Fedora 40 Update: firefox-134.0-1.fc40
Fedora 40 Update: gimp-2.10.38-12.fc40
Fedora 40 Update: openjpeg2-2.5.3-1.fc40
Fedora 40 Update: mupdf-1.24.6-2.fc40
Fedora 41 Update: valkey-8.0.2-1.fc41
Fedora 41 Update: curl-8.9.1-3.fc41
[SECURITY] Fedora 40 Update: firefox-134.0-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e8a71b6caf
2025-01-09 02:31:17.828543+00:00
--------------------------------------------------------------------------------
Name : firefox
Product : Fedora 40
Version : 134.0
Release : 1.fc40
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
--------------------------------------------------------------------------------
Update Information:
Updated to latest upstream (134.0)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 2 2025 Martin Stransky [stransky@redhat.com] - 134.0-1
- Updated to 134.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e8a71b6caf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: gimp-2.10.38-12.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ccdbd92d7b
2025-01-09 02:31:17.828471+00:00
--------------------------------------------------------------------------------
Name : gimp
Product : Fedora 40
Version : 2.10.38
Release : 12.fc40
URL : https://www.gimp.org/
Summary : GNU Image Manipulation Program
Description :
GIMP (GNU Image Manipulation Program) is a powerful image composition and
editing program, which can be extremely useful for creating logos and other
graphics for web pages. GIMP has many of the tools and filters you would expect
to find in similar commercial offerings, and some interesting extras as well.
GIMP provides a large image manipulation toolbox, including channel operations
and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all
with multi-level undo.
--------------------------------------------------------------------------------
Update Information:
This update fixes issues with loading TGA and XCF files.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 31 2024 Nils Philippsen [nils@tiptoe.de] - 2:2.10.38-12
- Fix issues with TGA and XCF loaders (rhbz#2003465, patch by Andrzej Hunt)
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2:2.10.38-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jun 12 2024 Nils Philippsen [nils@tiptoe.de] - 2:2.10.38-2
- Use SPDX license identifiers consistently
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ccdbd92d7b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: openjpeg2-2.5.3-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-272544ceb9
2025-01-09 02:31:17.828390+00:00
--------------------------------------------------------------------------------
Name : openjpeg2
Product : Fedora 40
Version : 2.5.3
Release : 1.fc40
URL : https://github.com/uclouvain/openjpeg
Summary : C-Library for JPEG 2000
Description :
The OpenJPEG library is an open-source JPEG 2000 library developed in order to
promote the use of JPEG 2000.
This package contains
* JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profile-1
compliance).
* JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multiple
component transforms for multispectral and hyperspectral imagery)
--------------------------------------------------------------------------------
Update Information:
Update to openjpeg-2.5.3
Fix 2 heap-buffer-overflow
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 24 2024 SÃrgio Basto [sergio@serjux.com] - 2.5.3-1
- Update to 2.5.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2333951 - heap-buffer-overflow at lib/openjp2/j2k.c:8460:84 in opj_j2k_add_tlmarker in openjpeg/opj_decompress
https://bugzilla.redhat.com/show_bug.cgi?id=2333951
[ 2 ] Bug #2333954 - heap-buffer-overflow at bin/common/color.c:215:42 in sycc422_to_rgb in openjpeg/opj_decompress
https://bugzilla.redhat.com/show_bug.cgi?id=2333954
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-272544ceb9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 40 Update: mupdf-1.24.6-2.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bfc5e25437
2025-01-09 02:31:17.828421+00:00
--------------------------------------------------------------------------------
Name : mupdf
Product : Fedora 40
Version : 1.24.6
Release : 2.fc40
URL : http://mupdf.com/
Summary : A lightweight PDF viewer and toolkit
Description :
MuPDF is a lightweight PDF viewer and toolkit written in portable C.
The renderer in MuPDF is tailored for high quality anti-aliased
graphics. MuPDF renders text with metrics and spacing accurate to
within fractions of a pixel for the highest fidelity in reproducing
the look of a printed page on screen.
MuPDF has a small footprint. A binary that includes the standard
Roman fonts is only one megabyte. A build with full CJK support
(including an Asian font) is approximately seven megabytes.
MuPDF has support for all non-interactive PDF 1.7 features, and the
toolkit provides a simple API for accessing the internal structures of
the PDF document. Example code for navigating interactive links and
bookmarks, encrypting PDF files, extracting fonts, images, and
searchable text, and rendering pages to image files is provided.
--------------------------------------------------------------------------------
Update Information:
fix CVE-2024-46657 (rhbz#2331626)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 26 2024 Michael J Gruber [mjg@fedoraproject.org] - 1.24.6-2
- fix CVE-2024-46657 (rhbz#2331626)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331626 - CVE-2024-46657 mupdf: segmentation fault via tools/pdfextract.c [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331626
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bfc5e25437' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: valkey-8.0.2-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b332afed45
2025-01-09 02:02:18.478025+00:00
--------------------------------------------------------------------------------
Name : valkey
Product : Fedora 41
Version : 8.0.2
Release : 1.fc41
URL : https://valkey.io
Summary : A persistent key-value database
Description :
Valkey is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.
You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.
In order to achieve its outstanding performance, Valkey works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.
Valkey also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.
Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Valkey behave like
a cache.
You can use Valkey from most programming languages also.
--------------------------------------------------------------------------------
Update Information:
update to 8.0.2
fixes CVE-2024-46981 - Lua script commands may lead to remote code execution
fixes CVE-2024-51741 - Denial-of-service due to malformed ACL selectors
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 8 2025 Jonathan Wright [jonathan@almalinux.org] - 8.0.2-1
- update to 8.0.2 rhbz#2336259
fixes CVE-2024-46981
fixes CVE-2024-51741
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b332afed45' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: curl-8.9.1-3.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a94430d221
2025-01-09 02:02:18.477813+00:00
--------------------------------------------------------------------------------
Name : curl
Product : Fedora 41
Version : 8.9.1
Release : 3.fc41
URL : https://curl.se/
Summary : A utility for getting files from remote servers (FTP, HTTP, and others)
Description :
curl is a command line tool for transferring data with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload of other useful tricks.
--------------------------------------------------------------------------------
Update Information:
fix HSTS subdomain overwrites parent cache entry (CVE-2024-9681)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 12 2024 Jan Macku [jamacku@redhat.com] - 8.9.1-3
- fix HSTS subdomain overwrites parent cache entry (CVE-2024-9681)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2326407 - CVE-2024-9681 curl: HSTS subdomain overwrites parent cache entry [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2326407
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a94430d221' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
