Fedora Linux 8781 Published by

The following four security updates are available for Fedora Linux:

Fedora 38 Update: libfilezilla-0.45.0-1.fc38
Fedora 38 Update: filezilla-3.66.4-1.fc38
Fedora 38 Update: opensc-0.24.0-1.fc38
Fedora 39 Update: thunderbird-115.6.0-1.fc39




Fedora 38 Update: libfilezilla-0.45.0-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-7934efb5e3
2023-12-23 04:33:53.210999
--------------------------------------------------------------------------------

Name : libfilezilla
Product : Fedora 38
Version : 0.45.0
Release : 1.fc38
URL : https://lib.filezilla-project.org/
Summary : C++ Library for FileZilla
Description :
libfilezilla is a small and modern C++ library, offering some basic
functionality to build high-performing, platform-independent programs.

--------------------------------------------------------------------------------
Update Information:

Fix for terrapin vulnerability
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 26 2023 Gwyn Ciesla [gwync@protonmail.com] - 0.45.0-1
- 0.45.0
* Thu Jul 20 2023 Fedora Release Engineering [releng@fedoraproject.org] - 0.41.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2255454 - TRIAGE filezilla: terrapin vulnerability fixed in 3.66.4 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255454
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-7934efb5e3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: filezilla-3.66.4-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-7934efb5e3
2023-12-23 04:33:53.210999
--------------------------------------------------------------------------------

Name : filezilla
Product : Fedora 38
Version : 3.66.4
Release : 1.fc38
URL : https://filezilla-project.org/
Summary : FTP, FTPS and SFTP client
Description :
FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features.
- Supports FTP, FTP over SSL/TLS (FTPS) and SSH File Transfer Protocol (SFTP)
- Cross-platform
- Available in many languages
- Supports resume and transfer of large files greater than 4GB
- Easy to use Site Manager and transfer queue
- Drag & drop support
- Speed limits
- Filename filters
- Network configuration wizard

--------------------------------------------------------------------------------
Update Information:

Fix for terrapin vulnerability
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 20 2023 Gwyn Ciesla [gwync@protonmail.com] - 3.66.4-1
- 3.66.4
* Mon Nov 6 2023 Gwyn Ciesla [gwync@protonmail.com] - 3.66.1-1
- 3.66.1
* Thu Oct 26 2023 Gwyn Ciesla [gwync@protonmail.com] - 3.66.0-1
- 3.66.0
* Wed Jul 19 2023 Fedora Release Engineering [releng@fedoraproject.org] - 3.63.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2255454 - TRIAGE filezilla: terrapin vulnerability fixed in 3.66.4 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255454
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-7934efb5e3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: opensc-0.24.0-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-c7e4c9af51
2023-12-23 04:33:53.210781
--------------------------------------------------------------------------------

Name : opensc
Product : Fedora 38
Version : 0.24.0
Release : 1.fc38
URL : https://github.com/OpenSC/OpenSC/wiki
Summary : Smart card library and applications
Description :
OpenSC provides a set of libraries and utilities to work with smart cards. Its
main focus is on cards that support cryptographic operations, and facilitate
their use in security applications such as authentication, mail encryption and
digital signatures. OpenSC implements the PKCS#11 API so applications
supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On
the card OpenSC implements the PKCS#15 standard and aims to be compatible with
every software/card that does so, too.

--------------------------------------------------------------------------------
Update Information:

New upstream release (#2240701) with security fixes for CVE-2023-40660,
CVE-2023-4535, CVE-2023-40661
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 14 2023 Veronika Hanulikova [vhanulik@redhat.com] - 0.24.0-1
- New upstream release (#2240701)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2240912 - CVE-2023-40660 OpenSC: Potential PIN bypass when card tracks its own login state
https://bugzilla.redhat.com/show_bug.cgi?id=2240912
[ 2 ] Bug #2240913 - CVE-2023-40661 OpenSC: multiple memory issues with pkcs15-init (enrollment tool)
https://bugzilla.redhat.com/show_bug.cgi?id=2240913
[ 3 ] Bug #2240914 - CVE-2023-4535 OpenSC: out-of-bounds read in MyEID driver handling encryption using symmetric keys
https://bugzilla.redhat.com/show_bug.cgi?id=2240914
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-c7e4c9af51' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: thunderbird-115.6.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-7dee358171
2023-12-23 04:23:47.010196
--------------------------------------------------------------------------------

Name : thunderbird
Product : Fedora 39
Version : 115.6.0
Release : 1.fc39
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

Update to 115.6.0 ; - https://www.mozilla.org/en-
US/security/advisories/mfsa2023-55/ - https://www.thunderbird.net/en-
US/thunderbird/115.6.0/releasenotes/
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 20 2023 Eike Rathke [erack@redhat.com] - 115.6.0-1
- Update to 115.6.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-7dee358171' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--