Fedora Linux 8816 Published by

Fedora Linux has been updated with multiple security enhancements, including libsndfile-1.2.2-4.fc40, mingw-python3-3.11.10-2.fc40, mingw-glib2-2.82.2-1.fc40, mingw-libsoup-2.74.3-8.fc40, and qbittorrent-5.0.2-1.fc41:

Fedora 40 Update: libsndfile-1.2.2-4.fc40
Fedora 40 Update: mingw-python3-3.11.10-2.fc40
Fedora 40 Update: mingw-glib2-2.82.2-1.fc40
Fedora 40 Update: mingw-libsoup-2.74.3-8.fc40
Fedora 41 Update: qbittorrent-5.0.2-1.fc41



[SECURITY] Fedora 40 Update: libsndfile-1.2.2-4.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-3ae3a47901
2024-11-27 02:30:46.013828+00:00
--------------------------------------------------------------------------------

Name : libsndfile
Product : Fedora 40
Version : 1.2.2
Release : 4.fc40
URL : http://libsndfile.github.io/libsndfile/
Summary : Library for reading and writing sound files
Description :
libsndfile is a C library for reading and writing sound files such as
AIFF, AU, WAV, and others through one standard interface. It can
currently read/write 8, 16, 24 and 32-bit PCM files as well as 32 and
64-bit floating point WAV files and a number of compressed formats. It
compiles and runs on *nix, MacOS, and Win32.

--------------------------------------------------------------------------------
Update Information:

fix crash in in ogg vorbis (rhbz#2322326) (CVE-2024-50612)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 18 2024 Michal Hlavinka [mhlavink@redhat.com] - 1.2.2-4
- fix crash in in ogg vorbis (rhbz#2322326) (CVE-2024-50612)
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.2.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2322326 - CVE-2024-50612 libsndfile: Segmentation fault error in ogg_vorbis.c:417 vorbis_analysis_wrote() [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2322326
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-3ae3a47901' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: mingw-python3-3.11.10-2.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d7e2d109e2
2024-11-27 02:30:46.013710+00:00
--------------------------------------------------------------------------------

Name : mingw-python3
Product : Fedora 40
Version : 3.11.10
Release : 2.fc40
URL : https://www.python.org/
Summary : MinGW Windows python3
Description :
MinGW Windows python3

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2024-9287
Update to python-3.11.0.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 18 2024 Sandro Mani [manisandro@gmail.com] - 3.11.10-2
- Backport fix for CVE-2024-9287
* Sat Nov 9 2024 Sandro Mani [manisandro@gmail.com] - 3.11.10-1
- Update to 3.11.10
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2321653 - CVE-2024-9287 mingw-python3: Virtual environment (venv) activation scripts don't quote paths [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321653
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d7e2d109e2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: mingw-glib2-2.82.2-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-1e29ad7d25
2024-11-27 02:30:46.013667+00:00
--------------------------------------------------------------------------------

Name : mingw-glib2
Product : Fedora 40
Version : 2.82.2
Release : 1.fc40
URL : http://www.gtk.org
Summary : MinGW Windows GLib2 library
Description :
MinGW Windows Glib2 library.

--------------------------------------------------------------------------------
Update Information:

Update to 2.82.2, fixes CVE-2024-52533.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 21 2024 Sandro Mani [manisandro@gmail.com] - 2.82.2-1
- Update to 2.82.2
* Mon Sep 23 2024 Sandro Mani [manisandro@gmail.com] - 2.82.1-1
- Update to 2.82.1
* Tue Aug 27 2024 Sandro Mani [manisandro@gmail.com] - 2.82.0-1
- Update to 2.82.0
* Mon Aug 19 2024 Sandro Mani [manisandro@gmail.com] - 2.81.2-1
- Update to 2.81.2
* Tue Aug 6 2024 Sandro Mani [manisandro@gmail.com] - 2.81.1-1
- Update to 2.81.1
* Tue Jul 30 2024 Sandro Mani [manisandro@gmail.com] - 2.81.0-1
- Update to 2.81.0
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.80.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jun 15 2024 Sandro Mani [manisandro@gmail.com] - 2.80.3-1
- Update to 2.80.3
* Fri May 10 2024 Sandro Mani [manisandro@gmail.com] - 2.80.2-1
- Update to 2.80.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2325362 - CVE-2024-52533 mingw-glib2: buffer overflow in set_connect_msg() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2325362
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-1e29ad7d25' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: mingw-libsoup-2.74.3-8.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8c3476dd24
2024-11-27 02:30:46.013673+00:00
--------------------------------------------------------------------------------

Name : mingw-libsoup
Product : Fedora 40
Version : 2.74.3
Release : 8.fc40
URL : https://wiki.gnome.org/Projects/libsoup
Summary : MinGW library for HTTP and XML-RPC functionality
Description :
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.

libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).

This is the MinGW build of Libsoup

--------------------------------------------------------------------------------
Update Information:

Backport fixes for CVE-2024-52530 and CVE-2024-52532.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 18 2024 Sandro Mani - 2.74.3-8
- Backport fix for CVE-2024-52530 and CVE-2024-52532
* Mon Sep 2 2024 Miroslav SuchĂ˝ - 2.74.3-7
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering - 2.74.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2325357 - CVE-2024-52532 mingw-libsoup: infinite loop while reading websocket data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2325357
[ 2 ] Bug #2325359 - CVE-2024-52530 mingw-libsoup: HTTP request smuggling via stripping null bytes from the ends of header names [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2325359
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8c3476dd24' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 41 Update: qbittorrent-5.0.2-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-1c74fc369b
2024-11-27 02:18:57.510505+00:00
--------------------------------------------------------------------------------

Name : qbittorrent
Product : Fedora 41
Version : 5.0.2
Release : 1.fc41
URL : https://www.qbittorrent.org
Summary : A Bittorrent Client
Description :
A Bittorrent client using rb_libtorrent and a Qt6 Graphical User Interface.
It aims to be as fast as possible and to provide multi-OS, unicode support.

--------------------------------------------------------------------------------
Update Information:

Update to 5.0.2 fix rhbz#2326888
--------------------------------------------------------------------------------
ChangeLog:

* Sat Nov 23 2024 Filipe Rosset [rosset.filipe@gmail.com] - 1:5.0.2-1
- Update to 5.0.2 fix rhbz#2326888
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2262473 - [abrt] qbittorrent: qAbort(): qbittorrent killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=2262473
[ 2 ] Bug #2323595 - CVE-2024-51774 qbittorrent: RCE Vulnerability in qBittorrent Due to Improper SSL/TLS Certificate Validation [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2323595
[ 3 ] Bug #2323596 - CVE-2024-51774 qbittorrent: RCE Vulnerability in qBittorrent Due to Improper SSL/TLS Certificate Validation [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2323596
[ 4 ] Bug #2326888 - qbittorrent-5.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2326888
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-1c74fc369b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--