Fedora Linux 8861 Published by

Fedora Linux has been updated with several security enhancements, including vaultwarden-1.32.7-4.fc40, golang-1.22.11-1.fc40, dotnet9.0-9.0.102-1.fc40, dotnet8.0-8.0.112-1.fc40, libsoup3-3.6.4-1.fc41, abseil-cpp-20240722.1-1.fc41, and dotnet9.0-9.0.102-1.fc41:

Fedora 40 Update: vaultwarden-1.32.7-4.fc40
Fedora 40 Update: golang-1.22.11-1.fc40
Fedora 40 Update: dotnet9.0-9.0.102-1.fc40
Fedora 40 Update: dotnet8.0-8.0.112-1.fc40
Fedora 41 Update: libsoup3-3.6.4-1.fc41
Fedora 41 Update: abseil-cpp-20240722.1-1.fc41
Fedora 41 Update: vaultwarden-1.32.7-4.fc41
Fedora 41 Update: dotnet8.0-8.0.112-1.fc41
Fedora 41 Update: dotnet9.0-9.0.102-1.fc41




[SECURITY] Fedora 40 Update: vaultwarden-1.32.7-4.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3dff292265
2025-01-29 05:23:04.063048+00:00
--------------------------------------------------------------------------------

Name : vaultwarden
Product : Fedora 40
Version : 1.32.7
Release : 4.fc40
URL : https://github.com/dani-garcia/vaultwarden
Summary : Unofficial Bitwarden compatible server
Description :
Unofficial Bitwarden compatible server.

--------------------------------------------------------------------------------
Update Information:

fix VW_VERSION in compiled code, patch security issues
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 21 2025 Jonathan Wright [jonathan@almalinux.org] - 1.32.7-4
- Set VW_VERSION env var during build and install rhbz#2338534
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.32.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Jan 15 2025 Jonathan Wright [jonathan@almalinux.org] - 1.32.7-2
- fix build on el9 with rust 1.79
* Fri Jan 3 2025 Jonathan Wright [jonathan@almalinux.org] - 1.32.7-1
- update to 1.32.7 rhbz#2322181
- Fix CVE-2024-56335
* Tue Oct 22 2024 Jonathan Wright [jonathan@almalinux.org] - 1.32.2-1
- update to 1.32.2 rhbz#2316657
* Sun Aug 11 2024 Jonathan Wright [jonathan@almalinux.org] - 1.32.0-1
- update to 1.32.0 rhbz#2304045
Resolves CVE-2024-39924
Resolves CVE-2024-39925
Resolves CVE-2024-39926
* Fri Aug 2 2024 Jonathan Wright [jonathan@almalinux.org] - 1.31.0-2
- Exclude s390x and ppc64le
* Fri Jul 19 2024 Jonathan Wright [jonathan@almalinux.org] - 1.31.0-1
- update to 1.31.0 rhbz#2297149
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2307705 - vaultwarden: FTBFS in Fedora 40 and 39
https://bugzilla.redhat.com/show_bug.cgi?id=2307705
[ 2 ] Bug #2333595 - CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2333595
[ 3 ] Bug #2333596 - CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2333596
[ 4 ] Bug #2333597 - CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2333597
[ 5 ] Bug #2336825 - CVE-2024-55226 vaultwarden: uthenticated reflected XSS vulnerability [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2336825
[ 6 ] Bug #2336826 - CVE-2024-55226 vaultwarden: uthenticated reflected XSS vulnerability [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2336826
[ 7 ] Bug #2336827 - CVE-2024-55226 vaultwarden: uthenticated reflected XSS vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2336827
[ 8 ] Bug #2336829 - CVE-2024-55225 vaultwarden: user spoofing via crafted authorization request [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2336829
[ 9 ] Bug #2336830 - CVE-2024-55225 vaultwarden: user spoofing via crafted authorization request [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2336830
[ 10 ] Bug #2336831 - CVE-2024-55225 vaultwarden: user spoofing via crafted authorization request [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2336831
[ 11 ] Bug #2336833 - CVE-2024-55224 vaultwarden: arbitrary code execution via injecting a crafted payload into the username field of an e-mail message [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2336833
[ 12 ] Bug #2336834 - CVE-2024-55224 vaultwarden: arbitrary code execution via injecting a crafted payload into the username field of an e-mail message [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2336834
[ 13 ] Bug #2336835 - CVE-2024-55224 vaultwarden: arbitrary code execution via injecting a crafted payload into the username field of an e-mail message [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2336835
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3dff292265' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: golang-1.22.11-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e8b9a6b564
2025-01-29 05:23:04.062966+00:00
--------------------------------------------------------------------------------

Name : golang
Product : Fedora 40
Version : 1.22.11
Release : 1.fc40
URL : https://go.dev
Summary : The Go Programming Language
Description :
The Go Programming Language.

--------------------------------------------------------------------------------
Update Information:

Includes security fixes to the crypto/x509 and net/http packages
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jan 19 2025 Mike Rochefort [mroche@omenos.dev] - 1.22.11-1
- Update to 1.22.11 upstream release
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e8b9a6b564' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: dotnet9.0-9.0.102-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0487787cb9
2025-01-29 05:23:04.062881+00:00
--------------------------------------------------------------------------------

Name : dotnet9.0
Product : Fedora 40
Version : 9.0.102
Release : 1.fc40
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the January 2025 security and bugfix release for .NET 9.0. It updates
the SDK to version 9.0.102 and Runtime to version 9.0.1.
Release Notes: https://github.com/dotnet/core/blob/main/release-
notes/9.0/9.0.1/9.0.1.md
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 16 2025 Omair Majid [omajid@redhat.com] - 9.0.102-1
- Update to .NET SDK 9.0.102 and Runtime 9.0.1
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org] - 9.0.101-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2338057 - CVE-2025-21171 dotnet9.0: .NET Remote Code Execution Vulnerability [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2338057
[ 2 ] Bug #2338063 - CVE-2025-21172 dotnet9.0: .NET and Visual Studio Remote Code Execution Vulnerability [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2338063
[ 3 ] Bug #2338068 - CVE-2025-21173 dotnet9.0: .NET Elevation of Privilege Vulnerability [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2338068
[ 4 ] Bug #2338072 - CVE-2025-21176 dotnet9.0: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2338072
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0487787cb9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: dotnet8.0-8.0.112-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-16778d3c88
2025-01-29 05:23:04.062876+00:00
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 40
Version : 8.0.112
Release : 1.fc40
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the January 2025 security and bugfix release for .NET 8.0. It updates
the SDK to version 8.0.112 and Runtime to version 8.0.12.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.12/8.0.112.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.12/8.0.12.md
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 16 2025 Omair Majid [omajid@redhat.com] - 8.0.112-1
- Update to .NET SDK 8.0.112 and Runtime 8.0.12
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Tue Dec 10 2024 Omair Majid [omajid@redhat.com] - 8.0.111-2
- Fix ELN build
- Resolves: RHBZ#2321109
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2338062 - CVE-2025-21172 dotnet8.0: .NET and Visual Studio Remote Code Execution Vulnerability [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2338062
[ 2 ] Bug #2338067 - CVE-2025-21173 dotnet8.0: .NET Elevation of Privilege Vulnerability [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2338067
[ 3 ] Bug #2338071 - CVE-2025-21176 dotnet8.0: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2338071
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-16778d3c88' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: libsoup3-3.6.4-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-42ee7772e3
2025-01-29 05:01:23.704920+00:00
--------------------------------------------------------------------------------

Name : libsoup3
Product : Fedora 41
Version : 3.6.4
Release : 1.fc41
URL : https://wiki.gnome.org/Projects/libsoup
Summary : Soup, an HTTP library implementation
Description :
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.

libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it), but the SOAP parts were removed
long ago.

--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2024-52531
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 20 2025 nmontero [nmontero@redhat.com] - 3.6.4-1
- Update to 3.6.4
* Mon Jan 20 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.6.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.6.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Mon Jan 13 2025 nmontero [nmontero@redhat.com] - 3.6.3-1
- Update to 3.6.3
* Mon Nov 25 2024 nmontero [nmontero@redhat.com] - 3.6.1-1
- Update to 3.6.1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2342285 - CVE-2024-52531 libsoup3: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2342285
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-42ee7772e3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: abseil-cpp-20240722.1-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7631628ba6
2025-01-29 05:01:23.704829+00:00
--------------------------------------------------------------------------------

Name : abseil-cpp
Product : Fedora 41
Version : 20240722.1
Release : 1.fc41
URL : https://abseil.io
Summary : C++ Common Libraries
Description :
Abseil is an open-source collection of C++ library code designed to augment
the C++ standard library. The Abseil library code is collected from
Google's own C++ code base, has been extensively tested and used in
production, and is the same code we depend on in our daily coding lives.

In some cases, Abseil provides pieces missing from the C++ standard; in
others, Abseil provides alternatives to the standard for special needs we've
found through usage in the Google code base. We denote those cases clearly
within the library code we provide you.

Abseil is not meant to be a competitor to the standard library; we've just
found that many of these utilities serve a purpose within our code base,
and we now want to provide those resources to the C++ community as a whole.

--------------------------------------------------------------------------------
Update Information:

Update to 20240722.1
Fix potential integer overflow in hash container create/resize
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 20240722.1-1
- Update to 20240722.1 (close RHBZ#2341808)
* Wed Jan 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 20240722.0-5
- Rebuilt for gtest 1.15.2
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org] - 20240722.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Thu Jan 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 20240722.0-3
- Patch for GCC 15 (fix RHBZ#2336266)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2341808 - abseil-cpp-20240722.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2341808
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7631628ba6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: vaultwarden-1.32.7-4.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4cb7637c98
2025-01-29 05:01:23.704796+00:00
--------------------------------------------------------------------------------

Name : vaultwarden
Product : Fedora 41
Version : 1.32.7
Release : 4.fc41
URL : https://github.com/dani-garcia/vaultwarden
Summary : Unofficial Bitwarden compatible server
Description :
Unofficial Bitwarden compatible server.

--------------------------------------------------------------------------------
Update Information:

fix VW_VERSION in compiled code, patch security issues
update to 1.32.7
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 21 2025 Jonathan Wright [jonathan@almalinux.org] - 1.32.7-4
- Set VW_VERSION env var during build and install rhbz#2338534
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.32.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Jan 15 2025 Jonathan Wright [jonathan@almalinux.org] - 1.32.7-2
- fix build on el9 with rust 1.79
* Fri Jan 3 2025 Jonathan Wright [jonathan@almalinux.org] - 1.32.7-1
- update to 1.32.7 rhbz#2322181
- Fix CVE-2024-56335
* Tue Oct 22 2024 Jonathan Wright [jonathan@almalinux.org] - 1.32.2-1
- update to 1.32.2 rhbz#2316657
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2307705 - vaultwarden: FTBFS in Fedora 40 and 39
https://bugzilla.redhat.com/show_bug.cgi?id=2307705
[ 2 ] Bug #2333595 - CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2333595
[ 3 ] Bug #2333596 - CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2333596
[ 4 ] Bug #2333597 - CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2333597
[ 5 ] Bug #2336825 - CVE-2024-55226 vaultwarden: uthenticated reflected XSS vulnerability [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2336825
[ 6 ] Bug #2336826 - CVE-2024-55226 vaultwarden: uthenticated reflected XSS vulnerability [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2336826
[ 7 ] Bug #2336827 - CVE-2024-55226 vaultwarden: uthenticated reflected XSS vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2336827
[ 8 ] Bug #2336829 - CVE-2024-55225 vaultwarden: user spoofing via crafted authorization request [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2336829
[ 9 ] Bug #2336830 - CVE-2024-55225 vaultwarden: user spoofing via crafted authorization request [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2336830
[ 10 ] Bug #2336831 - CVE-2024-55225 vaultwarden: user spoofing via crafted authorization request [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2336831
[ 11 ] Bug #2336833 - CVE-2024-55224 vaultwarden: arbitrary code execution via injecting a crafted payload into the username field of an e-mail message [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2336833
[ 12 ] Bug #2336834 - CVE-2024-55224 vaultwarden: arbitrary code execution via injecting a crafted payload into the username field of an e-mail message [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2336834
[ 13 ] Bug #2336835 - CVE-2024-55224 vaultwarden: arbitrary code execution via injecting a crafted payload into the username field of an e-mail message [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2336835
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4cb7637c98' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: dotnet8.0-8.0.112-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-bd8f5a599b
2025-01-29 05:01:23.704604+00:00
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 41
Version : 8.0.112
Release : 1.fc41
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the January 2025 security and bugfix release for .NET 8.0. It updates
the SDK to version 8.0.112 and Runtime to version 8.0.12.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.12/8.0.112.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.12/8.0.12.md
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 16 2025 Omair Majid [omajid@redhat.com] - 8.0.112-1
- Update to .NET SDK 8.0.112 and Runtime 8.0.12
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Tue Dec 10 2024 Omair Majid [omajid@redhat.com] - 8.0.111-2
- Fix ELN build
- Resolves: RHBZ#2321109
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2338064 - CVE-2025-21172 dotnet8.0: .NET and Visual Studio Remote Code Execution Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2338064
[ 2 ] Bug #2338069 - CVE-2025-21173 dotnet8.0: .NET Elevation of Privilege Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2338069
[ 3 ] Bug #2338073 - CVE-2025-21176 dotnet8.0: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2338073
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-bd8f5a599b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: dotnet9.0-9.0.102-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2eb86c0cbf
2025-01-29 05:01:23.704610+00:00
--------------------------------------------------------------------------------

Name : dotnet9.0
Product : Fedora 41
Version : 9.0.102
Release : 1.fc41
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the January 2025 security and bugfix release for .NET 9.0. It updates
the SDK to version 9.0.102 and Runtime to version 9.0.1.
Release Notes: https://github.com/dotnet/core/blob/main/release-
notes/9.0/9.0.1/9.0.1.md
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 16 2025 Omair Majid [omajid@redhat.com] - 9.0.102-1
- Update to .NET SDK 9.0.102 and Runtime 9.0.1
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org] - 9.0.101-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2338058 - CVE-2025-21171 dotnet9.0: .NET Remote Code Execution Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2338058
[ 2 ] Bug #2338065 - CVE-2025-21172 dotnet9.0: .NET and Visual Studio Remote Code Execution Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2338065
[ 3 ] Bug #2338070 - CVE-2025-21173 dotnet9.0: .NET Elevation of Privilege Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2338070
[ 4 ] Bug #2338074 - CVE-2025-21176 dotnet9.0: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2338074
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2eb86c0cbf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--