Fedora Linux 40 has been updated with multiple security enhancements, including gnutls-3.8.9-1.fc40, libtasn1-4.20.0-1.fc40, openssl-3.2.4-1.fc40, and crun-1.20-2.fc40:

Fedora 40 Update: gnutls-3.8.9-1.fc40
Fedora 40 Update: libtasn1-4.20.0-1.fc40
Fedora 40 Update: openssl-3.2.4-1.fc40
Fedora 40 Update: crun-1.20-2.fc40

[SECURITY] Fedora 40 Update: gnutls-3.8.9-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5e5783f0d1
2025-02-26 01:41:52.376669+00:00
--------------------------------------------------------------------------------

Name : gnutls
Product : Fedora 40
Version : 3.8.9
Release : 1.fc40
URL : http://www.gnutls.org/
Summary : A TLS protocol implementation
Description :
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.

--------------------------------------------------------------------------------
Update Information:

Update gnutls to the latest upstream release, including a fix for
CVE-2024-12243.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 18 2025 Daiki Ueno [dueno@redhat.com] - 3.8.9-1
- Update to gnutls 3.8.9 release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2344616 - CVE-2024-12243 gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2344616
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5e5783f0d1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 40 Update: libtasn1-4.20.0-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a5edb54660
2025-02-26 01:41:52.376662+00:00
--------------------------------------------------------------------------------

Name : libtasn1
Product : Fedora 40
Version : 4.20.0
Release : 1.fc40
URL : http://www.gnu.org/software/libtasn1/
Summary : The ASN.1 library used in GNUTLS
Description :
A library that provides Abstract Syntax Notation One (ASN.1, as specified
by the X.680 ITU-T recommendation) parsing and structures management, and
Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions.

--------------------------------------------------------------------------------
Update Information:

Includes CVE fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 14 2025 Zoltan Fridrich [zfridric@redhat.com] - 4.20.0-1
- Update to 4.20.0 upstream release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2344196 - libtasn1-4.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2344196
[ 2 ] Bug #2344613 - CVE-2024-12133 libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2344613
[ 3 ] Bug #2344614 - CVE-2024-12133 libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2344614
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a5edb54660' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 40 Update: openssl-3.2.4-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-becf280371
2025-02-26 01:41:52.376532+00:00
--------------------------------------------------------------------------------

Name : openssl
Product : Fedora 40
Version : 3.2.4
Release : 1.fc40
URL : http://www.openssl.org/
Summary : Utilities from the general purpose cryptography library with TLS implementation
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

--------------------------------------------------------------------------------
Update Information:

Rebase to 3.2.4
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 12 2025 Dmitry Belyavskiy [dbelyavs@redhat.com] - 1:3.2.4-1
- Rebase to 3.2.4
Resolves: rhbz#2345071
* Fri Sep 6 2024 Sahana Prasad [sahana@redhat.com] - 1:3.2.2-4
- Patch for CVE-2024-6119
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2345071 - [Minor Incident] CVE-2024-12797 openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2345071
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-becf280371' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 40 Update: crun-1.20-2.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-166f075581
2025-02-26 01:41:52.376499+00:00
--------------------------------------------------------------------------------

Name : crun
Product : Fedora 40
Version : 1.20
Release : 2.fc40
URL : https://github.com/containers/crun
Summary : OCI runtime written in C
Description :
crun is a OCI runtime

--------------------------------------------------------------------------------
Update Information:

Security fix for GHSA-f42g-r5jj-qh4j
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 10 2025 Lokesh Mandvekar [lsm5@fedoraproject.org] - 1.20-2
- fix gating config
* Wed Feb 5 2025 Packit [hello@packit.dev] - 1.20-1
- Update to 1.20 upstream release
* Tue Dec 31 2024 Lokesh Mandvekar [lsm5@fedoraproject.org] - 1.19.1-2
- TMT: sync tests from upstream
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-166f075581' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--