Fedora Linux 8817 Published by

Fedora Linux has been updated with a range of security enhancements, which include Firefox, Micropython, NetworkManager-libreswan, Xorg-X11-Server-Xwayland, and Libarchive:

Fedora 40 Update: firefox-132.0-2.fc40
Fedora 40 Update: micropython-1.23.0-1.fc40
Fedora 40 Update: NetworkManager-libreswan-1.2.24-1.fc40
Fedora 39 Update: micropython-1.23.0-1.fc39
Fedora 39 Update: NetworkManager-libreswan-1.2.24-1.fc39
Fedora 39 Update: libarchive-3.7.1-3.fc39
Fedora 41 Update: firefox-132.0-2.fc41
Fedora 41 Update: xorg-x11-server-Xwayland-24.1.4-1.fc41
Fedora 41 Update: micropython-1.23.0-1.fc41




[SECURITY] Fedora 40 Update: firefox-132.0-2.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-dee1ef052e
2024-10-31 02:14:30.974739
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 40
Version : 132.0
Release : 2.fc40
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

New upstream update (132.0)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 25 2024 Martin Stransky [stransky@redhat.com] - 132.0-2
- Enabled PGO
* Wed Oct 23 2024 Martin Stransky [stransky@redhat.com] - 132.0-1
- Updated to 132.0
* Mon Oct 21 2024 Martin Stransky [stransky@redhat.com] - 131.0.3-3
- Backported hi-res mouse scrolling and
hold touchpad gesture support for Fedora 41
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-dee1ef052e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: micropython-1.23.0-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f9ca680ecd
2024-10-31 02:14:30.974656
--------------------------------------------------------------------------------

Name : micropython
Product : Fedora 40
Version : 1.23.0
Release : 1.fc40
URL : http://micropython.org/
Summary : Implementation of Python 3 with very low memory footprint
Description :
Implementation of Python 3 with very low memory footprint

--------------------------------------------------------------------------------
Update Information:

Update to 1.23.0
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 17 2024 Charalampos Stratakis [cstratak@redhat.com] - 1.23.0-1
- Update to 1.23.0
- Security fixes for CVE-2024-8946, CVE-2024-8947, CVE-2024-8948
Resolves: rhbz#2312926, rhbz#2312923, rhbz#2312921
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2312921 - CVE-2024-8948 micropython: heap buffer overflow via int_to_bytes [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312921
[ 2 ] Bug #2312923 - CVE-2024-8947 micropython: use after free vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312923
[ 3 ] Bug #2312926 - CVE-2024-8946 micropython: heap buffer overflow via mp_vfs_umount [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312926
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f9ca680ecd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: NetworkManager-libreswan-1.2.24-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e88cc97dba
2024-10-31 02:14:30.974643
--------------------------------------------------------------------------------

Name : NetworkManager-libreswan
Product : Fedora 40
Version : 1.2.24
Release : 1.fc40
URL : https://gitlab.gnome.org/GNOME/NetworkManager-libreswan
Summary : NetworkManager VPN plug-in for IPsec VPN
Description :
This package contains software for integrating the libreswan VPN software
with NetworkManager and the GNOME desktop

--------------------------------------------------------------------------------
Update Information:

This is an update to 1.2.24 release of NetworkManager-libreswan, the IPSec VPN
plugin for NetworkManager. It fixes a local privilege escalation bug due to
improper escaping of Libreswan configuration. (CVE-2024-9050)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 22 2024 Lubomir Rintel [lkundrak@v3.sk] - 1.2.24-1
- Update to 1.2.24 release
- Fixes a local privilege escalation bug with severity "important" (CVE-2024-9050)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2320956 - CVE-2024-9050 NetworkManager-libreswan: Local privilege escalation via leftupdown [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2320956
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e88cc97dba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: micropython-1.23.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-9c81ad492a
2024-10-31 01:38:05.886410
--------------------------------------------------------------------------------

Name : micropython
Product : Fedora 39
Version : 1.23.0
Release : 1.fc39
URL : http://micropython.org/
Summary : Implementation of Python 3 with very low memory footprint
Description :
Implementation of Python 3 with very low memory footprint

--------------------------------------------------------------------------------
Update Information:

Update to 1.23.0
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 17 2024 Charalampos Stratakis [cstratak@redhat.com] - 1.23.0-1
- Update to 1.23.0
- Security fixes for CVE-2024-8946, CVE-2024-8947, CVE-2024-8948
Resolves: rhbz#2312926, rhbz#2312923, rhbz#2312921
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2312921 - CVE-2024-8948 micropython: heap buffer overflow via int_to_bytes [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312921
[ 2 ] Bug #2312923 - CVE-2024-8947 micropython: use after free vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312923
[ 3 ] Bug #2312926 - CVE-2024-8946 micropython: heap buffer overflow via mp_vfs_umount [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312926
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-9c81ad492a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: NetworkManager-libreswan-1.2.24-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d20b38c63f
2024-10-31 01:38:05.886403
--------------------------------------------------------------------------------

Name : NetworkManager-libreswan
Product : Fedora 39
Version : 1.2.24
Release : 1.fc39
URL : https://gitlab.gnome.org/GNOME/NetworkManager-libreswan
Summary : NetworkManager VPN plug-in for IPsec VPN
Description :
This package contains software for integrating the libreswan VPN software
with NetworkManager and the GNOME desktop

--------------------------------------------------------------------------------
Update Information:

This is an update to 1.2.24 release of NetworkManager-libreswan, the IPSec VPN
plugin for NetworkManager. It fixes a local privilege escalation bug due to
improper escaping of Libreswan configuration. (CVE-2024-9050)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 22 2024 Lubomir Rintel [lkundrak@v3.sk] - 1.2.24-1
- Update to 1.2.24 release
- Fixes a local privilege escalation bug with severity "important" (CVE-2024-9050)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2320956 - CVE-2024-9050 NetworkManager-libreswan: Local privilege escalation via leftupdown [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2320956
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d20b38c63f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: libarchive-3.7.1-3.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ab6348928b
2024-10-31 01:38:05.886341
--------------------------------------------------------------------------------

Name : libarchive
Product : Fedora 39
Version : 3.7.1
Release : 3.fc39
URL : https://www.libarchive.org/
Summary : A library for handling streaming archive formats
Description :
Libarchive is a programming library that can create and read several different
streaming archive formats, including most popular tar variants, several cpio
formats, and both BSD and GNU ar variants. It can also write shar archives and
read ISO9660 CDROM images and ZIP archives.

--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2024-48957
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 14 2024 Lukas Javorsky [ljavorsk@redhat.com] - 3.7.1-3
- Fix CVE-2024-48957
- Resolves: rhbz#2317762
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2317762 - CVE-2024-48957 libarchive: Out-of-bounds access in libarchive's archive file handling [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2317762
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ab6348928b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: firefox-132.0-2.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-24fbd327e3
2024-10-31 01:36:34.226101
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 41
Version : 132.0
Release : 2.fc41
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

New upstream update (132.0)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 25 2024 Martin Stransky [stransky@redhat.com] - 132.0-2
- Enabled PGO
* Wed Oct 23 2024 Martin Stransky [stransky@redhat.com] - 132.0-1
- Updated to 132.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-24fbd327e3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: xorg-x11-server-Xwayland-24.1.4-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-80c8f31c55
2024-10-31 01:36:34.226078
--------------------------------------------------------------------------------

Name : xorg-x11-server-Xwayland
Product : Fedora 41
Version : 24.1.4
Release : 1.fc41
URL : http://www.x.org
Summary : Xwayland
Description :
Xwayland is an X server for running X clients under Wayland.

--------------------------------------------------------------------------------
Update Information:

xwayland 24.1.4 - CVE fix for CVE-2024-9632
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 29 2024 Olivier Fourdan [ofourdan@redhat.com] - 24.1.4-1
- xwayland 24.1.4 - (#2316081)
CVE fix for: CVE-2024-9632
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2316081 - xorg-x11-server-Xwayland-24.1.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2316081
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-80c8f31c55' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: micropython-1.23.0-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-cd5c1dfa94
2024-10-31 01:36:34.225938
--------------------------------------------------------------------------------

Name : micropython
Product : Fedora 41
Version : 1.23.0
Release : 1.fc41
URL : http://micropython.org/
Summary : Implementation of Python 3 with very low memory footprint
Description :
Implementation of Python 3 with very low memory footprint

--------------------------------------------------------------------------------
Update Information:

Update to 1.23.0
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 17 2024 Charalampos Stratakis [cstratak@redhat.com] - 1.23.0-1
- Update to 1.23.0
- Security fixes for CVE-2024-8946, CVE-2024-8947, CVE-2024-8948
Resolves: rhbz#2312926, rhbz#2312923, rhbz#2312921
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2312921 - CVE-2024-8948 micropython: heap buffer overflow via int_to_bytes [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312921
[ 2 ] Bug #2312923 - CVE-2024-8947 micropython: use after free vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312923
[ 3 ] Bug #2312926 - CVE-2024-8946 micropython: heap buffer overflow via mp_vfs_umount [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312926
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-cd5c1dfa94' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--