Fedora Linux 8815 Published by

The following security updates have been released for Fedora Linux:

Fedora 38 Update: curl-8.0.1-6.fc38
Fedora 38 Update: dotnet6.0-6.0.125-1.fc38
Fedora 38 Update: dotnet7.0-7.0.114-1.fc38
Fedora 39 Update: xorg-x11-server-1.20.14-28.fc39
Fedora 39 Update: tigervnc-1.13.1-9.fc39
Fedora 39 Update: dotnet6.0-6.0.125-1.fc39
Fedora 39 Update: dotnet7.0-7.0.114-1.fc39




Fedora 38 Update: curl-8.0.1-6.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-2121eca964
2023-12-15 02:18:14.322411
--------------------------------------------------------------------------------

Name : curl
Product : Fedora 38
Version : 8.0.1
Release : 6.fc38
URL : https://curl.se/
Summary : A utility for getting files from remote servers (FTP, HTTP, and others)
Description :
curl is a command line tool for transferring data with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload of other useful tricks.

--------------------------------------------------------------------------------
Update Information:

- fix HSTS long file name clears contents (CVE-2023-46219) - fix cookie mixed
case PSL bypass (CVE-2023-46218)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 6 2023 Jan Macku [jamacku@redhat.com] - 8.0.1-6
- fix HSTS long file name clears contents (CVE-2023-46219)
- fix cookie mixed case PSL bypass (CVE-2023-46218)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2252030 - CVE-2023-46218 curl: information disclosure by exploiting a mixed case flaw
https://bugzilla.redhat.com/show_bug.cgi?id=2252030
[ 2 ] Bug #2252034 - CVE-2023-46219 curl: excessively long file name may lead to unknown HSTS status
https://bugzilla.redhat.com/show_bug.cgi?id=2252034
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-2121eca964' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: dotnet6.0-6.0.125-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-9c901b8c2d
2023-12-15 02:18:14.322376
--------------------------------------------------------------------------------

Name : dotnet6.0
Product : Fedora 38
Version : 6.0.125
Release : 1.fc38
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the November 2023 update for .NET 6. It includes fixes for multiple
CVEs. Release Notes: https://github.com/dotnet/core/blob/main/release-
notes/6.0/6.0.25/6.0.25.md
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 15 2023 Omair Majid [omajid@redhat.com] - 6.0.125-1
- Update to .NET SDK 6.0.125 and Runtime 6.0.25
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-9c901b8c2d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: dotnet7.0-7.0.114-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-484d7950a9
2023-12-15 02:18:14.322358
--------------------------------------------------------------------------------

Name : dotnet7.0
Product : Fedora 38
Version : 7.0.114
Release : 1.fc38
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the November 2023 monthly update for .NET 7. It includes several
security fixes. Release Notes:
https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.14/7.0.14.md
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 16 2023 Omair Majid [omajid@redhat.com] - 7.0.114-1
- Update to .NET SDK 7.0.114 and Runtime 7.0.14
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-484d7950a9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: xorg-x11-server-1.20.14-28.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-52460bedda
2023-12-15 01:32:20.893730
--------------------------------------------------------------------------------

Name : xorg-x11-server
Product : Fedora 39
Version : 1.20.14
Release : 28.fc39
URL : http://www.x.org
Summary : X.Org X11 X server
Description :
X.Org X11 X server

--------------------------------------------------------------------------------
Update Information:

CVE fix for: CVE-2023-6377, CVE-2023-6478
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 13 2023 Peter Hutterer [peter.hutterer@redhat.com] - 1.20.14-28
- CVE fix for: CVE-2023-6377, CVE-2023-6478
* Fri Nov 10 2023 Peter Hutterer [peter.hutterer@redhat.com] - 1.20.14-27
- Update with full SPDX license list
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-52460bedda' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: tigervnc-1.13.1-9.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-52460bedda
2023-12-15 01:32:20.893730
--------------------------------------------------------------------------------

Name : tigervnc
Product : Fedora 39
Version : 1.13.1
Release : 9.fc39
URL : http://www.tigervnc.com
Summary : A TigerVNC remote display system
Description :
Virtual Network Computing (VNC) is a remote display system which
allows you to view a computing 'desktop' environment not only on the
machine where it is running, but from anywhere on the Internet and
from a wide variety of machine architectures. This package contains a
client which will allow you to connect to other desktops running a VNC
server.

--------------------------------------------------------------------------------
Update Information:

CVE fix for: CVE-2023-6377, CVE-2023-6478
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 13 2023 Jan Grulich [jgrulich@redhat.com] - 1.13.1-9
- Rebuild for Xorg CVEs
Fixes: CVE-2023-6377, CVE-2023-6478
* Wed Nov 22 2023 Florian Weimer [fweimer@redhat.com] - 1.13.1-8
- Drop incorrect tigervnc-c99-2.patch.
* Wed Nov 22 2023 Florian Weimer [fweimer@redhat.com] - 1.13.1-7
- C compatibility fixes
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-52460bedda' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: dotnet6.0-6.0.125-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-d8a7c6928a
2023-12-15 01:32:20.893704
--------------------------------------------------------------------------------

Name : dotnet6.0
Product : Fedora 39
Version : 6.0.125
Release : 1.fc39
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the November 2023 update for .NET 6. It includes fixes for multiple
CVEs. Release Notes: https://github.com/dotnet/core/blob/main/release-
notes/6.0/6.0.25/6.0.25.md
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 15 2023 Omair Majid [omajid@redhat.com] - 6.0.125-1
- Update to .NET SDK 6.0.125 and Runtime 6.0.25
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-d8a7c6928a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: dotnet7.0-7.0.114-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-4334d47fff
2023-12-15 01:32:20.893676
--------------------------------------------------------------------------------

Name : dotnet7.0
Product : Fedora 39
Version : 7.0.114
Release : 1.fc39
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the November 2023 monthly update for .NET 7. It includes several
security fixes. Release Notes:
https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.14/7.0.14.md
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 16 2023 Omair Majid [omajid@redhat.com] - 7.0.114-1
- Update to .NET SDK 7.0.114 and Runtime 7.0.14
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-4334d47fff' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--