (BZ 31782)
- Force DT_RPATH for --enable-hardcoded-path-in-tests
- resolv: Fix some unaligned accesses in resolver [BZ #30750]
- nscd: Use time_t for return type of addgetnetgrentX
- elf: Also compile dl-misc.os with $(rtld-early-cflags)
- CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680)
- CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678)
- CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678)
- CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)
- i386: ulp update for SSE2 --disable-multi-arch configurations
- nptl: Fix tst-cancel30 on kernels without ppoll_time64 support
- login: structs utmp, utmpx, lastlog _TIME_BITS independence (bug 30701)
- login: Check default sizes of structs utmp, utmpx, lastlog
- sparc: Remove 64 bit check on sparc32 wordsize (BZ 27574)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-df41d584d0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: chromium-130.0.6723.69-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-1178c53bb1
2024-10-27 20:31:30.258723
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 41
Version : 130.0.6723.69
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

update to 130.0.6723.69
* High CVE-2024-10229: Inappropriate implementation in Extensions
* High CVE-2024-10230: Type Confusion in V8
* High CVE-2024-10231: Type Confusion in V8
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 26 2024 Than Ngo [than@redhat.com] - 130.0.6723.69-1
- update to 130.0.6723.69
* High CVE-2024-10229: Inappropriate implementation in Extensions
* High CVE-2024-10230: Type Confusion in V8
* High CVE-2024-10231: Type Confusion in V8
* Mon Oct 21 2024 Than Ngo [than@redhat.com] - 130.0.6723.58-2
- Add missing pthread stack size for ppc64 (openpower-patches)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2319007 - CVE-2024-9955 chromium: Use after free in WebAuthentication [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319007
[ 2 ] Bug #2319008 - CVE-2024-9955 chromium: Use after free in WebAuthentication [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319008
[ 3 ] Bug #2319009 - CVE-2024-9954 chromium: Use after free in AI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319009
[ 4 ] Bug #2319010 - CVE-2024-9954 chromium: Use after free in AI [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319010
[ 5 ] Bug #2319011 - CVE-2024-9966 chromium: Inappropriate implementation in Navigations [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319011
[ 6 ] Bug #2319012 - CVE-2024-9966 chromium: Inappropriate implementation in Navigations [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319012
[ 7 ] Bug #2319013 - CVE-2024-9958 chromium: Inappropriate implementation in PictureInPicture [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319013
[ 8 ] Bug #2319014 - CVE-2024-9958 chromium: Inappropriate implementation in PictureInPicture [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319014
[ 9 ] Bug #2321525 - CVE-2024-10231 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321525
[ 10 ] Bug #2321526 - CVE-2024-10231 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321526
[ 11 ] Bug #2321527 - CVE-2024-10229 chromium: Inappropriate implementation in Extensions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321527
[ 12 ] Bug #2321528 - CVE-2024-10229 chromium: Inappropriate implementation in Extensions [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321528
[ 13 ] Bug #2321529 - CVE-2024-10230 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321529
[ 14 ] Bug #2321530 - CVE-2024-10230 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321530
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-1178c53bb1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: prometheus-podman-exporter-1.13.3-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-28e375f8ca
2024-10-27 20:31:30.258452
--------------------------------------------------------------------------------

Name : prometheus-podman-exporter
Product : Fedora 41
Version : 1.13.3
Release : 1.fc41
URL : https://github.com/containers/prometheus-podman-exporter
Summary : Prometheus exporter for podman environment
Description :
Prometheus exporter for podman environments exposing containers, pods, images,
volumes and networks information.

--------------------------------------------------------------------------------
Update Information:

release 1.13.3
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 19 2024 Navid Yaghoobi [navidys@fedoraproject.org] - 1.13.3-1
- release v1.13.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2317466 - CVE-2024-9675 prometheus-podman-exporter: Buildah allows arbitrary directory mount [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2317466
[ 2 ] Bug #2318177 - [Major Incident] CVE-2024-21626 prometheus-podman-exporter: file descriptor leak [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2318177
[ 3 ] Bug #2318188 - [Major Incident] CVE-2024-21626 prometheus-podman-exporter: file descriptor leak [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2318188
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-28e375f8ca' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: podman-tui-1.2.3-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-1cab90a9e7
2024-10-27 20:31:30.258445
--------------------------------------------------------------------------------

Name : podman-tui
Product : Fedora 41
Version : 1.2.3
Release : 1.fc41
URL : https://github.com/containers/podman-tui
Summary : Podman Terminal User Interface
Description :

podman-tui is a terminal user interface for Podman v4 and v5.
podman-tui is using podman.socket service to communicate with podman environment
and SSH to connect to remote podman machines.

--------------------------------------------------------------------------------
Update Information:

release 1.2.3
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 19 2024 Navid Yaghoobi [navidys@fedoraproject.org] - 1.2.3-1
- release v1.2.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2317465 - CVE-2024-9675 podman-tui: Buildah allows arbitrary directory mount [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2317465
[ 2 ] Bug #2318187 - [Major Incident] CVE-2024-21626 podman-tui: file descriptor leak [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2318187
[ 3 ] Bug #2319020 - CVE-2024-9676 podman-tui: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319020
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-1cab90a9e7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

KDE neon 20241027 released

Graphicsmagick and Asterisk updates for Debian ELTS

Chromium, Posman, EDK2, and more updates for Fedora

[SECURITY] Fedora 40 Update: chromium-130.0.6723.69-1.fc40

[SECURITY] Fedora 40 Update: prometheus-podman-exporter-1.13.3-1.fc40

[SECURITY] Fedora 40 Update: podman-tui-1.2.3-1.fc40

[SECURITY] Fedora 40 Update: edk2-20240813-2.fc40

[SECURITY] Fedora 39 Update: chromium-130.0.6723.69-1.fc39

[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.13.3-1.fc39

[SECURITY] Fedora 39 Update: podman-tui-1.2.3-1.fc39

[SECURITY] Fedora 39 Update: glibc-2.38-19.fc39

[SECURITY] Fedora 41 Update: chromium-130.0.6723.69-1.fc41

[SECURITY] Fedora 41 Update: prometheus-podman-exporter-1.13.3-1.fc41

[SECURITY] Fedora 41 Update: podman-tui-1.2.3-1.fc41

Windows

Linux

macOS

Community