Fedora 41 Update: trafficserver-9.2.9-1.fc41
Fedora 40 Update: thunderbird-128.8.0-1.fc40
Fedora 40 Update: trafficserver-9.2.9-1.fc40
Fedora 40 Update: iniparser-4.1-17.fc40
Fedora 40 Update: xorg-x11-server-1.20.14-37.fc40
[SECURITY] Fedora 41 Update: trafficserver-9.2.9-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c634be56bc
2025-03-14 04:38:00.634500+00:00
--------------------------------------------------------------------------------
Name : trafficserver
Product : Fedora 41
Version : 9.2.9
Release : 1.fc41
URL : https://trafficserver.apache.org/
Summary : Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
Description :
Traffic Server is a high-performance building block for cloud services.
It's more than just a caching proxy server; it also has support for
plugins to build large scale web applications. Key features:
Caching - Improve your response time, while reducing server load and
bandwidth needs by caching and reusing frequently-requested web pages,
images, and web service calls.
Proxying - Easily add keep-alive, filter or anonymize content
requests, or add load balancing by adding a proxy layer.
Fast - Scales well on modern SMP hardware, handling 10s of thousands
of requests per second.
Extensible - APIs to write your own plug-ins to do anything from
modifying HTTP headers to handling ESI requests to writing your own
cache algorithm.
Proven - Handling over 400TB a day at Yahoo! both as forward and
reverse proxies, Apache Traffic Server is battle hardened.
--------------------------------------------------------------------------------
Update Information:
Changes with Apache Traffic Server 9.2.9
#12071 - Fix chunked pipelined requests
#12075 - Fix send 100 Continue optimization for GET
#12077 - Fix intercept plugin ignoring ACL
#12079 - ACL combination tests for 9.2.x
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 5 2025 Jered Floyd [jered@redhat.com] 9.2.9-1
- Update to upstream 9.2.9
- Resolves CVE-2024-38311, CVE-2024-56195, CVE-2024-56196, CVE-2024-56202
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2350625 - CVE-2024-56195 trafficserver: Apache Traffic Server: Intercept plugins are not access controlled [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2350625
[ 2 ] Bug #2350627 - CVE-2024-56202 trafficserver: Apache Traffic Server: Expect header field can unreasonably retain resource [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2350627
[ 3 ] Bug #2350629 - CVE-2024-38311 trafficserver: Apache Traffic Server: Request smuggling via pipelining after a chunked message body [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2350629
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c634be56bc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: thunderbird-128.8.0-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4b50cd66a5
2025-03-14 02:12:06.905976+00:00
--------------------------------------------------------------------------------
Name : thunderbird
Product : Fedora 40
Version : 128.8.0
Release : 1.fc40
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
--------------------------------------------------------------------------------
Update Information:
Update to 128.8.0
https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/
https://www.thunderbird.net/en-US/thunderbird/128.8.0esr/releasenotes/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 6 2025 Eike Rathke [erack@redhat.com] - 128.8.0-1
- Update to 128.8.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4b50cd66a5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: trafficserver-9.2.9-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-286e6fc13a
2025-03-14 02:12:06.905953+00:00
--------------------------------------------------------------------------------
Name : trafficserver
Product : Fedora 40
Version : 9.2.9
Release : 1.fc40
URL : https://trafficserver.apache.org/
Summary : Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
Description :
Traffic Server is a high-performance building block for cloud services.
It's more than just a caching proxy server; it also has support for
plugins to build large scale web applications. Key features:
Caching - Improve your response time, while reducing server load and
bandwidth needs by caching and reusing frequently-requested web pages,
images, and web service calls.
Proxying - Easily add keep-alive, filter or anonymize content
requests, or add load balancing by adding a proxy layer.
Fast - Scales well on modern SMP hardware, handling 10s of thousands
of requests per second.
Extensible - APIs to write your own plug-ins to do anything from
modifying HTTP headers to handling ESI requests to writing your own
cache algorithm.
Proven - Handling over 400TB a day at Yahoo! both as forward and
reverse proxies, Apache Traffic Server is battle hardened.
--------------------------------------------------------------------------------
Update Information:
Changes with Apache Traffic Server 9.2.9
#12071 - Fix chunked pipelined requests
#12075 - Fix send 100 Continue optimization for GET
#12077 - Fix intercept plugin ignoring ACL
#12079 - ACL combination tests for 9.2.x
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 5 2025 Jered Floyd [jered@redhat.com] 9.2.9-1
- Update to upstream 9.2.9
- Resolves CVE-2024-38311, CVE-2024-56195, CVE-2024-56196, CVE-2024-56202
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-286e6fc13a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: iniparser-4.1-17.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-257f422587
2025-03-14 02:12:06.905856+00:00
--------------------------------------------------------------------------------
Name : iniparser
Product : Fedora 40
Version : 4.1
Release : 17.fc40
URL : https://github.com/ndevilla/iniparser
Summary : C library for parsing "INI-style" files
Description :
iniParser is an ANSI C library to parse "INI-style" files, often used to
hold application configuration information.
--------------------------------------------------------------------------------
Update Information:
Patched libiniparser to fix CVE-2025-0633
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 26 2025 David Cantrell [dcantrell@redhat.com] - 4.1-17
- Patch for CVE-2025-0633 - Heap Overflow in iniparser.c (#2346474)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2346474 - CVE-2025-0633 iniparser: Heap Overflow in iniparser.c
https://bugzilla.redhat.com/show_bug.cgi?id=2346474
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-257f422587' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: xorg-x11-server-1.20.14-37.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-fd490bcdcd
2025-03-14 02:12:06.905849+00:00
--------------------------------------------------------------------------------
Name : xorg-x11-server
Product : Fedora 40
Version : 1.20.14
Release : 37.fc40
URL : http://www.x.org
Summary : X.Org X11 X server
Description :
X.Org X11 X server
--------------------------------------------------------------------------------
Update Information:
CVE fix for: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597,
CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 26 2025 Olivier Fourdan [ofourdan@redhat.com] - 1.20.14-37
- CVE fix for: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597,
CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-fd490bcdcd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
