Fedora Linux 8811 Published by

The following security updates are available for Fedora Linux:

Fedora 38 Update: cockpit-311.2-1.fc38
Fedora 39 Update: libfilezilla-0.47.0-1.fc39
Fedora 39 Update: filezilla-3.67.0-1.fc39




Fedora 38 Update: cockpit-311.2-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-31e83b461d
2024-04-18 01:14:20.877442
--------------------------------------------------------------------------------

Name : cockpit
Product : Fedora 38
Version : 311.2
Release : 1.fc38
URL : https://cockpit-project.org/
Summary : Web Console for Linux servers
Description :
The Cockpit Web Console enables users to administer GNU/Linux servers using a
web browser.

It offers network configuration, log inspection, diagnostic reports, SELinux
troubleshooting, interactive command-line sessions, and more.

--------------------------------------------------------------------------------
Update Information:

sosreport: Fix command injection with crafted report names [CVE-2024-2947]
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 2 2024 Packit [hello@packit.dev] - 311.2-1
- sosreport: Fix command injection with crafted report names [CVE-2024-2947]
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2271815 - CVE-2024-2947 cockpit: command injection when deleting a sosreport with a crafted name [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2271815
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-31e83b461d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: libfilezilla-0.47.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8401d42de6
2024-04-18 01:11:31.874318
--------------------------------------------------------------------------------

Name : libfilezilla
Product : Fedora 39
Version : 0.47.0
Release : 1.fc39
URL : https://lib.filezilla-project.org/
Summary : C++ Library for FileZilla
Description :
libfilezilla is a small and modern C++ library, offering some basic
functionality to build high-performing, platform-independent programs.

--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2024-31497
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 15 2024 Gwyn Ciesla [gwync@protonmail.com] - 0.47.0-1
- 0.47.0
* Tue Feb 6 2024 Gwyn Ciesla [gwync@protonmail.com] - 0.46.0-1
- 0.46.0
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.45.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.45.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2275187 - CVE-2024-31497 filezilla: putty: secret key recovery of NIST P-521 private keys Through Biased ECDSA Nonces in PuTTY Client [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2275187
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8401d42de6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: filezilla-3.67.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8401d42de6
2024-04-18 01:11:31.874318
--------------------------------------------------------------------------------

Name : filezilla
Product : Fedora 39
Version : 3.67.0
Release : 1.fc39
URL : https://filezilla-project.org/
Summary : FTP, FTPS and SFTP client
Description :
FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features.
- Supports FTP, FTP over SSL/TLS (FTPS) and SSH File Transfer Protocol (SFTP)
- Cross-platform
- Available in many languages
- Supports resume and transfer of large files greater than 4GB
- Easy to use Site Manager and transfer queue
- Drag & drop support
- Speed limits
- Filename filters
- Network configuration wizard

--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2024-31497
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 15 2024 Gwyn Ciesla [gwync@protonmail.com] - 3.67.0-1
- 3.67.0
* Mon Apr 15 2024 Gwyn Ciesla [gwync@protonmail.com] - 3.66.5-2
- libfilezilla rebuild
* Wed Feb 7 2024 Gwyn Ciesla [gwync@protonmail.com] - 3.66.5-1
- 3.66.5
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.66.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.66.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2275187 - CVE-2024-31497 filezilla: putty: secret key recovery of NIST P-521 private keys Through Biased ECDSA Nonces in PuTTY Client [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2275187
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8401d42de6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--