Fedora 40 Update: matrix-synapse-1.111.1-3.fc40
Fedora 41 Update: chromium-131.0.6778.139-1.fc41
Fedora 41 Update: thunderbird-128.5.2-1.fc41
Fedora 41 Update: linux-firmware-20241210-1.fc41
Fedora 41 Update: open62541-1.4.8-1.fc41
Fedora 41 Update: matrix-synapse-1.118.0-3.fc41
[SECURITY] Fedora 40 Update: matrix-synapse-1.111.1-3.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-995720f767
2024-12-13 01:37:02.761820+00:00
--------------------------------------------------------------------------------
Name : matrix-synapse
Product : Fedora 40
Version : 1.111.1
Release : 3.fc40
URL : https://github.com/element-hq/synapse
Summary : A Matrix reference homeserver written in Python using Twisted
Description :
Matrix is an ambitious new ecosystem for open federated Instant Messaging and
VoIP. Synapse is a reference "homeserver" implementation of Matrix from the
core development team at matrix.org, written in Python/Twisted. It is intended
to showcase the concept of Matrix and let folks see the spec in the context of
a coded base and let you run your own homeserver and generally help bootstrap
the ecosystem.
--------------------------------------------------------------------------------
Update Information:
CVE-2024-52805, CVE-2024-52815, CVE-2024-53863
Backport fixes from v1.120.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2024 Kai A. Hiller [git@kaialexhiller.de] - 1.111.1-3
- CVE-2024-52805, CVE-2024-52815, CVE-2024-53863
* Tue Dec 3 2024 Kai A. Hiller [git@kaialexhiller.de] - 1.111.1-2
- Backport fixes from v1.120.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2330234 - CVE-2024-52805 matrix-synapse: Synapse allows unsupported content types to lead to memory exhaustion [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2330234
[ 2 ] Bug #2330237 - CVE-2024-52815 matrix-synapse: A malformed invite can break the invitee's `/sync` [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2330237
[ 3 ] Bug #2330239 - CVE-2024-53863 matrix-synapse: Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2330239
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-995720f767' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: chromium-131.0.6778.139-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ccaff13d21
2024-12-13 01:33:43.480339+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 41
Version : 131.0.6778.139
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 131.0.6778.139
High CVE-2024-12381: Type Confusion in V8
High CVE-2024-12382: Use after free in Translate
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 11 2024 Than Ngo [than@redhat.com] - 131.0.6778.139-1
- Update to 131.0.6778.139
* High CVE-2024-12381: Type Confusion in V8
* High CVE-2024-12382: Use after free in Translate
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331786 - CVE-2024-12381 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2331786
[ 2 ] Bug #2331787 - CVE-2024-12381 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2331787
[ 3 ] Bug #2331788 - CVE-2024-12382 chromium: Use after free in Translate [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2331788
[ 4 ] Bug #2331789 - CVE-2024-12382 chromium: Use after free in Translate [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2331789
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ccaff13d21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: thunderbird-128.5.2-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b32b4e1b88
2024-12-13 01:33:43.480327+00:00
--------------------------------------------------------------------------------
Name : thunderbird
Product : Fedora 41
Version : 128.5.2
Release : 1.fc41
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
--------------------------------------------------------------------------------
Update Information:
Update to 128.5.2
https://www.thunderbird.net/en-US/thunderbird/128.5.2esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-69/
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 11 2024 Eike Rathke [erack@redhat.com] - 128.5.2-1
- Update to 128.5.2
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b32b4e1b88' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: linux-firmware-20241210-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-516b214c25
2024-12-13 01:33:43.480316+00:00
--------------------------------------------------------------------------------
Name : linux-firmware
Product : Fedora 41
Version : 20241210
Release : 1.fc41
URL : http://www.kernel.org/
Summary : Firmware files used by the Linux kernel
Description :
This package includes firmware files required for some devices to
operate.
--------------------------------------------------------------------------------
Update Information:
Update to upstream 20241210
Update firmware file for Intel BlazarU core
amdgpu: numerous firmware updates
upstream amdnpu firmware
QCA: Add Bluetooth nvm files for WCN785x
i915: Update Xe2LPD DMC to v2.24
cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops
iwlwifi: add Bz-gf FW for core89-91 release
QCA: Update Bluetooth WCN785x firmware to 2.0.0-00515-2
ice: update ice DDP wireless_edge package to 1.3.20.0
ice: update ice DDP comms package to 1.3.52.0
ice: update ice DDP package to ice-1.3.41.0
amdgpu: update DMCUB to v9.0.10.0 for DCN314/DCN351
Update AMD cpu microcode
xe: Update GUC to v70.36.0 for BMG, LNL
i915: Update GUC to v70.36.0 for ADL-P, DG1, DG2, MTL, TGL
iwlwifi: add Bz-gf FW for core91-69 release
qcom: venus-5.4: add venus firmware file for qcs615
qcom: update venus firmware file for SC7280
QCA: Add 22 bluetooth firmware nvm files for QCA2066
mediatek MT7921/MT7922: update bluetooth firmware
update for MT7921/MT7922 WiFi device
qcom: Add QDU100 firmware image files.
qcom: Update aic100 firmware files
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 10 2024 Peter Robinson [pbrobinson@fedoraproject.org] - 20241210-1
- Update to upstream 20241210
- Update firmware file for Intel BlazarU core
- amdgpu: numerous firmware updates
- upstream amdnpu firmware
- QCA: Add Bluetooth nvm files for WCN785x
- i915: Update Xe2LPD DMC to v2.24
- cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops
- iwlwifi: add Bz-gf FW for core89-91 release
- QCA: Update Bluetooth WCN785x firmware to 2.0.0-00515-2
- ice: update ice DDP wireless_edge package to 1.3.20.0
- ice: update ice DDP comms package to 1.3.52.0
- ice: update ice DDP package to ice-1.3.41.0
- amdgpu: update DMCUB to v9.0.10.0 for DCN314/DCN351
- Update AMD cpu microcode
- xe: Update GUC to v70.36.0 for BMG, LNL
- i915: Update GUC to v70.36.0 for ADL-P, DG1, DG2, MTL, TGL
- iwlwifi: add Bz-gf FW for core91-69 release
- qcom: venus-5.4: add venus firmware file for qcs615
- qcom: update venus firmware file for SC7280
- QCA: Add 22 bluetooth firmware nvm files for QCA2066
- mediatek MT7921/MT7922: update bluetooth firmware
- update for MT7921/MT7922 WiFi device
- qcom: Add QDU100 firmware image files.
- qcom: Update aic100 firmware files
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-516b214c25' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: open62541-1.4.8-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-821c085a14
2024-12-13 01:33:43.480200+00:00
--------------------------------------------------------------------------------
Name : open62541
Product : Fedora 41
Version : 1.4.8
Release : 1.fc41
URL : http://open62541.org
Summary : OPC UA implementation
Description :
open62541 is a C-based library (linking with C++ projects is possible)
with all necessary tools to implement dedicated OPC UA clients and servers,
or to integrate OPC UA-based communication into existing applications.
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.8
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2024 Peter Robinson [pbrobinson@fedoraproject.org] - 1.4.8-1
- Update to 1.4.8
- Minor build cleanups, add option to make docs optional
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2171868 - open62541-1.4.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2171868
[ 2 ] Bug #2327824 - CVE-2024-53429 open62541: assertion failure in fuzz_binary_decode leads to crash [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2327824
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-821c085a14' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: matrix-synapse-1.118.0-3.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4cadba7a29
2024-12-13 01:33:43.480190+00:00
--------------------------------------------------------------------------------
Name : matrix-synapse
Product : Fedora 41
Version : 1.118.0
Release : 3.fc41
URL : https://github.com/element-hq/synapse
Summary : A Matrix reference homeserver written in Python using Twisted
Description :
Matrix is an ambitious new ecosystem for open federated Instant Messaging and
VoIP. Synapse is a reference "homeserver" implementation of Matrix from the
core development team at matrix.org, written in Python/Twisted. It is intended
to showcase the concept of Matrix and let folks see the spec in the context of
a coded base and let you run your own homeserver and generally help bootstrap
the ecosystem.
--------------------------------------------------------------------------------
Update Information:
CVE-2024-52805, CVE-2024-52815, CVE-2024-53863, CVE-2024-53867
Backport fixes from v1.120.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2024 Kai A. Hiller [git@kaialexhiller.de] - 1.118.0-3
- CVE-2024-52805, CVE-2024-52815, CVE-2024-53863, CVE-2024-53867
* Tue Dec 3 2024 Kai A. Hiller [git@kaialexhiller.de] - 1.118.0-2
- Backport fixes from v1.120.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2330235 - CVE-2024-52805 matrix-synapse: Synapse allows unsupported content types to lead to memory exhaustion [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2330235
[ 2 ] Bug #2330236 - CVE-2024-53867 matrix-synapse: Synapse Matrix has a partial room state leak via Sliding Sync [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2330236
[ 3 ] Bug #2330238 - CVE-2024-52815 matrix-synapse: A malformed invite can break the invitee's `/sync` [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2330238
[ 4 ] Bug #2330240 - CVE-2024-53863 matrix-synapse: Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2330240
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4cadba7a29' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
