Fedora Linux 8814 Published by

The following security updates have been released for Fedora Linux:

Fedora 40 Update: openssh-9.6p1-1.fc40.4
Fedora 40 Update: ghostscript-10.02.1-10.fc40
Fedora 39 Update: openssh-9.3p1-11.fc39




Fedora 40 Update: openssh-9.6p1-1.fc40.4


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-dc89a2e1bf
2024-07-02 20:14:07.633512
--------------------------------------------------------------------------------

Name : openssh
Product : Fedora 40
Version : 9.6p1
Release : 1.fc40.4
URL : http://www.openssh.com/portable.html
Summary : An open source implementation of SSH protocol version 2
Description :
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features.

This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2024-6387 (rhbz#2294879)
Backport fix for ObscureKeystrokeTiming logic error from OpenSSH 9.8
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 2 2024 Dmitry Belyavskiy [dbelyavs@redhat.com] - 9.6p1-1.4
- rebuilt
* Mon Jul 1 2024 Daniel Milnes - 9.6p1-1.3
- Backport fix for CVE-2024-6387 (rhbz#2294879)
- Backport fix for ObscureKeystrokeTiming logic error from OpenSSH 9.8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2294904 - CVE-2024-6387 openssh: Possible remote code execution due to a race condition in signal handling [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2294904
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-dc89a2e1bf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 40 Update: ghostscript-10.02.1-10.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f433c5c4da
2024-07-02 20:14:07.633450
--------------------------------------------------------------------------------

Name : ghostscript
Product : Fedora 40
Version : 10.02.1
Release : 10.fc40
URL : https://ghostscript.com/
Summary : Interpreter for PostScript language & PDF
Description :
This package provides useful conversion utilities based on Ghostscript software,
for converting PS, PDF and other document formats between each other.

Ghostscript is a suite of software providing an interpreter for Adobe Systems'
PostScript (PS) and Portable Document Format (PDF) page description languages.
Its primary purpose includes displaying (rasterization & rendering) and printing
of document pages, as well as conversions between different document formats.

--------------------------------------------------------------------------------
Update Information:

Security fixes for CVE-2024-33870, CVE-2024-29510
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 27 2024 Zdenek Dohnal [zdohnal@redhat.com] - 10.02.1-10
- 2293951 - CVE-2024-29510 ghostscript: format string injection leads to shell command execution (SAFER bypass)
- 2293960 - CVE-2024-33870 ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2293950 - CVE-2024-29510 ghostscript: format string injection leads to shell command execution (SAFER bypass)
https://bugzilla.redhat.com/show_bug.cgi?id=2293950
[ 2 ] Bug #2293959 - CVE-2024-33870 ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths
https://bugzilla.redhat.com/show_bug.cgi?id=2293959
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f433c5c4da' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 39 Update: openssh-9.3p1-11.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-213f33544e
2024-07-02 18:06:45.897682
--------------------------------------------------------------------------------

Name : openssh
Product : Fedora 39
Version : 9.3p1
Release : 11.fc39
URL : http://www.openssh.com/portable.html
Summary : An open source implementation of SSH protocol version 2
Description :
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features.

This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2024-6387 (rhbz#2294879)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 1 2024 Daniel Milnes - 9.3p1-11
- Backport fix for CVE-2024-6387 (rhbz#2294879)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2294905 - CVE-2024-6387 openssh: Possible remote code execution due to a race condition in signal handling [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2294905
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-213f33544e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--