Fedora Linux 8773 Published by

The following updates have been released for Fedora Linux:

Fedora 38 Update: chromium-122.0.6261.128-1.fc38
Fedora 38 Update: python3.6-3.6.15-27.fc38
Fedora 38 Update: opensc-0.25.0-1.fc38
Fedora 39 Update: python3.6-3.6.15-27.fc39
Fedora 39 Update: openvswitch-3.2.2-1.fc39
Fedora 39 Update: iwd-2.16-1.fc39
Fedora 39 Update: opensc-0.25.0-1.fc39




Fedora 38 Update: chromium-122.0.6261.128-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ac1eb810c5
2024-03-16 01:50:49.900381
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 38
Version : 122.0.6261.128
Release : 1.fc38
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

upstream security release 122.0.6261.128
High CVE-2024-2400: Use after free in Performance Manager
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 13 2024 Than Ngo [than@redhat.com] - 122.0.6261.128-1
- upstream security release 122.0.6261.128
* High CVE-2024-2400: Use after free in Performance Manager
* Mon Mar 11 2024 Than Ngo [than@redhat.com] - 122.0.6261.111-2
- enable ppc64le build
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2269306 - CVE-2024-2400 chromium: chromium-browser: Use after free in Performance Manager [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2269306
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ac1eb810c5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: python3.6-3.6.15-27.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ebb3c95344
2024-03-16 01:50:49.900335
--------------------------------------------------------------------------------

Name : python3.6
Product : Fedora 38
Version : 3.6.15
Release : 27.fc38
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python 3.6 package for developers.

This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.6, see other distributions
that support it, such as CentOS or RHEL with Software Collections
or older Fedora releases.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2007-4559.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 29 2024 Charalampos Stratakis [cstratak@redhat.com] - 3.6.15-27
- Security fix for CVE-2007-4559
- Fixes: rhbz#2141080
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #263261 - CVE-2007-4559 python: tarfile module directory traversal
https://bugzilla.redhat.com/show_bug.cgi?id=263261
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ebb3c95344' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: opensc-0.25.0-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b92d44f141
2024-03-16 01:50:49.900273
--------------------------------------------------------------------------------

Name : opensc
Product : Fedora 38
Version : 0.25.0
Release : 1.fc38
URL : https://github.com/OpenSC/OpenSC/wiki
Summary : Smart card library and applications
Description :
OpenSC provides a set of libraries and utilities to work with smart cards. Its
main focus is on cards that support cryptographic operations, and facilitate
their use in security applications such as authentication, mail encryption and
digital signatures. OpenSC implements the PKCS#11 API so applications
supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On
the card OpenSC implements the PKCS#15 standard and aims to be compatible with
every software/card that does so, too.

--------------------------------------------------------------------------------
Update Information:

New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 7 2024 Veronika Hanulikova [vhanulik@redhat.com] - 0.25.0-1
- New upstream release (#2265003), fixes CVE-2023-5992 and CVE-2024-1454 (#2263930)
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.24.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263929 - CVE-2024-1454 opensc: Memory use after free in AuthentIC driver when updating token info
https://bugzilla.redhat.com/show_bug.cgi?id=2263929
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b92d44f141' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: python3.6-3.6.15-27.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d1f1084584
2024-03-16 01:16:32.852749
--------------------------------------------------------------------------------

Name : python3.6
Product : Fedora 39
Version : 3.6.15
Release : 27.fc39
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python 3.6 package for developers.

This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.6, see other distributions
that support it, such as CentOS or RHEL with Software Collections
or older Fedora releases.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2007-4559.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 29 2024 Charalampos Stratakis [cstratak@redhat.com] - 3.6.15-27
- Security fix for CVE-2007-4559
- Fixes: rhbz#2141080
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #263261 - CVE-2007-4559 python: tarfile module directory traversal
https://bugzilla.redhat.com/show_bug.cgi?id=263261
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d1f1084584' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: openvswitch-3.2.2-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a4530e9bfe
2024-03-16 01:16:32.852735
--------------------------------------------------------------------------------

Name : openvswitch
Product : Fedora 39
Version : 3.2.2
Release : 1.fc39
URL : https://www.openvswitch.org/
Summary : Open vSwitch daemon/database/utilities
Description :
Open vSwitch provides standard network bridging functions and
support for the OpenFlow protocol for remote per-flow control of
traffic.

--------------------------------------------------------------------------------
Update Information:

Update to 3.2.2
It indirectly fix CVE-2023-3966 and CVE-2023-5366
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 7 2024 Timothy Redaelli [tredaelli@redhat.com] - 3.2.2-1
- Update to 3.2.2
* Thu Oct 26 2023 Timothy Redaelli [tredaelli@redhat.com] - 3.2.1-1
- Update to 3.2.1 (#2245052)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a4530e9bfe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: iwd-2.16-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4ef5edfb2a
2024-03-16 01:16:32.852695
--------------------------------------------------------------------------------

Name : iwd
Product : Fedora 39
Version : 2.16
Release : 1.fc39
URL : https://iwd.wiki.kernel.org/
Summary : Wireless daemon for Linux
Description :
The daemon and utilities for controlling and configuring the Wi-Fi network
hardware.

--------------------------------------------------------------------------------
Update Information:

iwd 2.16:
Fix issue with uninitialized variable and DPP encrypt.
Fix issue with Access Point mode and ATTR_MAC validation.
Fix issue with Access Point mode and frequency attributes.
Fix issue with P2P and handling client info description.
Fix issue with P2P and handling parsing of service info.
Fix issue with netconfig and handling domain list.
Add support for forcing a default ECC group.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 7 2024 Peter Robinson [pbrobinson@fedoraproject.org] - 2.16-1
- Update to 2.16
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263573 - iwd-2.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2263573
[ 2 ] Bug #2264597 - TRIAGE CVE-2023-52161 iwd: potential authorization bypass [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2264597
[ 3 ] Bug #2267652 - iwd-2.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2267652
[ 4 ] Bug #2267710 - CVE-2024-28084 iwd: denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2267710
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4ef5edfb2a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: opensc-0.25.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-6460a03e29
2024-03-16 01:16:32.852688
--------------------------------------------------------------------------------

Name : opensc
Product : Fedora 39
Version : 0.25.0
Release : 1.fc39
URL : https://github.com/OpenSC/OpenSC/wiki
Summary : Smart card library and applications
Description :
OpenSC provides a set of libraries and utilities to work with smart cards. Its
main focus is on cards that support cryptographic operations, and facilitate
their use in security applications such as authentication, mail encryption and
digital signatures. OpenSC implements the PKCS#11 API so applications
supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On
the card OpenSC implements the PKCS#15 standard and aims to be compatible with
every software/card that does so, too.

--------------------------------------------------------------------------------
Update Information:

New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 7 2024 Veronika Hanulikova [vhanulik@redhat.com] - 0.25.0-1
- New upstream release (#2265003), fixes CVE-2023-5992 and CVE-2024-1454 (#2263930)
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.24.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263929 - CVE-2024-1454 opensc: Memory use after free in AuthentIC driver when updating token info
https://bugzilla.redhat.com/show_bug.cgi?id=2263929
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6460a03e29' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--