Fedora Linux 8779 Published by

Fedora Linux has received a number of security updates, including perl-App-cpanminus, p7zip, crosswords, and logiops:

[SECURITY] Fedora 40 Update: perl-App-cpanminus-1.7047-4.fc40
[SECURITY] Fedora 40 Update: logiops-0.3.5-1.fc40
[SECURITY] Fedora 39 Update: perl-App-cpanminus-1.7047-2.fc39
[SECURITY] Fedora 39 Update: logiops-0.3.5-1.fc39
[SECURITY] Fedora 41 Update: p7zip-16.02-31.fc41
[SECURITY] Fedora 41 Update: crosswords-0.3.13.3-4.fc41
[SECURITY] Fedora 41 Update: perl-App-cpanminus-1.7047-5.fc41
[SECURITY] Fedora 41 Update: logiops-0.3.5-1.fc41




[SECURITY] Fedora 40 Update: perl-App-cpanminus-1.7047-4.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-aaa468ae4f
2024-10-09 01:29:48.658001
--------------------------------------------------------------------------------

Name : perl-App-cpanminus
Product : Fedora 40
Version : 1.7047
Release : 4.fc40
URL : https://metacpan.org/release/App-cpanminus
Summary : Get, unpack, build and install CPAN modules
Description :
Why? It's dependency free, requires zero configuration, and stands alone
but it's maintainable and extensible with plug-ins and friendly to shell
scripting. When running, it requires only 10 MB of RAM.

--------------------------------------------------------------------------------
Update Information:

Patch the code to use https instead of http (CVE-2024-45321)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 26 2024 Jitka Plesnikova [jplesnik@redhat.com] - 1.7047-4
- Patch the code to use https instead of http (CVE-2024-45321)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2308439 - CVE-2024-45321 perl-App-cpanminus: From NVD collector [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2308439
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-aaa468ae4f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: logiops-0.3.5-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-326390f033
2024-10-09 01:29:48.657994
--------------------------------------------------------------------------------

Name : logiops
Product : Fedora 40
Version : 0.3.5
Release : 1.fc40
URL : https://github.com/PixlOne/logiops
Summary : Unofficial driver for Logitech mice and keyboard
Description :
This is an unofficial driver for Logitech mice and keyboard.

This is currently only compatible with HID++ >2.0 devices.

--------------------------------------------------------------------------------
Update Information:

Fixes CVE-2024-45752: A vulnerability that allows users to remap keys
arbitrarily. This allows all users on the system to remap a key unexpectedly to
a potentially malicious sequence
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 30 2024 Nicolas De Amicis [deamicis@bluewin.ch] - 0.3.5-1
- Fixes CVE-2024-45752
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2313588 - CVE-2024-45752 logiops: unprivileged user can configure logid daemon via an unrestricted D-Bus service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2313588
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-326390f033' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: perl-App-cpanminus-1.7047-2.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-78e43b4de6
2024-10-09 00:46:39.270360
--------------------------------------------------------------------------------

Name : perl-App-cpanminus
Product : Fedora 39
Version : 1.7047
Release : 2.fc39
URL : https://metacpan.org/release/App-cpanminus
Summary : Get, unpack, build and install CPAN modules
Description :
Why? It's dependency free, requires zero configuration, and stands alone
but it's maintainable and extensible with plug-ins and friendly to shell
scripting. When running, it requires only 10 MB of RAM.

--------------------------------------------------------------------------------
Update Information:

Patch the code to use https instead of http (CVE-2024-45321)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 26 2024 Jitka Plesnikova [jplesnik@redhat.com] - 1.7047-2
- Patch the code to use https instead of http (CVE-2024-45321)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2308438 - CVE-2024-45321 perl-App-cpanminus: From NVD collector [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2308438
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-78e43b4de6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: logiops-0.3.5-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-69ce052378
2024-10-09 00:46:39.270353
--------------------------------------------------------------------------------

Name : logiops
Product : Fedora 39
Version : 0.3.5
Release : 1.fc39
URL : https://github.com/PixlOne/logiops
Summary : Unofficial driver for Logitech mice and keyboard
Description :
This is an unofficial driver for Logitech mice and keyboard.

This is currently only compatible with HID++ >2.0 devices.

--------------------------------------------------------------------------------
Update Information:

Fixes CVE-2024-45752: A vulnerability that allows users to remap keys
arbitrarily. This allows all users on the system to remap a key unexpectedly to
a potentially malicious sequence
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 30 2024 Nicolas De Amicis - 0.3.5-1
- Fixes CVE-2024-45752
* Mon Jul 29 2024 Miroslav Suchý - 0.3.4-3
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering - 0.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri May 31 2024 Nicolas De Amicis - 0.3.4-1
- Bump to 0.3.4: Fix building on GCC 14
* Sun Feb 4 2024 Nicolas De Amicis - 0.3.3-4
- Adding missing algorithm header
* Thu Jan 25 2024 Fedora Release Engineering - 0.3.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering - 0.3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-69ce052378' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 41 Update: p7zip-16.02-31.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-69ce052378
2024-10-09 00:46:39.270353
--------------------------------------------------------------------------------

Name : logiops
Product : Fedora 39
Version : 0.3.5
Release : 1.fc39
URL : https://github.com/PixlOne/logiops
Summary : Unofficial driver for Logitech mice and keyboard
Description :
This is an unofficial driver for Logitech mice and keyboard.

This is currently only compatible with HID++ >2.0 devices.

--------------------------------------------------------------------------------
Update Information:

Fixes CVE-2024-45752: A vulnerability that allows users to remap keys
arbitrarily. This allows all users on the system to remap a key unexpectedly to
a potentially malicious sequence
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 30 2024 Nicolas De Amicis - 0.3.5-1
- Fixes CVE-2024-45752
* Mon Jul 29 2024 Miroslav Suchý - 0.3.4-3
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering - 0.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri May 31 2024 Nicolas De Amicis - 0.3.4-1
- Bump to 0.3.4: Fix building on GCC 14
* Sun Feb 4 2024 Nicolas De Amicis - 0.3.3-4
- Adding missing algorithm header
* Thu Jan 25 2024 Fedora Release Engineering - 0.3.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering - 0.3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-69ce052378' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 41 Update: crosswords-0.3.13.3-4.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-851219f5e3
2024-10-09 00:15:07.604638
--------------------------------------------------------------------------------

Name : crosswords
Product : Fedora 41
Version : 0.3.13.3
Release : 4.fc41
URL : https://gitlab.gnome.org/jrb/crosswords
Summary : Solve crossword puzzles
Description :
A simple and fun game of crosswords. Load your crossword files, or play one of
the included games. Features include:

- Support for shaped and colored crosswords
- Loading .ipuz and .puz files
- Hint support, such as showing mistakes and suggesting words
- Dark mode support
- Locally installed crosswords as well as support for 3rd party downloaders

--------------------------------------------------------------------------------
Update Information:

Update to 0.3.13.3 and fix gresource generation
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 30 2024 Yaakov Selkowitz [yselkowi@redhat.com] - 0.3.13.3-4
- Fix gresource generation
* Wed Jul 17 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.3.13.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Tue Jul 16 2024 Davide Cavalca [dcavalca@fedoraproject.org] - 0.3.13.3-2
- Include word-lists in preparation for 0.3.14
* Sat May 25 2024 Davide Cavalca [dcavalca@fedoraproject.org] - 0.3.13.3-1
- Update to 0.3.13.3; Fixes: RHBZ#2282223
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2282128 - CVE-2024-35195 crosswords: requests: subsequent requests to the same host ignore cert verification [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2282128
[ 2 ] Bug #2282223 - crosswords-0.3.13.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2282223
[ 3 ] Bug #2300613 - crosswords: FTBFS in Fedora rawhide/f41
https://bugzilla.redhat.com/show_bug.cgi?id=2300613
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-851219f5e3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: perl-App-cpanminus-1.7047-5.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ef9db8b16d
2024-10-09 00:15:07.604592
--------------------------------------------------------------------------------

Name : perl-App-cpanminus
Product : Fedora 41
Version : 1.7047
Release : 5.fc41
URL : https://metacpan.org/release/App-cpanminus
Summary : Get, unpack, build and install CPAN modules
Description :
Why? It's dependency free, requires zero configuration, and stands alone
but it's maintainable and extensible with plug-ins and friendly to shell
scripting. When running, it requires only 10 MB of RAM.

--------------------------------------------------------------------------------
Update Information:

Patch the code to use https instead of http (CVE-2024-45321)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 26 2024 Jitka Plesnikova [jplesnik@redhat.com] - 1.7047-5
- Patch the code to use https instead of http (CVE-2024-45321)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2308439 - CVE-2024-45321 perl-App-cpanminus: From NVD collector [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2308439
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ef9db8b16d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: logiops-0.3.5-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-1a9b10c921
2024-10-09 00:15:07.604545
--------------------------------------------------------------------------------

Name : logiops
Product : Fedora 41
Version : 0.3.5
Release : 1.fc41
URL : https://github.com/PixlOne/logiops
Summary : Unofficial driver for Logitech mice and keyboard
Description :
This is an unofficial driver for Logitech mice and keyboard.

This is currently only compatible with HID++ >2.0 devices.

--------------------------------------------------------------------------------
Update Information:

Fixes CVE-2024-45752: A vulnerability that allows users to remap keys
arbitrarily. This allows all users on the system to remap a key unexpectedly to
a potentially malicious sequence
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 30 2024 Nicolas De Amicis - 0.3.5-1
- Fixes CVE-2024-45752
* Mon Jul 29 2024 Miroslav Suchý - 0.3.4-3
- convert license to SPDX
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-1a9b10c921' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------