[SECURITY] Fedora 40 Update: thunderbird-115.14.0-1.fc40
[SECURITY] Fedora 40 Update: xrdp-0.10.1-1.fc40
[SECURITY] Fedora 40 Update: frr-9.1.1-1.fc40
[SECURITY] Fedora 39 Update: vim-9.1.660-1.fc39
[SECURITY] Fedora 39 Update: xrdp-0.10.1-1.fc39
[SECURITY] Fedora 40 Update: thunderbird-115.14.0-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a060f26e22
2024-08-09 02:53:27.282436
--------------------------------------------------------------------------------
Name : thunderbird
Product : Fedora 40
Version : 115.14.0
Release : 1.fc40
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
--------------------------------------------------------------------------------
Update Information:
Update to 115.14.0
https://www.thunderbird.net/en-US/thunderbird/115.14.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 6 2024 Eike Rathke [erack@redhat.com] - 115.14.0-1
- Update to 115.14.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a060f26e22' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: xrdp-0.10.1-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e142be4915
2024-08-09 02:53:27.282387
--------------------------------------------------------------------------------
Name : xrdp
Product : Fedora 40
Version : 0.10.1
Release : 1.fc40
URL : http://www.xrdp.org/
Summary : Open source remote desktop protocol (RDP) server
Description :
xrdp provides a fully functional RDP server compatible with a wide range
of RDP clients, including FreeRDP and Microsoft RDP client.
--------------------------------------------------------------------------------
Update Information:
Release notes for xrdp v0.10.1 (2024/07/31)
General announcements
A clipboard bugfix included in this release is sponsored by Krämer Pferdesport
GmbH & Co KG. We very much appreciate the sponsorship.
Please consider sponsoring or making a donation to the project if you like xrdp.
We accept financial contributions via Open Collective. Direct donations to each
developer via GitHub Sponsors are also welcomed.
Security fixes
Unauthenticated RDP security scan finding / partial auth bypass (no CVE). Thanks
to @txtdawg for reporting this.
New features
GFX-RFX lossy compression levels are now selectable depending on connection type
on the client (#3183, backport of #2973)
Bug fixes
A regression in the code for creating the chansrv FUSE directory has been fixed
(#3088, backport of #3082)
Fix a systemd dependency ("network-online.target") (#3088, backport of #3086)
A problem in session list processing which could result in incorrect display
assignments has been fixed (#3088, backport of #3103)
A problem in GFX resizing which could lead to a SEGV in xrdp has been fixed
(#3088, backport of #3107)
A problem with the US Dvorak keyboard layout has been resolved (#3088, backport
of #3112)
A regression bug when pasting image to LibreOffice has been fixed [Sponsored by
Krämer Pferdesport GmbH & Co KG] (#3102 #3120)
Fix a regression when the server tries to negotiate GFX when max_bpp is not high
enough (#3118 #3122)
Fix a GFX multi-monitor screen placing issue on minimise/maximize (#3075 #3127)
Fix an issue some files are not included properly in release tarball (#3149
#3150)
Using 'I' in the session selection policy now works correctly (#3167 #3171)
A potential name buffer overflow in the redirector has been fixed [no security
implications] (#3175)
Screens wider than 4096 pixels should now be supported (#3083)
An unnecessary licensing exchange during connection setup has been removed. This
was causing problems for FIPS-compliant clients (#3132 backport of #3143)
Internal changes
FreeBSD CI bumped to 13.3 (#3088, backport of #3104)
Changes for users
None since v0.10.0.
If moving from v0.9.x, read the v0.10.0 release note.
Changes for packagers or developers
None since v0.10.0.
If moving from v0.9.x, read the v0.10.0 release note.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 31 2024 Bojan Smojver - 1:0.10.1-1
- Update to 0.10.1
* Sat Jul 20 2024 Fedora Release Engineering - 1:0.10.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e142be4915' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 40 Update: frr-9.1.1-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e60ca8feb0
2024-08-09 02:53:27.282333
--------------------------------------------------------------------------------
Name : frr
Product : Fedora 40
Version : 9.1.1
Release : 1.fc40
URL : http://www.frrouting.org
Summary : Routing daemon
Description :
FRRouting is free software that manages TCP/IP based routing protocols. It takes
a multi-server and multi-threaded approach to resolve the current complexity
of the Internet.
FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR,
EIGRP and BFD.
FRRouting is a fork of Quagga.
--------------------------------------------------------------------------------
Update Information:
New version 9.1.1. Includes fixes for CVE-2024-31950, CVE-2024-31951 and
CVE-2024-31949.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 31 2024 Michal Ruprich [mruprich@redhat.com] - 9.1.1-1
- New version 9.1.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2273993 - CVE-2024-31949 frr: infinite loop [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2273993
[ 2 ] Bug #2273996 - CVE-2024-31950 frr: buffer overflow and daemon crash in ospf_te_parse_ri [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2273996
[ 3 ] Bug #2274000 - CVE-2024-31951 frr: buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2274000
[ 4 ] Bug #2274057 - frr-10.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2274057
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e60ca8feb0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 39 Update: vim-9.1.660-1.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-5e87ad4678
2024-08-09 02:46:47.958167
--------------------------------------------------------------------------------
Name : vim
Product : Fedora 39
Version : 9.1.660
Release : 1.fc39
URL : http://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.
--------------------------------------------------------------------------------
Update Information:
The newest upstream commit
Security fixes for CVE-2024-41957, CVE-2024-41965
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 5 2024 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.1.660-1
- patchlevel 660
* Fri Jul 26 2024 Benjamin Gilbert [bgilbert@backtick.net] - 2:9.1.571-3
- Require gdk-pixbuf2-modules-extra on F41+ -X11 for XPM loading (rhbz#2277751)
* Sat Jul 20 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2:9.1.571-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2302419 - CVE-2024-41965 vim: Double-Free Vulnerability in Vim Could Cause Application Crashes
https://bugzilla.redhat.com/show_bug.cgi?id=2302419
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-5e87ad4678' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 39 Update: xrdp-0.10.1-1.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-41c1bf8de6
2024-08-09 02:46:47.958146
--------------------------------------------------------------------------------
Name : xrdp
Product : Fedora 39
Version : 0.10.1
Release : 1.fc39
URL : http://www.xrdp.org/
Summary : Open source remote desktop protocol (RDP) server
Description :
xrdp provides a fully functional RDP server compatible with a wide range
of RDP clients, including FreeRDP and Microsoft RDP client.
--------------------------------------------------------------------------------
Update Information:
Release notes for xrdp v0.10.1 (2024/07/31)
General announcements
A clipboard bugfix included in this release is sponsored by Krämer Pferdesport
GmbH & Co KG. We very much appreciate the sponsorship.
Please consider sponsoring or making a donation to the project if you like xrdp.
We accept financial contributions via Open Collective. Direct donations to each
developer via GitHub Sponsors are also welcomed.
Security fixes
Unauthenticated RDP security scan finding / partial auth bypass (no CVE). Thanks
to @txtdawg for reporting this.
New features
GFX-RFX lossy compression levels are now selectable depending on connection type
on the client (#3183, backport of #2973)
Bug fixes
A regression in the code for creating the chansrv FUSE directory has been fixed
(#3088, backport of #3082)
Fix a systemd dependency ("network-online.target") (#3088, backport of #3086)
A problem in session list processing which could result in incorrect display
assignments has been fixed (#3088, backport of #3103)
A problem in GFX resizing which could lead to a SEGV in xrdp has been fixed
(#3088, backport of #3107)
A problem with the US Dvorak keyboard layout has been resolved (#3088, backport
of #3112)
A regression bug when pasting image to LibreOffice has been fixed [Sponsored by
Krämer Pferdesport GmbH & Co KG] (#3102 #3120)
Fix a regression when the server tries to negotiate GFX when max_bpp is not high
enough (#3118 #3122)
Fix a GFX multi-monitor screen placing issue on minimise/maximize (#3075 #3127)
Fix an issue some files are not included properly in release tarball (#3149
#3150)
Using 'I' in the session selection policy now works correctly (#3167 #3171)
A potential name buffer overflow in the redirector has been fixed [no security
implications] (#3175)
Screens wider than 4096 pixels should now be supported (#3083)
An unnecessary licensing exchange during connection setup has been removed. This
was causing problems for FIPS-compliant clients (#3132 backport of #3143)
Internal changes
FreeBSD CI bumped to 13.3 (#3088, backport of #3104)
Changes for users
None since v0.10.0.
If moving from v0.9.x, read the v0.10.0 release note.
Changes for packagers or developers
None since v0.10.0.
If moving from v0.9.x, read the v0.10.0 release note.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 31 2024 Bojan Smojver - 1:0.10.1-1
- Update to 0.10.1
* Sat Jul 20 2024 Fedora Release Engineering - 1:0.10.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-41c1bf8de6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
