Fedora Linux 8811 Published by

The following updates are available for Fedora Linux:

Fedora 39 Update: rust-1.77.2-1.fc39
Fedora 39 Update: trafficserver-9.2.4-1.fc39
Fedora 38 Update: trafficserver-9.2.4-1.fc38
Fedora 38 Update: upx-4.2.3-1.fc38




Fedora 39 Update: rust-1.77.2-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-6bc17db348
2024-04-12 01:20:46.887596
--------------------------------------------------------------------------------

Name : rust
Product : Fedora 39
Version : 1.77.2
Release : 1.fc39
URL : https://www.rust-lang.org
Summary : The Rust Programming Language
Description :
Rust is a systems programming language that runs blazingly fast, prevents
segfaults, and guarantees thread safety.

This package includes the Rust compiler and documentation generator.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-24576 (Windows command injection)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 9 2024 Josh Stone [jistone@redhat.com] - 1.77.2-1
- Update to 1.77.2; Fixes RHBZ#2274248 CVE-2024-24576
* Fri Apr 5 2024 Josh Stone [jistone@redhat.com] - 1.77.0-3
- Ensure more consistency in PGO flags -- fixes Cargo tests
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2265585 - CVE-2024-24576 rust: Fail to Escape Arguments Properly in Microsoft Windows
https://bugzilla.redhat.com/show_bug.cgi?id=2265585
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6bc17db348' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: trafficserver-9.2.4-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b1e16b4335
2024-04-12 01:20:46.887561
--------------------------------------------------------------------------------

Name : trafficserver
Product : Fedora 39
Version : 9.2.4
Release : 1.fc39
URL : https://trafficserver.apache.org/
Summary : Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
Description :
Traffic Server is a high-performance building block for cloud services.
It's more than just a caching proxy server; it also has support for
plugins to build large scale web applications. Key features:

Caching - Improve your response time, while reducing server load and
bandwidth needs by caching and reusing frequently-requested web pages,
images, and web service calls.

Proxying - Easily add keep-alive, filter or anonymize content
requests, or add load balancing by adding a proxy layer.

Fast - Scales well on modern SMP hardware, handling 10s of thousands
of requests per second.

Extensible - APIs to write your own plug-ins to do anything from
modifying HTTP headers to handling ESI requests to writing your own
cache algorithm.

Proven - Handling over 400TB a day at Yahoo! both as forward and
reverse proxies, Apache Traffic Server is battle hardened.

--------------------------------------------------------------------------------
Update Information:

Update to upstream 9.2.4, resolves CVE-2024-31309 (CONTINUATION frames DoS)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 3 2024 Jered Floyd [jered@redhat.com] 9.2.4-1
- Update to upstream 9.2.4
- Resolves CVE-2024-31309
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 9.2.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2269627 - CVE-2024-31309 trafficserver: CONTINUATION frames DoS
https://bugzilla.redhat.com/show_bug.cgi?id=2269627
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b1e16b4335' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: trafficserver-9.2.4-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d0acf8d109
2024-04-12 01:13:29.030695
--------------------------------------------------------------------------------

Name : trafficserver
Product : Fedora 38
Version : 9.2.4
Release : 1.fc38
URL : https://trafficserver.apache.org/
Summary : Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
Description :
Traffic Server is a high-performance building block for cloud services.
It's more than just a caching proxy server; it also has support for
plugins to build large scale web applications. Key features:

Caching - Improve your response time, while reducing server load and
bandwidth needs by caching and reusing frequently-requested web pages,
images, and web service calls.

Proxying - Easily add keep-alive, filter or anonymize content
requests, or add load balancing by adding a proxy layer.

Fast - Scales well on modern SMP hardware, handling 10s of thousands
of requests per second.

Extensible - APIs to write your own plug-ins to do anything from
modifying HTTP headers to handling ESI requests to writing your own
cache algorithm.

Proven - Handling over 400TB a day at Yahoo! both as forward and
reverse proxies, Apache Traffic Server is battle hardened.

--------------------------------------------------------------------------------
Update Information:

Update to upstream 9.2.4, resolves CVE-2024-31309 (CONTINUATION frames DoS)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 3 2024 Jered Floyd [jered@redhat.com] 9.2.4-1
- Update to upstream 9.2.4
- Resolves CVE-2024-31309
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 9.2.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2269627 - CVE-2024-31309 trafficserver: CONTINUATION frames DoS
https://bugzilla.redhat.com/show_bug.cgi?id=2269627
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d0acf8d109' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: upx-4.2.3-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-70ee97033b
2024-04-12 01:13:29.030661
--------------------------------------------------------------------------------

Name : upx
Product : Fedora 38
Version : 4.2.3
Release : 1.fc38
URL : https://github.com/upx/upx
Summary : Ultimate Packer for eXecutables
Description :
UPX is a free, portable, extendable, high-performance executable
packer for several different executable formats. It achieves an
excellent compression ratio and offers very fast decompression. Your
executables suffer no memory overhead or other drawbacks.

--------------------------------------------------------------------------------
Update Information:

4.2.3
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 28 2024 Gwyn Ciesla [gwync@protonmail.com] - 4.2.3-1
- 4.2.3
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 4.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jan 4 2024 Gwyn Ciesla [gwync@protonmail.com] - 4.2.2-1
- 4.2.2
* Thu Nov 2 2023 Gwyn Ciesla [gwync@protonmail.com] - 4.2.1-1
- 4.2.1
* Fri Oct 27 2023 Gwyn Ciesla [gwync@protonmail.com] - 4.2.0-1
- 4.2.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2272102 - upx-4.2.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2272102
[ 2 ] Bug #2272828 - CVE-2024-3209 upx: heap-based buffer overflow via get_ne64() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272828
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-70ee97033b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--