Fedora Linux 8810 Published by

The following security updates have been released for Fedora Linux:

Fedora 39 Update: wireshark-4.0.15-1.fc39
Fedora 39 Update: roundcubemail-1.6.7-1.fc39
Fedora 39 Update: cacti-spine-1.2.27-1.fc39
Fedora 39 Update: cacti-1.2.27-1.fc39
Fedora 40 Update: wireshark-4.2.5-1.fc40
Fedora 40 Update: roundcubemail-1.6.7-1.fc40




Fedora 39 Update: wireshark-4.0.15-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ed93e6d44f
2024-05-31 02:13:07.316247
--------------------------------------------------------------------------------

Name : wireshark
Product : Fedora 39
Version : 4.0.15
Release : 1.fc39
URL : http://www.wireshark.org/
Summary : Network traffic analyzer
Description :
Wireshark allows you to examine protocol data stored in files or as it is
captured from wired or wireless (WiFi or Bluetooth) networks, USB devices,
and many other sources. It supports dozens of protocol capture file formats
and understands more than a thousand protocols.

It has many powerful features including a rich display filter language
and the ability to reassemble multiple protocol packets in order to, for
example, view a complete TCP stream, save the contents of a file which was
transferred over HTTP or CIFS, or play back an RTP audio stream.

--------------------------------------------------------------------------------
Update Information:

New version 4.2.5. Includes fixes for CVE-2024-4853, CVE-2024-4854,
CVE-2024-4855.
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 22 2024 Michal Ruprich [mruprich@redhat.com] - 1:4.0.15-1
- New version 4.0.15
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2280712 - CVE-2024-4855 wireshark: Editcap byte chopping crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280712
[ 2 ] Bug #2280716 - CVE-2024-4854 wireshark: dissector infinite loop [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280716
[ 3 ] Bug #2280719 - CVE-2024-4853 wireshark: Editcap byte chopping crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280719
[ 4 ] Bug #2282006 - wireshark-4.2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2282006
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ed93e6d44f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: roundcubemail-1.6.7-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a591b4dc74
2024-05-31 02:13:07.316189
--------------------------------------------------------------------------------

Name : roundcubemail
Product : Fedora 39
Version : 1.6.7
Release : 1.fc39
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

--------------------------------------------------------------------------------
Update Information:

Release 1.6.7
Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix bug where HTML entities in URLs were not decoded on HTML to plain text
conversion (#9312)
Fix bug in collapsing/expanding folders with some special characters in names
(#9324)
Fix PHP8 warnings (#9363, #9365, #9429)
Fix missing field labels in CSV import, for some locales (#9393)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user
preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 20 2024 Remi Collet [remi@remirepo.net] - 1.6.7-1
- update to 1.6.7
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2281597 - roundcubemail: fix for several security vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=2281597
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a591b4dc74' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: cacti-spine-1.2.27-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-27a594f71d
2024-05-31 02:13:07.316161
--------------------------------------------------------------------------------

Name : cacti-spine
Product : Fedora 39
Version : 1.2.27
Release : 1.fc39
URL : https://cacti.net
Summary : Threaded poller for Cacti written in C
Description :
Spine is a supplemental poller for Cacti that makes use of pthreads to achieve
excellent performance.

--------------------------------------------------------------------------------
Update Information:

Update cacti and cacti-spine to version 1.2.27. This includes the upstream fixes
for many CVEs, including a critical remote code execution bug.
https://github.com/Cacti/cacti/blob/release/1.2.27/CHANGELOG
https://github.com/Cacti/spine/blob/release/1.2.27/CHANGELOG
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 22 2024 Carl George [carlwgeorge@fedoraproject.org] - 1.2.27-1
- Update to version 1.2.27
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2255602 - CVE-2023-49084 cacti: RCE when managing links [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255602
[ 2 ] Bug #2255606 - CVE-2023-49086 cacti: XSS when adding new devices [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255606
[ 3 ] Bug #2255667 - CVE-2023-49085 CVE-2023-49088 CVE-2023-50250 CVE-2023-51448 cacti: Multiple vulnerabilities [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255667
[ 4 ] Bug #2280482 - CVE-2024-34340 cacti: authentication bypass when using older password hashes [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280482
[ 5 ] Bug #2280497 - CVE-2024-29894 cacti: XSS vulnerability when using JavaScript based messaging API [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280497
[ 6 ] Bug #2280500 - CVE-2024-31458 CVE-2024-31459 CVE-2024-31460 cacti: multiple vulnerabilities [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280500
[ 7 ] Bug #2280503 - CVE-2024-31443 CVE-2024-31444 CVE-2024-31445 cacti: multiple vulnerabilties [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280503
[ 8 ] Bug #2280506 - CVE-2024-25641 cacti: remote code execution vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280506
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-27a594f71d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: cacti-1.2.27-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-27a594f71d
2024-05-31 02:13:07.316161
--------------------------------------------------------------------------------

Name : cacti
Product : Fedora 39
Version : 1.2.27
Release : 1.fc39
URL : https://www.cacti.net/
Summary : An rrd based graphing tool
Description :
Cacti is a complete frontend to RRDTool. It stores all of the
necessary information to create graphs and populate them with
data in a MySQL database. The frontend is completely PHP
driven.

--------------------------------------------------------------------------------
Update Information:

Update cacti and cacti-spine to version 1.2.27. This includes the upstream fixes
for many CVEs, including a critical remote code execution bug.
https://github.com/Cacti/cacti/blob/release/1.2.27/CHANGELOG
https://github.com/Cacti/spine/blob/release/1.2.27/CHANGELOG
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 21 2024 Carl George [carlwgeorge@fedoraproject.org] - 1.2.27-1
- Update to version 1.2.27
- CVE-2024-25641, CVE-2024-29894, CVE-2024-31443, CVE-2024-31444, CVE-2024-31445, CVE-2024-31458, CVE-2024-31459, CVE-2024-31460, CVE-2024-34340
* Tue May 21 2024 Carl George [carlwgeorge@fedoraproject.org] - 1.2.26-1
- Update to version 1.2.26
- CVE-2023-49084, CVE-2023-49085, CVE-2023-49086, CVE-2023-49088, CVE-2023-50250, CVE-2023-51448
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2255602 - CVE-2023-49084 cacti: RCE when managing links [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255602
[ 2 ] Bug #2255606 - CVE-2023-49086 cacti: XSS when adding new devices [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255606
[ 3 ] Bug #2255667 - CVE-2023-49085 CVE-2023-49088 CVE-2023-50250 CVE-2023-51448 cacti: Multiple vulnerabilities [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255667
[ 4 ] Bug #2280482 - CVE-2024-34340 cacti: authentication bypass when using older password hashes [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280482
[ 5 ] Bug #2280497 - CVE-2024-29894 cacti: XSS vulnerability when using JavaScript based messaging API [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280497
[ 6 ] Bug #2280500 - CVE-2024-31458 CVE-2024-31459 CVE-2024-31460 cacti: multiple vulnerabilities [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280500
[ 7 ] Bug #2280503 - CVE-2024-31443 CVE-2024-31444 CVE-2024-31445 cacti: multiple vulnerabilties [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280503
[ 8 ] Bug #2280506 - CVE-2024-25641 cacti: remote code execution vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280506
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-27a594f71d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: wireshark-4.2.5-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-cd1f01e5d9
2024-05-31 01:15:54.301433
--------------------------------------------------------------------------------

Name : wireshark
Product : Fedora 40
Version : 4.2.5
Release : 1.fc40
URL : http://www.wireshark.org/
Summary : Network traffic analyzer
Description :
Wireshark allows you to examine protocol data stored in files or as it is
captured from wired or wireless (WiFi or Bluetooth) networks, USB devices,
and many other sources. It supports dozens of protocol capture file formats
and understands more than a thousand protocols.

It has many powerful features including a rich display filter language
and the ability to reassemble multiple protocol packets in order to, for
example, view a complete TCP stream, save the contents of a file which was
transferred over HTTP or CIFS, or play back an RTP audio stream.

--------------------------------------------------------------------------------
Update Information:

New version 4.2.5. Includes fixes for CVE-2024-4853, CVE-2024-4854,
CVE-2024-4855.
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 22 2024 Michal Ruprich [mruprich@redhat.com] - 1:4.2.5-1
- New version 4.2.5
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2280712 - CVE-2024-4855 wireshark: Editcap byte chopping crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280712
[ 2 ] Bug #2280716 - CVE-2024-4854 wireshark: dissector infinite loop [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280716
[ 3 ] Bug #2280719 - CVE-2024-4853 wireshark: Editcap byte chopping crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280719
[ 4 ] Bug #2282006 - wireshark-4.2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2282006
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-cd1f01e5d9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: roundcubemail-1.6.7-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-680b8ba54e
2024-05-31 01:15:54.301384
--------------------------------------------------------------------------------

Name : roundcubemail
Product : Fedora 40
Version : 1.6.7
Release : 1.fc40
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

--------------------------------------------------------------------------------
Update Information:

Release 1.6.7
Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix bug where HTML entities in URLs were not decoded on HTML to plain text
conversion (#9312)
Fix bug in collapsing/expanding folders with some special characters in names
(#9324)
Fix PHP8 warnings (#9363, #9365, #9429)
Fix missing field labels in CSV import, for some locales (#9393)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user
preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 20 2024 Remi Collet [remi@remirepo.net] - 1.6.7-1
- update to 1.6.7
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2281597 - roundcubemail: fix for several security vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=2281597
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-680b8ba54e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--