Fedora Linux 8811 Published by

Fedora Linux has received security updates for lemonldap-ng and mingw-expat:

Fedora 41 Update: lemonldap-ng-2.20.1-1.fc41
Fedora 41 Update: mingw-expat-2.6.4-1.fc41
Fedora 39 Update: lemonldap-ng-2.20.1-1.fc39
Fedora 40 Update: lemonldap-ng-2.20.1-1.fc40
Fedora 40 Update: mingw-expat-2.6.4-1.fc40




[SECURITY] Fedora 41 Update: lemonldap-ng-2.20.1-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-7bc1df53fc
2024-11-19 02:23:09.976677
--------------------------------------------------------------------------------

Name : lemonldap-ng
Product : Fedora 41
Version : 2.20.1
Release : 1.fc41
URL : https://lemonldap-ng.org
Summary : Web Single Sign On (SSO) and Access Management
Description :
LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It
simplifies the build of a protected area with a few changes in the
application. It manages both authentication and authorization and provides
headers for accounting.
So you can have a full AAA protection for your web space as described below.

--------------------------------------------------------------------------------
Update Information:

Update to lemonldap-ng 2.20.1:
[Security] Adaptative Authentication Rules triggered by "Refresh my rights"
[Security] XSS in upgradeSession / forceUpgrade pages
downloadSamlMetadata missing from packages in 2.20.0
CDA request for id is not valid
"This application is not known" when trying to access a federation application
with empty RelayState
SAML regression in 2.20.0
Internal error when captcha rule isn't validated
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 8 2024 Clement Oudot [clem.oudot@gmail.com] - 2.20.1-1
- Update to 2.20.1
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-7bc1df53fc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: mingw-expat-2.6.4-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-fa21fd6c77
2024-11-19 02:23:09.976453
--------------------------------------------------------------------------------

Name : mingw-expat
Product : Fedora 41
Version : 2.6.4
Release : 1.fc41
URL : http://www.libexpat.org/
Summary : MinGW Windows port of expat XML parser library
Description :
This is expat, the C library for parsing XML, written by James Clark. Expat
is a stream oriented XML parser. This means that you register handlers with
the parser prior to starting the parse. These handlers are called when the
parser discovers the associated structures in the document being parsed. A
start tag is an example of the kind of structures for which you may
register handlers.

--------------------------------------------------------------------------------
Update Information:

Update to 2.6.4.
Backport fix for CVE-2024-50602.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Nov 9 2024 Sandro Mani [manisandro@gmail.com] - 2.6.4-1
- Update to 2.6.4
* Tue Nov 5 2024 Sandro Mani [manisandro@gmail.com] - 2.6.3-2
- Backport patch for CVE-2024-50602
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2322195 - CVE-2024-50602 mingw-expat: DoS via XML_ResumeParser [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2322195
[ 2 ] Bug #2322230 - CVE-2024-50602 mingw-expat: DoS via XML_ResumeParser [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2322230
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-fa21fd6c77' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: lemonldap-ng-2.20.1-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d0a6c4ac13
2024-11-19 01:28:16.949479
--------------------------------------------------------------------------------

Name : lemonldap-ng
Product : Fedora 39
Version : 2.20.1
Release : 1.fc39
URL : https://lemonldap-ng.org
Summary : Web Single Sign On (SSO) and Access Management
Description :
LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It
simplifies the build of a protected area with a few changes in the
application. It manages both authentication and authorization and provides
headers for accounting.
So you can have a full AAA protection for your web space as described below.

--------------------------------------------------------------------------------
Update Information:

Update to lemonldap-ng 2.20.1:
[Security] Adaptative Authentication Rules triggered by "Refresh my rights"
[Security] XSS in upgradeSession / forceUpgrade pages
downloadSamlMetadata missing from packages in 2.20.0
CDA request for id is not valid
"This application is not known" when trying to access a federation application
with empty RelayState
SAML regression in 2.20.0
Internal error when captcha rule isn't validated
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 8 2024 Clement Oudot [clem.oudot@gmail.com] - 2.20.1-1
- Update to 2.20.1
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d0a6c4ac13' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: lemonldap-ng-2.20.1-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e457192aa2
2024-11-19 01:21:30.375627
--------------------------------------------------------------------------------

Name : lemonldap-ng
Product : Fedora 40
Version : 2.20.1
Release : 1.fc40
URL : https://lemonldap-ng.org
Summary : Web Single Sign On (SSO) and Access Management
Description :
LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It
simplifies the build of a protected area with a few changes in the
application. It manages both authentication and authorization and provides
headers for accounting.
So you can have a full AAA protection for your web space as described below.

--------------------------------------------------------------------------------
Update Information:

Update to lemonldap-ng 2.20.1:
[Security] Adaptative Authentication Rules triggered by "Refresh my rights"
[Security] XSS in upgradeSession / forceUpgrade pages
downloadSamlMetadata missing from packages in 2.20.0
CDA request for id is not valid
"This application is not known" when trying to access a federation application
with empty RelayState
SAML regression in 2.20.0
Internal error when captcha rule isn't validated
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 8 2024 Clement Oudot [clem.oudot@gmail.com] - 2.20.1-1
- Update to 2.20.1
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e457192aa2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: mingw-expat-2.6.4-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-cdde5c873d
2024-11-19 01:21:30.375425
--------------------------------------------------------------------------------

Name : mingw-expat
Product : Fedora 40
Version : 2.6.4
Release : 1.fc40
URL : http://www.libexpat.org/
Summary : MinGW Windows port of expat XML parser library
Description :
This is expat, the C library for parsing XML, written by James Clark. Expat
is a stream oriented XML parser. This means that you register handlers with
the parser prior to starting the parse. These handlers are called when the
parser discovers the associated structures in the document being parsed. A
start tag is an example of the kind of structures for which you may
register handlers.

--------------------------------------------------------------------------------
Update Information:

Update to 2.6.4.
Backport fix for CVE-2024-50602.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Nov 9 2024 Sandro Mani [manisandro@gmail.com] - 2.6.4-1
- Update to 2.6.4
* Tue Nov 5 2024 Sandro Mani [manisandro@gmail.com] - 2.6.3-2
- Backport patch for CVE-2024-50602
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2322195 - CVE-2024-50602 mingw-expat: DoS via XML_ResumeParser [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2322195
[ 2 ] Bug #2322230 - CVE-2024-50602 mingw-expat: DoS via XML_ResumeParser [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2322230
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-cdde5c873d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--