Fedora Linux 8811 Published by

Fedora Linux has received many security updates, including webkit2gtk4.0-2.46.3-1.fc41, python3.6-3.6.15-38.fc41, llama-cpp-b3561-1.fc41, xorg-x11-server-Xwayland-23.2.7-2.fc39, mingw-expat-2.6.3-2.fc39, and webkit2gtk4.0-2.46.3-1.fc40:

Fedora 41 Update: webkit2gtk4.0-2.46.3-1.fc41
Fedora 41 Update: python3.6-3.6.15-38.fc41
Fedora 41 Update: llama-cpp-b3561-1.fc41
Fedora 39 Update: xorg-x11-server-Xwayland-23.2.7-2.fc39
Fedora 39 Update: mingw-expat-2.6.3-2.fc39
Fedora 40 Update: webkit2gtk4.0-2.46.3-1.fc40
Fedora 40 Update: python3.6-3.6.15-38.fc40





[SECURITY] Fedora 41 Update: webkit2gtk4.0-2.46.3-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-58de5ad94f
2024-11-14 03:00:19.249999
--------------------------------------------------------------------------------

Name : webkit2gtk4.0
Product : Fedora 41
Version : 2.46.3
Release : 1.fc41
URL : https://www.webkitgtk.org/
Summary : WebKitGTK for GTK 3 and libsoup 2
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform. This package contains WebKitGTK for GTK 3 and libsoup 2.

--------------------------------------------------------------------------------
Update Information:

Update to 2.46.3
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 4 2024 Pete Walter [pwalter@fedoraproject.org] - 2.46.3-1
- Update to 2.46.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2321009 - CVE-2024-4558 webkit2gtk4.0: Use after free in ANGLE [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321009
[ 2 ] Bug #2323269 - CVE-2024-44185 webkit2gtk4.0: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2323269
[ 3 ] Bug #2323272 - CVE-2024-44185 webkit2gtk4.0: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2323272
[ 4 ] Bug #2323284 - CVE-2024-44244 webkit2gtk4.0: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2323284
[ 5 ] Bug #2323287 - CVE-2024-44244 webkit2gtk4.0: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2323287
[ 6 ] Bug #2323297 - CVE-2024-44296 webkit2gtk4.0: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2323297
[ 7 ] Bug #2323300 - CVE-2024-44296 webkit2gtk4.0: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2323300
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-58de5ad94f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: python3.6-3.6.15-38.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-126c4f06a8
2024-11-14 03:00:19.249846
--------------------------------------------------------------------------------

Name : python3.6
Product : Fedora 41
Version : 3.6.15
Release : 38.fc41
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python 3.6 package for developers.

This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.6, see other distributions
that support it, such as CentOS or RHEL with Software Collections
or older Fedora releases.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-9287 (rhbz#2321659)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 4 2024 Lumír Balhar - 3.6.15-38
- Security fix for CVE-2024-9287 (rhbz#2321659)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-126c4f06a8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 41 Update: llama-cpp-b3561-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-89c69bb9d3
2024-11-14 03:00:19.249660
--------------------------------------------------------------------------------

Name : llama-cpp
Product : Fedora 41
Version : b3561
Release : 1.fc41
URL : https://github.com/ggerganov/llama.cpp
Summary : Port of Facebook's LLaMA model in C/C++
Description :
The main goal of llama.cpp is to run the LLaMA model using 4-bit
integer quantization on a MacBook

* Plain C/C++ implementation without dependencies
* Apple silicon first-class citizen - optimized via ARM NEON, Accelerate
and Metal frameworks
* AVX, AVX2 and AVX512 support for x86 architectures
* Mixed F16 / F32 precision
* 2-bit, 3-bit, 4-bit, 5-bit, 6-bit and 8-bit integer quantization support
* CUDA, Metal and OpenCL GPU backend support

The original implementation of llama.cpp was hacked in an evening.
Since then, the project has improved significantly thanks to many
contributions. This project is mainly for educational purposes and
serves as the main playground for developing new features for the
ggml library.

--------------------------------------------------------------------------------
Update Information:

Update to b3561
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 5 2024 Tom Rix [Tom.Rix@amd.com] - b3561-1
- Update to b3561
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - b3184-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jun 22 2024 Mohammadreza Hendiani [man2dev@fedoraproject.org] - b3184-3
- added changelog
* Sat Jun 22 2024 Mohammadreza Hendiani [man2dev@fedoraproject.org] - b3184-2
- added .pc file
* Sat Jun 22 2024 Mohammadreza Hendiani [man2dev@fedoraproject.org] - b3184-1
- upgraded to b3184 which is used by llama-cpp-python v0.2.79
* Tue May 21 2024 Mohammadreza Hendiani [man2dev@fedoraproject.org] - b2879-7
- removed old file names .gitignore
* Sun May 19 2024 Tom Rix [trix@redhat.com] - b2879-6
- Remove old sources
* Sun May 19 2024 Tom Rix [trix@redhat.com] - b2879-5
- Include missing sources
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2304782 - CVE-2024-42477 llama-cpp: global-buffer-overflow in ggml_type_size [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2304782
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-89c69bb9d3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: xorg-x11-server-Xwayland-23.2.7-2.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-cc2c07317b
2024-11-14 02:57:56.686882
--------------------------------------------------------------------------------

Name : xorg-x11-server-Xwayland
Product : Fedora 39
Version : 23.2.7
Release : 2.fc39
URL : http://www.x.org
Summary : Xwayland
Description :
Xwayland is an X server for running X clients under Wayland.

--------------------------------------------------------------------------------
Update Information:

CVE fix for CVE-2024-9632
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 29 2024 Olivier Fourdan [ofourdan@redhat.com] - 23.2.7-2
- CVE fix for: CVE-2024-9632
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-cc2c07317b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: mingw-expat-2.6.3-2.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-7427eaacd8
2024-11-14 02:57:56.686906
--------------------------------------------------------------------------------

Name : mingw-expat
Product : Fedora 39
Version : 2.6.3
Release : 2.fc39
URL : http://www.libexpat.org/
Summary : MinGW Windows port of expat XML parser library
Description :
This is expat, the C library for parsing XML, written by James Clark. Expat
is a stream oriented XML parser. This means that you register handlers with
the parser prior to starting the parse. These handlers are called when the
parser discovers the associated structures in the document being parsed. A
start tag is an example of the kind of structures for which you may
register handlers.

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2024-50602.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 5 2024 Sandro Mani [manisandro@gmail.com] - 2.6.3-2
- Backport patch for CVE-2024-50602
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2322195 - CVE-2024-50602 mingw-expat: DoS via XML_ResumeParser [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2322195
[ 2 ] Bug #2322230 - CVE-2024-50602 mingw-expat: DoS via XML_ResumeParser [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2322230
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-7427eaacd8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: webkit2gtk4.0-2.46.3-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8f88cdf4e5
2024-11-14 01:16:02.554337
--------------------------------------------------------------------------------

Name : webkit2gtk4.0
Product : Fedora 40
Version : 2.46.3
Release : 1.fc40
URL : https://www.webkitgtk.org/
Summary : WebKitGTK for GTK 3 and libsoup 2
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform. This package contains WebKitGTK for GTK 3 and libsoup 2.

--------------------------------------------------------------------------------
Update Information:

Update to 2.46.3
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 4 2024 Pete Walter [pwalter@fedoraproject.org] - 2.46.3-1
- Update to 2.46.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2321009 - CVE-2024-4558 webkit2gtk4.0: Use after free in ANGLE [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321009
[ 2 ] Bug #2323269 - CVE-2024-44185 webkit2gtk4.0: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2323269
[ 3 ] Bug #2323272 - CVE-2024-44185 webkit2gtk4.0: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2323272
[ 4 ] Bug #2323284 - CVE-2024-44244 webkit2gtk4.0: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2323284
[ 5 ] Bug #2323287 - CVE-2024-44244 webkit2gtk4.0: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2323287
[ 6 ] Bug #2323297 - CVE-2024-44296 webkit2gtk4.0: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2323297
[ 7 ] Bug #2323300 - CVE-2024-44296 webkit2gtk4.0: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2323300
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8f88cdf4e5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: python3.6-3.6.15-38.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-c8cc025262
2024-11-14 01:16:02.554302
--------------------------------------------------------------------------------

Name : python3.6
Product : Fedora 40
Version : 3.6.15
Release : 38.fc40
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python 3.6 package for developers.

This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.6, see other distributions
that support it, such as CentOS or RHEL with Software Collections
or older Fedora releases.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-9287 (rhbz#2321659)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 4 2024 Lumír Balhar - 3.6.15-38
- Security fix for CVE-2024-9287 (rhbz#2321659)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2321659 - CVE-2024-9287 python3.6: Virtual environment (venv) activation scripts don't quote paths [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321659
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-c8cc025262' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------