The following security updates have been released for Fedora Linux:

Fedora 39 Update: thunderbird-115.13.0-1.fc39
Fedora 39 Update: tinyproxy-1.10.0-14.fc39
Fedora 40 Update: kubernetes-1.29.7-1.fc40
Fedora 40 Update: tinyproxy-1.11.2-1.fc40

Fedora 39 Update: thunderbird-115.13.0-1.fc39

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0639ad0299
2024-07-26 03:15:06.176170
--------------------------------------------------------------------------------

Name : thunderbird
Product : Fedora 39
Version : 115.13.0
Release : 1.fc39
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

Update to 115.13.0
https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/
https://www.thunderbird.net/en-US/thunderbird/115.13.0/releasenotes/
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 16 2024 Eike Rathke [erack@redhat.com] - 115.13.0-1
- Update to 115.13.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0639ad0299' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

Fedora 39 Update: tinyproxy-1.10.0-14.fc39

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-661a8bb3b0
2024-07-26 03:15:06.176114
--------------------------------------------------------------------------------

Name : tinyproxy
Product : Fedora 39
Version : 1.10.0
Release : 14.fc39
URL : https://github.com/tinyproxy/
Summary : A small, efficient HTTP/SSL proxy daemon
Description :
tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a
small network setting, where a larger proxy like Squid would either be too
resource intensive, or a security risk.

--------------------------------------------------------------------------------
Update Information:

Backport upstream patch for CVE-2023-49606.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 17 2024 Carl George [carlwgeorge@fedoraproject.org] - 1.10.0-14
- Backport upstream patch for CVE-2023-49606 rhbz#2278396
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2278396 - CVE-2023-49606 tinyproxy: HTTP connection headers use-after-free vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278396
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-661a8bb3b0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

Fedora 40 Update: kubernetes-1.29.7-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-30f39c25ae
2024-07-26 01:21:09.888062
--------------------------------------------------------------------------------

Name : kubernetes
Product : Fedora 40
Version : 1.29.7
Release : 1.fc40
URL : https://kubernetes.io/
Summary : Open Source Production-Grade Container Scheduling And Management Platform
Description :
Open Source Production-Grade Container Scheduling And Management Platform
Installs kubelet, the kubernetes agent on each machine in a
cluster. The kubernetes-client sub-package,
containing kubectl, is recommended but not strictly required.
The kubernetes-client sub-package should be installed on
control plane machines.

--------------------------------------------------------------------------------
Update Information:

Update to v1.29.7 for FC40.
Resolves CVE-2024-5321: Incorrect permissions on Windows containers logs.
Additional bug and regression fixes from upstream.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 17 2024 Bradley G Smith [bradley.g.smith@gmail.com] - 1.29.7-1
- Update to v1.29.7
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-30f39c25ae' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

Fedora 40 Update: tinyproxy-1.11.2-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-aa3631a416
2024-07-26 01:21:09.887912
--------------------------------------------------------------------------------

Name : tinyproxy
Product : Fedora 40
Version : 1.11.2
Release : 1.fc40
URL : https://tinyproxy.github.io/
Summary : A small, efficient HTTP/SSL proxy daemon
Description :
tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a
small network setting, where a larger proxy like Squid would either be too
resource intensive, or a security risk.

--------------------------------------------------------------------------------
Update Information:

Update to version 1.11.2 to fix CVE-2023-49606.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 16 2024 Carl George [carlwgeorge@fedoraproject.org] - 1.11.2-1
- Update to version 1.11.2 rhbz#2298298
- Fixes CVE-2023-49606 rhbz#2278396
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2278396 - CVE-2023-49606 tinyproxy: HTTP connection headers use-after-free vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278396
[ 2 ] Bug #2298298 - tinyproxy-1.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2298298
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-aa3631a416' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--