Fedora Linux 8779 Published by

The following updates are available for Fedora Linux:

Fedora 38 Update: python-aiohttp-3.9.3-3.fc38
Fedora 38 Update: uxplay-1.68.2-3.fc38
Fedora 38 Update: nghttp2-1.52.0-3.fc38
Fedora 39 Update: glibc-2.38-18.fc39
Fedora 39 Update: python-aiohttp-3.9.3-3.fc39
Fedora 39 Update: uxplay-1.68.2-3.fc39
Fedora 39 Update: nodejs18-18.20.2-1.fc39
Fedora 39 Update: nghttp2-1.55.1-5.fc39




Fedora 38 Update: python-aiohttp-3.9.3-3.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-5dc487ee89
2024-04-20 02:13:26.365190
--------------------------------------------------------------------------------

Name : python-aiohttp
Product : Fedora 38
Version : 3.9.3
Release : 3.fc38
URL : https://github.com/aio-libs/aiohttp
Summary : Python HTTP client/server for asyncio
Description :
Python HTTP client/server for asyncio which supports both the client and the
server side of the HTTP protocol, client and server websocket, and webservers
with middlewares and pluggable routing.

--------------------------------------------------------------------------------
Update Information:

Update llhttp to 9.2.1, fixing CVE-2024-27982.
Additionally, llhttp 9.2.0 contained a number of bug fixes.
Backport llhttp 9.2.1 support to python-aiohttp 3.9.3.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 11 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 3.9.3-3
- Backport support for llhttp 9.2.1
- Started rejecting obsolete line folding in Python parser to match
* Fri Feb 16 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 3.9.3-2
- Rebuilt for llhttp-9.2.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2273352 - llhttp-9.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2273352
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-5dc487ee89' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: uxplay-1.68.2-3.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-5dc487ee89
2024-04-20 02:13:26.365190
--------------------------------------------------------------------------------

Name : uxplay
Product : Fedora 38
Version : 1.68.2
Release : 3.fc38
URL : https://github.com/FDH2/UxPlay
Summary : AirPlay Unix mirroring server
Description :
An AirPlay2 Mirror and AirPlay2 Audio (but not Video) server that provides
screen-mirroring (with audio) of iOS/MacOS clients in a display window on
the server host (which can be shared using a screen-sharing application);
Apple Lossless Audio (ALAC) (e.g.,iTunes) can be streamed from client to
server in non-mirror mode.

--------------------------------------------------------------------------------
Update Information:

Update llhttp to 9.2.1, fixing CVE-2024-27982.
Additionally, llhttp 9.2.0 contained a number of bug fixes.
Backport llhttp 9.2.1 support to python-aiohttp 3.9.3.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 16 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 1.68.2-3
- Rebuild for llhttp-9.2.0
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.68.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2273352 - llhttp-9.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2273352
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-5dc487ee89' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: nghttp2-1.52.0-3.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ec22e51ec2
2024-04-20 02:13:26.365103
--------------------------------------------------------------------------------

Name : nghttp2
Product : Fedora 38
Version : 1.52.0
Release : 3.fc38
URL : https://nghttp2.org/
Summary : Experimental HTTP/2 client, server and proxy
Description :
This package contains the HTTP/2 client, server and proxy programs.

--------------------------------------------------------------------------------
Update Information:

fix CONTINUATION frames DoS (CVE-2024-28182)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 4 2024 Jan Macku [jamacku@redhat.com] - 1.52.0-3
- fix CONTINUATION frames DoS (CVE-2024-28182)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2268639 - CVE-2024-28182 nghttp2: CONTINUATION frames DoS
https://bugzilla.redhat.com/show_bug.cgi?id=2268639
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ec22e51ec2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: glibc-2.38-18.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-9be1b94714
2024-04-20 01:02:39.396098
--------------------------------------------------------------------------------

Name : glibc
Product : Fedora 39
Version : 2.38
Release : 18.fc39
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

--------------------------------------------------------------------------------
Update Information:

This update includes several bug fixes from the upstream glibc release branch,
including a fix for CVE-2024-2961.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 18 2024 Arjun Shankar [arjun@redhat.com] - 2.38-18
- Auto-sync with upstream branch release/2.38/master,
commit e1135387deded5d73924f6ca20c72a35dc8e1bda:
- iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)
- powerpc: Fix ld.so address determination for PCREL mode (bug 31640)
- AArch64: Check kernel version for SVE ifuncs
- aarch64: fix check for SVE support in assembler
- aarch64: correct CFI in rawmemchr (bug 31113)
- AArch64: Remove Falkor memcpy
- AArch64: Add memset_zva64
- AArch64: Cleanup emag memset
- AArch64: Cleanup ifuncs
- AArch64: Add support for MOPS memcpy/memmove/memset
- Add HWCAP2_MOPS from Linux 6.5 to AArch64 bits/hwcap.h
- LoongArch: Correct {__ieee754, _}_scalb -> {__ieee754, _}_scalbf
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2275855 - CVE-2024-2961 glibc: Out of bounds write in iconv may lead to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2275855
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-9be1b94714' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: python-aiohttp-3.9.3-3.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f83b123d63
2024-04-20 01:02:39.396055
--------------------------------------------------------------------------------

Name : python-aiohttp
Product : Fedora 39
Version : 3.9.3
Release : 3.fc39
URL : https://github.com/aio-libs/aiohttp
Summary : Python HTTP client/server for asyncio
Description :
Python HTTP client/server for asyncio which supports both the client and the
server side of the HTTP protocol, client and server websocket, and webservers
with middlewares and pluggable routing.

--------------------------------------------------------------------------------
Update Information:

Update llhttp to 9.2.1, fixing CVE-2024-27982.
Additionally, llhttp 9.2.0 contained a number of bug fixes.
Backport llhttp 9.2.1 support to python-aiohttp 3.9.3.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 11 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 3.9.3-3
- Backport support for llhttp 9.2.1
- Started rejecting obsolete line folding in Python parser to match
* Fri Feb 16 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 3.9.3-2
- Rebuilt for llhttp-9.2.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2273352 - llhttp-9.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2273352
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f83b123d63' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: uxplay-1.68.2-3.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f83b123d63
2024-04-20 01:02:39.396055
--------------------------------------------------------------------------------

Name : uxplay
Product : Fedora 39
Version : 1.68.2
Release : 3.fc39
URL : https://github.com/FDH2/UxPlay
Summary : AirPlay Unix mirroring server
Description :
An AirPlay2 Mirror and AirPlay2 Audio (but not Video) server that provides
screen-mirroring (with audio) of iOS/MacOS clients in a display window on
the server host (which can be shared using a screen-sharing application);
Apple Lossless Audio (ALAC) (e.g.,iTunes) can be streamed from client to
server in non-mirror mode.

--------------------------------------------------------------------------------
Update Information:

Update llhttp to 9.2.1, fixing CVE-2024-27982.
Additionally, llhttp 9.2.0 contained a number of bug fixes.
Backport llhttp 9.2.1 support to python-aiohttp 3.9.3.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 16 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 1.68.2-3
- Rebuild for llhttp-9.2.0
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.68.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2273352 - llhttp-9.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2273352
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f83b123d63' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: nodejs18-18.20.2-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8d548b8c96
2024-04-20 01:02:39.396002
--------------------------------------------------------------------------------

Name : nodejs18
Product : Fedora 39
Version : 18.20.2
Release : 1.fc39
URL : http://nodejs.org/
Summary : JavaScript runtime
Description :
Node.js is a platform built on Chrome's JavaScript runtime \
for easily building fast, scalable network applications. \
Node.js uses an event-driven, non-blocking I/O model that \
makes it lightweight and efficient, perfect for data-intensive \
real-time applications that run across distributed devices.}

--------------------------------------------------------------------------------
Update Information:

2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @RafaelGSS
This is a security release.
Notable Changes
CVE-2024-27980 - Command injection via args parameter of child_process.spawn
without shell option enabled on Windows
Commits
[6627222409] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis)
nodejs-private/node-private#564
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 10 2024 Stephen Gallagher [sgallagh@redhat.com] - 1:18.20.2-1
- Update to 18.20.2
* Tue Apr 9 2024 Stephen Gallagher [sgallagh@redhat.com] - 1:18.20.1-1
- Update to 18.20.1
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1:18.19.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1:18.19.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8d548b8c96' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: nghttp2-1.55.1-5.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a00de83de9
2024-04-20 01:02:39.395914
--------------------------------------------------------------------------------

Name : nghttp2
Product : Fedora 39
Version : 1.55.1
Release : 5.fc39
URL : https://nghttp2.org/
Summary : Experimental HTTP/2 client, server and proxy
Description :
This package contains the HTTP/2 client, server and proxy programs.

--------------------------------------------------------------------------------
Update Information:

fix CONTINUATION frames DoS (CVE-2024-28182)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 4 2024 Jan Macku [jamacku@redhat.com] - 1.55.1-5
- fix CONTINUATION frames DoS (CVE-2024-28182)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2268639 - CVE-2024-28182 nghttp2: CONTINUATION frames DoS
https://bugzilla.redhat.com/show_bug.cgi?id=2268639
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a00de83de9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--