Fedora Linux 8779 Published by

The following security updates are available for Fedora Linux:

Fedora 39 Update: firefox-126.0-5.fc39
Fedora 40 Update: chromium-125.0.6422.60-1.fc40
Fedora 40 Update: podman-5.0.3-1.fc40




Fedora 39 Update: firefox-126.0-5.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a2c6c8afa9
2024-05-17 01:30:14.560755
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 39
Version : 126.0
Release : 5.fc39
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

new upstream update (126.0)
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 14 2024 Martin Stransky [stransky@redhat.com]- 126.0-5
- Updated upstream patches
* Mon May 13 2024 Martin Stransky [stransky@redhat.com]- 126.0-4
- Rebuild
* Mon May 13 2024 Martin Stransky [stransky@redhat.com]- 126.0-3
- More upstream patches for Gnome search provider.
* Fri May 10 2024 Martin Stransky [stransky@redhat.com]- 126.0-2
- Fix Gnome search provider for Fedora 40+
* Fri May 10 2024 Jan Grulich [jgrulich@redhat.com] - 126.0-1
- Backport WebRTC fix for screen cast glitches in KDE
* Thu May 9 2024 Martin Stransky [stransky@redhat.com]- 126.0-1
- Updated to 126.0
* Tue May 7 2024 Martin Stransky [stransky@redhat.com]- 125.0.3-2
- Added ffmpeg-free to recommends (rhbz#2023833).
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a2c6c8afa9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: chromium-125.0.6422.60-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-c01c1f5f82
2024-05-17 01:07:43.928070
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 40
Version : 125.0.6422.60
Release : 1.fc40
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

update to 125.0.6422.60
* High CVE-2024-4947: Type Confusion in V8
* High CVE-2024-4948: Use after free in Dawn
* Medium CVE-2024-4949: Use after free in V8
* Low CVE-2024-4950: Inappropriate implementation in Downloads
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 16 2024 Than Ngo [than@redhat.com] - 125.0.6422.60-1
- update to 125.0.6422.60
* High CVE-2024-4947: Type Confusion in V8
* High CVE-2024-4948: Use after free in Dawn
* Medium CVE-2024-4949: Use after free in V8
* Low CVE-2024-4950: Inappropriate implementation in Downloads
* Sun May 12 2024 Than Ngo [than@redhat.com] - 125.0.6422.41-1
- update to 125.0.6422.41
* Sat May 11 2024 Than Ngo [than@redhat.com] - 124.0.6367.201-2
- include headless_command_resources.pak for headless_shell
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2280248 - CVE-2024-4671 chromium: chromium-browser: use after free in Visuals [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280248
[ 2 ] Bug #2280397 - CVE-2024-4761: Out of bounds write in V8.
https://bugzilla.redhat.com/show_bug.cgi?id=2280397
[ 3 ] Bug #2280591 - CVE-2024-4761 chromium: chromium-browser: Out of bounds write in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280591
[ 4 ] Bug #2280720 - High CVE-2024-4947: Type Confusion in V8 (and eight other CVEs patched in 125.0.6422.60)
https://bugzilla.redhat.com/show_bug.cgi?id=2280720
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-c01c1f5f82' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: podman-5.0.3-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-20393c122f
2024-05-17 01:07:43.928033
--------------------------------------------------------------------------------

Name : podman
Product : Fedora 40
Version : 5.0.3
Release : 1.fc40
URL : https://podman.io/
Summary : Manage Pods, Containers and Container Images
Description :
podman (Pod Manager) is a fully featured container engine that is a simple
daemonless tool. podman provides a Docker-CLI comparable command line that
eases the transition from other container engines and allows the management of
pods, containers and images. Simply put: alias docker=podman.
Most podman commands can be run as a regular user, without requiring
additional privileges.

podman uses Buildah(1) internally to create container images.
Both tools share image (not container) storage, hence each can use or
manipulate images (but not containers) created by the other.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-3727
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 10 2024 Packit [hello@packit.dev] - 5:5.0.3-1
- Update to 5.0.3 upstream release
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-20393c122f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--