Fedora Linux 8810 Published by

The following security updates are available for Fedora Linux:

Fedora 39 Update: firefox-125.0-1.fc39
Fedora 39 Update: kernel-6.8.6-200.fc39
Fedora 39 Update: yyjson-0.9.0-1.fc39
Fedora 39 Update: wireshark-4.0.14-1.fc39
Fedora 39 Update: python-cbor2-5.6.2-1.fc39
Fedora 39 Update: mbedtls-2.28.8-1.fc39
Fedora 38 Update: yyjson-0.9.0-1.fc38
Fedora 38 Update: python-cbor2-5.6.2-1.fc38
Fedora 38 Update: mbedtls-2.28.8-1.fc38



Fedora 39 Update: firefox-125.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-121f5cec9f
2024-04-17 02:18:01.430897
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 39
Version : 125.0
Release : 1.fc39
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

New upstream release (125.0)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 9 2024 Martin Stransky [stransky@redhat.com]- 125.0-1
- Updated to 125.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-121f5cec9f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: kernel-6.8.6-200.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f93cdd8831
2024-04-17 02:18:01.430884
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 39
Version : 6.8.6
Release : 200.fc39
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 6.8.6 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr 13 2024 Justin M. Forbes [jforbes@fedoraproject.org] [6.8.6-200]
- Revert "cpupower: Bump soname version" (Justin M. Forbes)
- Drop soname for libcpupower.so since we reverted the bump (Justin M. Forbes)
* Sat Apr 13 2024 Justin M. Forbes [jforbes@fedoraproject.org] [6.8.6-0]
- nouveau: fix devinit paths to only handle display on GSP. (Dave Airlie)
- Add bluetooth bug to Bugsfixed for 6.8.6 (Justin M. Forbes)
- Bluetooth: l2cap: Don't double set the HCI_CONN_MGMT_CONNECTED bit (Archie Pusaka)
- Linux v6.8.6
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2274990 - CVE-2024-26817 kernel: amdkfd: use calloc instead of kzalloc to avoid integer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2274990
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f93cdd8831' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: yyjson-0.9.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ef2e551fab
2024-04-17 02:18:01.430796
--------------------------------------------------------------------------------

Name : yyjson
Product : Fedora 39
Version : 0.9.0
Release : 1.fc39
URL : https://github.com/ibireme/yyjson
Summary : A high performance JSON library written in ANSI C
Description :
A high performance JSON library written in ANSI C.

Features
- Fast: can read or write gigabytes per second JSON data on modern CPUs.
- Portable: complies with ANSI C (C89) for cross-platform compatibility.
- Strict: complies with RFC 8259 JSON standard, ensuring strict number format
and UTF-8 validation.
- Extendable: offers options to allow comments, trailing commas, NaN/Inf, and
custom memory allocator.
- Accuracy: can accurately read and write int64, uint64, and double numbers.
- Flexible: supports unlimited JSON nesting levels, \u0000 characters, and non
null-terminated strings.
- Manipulation: supports querying and modifying using JSON Pointer, JSON Patch
and JSON Merge Patch.
- Developer-Friendly: easy integration with only one h and one c file.

--------------------------------------------------------------------------------
Update Information:

Update to 0.9.0; fix rhbz#2274045 and rhbz#2266791; Security fix for
CVE-2024-25713
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 9 2024 topazus [topazus@outlook.com] - 0.9.0-1
- Update to 0.9.0; fix rhbz#2274045 and rhbz#2266791
* Tue Jan 30 2024 topazus [topazus@outlook.com] - 0.8.0-3
- Fix error of -Wno-implicit-int and -Wno-implicit-function-declaration
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2266791 - CVE-2024-25713 yyjson: double free leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2266791
[ 2 ] Bug #2274045 - yyjson-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2274045
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ef2e551fab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: wireshark-4.0.14-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f644a5709c
2024-04-17 02:18:01.430724
--------------------------------------------------------------------------------

Name : wireshark
Product : Fedora 39
Version : 4.0.14
Release : 1.fc39
URL : http://www.wireshark.org/
Summary : Network traffic analyzer
Description :
Wireshark allows you to examine protocol data stored in files or as it is
captured from wired or wireless (WiFi or Bluetooth) networks, USB devices,
and many other sources. It supports dozens of protocol capture file formats
and understands more than a thousand protocols.

It has many powerful features including a rich display filter language
and the ability to reassemble multiple protocol packets in order to, for
example, view a complete TCP stream, save the contents of a file which was
transferred over HTTP or CIFS, or play back an RTP audio stream.

--------------------------------------------------------------------------------
Update Information:

New version 4.2.4. Includes a fix for CVE-2024-2955
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 8 2024 Michal Ruprich [mruprich@redhat.com] - 1:4.0.14-1
- New version 4.0.14
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2271924 - wireshark-4.2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2271924
[ 2 ] Bug #2273381 - CVE-2024-2955 wireshark: T.38 dissector crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2273381
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f644a5709c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: python-cbor2-5.6.2-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4bbd13d425
2024-04-17 02:18:01.430704
--------------------------------------------------------------------------------

Name : python-cbor2
Product : Fedora 39
Version : 5.6.2
Release : 1.fc39
URL : https://github.com/agronholm/cbor2
Summary : Python CBOR (de)serializer with extensive tag support
Description :
This library provides encoding and decoding for the Concise Binary Object
Representation (CBOR) (RFC 7049) serialization format.

--------------------------------------------------------------------------------
Update Information:

Update to latest upstream release (closes rhbz#2261550, closes rhbz#2245361)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 8 2024 Fabian Affolter - 5.6.2-1
- Update to latest upstream release (closes rhbz#2261550, closes rhbz#2245361)
- Fixes CVE-2024-26134 (closes rhbz#2265036, closes rhbz#bug 2265035)
* Sat Feb 3 2024 Fabian Affolter - 5.6.1-1
- Update to latest upstream release 5.6.1 (closes rhbz#2245361)
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 5.1.2-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering [releng@fedoraproject.org] - 5.1.2-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Aug 30 2023 Carl George [carlwgeorge@fedoraproject.org] - 5.1.2-12
- Convert to pyproject macros
- Validated license as SPDX identifier
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2245361 - python-cbor2-5.6.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2245361
[ 2 ] Bug #2261550 - python-cbor2: FTBFS in Fedora rawhide/f40
https://bugzilla.redhat.com/show_bug.cgi?id=2261550
[ 3 ] Bug #2265036 - CVE-2024-26134 python-cbor2: cbor2: Potential buffer overflow in CBOR2 decoder [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2265036
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4bbd13d425' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: mbedtls-2.28.8-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-666210bd74
2024-04-17 02:18:01.430663
--------------------------------------------------------------------------------

Name : mbedtls
Product : Fedora 39
Version : 2.28.8
Release : 1.fc39
URL : https://www.trustedfirmware.org/projects/mbed-tls
Summary : Light-weight cryptographic and SSL/TLS library
Description :
Mbed TLS is a light-weight open source cryptographic and SSL/TLS
library written in C. Mbed TLS makes it easy for developers to include
cryptographic and SSL/TLS capabilities in their (embedded)
applications with as little hassle as possible.

--------------------------------------------------------------------------------
Update Information:

Update to 2.28.8
Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 1 2024 Morten Stevens [mstevens@fedoraproject.org] - 2.28.8-1
- Update to 2.28.8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2272172 - CVE-2024-28960 mbedtls: Insecure handling of shared memory in PSA Crypto APIs
https://bugzilla.redhat.com/show_bug.cgi?id=2272172
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-666210bd74' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: yyjson-0.9.0-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4691d60717
2024-04-17 02:11:07.454578
--------------------------------------------------------------------------------

Name : yyjson
Product : Fedora 38
Version : 0.9.0
Release : 1.fc38
URL : https://github.com/ibireme/yyjson
Summary : A high performance JSON library written in ANSI C
Description :
A high performance JSON library written in ANSI C.

Features
- Fast: can read or write gigabytes per second JSON data on modern CPUs.
- Portable: complies with ANSI C (C89) for cross-platform compatibility.
- Strict: complies with RFC 8259 JSON standard, ensuring strict number format
and UTF-8 validation.
- Extendable: offers options to allow comments, trailing commas, NaN/Inf, and
custom memory allocator.
- Accuracy: can accurately read and write int64, uint64, and double numbers.
- Flexible: supports unlimited JSON nesting levels, \u0000 characters, and non
null-terminated strings.
- Manipulation: supports querying and modifying using JSON Pointer, JSON Patch
and JSON Merge Patch.
- Developer-Friendly: easy integration with only one h and one c file.

--------------------------------------------------------------------------------
Update Information:

Update to 0.9.0; fix rhbz#2274045 and rhbz#2266791; Security fix for
CVE-2024-25713
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 9 2024 topazus [topazus@outlook.com] - 0.9.0-1
- Update to 0.9.0; fix rhbz#2274045 and rhbz#2266791
* Tue Jan 30 2024 topazus [topazus@outlook.com] - 0.8.0-3
- Fix error of -Wno-implicit-int and -Wno-implicit-function-declaration
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2266791 - CVE-2024-25713 yyjson: double free leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2266791
[ 2 ] Bug #2274045 - yyjson-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2274045
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4691d60717' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: python-cbor2-5.6.2-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0c9aaeb447
2024-04-17 02:11:07.454502
--------------------------------------------------------------------------------

Name : python-cbor2
Product : Fedora 38
Version : 5.6.2
Release : 1.fc38
URL : https://github.com/agronholm/cbor2
Summary : Python CBOR (de)serializer with extensive tag support
Description :
This library provides encoding and decoding for the Concise Binary Object
Representation (CBOR) (RFC 7049) serialization format.

--------------------------------------------------------------------------------
Update Information:

Update to latest upstream release (closes rhbz#2261550, closes rhbz#2245361)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 8 2024 Fabian Affolter - 5.6.2-1
- Update to latest upstream release (closes rhbz#2261550, closes rhbz#2245361)
- Fixes CVE-2024-26134 (closes rhbz#2265036, closes rhbz#bug 2265035)
* Sat Feb 3 2024 Fabian Affolter - 5.6.1-1
- Update to latest upstream release 5.6.1 (closes rhbz#2245361)
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 5.1.2-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering [releng@fedoraproject.org] - 5.1.2-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Aug 30 2023 Carl George [carlwgeorge@fedoraproject.org] - 5.1.2-12
- Convert to pyproject macros
- Validated license as SPDX identifier
* Fri Jul 21 2023 Fedora Release Engineering [releng@fedoraproject.org] - 5.1.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jun 15 2023 Python Maint - 5.1.2-10
- Rebuilt for Python 3.12
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2245361 - python-cbor2-5.6.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2245361
[ 2 ] Bug #2261550 - python-cbor2: FTBFS in Fedora rawhide/f40
https://bugzilla.redhat.com/show_bug.cgi?id=2261550
[ 3 ] Bug #2265036 - CVE-2024-26134 python-cbor2: cbor2: Potential buffer overflow in CBOR2 decoder [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2265036
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0c9aaeb447' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: mbedtls-2.28.8-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-1249d56928
2024-04-17 02:11:07.454441
--------------------------------------------------------------------------------

Name : mbedtls
Product : Fedora 38
Version : 2.28.8
Release : 1.fc38
URL : https://www.trustedfirmware.org/projects/mbed-tls
Summary : Light-weight cryptographic and SSL/TLS library
Description :
Mbed TLS is a light-weight open source cryptographic and SSL/TLS
library written in C. Mbed TLS makes it easy for developers to include
cryptographic and SSL/TLS capabilities in their (embedded)
applications with as little hassle as possible.

--------------------------------------------------------------------------------
Update Information:

Update to 2.28.8
Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 1 2024 Morten Stevens [mstevens@fedoraproject.org] - 2.28.8-1
- Update to 2.28.8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2272172 - CVE-2024-28960 mbedtls: Insecure handling of shared memory in PSA Crypto APIs
https://bugzilla.redhat.com/show_bug.cgi?id=2272172
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-1249d56928' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--