Fedora Linux 8811 Published by

Fedora Linux has received several security updates, including microcode_ctl-2.1-67.fc41, php-bartlett-PHP-CompatInfo-7.1.4-3.fc41, python-waitress-3.0.1-1.fc41, ghostscript-10.02.1-13.fc40, php-bartlett-PHP-CompatInfo-7.1.4-3.fc40, webkitgtk-2.46.3-1.fc40, and php-bartlett-PHP-CompatInfo-7.1.4-3.fc39:

Fedora 41 Update: microcode_ctl-2.1-67.fc41
Fedora 41 Update: php-bartlett-PHP-CompatInfo-7.1.4-3.fc41
Fedora 41 Update: python-waitress-3.0.1-1.fc41
Fedora 40 Update: ghostscript-10.02.1-13.fc40
Fedora 40 Update: php-bartlett-PHP-CompatInfo-7.1.4-3.fc40
Fedora 40 Update: webkitgtk-2.46.3-1.fc40
Fedora 39 Update: php-bartlett-PHP-CompatInfo-7.1.4-3.fc39




[SECURITY] Fedora 41 Update: microcode_ctl-2.1-67.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-28ea86c8aa
2024-11-16 02:13:46.131332
--------------------------------------------------------------------------------

Name : microcode_ctl
Product : Fedora 41
Version : 2.1
Release : 67.fc41
URL : https://pagure.io/microcode_ctl
Summary : Tool to transform and deploy CPU microcode update for x86
Description :
The microcode_ctl utility is a companion to the microcode driver written
by Tigran Aivazian [tigran@aivazian.fsnet.co.uk].

The microcode update is volatile and needs to be uploaded on each system
boot i.e. it doesn't reflash your cpu permanently, reboot and it reverts
back to the old microcode.

--------------------------------------------------------------------------------
Update Information:

Update to upstream 2.1-47. 20241112
Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0005c0 up to 0x2b000603;
Update of 06-8f-05/0x87 (SPR-SP E2) microcode from revision 0x2b0005c0
up to 0x2b000603;
Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0005c0 up to 0x2b000603;
Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0005c0 up to 0x2b000603;
Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0005c0 up to 0x2b000603;
Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0005c0 up to 0x2b000603;
Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0005c0 up to 0x2b000603;
Update of 06-8f-06/0x87 (SPR-SP E3) microcode from revision 0x2b0005c0
up to 0x2b000603;
Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0005c0 up to 0x2b000603;
Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0005c0 up to 0x2b000603;
Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0005c0 up to 0x2b000603;
Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0005c0 up to 0x2b000603;
Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0005c0 up to 0x2b000603;
Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode from revision
0x2b0005c0 up to 0x2b000603;
Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0005c0 up to 0x2b000603;
Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0005c0 up to 0x2b000603;
Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0005c0 up to 0x2b000603;
Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0005c0 up to 0x2b000603;
Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0005c0 up to 0x2b000603;
Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode from revision
0x2b0005c0 up to 0x2b000603;
Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision
0x36 up to 0x37;
Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) from revision 0x36 up to 0x37;
Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x36 up to 0x37;
Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x36 up to 0x37;
Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-97-05) from revision 0x36 up to 0x37;
Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x36
up to 0x37;
Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x36 up to 0x37;
Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x36 up to 0x37;
Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision
0x434 up to 0x435;
Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) from revision 0x434 up to 0x435;
Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) from revision 0x434 up to 0x435;
Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x434
up to 0x435;
Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x1f
up to 0x20;
Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision
0x4122 up to 0x4123;
Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-02) from revision 0x4122 up to 0x4123;
Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) from
revision 0x4122 up to 0x4123;
Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-03) from revision 0x4122 up to 0x4123;
Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4122
up to 0x4123;
Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) from
revision 0x4122 up to 0x4123;
Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-08) from revision 0x4122 up to 0x4123;
Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-08) from revision 0x4122 up to 0x4123;
Update of 06-ba-08/0xe0 microcode from revision 0x4122 up to 0x4123;
Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-02) from revision 0x36 up to 0x37;
Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) from revision 0x36 up to 0x37;
Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x36 up
to 0x37;
Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02)
from revision 0x36 up to 0x37;
Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-05) from revision 0x36 up to 0x37;
Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) from revision 0x36 up to 0x37;
Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05)
from revision 0x36 up to 0x37;
Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x36 up
to 0x37;
Update of 06-cf-01/0x87 (EMR-SP A0) microcode from revision 0x21000230
up to 0x21000283;
Update of 06-cf-02/0x87 (EMR-SP A1) microcode (in
intel-ucode/06-cf-01) from revision 0x21000230 up to 0x21000283;
Update of 06-cf-01/0x87 (EMR-SP A0) microcode (in
intel-ucode/06-cf-02) from revision 0x21000230 up to 0x21000283;
Update of 06-cf-02/0x87 (EMR-SP A1) microcode from revision 0x21000230
up to 0x21000283.
Addresses CVE-2024-21820, CVE-2024-21853, CVE-2024-23918, CVE-2024-23984
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 13 2024 Eugene Syromiatnikov [esyr@redhat.com] 2:2.1-67
- Update to upstream 2.1-47. 20241112
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode from revision 0x2b0005c0
up to 0x2b000603;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-05) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode from revision 0x2b0005c0
up to 0x2b000603;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-06) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode from revision
0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
intel-ucode/06-8f-07) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
intel-ucode/06-8f-08) from revision 0x2b0005c0 up to 0x2b000603;
- Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode from revision
0x2b0005c0 up to 0x2b000603;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision
0x36 up to 0x37;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) from revision 0x36 up to 0x37;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x36 up to 0x37;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x36 up to 0x37;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-97-05) from revision 0x36 up to 0x37;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x36
up to 0x37;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x36 up to 0x37;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x36 up to 0x37;
- Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision
0x434 up to 0x435;
- Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) from revision 0x434 up to 0x435;
- Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) from revision 0x434 up to 0x435;
- Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x434
up to 0x435;
- Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x1f
up to 0x20;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision
0x4122 up to 0x4123;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-02) from revision 0x4122 up to 0x4123;
- Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) from
revision 0x4122 up to 0x4123;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-03) from revision 0x4122 up to 0x4123;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4122
up to 0x4123;
- Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) from
revision 0x4122 up to 0x4123;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-08) from revision 0x4122 up to 0x4123;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-08) from revision 0x4122 up to 0x4123;
- Update of 06-ba-08/0xe0 microcode from revision 0x4122 up to 0x4123;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-02) from revision 0x36 up to 0x37;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) from revision 0x36 up to 0x37;
- Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x36 up
to 0x37;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02)
from revision 0x36 up to 0x37;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-05) from revision 0x36 up to 0x37;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) from revision 0x36 up to 0x37;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05)
from revision 0x36 up to 0x37;
- Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x36 up
to 0x37;
- Update of 06-cf-01/0x87 (EMR-SP A0) microcode from revision 0x21000230
up to 0x21000283;
- Update of 06-cf-02/0x87 (EMR-SP A1) microcode (in
intel-ucode/06-cf-01) from revision 0x21000230 up to 0x21000283;
- Update of 06-cf-01/0x87 (EMR-SP A0) microcode (in
intel-ucode/06-cf-02) from revision 0x21000230 up to 0x21000283;
- Update of 06-cf-02/0x87 (EMR-SP A1) microcode from revision 0x21000230
up to 0x21000283.
- Addresses CVE-2024-21820, CVE-2024-21853, CVE-2024-23918, CVE-2024-23984
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-28ea86c8aa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: php-bartlett-PHP-CompatInfo-7.1.4-3.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-16a71b7cf5
2024-11-16 02:13:46.131081
--------------------------------------------------------------------------------

Name : php-bartlett-PHP-CompatInfo
Product : Fedora 41
Version : 7.1.4
Release : 3.fc41
URL : https://github.com/llaville/php-compatinfo
Summary : Find out version and the extensions required for a piece of code to run
Description :
PHP_CompatInfo will parse a file/folder/array to find out the minimum
version and extensions required for it to run. CLI version has many reports
(extension, interface, class, function, constant) to display and ability to
show content of dictionary references.

--------------------------------------------------------------------------------
Update Information:

bartlett/php-compatinfo-db 6.12.0 - 2024-10-29
Added
db:show command is now able to display deprecations on all components
PHP 8.2.25 support
PHP 8.3.13 support
PHP 8.4.0 support (until RC3)
Changed
update mailparse reference to version 3.1.8
update oauth reference to version 2.0.9
update oci8 reference to version 3.4.0
update rdkafka reference to version 6.0.4
update redis reference to version 6.1.0
update uuid reference to version 1.2.1
update xdebug reference to version 3.4.0beta1
update yaml reference to version 2.2.4
bartlett/php-compatinfo-db 6.11.1 - 2024-10-04
Changed
update opentelemetry reference to version 1.1.0 (stable)
Fixed
PHAR distribution was broken (reason is issue
explained into BOX Manifest 4.0.0RC1).
Solved now, we use the final stable version 4.0.0
bartlett/php-compatinfo-db 6.11.0 - 2024-10-02
Added
PHP 8.1.30 support
PHP 8.2.24 support
PHP 8.3.12 support
mongodb extension support
xpass extension support
Changed
update apcu reference to version 5.1.24
update msgpack reference to version 3.0.0
update opentelemetry reference to version 1.1.0beta3
update xlswriter reference to version 1.5.7
update zip reference to version 1.22.4
mongo extension is marked now as not supported (superseded by mongodb reference
that is now available)
bartlett/php-compatinfo-db 6.10.0 - 2024-09-01
Added
PHP 8.2.23 support
PHP 8.3.11 support
Changed
update xlswriter reference to version 1.5.6
bartlett/php-compatinfo-db 6.9.0 - 2024-08-17
Added
PHP 8.2.22 support
PHP 8.3.10 support
Changed
update ast reference to version 1.1.2
update igbinary reference to version 3.2.16
bartlett/php-compatinfo-db 6.8.0 - 2024-07-16
Added
PHP 8.2.21 support
PHP 8.3.9 support
Changed
update xhprof reference to version 2.3.10
bartlett/php-compatinfo-db 6.7.0 - 2024-06-14
Added
PHP 8.1.29 support
PHP 8.2.20 support
PHP 8.3.8 support
bartlett/php-compatinfo-db 6.6.0 - 2024-05-13
Added
PHP 8.1.28 support
PHP 8.2.19 support
PHP 8.3.7 support
Changed
update opentelemetry reference to version 1.0.3
update xdebug reference to version 3.3.2
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 7 2024 Remi Collet [remi@remirepo.net] - 7.1.4-3
- update bundled bartlett/php-compatinfo-db to 6.12.0
- update bundled dependencies
- optional support build with composer-generators
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2324261 - CVE-2024-50342 php-bartlett-PHP-CompatInfo: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2324261
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-16a71b7cf5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: python-waitress-3.0.1-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-157678aad0
2024-11-16 02:13:46.131068
--------------------------------------------------------------------------------

Name : python-waitress
Product : Fedora 41
Version : 3.0.1
Release : 1.fc41
URL : https://github.com/Pylons/waitress
Summary : Waitress WSGI server
Description :
Waitress is a production-quality pure-Python WSGI server with very acceptable
performance. It has no dependencies except ones which live in the Python
standard library.

--------------------------------------------------------------------------------
Update Information:

Update to version 3.0.1, which resolves CVE-2024-49768 and CVE-2024-49769.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 7 2024 Carl George [carlwgeorge@fedoraproject.org] - 3.0.1-1
- Update to version 3.0.1 rhbz#2322297
- Resolves: CVE-2024-49768
- Resolves: CVE-2024-49769
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2322297 - python-waitress-3.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2322297
[ 2 ] Bug #2324285 - CVE-2024-49768 python-waitress: request processing race condition in HTTP pipelining with invalid first request [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2324285
[ 3 ] Bug #2324286 - CVE-2024-49769 python-waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2324286
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-157678aad0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: ghostscript-10.02.1-13.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b1877232ce
2024-11-16 02:01:08.999468
--------------------------------------------------------------------------------

Name : ghostscript
Product : Fedora 40
Version : 10.02.1
Release : 13.fc40
URL : https://ghostscript.com/
Summary : Interpreter for PostScript language & PDF
Description :
This package provides useful conversion utilities based on Ghostscript software,
for converting PS, PDF and other document formats between each other.

Ghostscript is a suite of software providing an interpreter for Adobe Systems'
PostScript (PS) and Portable Document Format (PDF) page description languages.
Its primary purpose includes displaying (rasterization & rendering) and printing
of document pages, as well as conversions between different document formats.

--------------------------------------------------------------------------------
Update Information:

CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript
Pattern Color Space (fedora#2325237)
2325240 - CVE-2024-46952 CVE-2024-46953 CVE-2024-46954 CVE-2024-46955
CVE-2024-46956 ghostscript: various flaws
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 12 2024 Zdenek Dohnal [zdohnal@redhat.com] - 10.02.1-13
- CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space (fedora#2325237)
- 2325240 - CVE-2024-46952 CVE-2024-46953 CVE-2024-46954 CVE-2024-46955 CVE-2024-46956 ghostscript: various flaws
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2325041 - CVE-2024-46952 ghostscript: Buffer Overflow in Ghostscript PDF XRef Stream Handling
https://bugzilla.redhat.com/show_bug.cgi?id=2325041
[ 2 ] Bug #2325042 - CVE-2024-46955 ghostscript: Out-of-Bounds Read in Ghostscript Indexed Color Space
https://bugzilla.redhat.com/show_bug.cgi?id=2325042
[ 3 ] Bug #2325043 - CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space
https://bugzilla.redhat.com/show_bug.cgi?id=2325043
[ 4 ] Bug #2325044 - CVE-2024-46954 ghostscript: Directory Traversal in Ghostscript via Overlong UTF-8 Encoding
https://bugzilla.redhat.com/show_bug.cgi?id=2325044
[ 5 ] Bug #2325045 - CVE-2024-46953 ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript
https://bugzilla.redhat.com/show_bug.cgi?id=2325045
[ 6 ] Bug #2325047 - CVE-2024-46956 ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code Execution
https://bugzilla.redhat.com/show_bug.cgi?id=2325047
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b1877232ce' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: php-bartlett-PHP-CompatInfo-7.1.4-3.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-727ecb90c7
2024-11-16 02:01:08.999299
--------------------------------------------------------------------------------

Name : php-bartlett-PHP-CompatInfo
Product : Fedora 40
Version : 7.1.4
Release : 3.fc40
URL : https://github.com/llaville/php-compatinfo
Summary : Find out version and the extensions required for a piece of code to run
Description :
PHP_CompatInfo will parse a file/folder/array to find out the minimum
version and extensions required for it to run. CLI version has many reports
(extension, interface, class, function, constant) to display and ability to
show content of dictionary references.

--------------------------------------------------------------------------------
Update Information:

bartlett/php-compatinfo-db 6.12.0 - 2024-10-29
Added
db:show command is now able to display deprecations on all components
PHP 8.2.25 support
PHP 8.3.13 support
PHP 8.4.0 support (until RC3)
Changed
update mailparse reference to version 3.1.8
update oauth reference to version 2.0.9
update oci8 reference to version 3.4.0
update rdkafka reference to version 6.0.4
update redis reference to version 6.1.0
update uuid reference to version 1.2.1
update xdebug reference to version 3.4.0beta1
update yaml reference to version 2.2.4
bartlett/php-compatinfo-db 6.11.1 - 2024-10-04
Changed
update opentelemetry reference to version 1.1.0 (stable)
Fixed
PHAR distribution was broken (reason is issue
explained into BOX Manifest 4.0.0RC1).
Solved now, we use the final stable version 4.0.0
bartlett/php-compatinfo-db 6.11.0 - 2024-10-02
Added
PHP 8.1.30 support
PHP 8.2.24 support
PHP 8.3.12 support
mongodb extension support
xpass extension support
Changed
update apcu reference to version 5.1.24
update msgpack reference to version 3.0.0
update opentelemetry reference to version 1.1.0beta3
update xlswriter reference to version 1.5.7
update zip reference to version 1.22.4
mongo extension is marked now as not supported (superseded by mongodb reference
that is now available)
bartlett/php-compatinfo-db 6.10.0 - 2024-09-01
Added
PHP 8.2.23 support
PHP 8.3.11 support
Changed
update xlswriter reference to version 1.5.6
bartlett/php-compatinfo-db 6.9.0 - 2024-08-17
Added
PHP 8.2.22 support
PHP 8.3.10 support
Changed
update ast reference to version 1.1.2
update igbinary reference to version 3.2.16
bartlett/php-compatinfo-db 6.8.0 - 2024-07-16
Added
PHP 8.2.21 support
PHP 8.3.9 support
Changed
update xhprof reference to version 2.3.10
bartlett/php-compatinfo-db 6.7.0 - 2024-06-14
Added
PHP 8.1.29 support
PHP 8.2.20 support
PHP 8.3.8 support
bartlett/php-compatinfo-db 6.6.0 - 2024-05-13
Added
PHP 8.1.28 support
PHP 8.2.19 support
PHP 8.3.7 support
Changed
update opentelemetry reference to version 1.0.3
update xdebug reference to version 3.3.2
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 7 2024 Remi Collet [remi@remirepo.net] - 7.1.4-3
- update bundled bartlett/php-compatinfo-db to 6.12.0
- update bundled dependencies
- optional support build with composer-generators
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2324261 - CVE-2024-50342 php-bartlett-PHP-CompatInfo: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2324261
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-727ecb90c7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: webkitgtk-2.46.3-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4d940908db
2024-11-16 02:01:08.999262
--------------------------------------------------------------------------------

Name : webkitgtk
Product : Fedora 40
Version : 2.46.3
Release : 1.fc40
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.

--------------------------------------------------------------------------------
Update Information:

Update to WebKitGTK 2.46.3:
Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296
Changes from WebKitGTK 2.46.2:
Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated
canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting
settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 30 2024 Michael Catanzaro [mcatanzaro@redhat.com] - 2.46.3-1
- Update to 2.46.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2323285 - CVE-2024-44244 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2323285
[ 2 ] Bug #2323298 - CVE-2024-44296 webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2323298
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4d940908db' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: php-bartlett-PHP-CompatInfo-7.1.4-3.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e7bb8bc2da
2024-11-16 01:24:09.382548
--------------------------------------------------------------------------------

Name : php-bartlett-PHP-CompatInfo
Product : Fedora 39
Version : 7.1.4
Release : 3.fc39
URL : https://github.com/llaville/php-compatinfo
Summary : Find out version and the extensions required for a piece of code to run
Description :
PHP_CompatInfo will parse a file/folder/array to find out the minimum
version and extensions required for it to run. CLI version has many reports
(extension, interface, class, function, constant) to display and ability to
show content of dictionary references.

--------------------------------------------------------------------------------
Update Information:

bartlett/php-compatinfo-db 6.12.0 - 2024-10-29
Added
db:show command is now able to display deprecations on all components
PHP 8.2.25 support
PHP 8.3.13 support
PHP 8.4.0 support (until RC3)
Changed
update mailparse reference to version 3.1.8
update oauth reference to version 2.0.9
update oci8 reference to version 3.4.0
update rdkafka reference to version 6.0.4
update redis reference to version 6.1.0
update uuid reference to version 1.2.1
update xdebug reference to version 3.4.0beta1
update yaml reference to version 2.2.4
bartlett/php-compatinfo-db 6.11.1 - 2024-10-04
Changed
update opentelemetry reference to version 1.1.0 (stable)
Fixed
PHAR distribution was broken (reason is issue
explained into BOX Manifest 4.0.0RC1).
Solved now, we use the final stable version 4.0.0
bartlett/php-compatinfo-db 6.11.0 - 2024-10-02
Added
PHP 8.1.30 support
PHP 8.2.24 support
PHP 8.3.12 support
mongodb extension support
xpass extension support
Changed
update apcu reference to version 5.1.24
update msgpack reference to version 3.0.0
update opentelemetry reference to version 1.1.0beta3
update xlswriter reference to version 1.5.7
update zip reference to version 1.22.4
mongo extension is marked now as not supported (superseded by mongodb reference
that is now available)
bartlett/php-compatinfo-db 6.10.0 - 2024-09-01
Added
PHP 8.2.23 support
PHP 8.3.11 support
Changed
update xlswriter reference to version 1.5.6
bartlett/php-compatinfo-db 6.9.0 - 2024-08-17
Added
PHP 8.2.22 support
PHP 8.3.10 support
Changed
update ast reference to version 1.1.2
update igbinary reference to version 3.2.16
bartlett/php-compatinfo-db 6.8.0 - 2024-07-16
Added
PHP 8.2.21 support
PHP 8.3.9 support
Changed
update xhprof reference to version 2.3.10
bartlett/php-compatinfo-db 6.7.0 - 2024-06-14
Added
PHP 8.1.29 support
PHP 8.2.20 support
PHP 8.3.8 support
bartlett/php-compatinfo-db 6.6.0 - 2024-05-13
Added
PHP 8.1.28 support
PHP 8.2.19 support
PHP 8.3.7 support
Changed
update opentelemetry reference to version 1.0.3
update xdebug reference to version 3.3.2
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 7 2024 Remi Collet [remi@remirepo.net] - 7.1.4-3
- update bundled bartlett/php-compatinfo-db to 6.12.0
- update bundled dependencies
- optional support build with composer-generators
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2324261 - CVE-2024-50342 php-bartlett-PHP-CompatInfo: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2324261
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e7bb8bc2da' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--