Fedora Linux 8811 Published by

The following security updates have been released for Fedora Linux:

Fedora 38 Update: libgit2-1.6.5-1.fc38
Fedora 38 Update: freerdp-2.11.5-1.fc38
Fedora 39 Update: libgit2_1.6-1.6.5-1.fc39
Fedora 39 Update: libgit2-1.7.2-1.fc39
Fedora 39 Update: expat-2.6.0-1.fc39
Fedora 39 Update: mbedtls-2.28.7-1.fc39
Fedora 39 Update: freerdp-2.11.5-1.fc39
Fedora 39 Update: python-cryptography-41.0.7-1.fc39



Fedora 38 Update: libgit2-1.6.5-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a7a3c8ccdd
2024-02-17 01:36:47.959145
--------------------------------------------------------------------------------

Name : libgit2
Product : Fedora 38
Version : 1.6.5
Release : 1.fc38
URL : https://libgit2.org/
Summary : C implementation of the Git core methods as a library with a solid API
Description :
libgit2 is a portable, pure C implementation of the Git core methods
provided as a re-entrant linkable library with a solid API, allowing
you to write native speed custom Git applications in any language
with bindings.

--------------------------------------------------------------------------------
Update Information:

Update to 1.6.5
Resolves: CVE-2024-24577
Resolves: CVE-2024-24575
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 8 2024 Pete Walter [pwalter@fedoraproject.org] - 1.6.5-1
- Update to 1.6.5
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263096 - TRIAGE CVE-2024-24577 libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263096
[ 2 ] Bug #2263101 - TRIAGE CVE-2024-24575 libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263101
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a7a3c8ccdd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: freerdp-2.11.5-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f294ddb7fb
2024-02-17 01:36:47.958991
--------------------------------------------------------------------------------

Name : freerdp
Product : Fedora 38
Version : 2.11.5
Release : 1.fc38
URL : http://www.freerdp.com/
Summary : Free implementation of the Remote Desktop Protocol (RDP)
Description :
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP
project.

xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows
machines, xrdp and VirtualBox.

--------------------------------------------------------------------------------
Update Information:

Update to 2.11.5
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 1 2024 Ondrej Holy [oholy@redhat.com] - 2:2.11.5-1
- Update to 2.11.5.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2259483 - CVE-2024-22211 freerdp: Integer Overflow leading to Heap Overflow in freerdp_bitmap_planar_context_reset
https://bugzilla.redhat.com/show_bug.cgi?id=2259483
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f294ddb7fb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: libgit2_1.6-1.6.5-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-605004a28e
2024-02-17 00:55:58.833973
--------------------------------------------------------------------------------

Name : libgit2_1.6
Product : Fedora 39
Version : 1.6.5
Release : 1.fc39
URL : https://libgit2.org/
Summary : C implementation of the Git core methods as a library with a solid API
Description :
libgit2 is a portable, pure C implementation of the Git core methods
provided as a re-entrant linkable library with a solid API, allowing
you to write native speed custom Git applications in any language
with bindings.

--------------------------------------------------------------------------------
Update Information:

Update to 1.6.5
Resolves: CVE-2024-24577
Resolves: CVE-2024-24575
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 7 2024 Pete Walter [pwalter@fedoraproject.org] - 1.6.5-1
- Update to 1.6.5
* Wed Feb 7 2024 Stephen Gallagher [sgallagh@redhat.com] - 1.6.4-4
- Skip 'pack' tests on F40+
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.6.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.6.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2261321 - libgit2_1.6: FTBFS in Fedora rawhide/f40
https://bugzilla.redhat.com/show_bug.cgi?id=2261321
[ 2 ] Bug #2263096 - TRIAGE CVE-2024-24577 libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263096
[ 3 ] Bug #2263101 - TRIAGE CVE-2024-24575 libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263101
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-605004a28e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: libgit2-1.7.2-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-92bac3b909
2024-02-17 00:55:58.833959
--------------------------------------------------------------------------------

Name : libgit2
Product : Fedora 39
Version : 1.7.2
Release : 1.fc39
URL : https://libgit2.org/
Summary : C implementation of the Git core methods as a library with a solid API
Description :
libgit2 is a portable, pure C implementation of the Git core methods
provided as a re-entrant linkable library with a solid API, allowing
you to write native speed custom Git applications in any language
with bindings.

--------------------------------------------------------------------------------
Update Information:

Update to 1.7.2
Resolves: CVE-2024-24577
Resolves: CVE-2024-24575
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 7 2024 Stephen Gallagher [sgallagh@redhat.com] - 1.7.2-1
- Update to 1.7.2
* Wed Feb 7 2024 Stephen Gallagher [sgallagh@redhat.com] - 1.7.1-5
- Skip 'pack' tests on F40+
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.7.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.7.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2261319 - libgit2: FTBFS in Fedora rawhide/f40
https://bugzilla.redhat.com/show_bug.cgi?id=2261319
[ 2 ] Bug #2263096 - TRIAGE CVE-2024-24577 libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263096
[ 3 ] Bug #2263101 - TRIAGE CVE-2024-24575 libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263101
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-92bac3b909' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: expat-2.6.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-269826c2b3
2024-02-17 00:55:58.833880
--------------------------------------------------------------------------------

Name : expat
Product : Fedora 39
Version : 2.6.0
Release : 1.fc39
URL : https://libexpat.github.io/
Summary : An XML parser library
Description :
This is expat, the C library for parsing XML, written by James Clark. Expat
is a stream oriented XML parser. This means that you register handlers with
the parser prior to starting the parse. These handlers are called when the
parser discovers the associated structures in the document being parsed. A
start tag is an example of the kind of structures for which you may
register handlers.

--------------------------------------------------------------------------------
Update Information:

Rebase to version 2.6.0
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 7 2024 Tomas Korbar [tkorbar@redhat.com] - 2.6.0-1
- Rebase to version 2.6.0
- Resolves: rhbz#2263032
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.5.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.5.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263032 - expat-2.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2263032
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-269826c2b3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: mbedtls-2.28.7-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bfd98be425
2024-02-17 00:55:58.833840
--------------------------------------------------------------------------------

Name : mbedtls
Product : Fedora 39
Version : 2.28.7
Release : 1.fc39
URL : https://www.trustedfirmware.org/projects/mbed-tls
Summary : Light-weight cryptographic and SSL/TLS library
Description :
Mbed TLS is a light-weight open source cryptographic and SSL/TLS
library written in C. Mbed TLS makes it easy for developers to include
cryptographic and SSL/TLS capabilities in their (embedded)
applications with as little hassle as possible.

--------------------------------------------------------------------------------
Update Information:

Update to 2.28.7
Release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.7
Security Advisories:
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-
advisory-2024-01-1/
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-
advisory-2024-01-2/
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 6 2024 Morten Stevens [mstevens@fedoraproject.org] - 2.28.7-1
- Update to 2.28.7
* Tue Feb 6 2024 Morten Stevens [mstevens@fedoraproject.org] - 2.28.5-4
- Disabled testing due to build issues with GCC 14
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.28.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.28.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2261600 - CVE-2024-23170 CVE-2024-23775 mbedtls: multiple vulnerabilties [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2261600
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bfd98be425' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: freerdp-2.11.5-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-01689e51e5
2024-02-17 00:55:58.833820
--------------------------------------------------------------------------------

Name : freerdp
Product : Fedora 39
Version : 2.11.5
Release : 1.fc39
URL : http://www.freerdp.com/
Summary : Free implementation of the Remote Desktop Protocol (RDP)
Description :
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP
project.

xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows
machines, xrdp and VirtualBox.

--------------------------------------------------------------------------------
Update Information:

Update to 2.11.5
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 1 2024 Ondrej Holy [oholy@redhat.com] - 2:2.11.5-1
- Update to 2.11.5.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2259483 - CVE-2024-22211 freerdp: Integer Overflow leading to Heap Overflow in freerdp_bitmap_planar_context_reset
https://bugzilla.redhat.com/show_bug.cgi?id=2259483
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-01689e51e5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: python-cryptography-41.0.7-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-91f5df4002
2024-02-17 00:55:58.833828
--------------------------------------------------------------------------------

Name : python-cryptography
Product : Fedora 39
Version : 41.0.7
Release : 1.fc39
URL : https://cryptography.io/en/latest/
Summary : PyCA's cryptography library
Description :
cryptography is a package designed to expose cryptographic primitives and
recipes to Python developers.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-49083
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 1 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 41.0.7-1
- Update to 41.0.7, fixes rhbz#2255351, CVE-2023-49083
* Thu Feb 1 2024 Christian Heimes [cheimes@redhat.com] - 41.0.5-1
- Update to 41.0.5, resolves RHBZ#2239707
* Fri Dec 1 2023 Fabio Valentini [decathorpe@gmail.com] - 41.0.3-2
- Rebuild for openssl crate >= v0.10.60 (RUSTSEC-2023-0044, RUSTSEC-2023-0072)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2255331 - CVE-2023-49083 python-cryptography: NULL-dereference when loading PKCS7 certificates
https://bugzilla.redhat.com/show_bug.cgi?id=2255331
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-91f5df4002' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--