Monthly Archives: March 2024

Advisories

containers-common-0.58.0-2.fc40 netavark-1.10.3-3.fc40 podman-5.0.0-1.fc40

Read Time:5 Minute, 3 Second

FEDORA-2024-a267e93f8c

Packages in this update:

containers-common-0.58.0-2.fc40
netavark-1.10.3-3.fc40
podman-5.0.0-1.fc40

Update description:

Security fix for CVE-2024-1753

Automatic update for podman-5.0.0-1.fc40.

Changelog for podman

* Tue Mar 19 2024 Packit <hello@packit.dev> – 5:5.0.0-1
– [packit] 5.0.0 upstream release

* Fri Mar 15 2024 Packit <hello@packit.dev> – 5:5.0.0~rc7-1
– [packit] 5.0.0-rc7 upstream release

* Wed Mar 13 2024 Lokesh Mandvekar <lsm5@redhat.com> – 5:5.0.0~rc6-2
– Resolves: #2269148 – make passt a hard dep

* Mon Mar 11 2024 Packit <hello@packit.dev> – 5:5.0.0~rc6-1
– [packit] 5.0.0-rc6 upstream release

* Fri Mar 08 2024 Packit <hello@packit.dev> – 5:5.0.0~rc5-1
– [packit] 5.0.0-rc5 upstream release

* Tue Mar 05 2024 Packit <hello@packit.dev> – 5:5.0.0~rc4-1
– [packit] 5.0.0-rc4 upstream release

* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:5.0.0~rc3-5
– Show the toolbox RPMs used to run the tests

* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:5.0.0~rc3-4
– Avoid running out of storage space when running the Toolbx tests

* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:5.0.0~rc3-3
– Silence warnings about deprecated grep(1) use in test logs

* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:5.0.0~rc3-2
– Update how Toolbx is spelt

* Thu Feb 22 2024 Packit <hello@packit.dev> – 5:5.0.0~rc3-1
– [packit] 5.0.0-rc3 upstream release

Automatic update for podman-5.0.0~rc7-1.fc40.

Changelog for podman

* Fri Mar 15 2024 Packit <hello@packit.dev> – 5:5.0.0~rc7-1
– [packit] 5.0.0-rc7 upstream release

* Wed Mar 13 2024 Lokesh Mandvekar <lsm5@redhat.com> – 5:5.0.0~rc6-2
– Resolves: #2269148 – make passt a hard dep

* Mon Mar 11 2024 Packit <hello@packit.dev> – 5:5.0.0~rc6-1
– [packit] 5.0.0-rc6 upstream release

* Fri Mar 08 2024 Packit <hello@packit.dev> – 5:5.0.0~rc5-1
– [packit] 5.0.0-rc5 upstream release

* Tue Mar 05 2024 Packit <hello@packit.dev> – 5:5.0.0~rc4-1
– [packit] 5.0.0-rc4 upstream release

* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:5.0.0~rc3-5
– Show the toolbox RPMs used to run the tests

* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:5.0.0~rc3-4
– Avoid running out of storage space when running the Toolbx tests

* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:5.0.0~rc3-3
– Silence warnings about deprecated grep(1) use in test logs

* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:5.0.0~rc3-2
– Update how Toolbx is spelt

* Thu Feb 22 2024 Packit <hello@packit.dev> – 5:5.0.0~rc3-1
– [packit] 5.0.0-rc3 upstream release

make passt and netavark hard dependencies for podman

Automatic update for podman-5.0.0~rc6-1.fc40.

Changelog for podman

* Mon Mar 11 2024 Packit <hello@packit.dev> – 5:5.0.0~rc6-1
– [packit] 5.0.0-rc6 upstream release

* Fri Mar 08 2024 Packit <hello@packit.dev> – 5:5.0.0~rc5-1
– [packit] 5.0.0-rc5 upstream release

* Tue Mar 05 2024 Packit <hello@packit.dev> – 5:5.0.0~rc4-1
– [packit] 5.0.0-rc4 upstream release

* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:5.0.0~rc3-5
– Show the toolbox RPMs used to run the tests

* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:5.0.0~rc3-4
– Avoid running out of storage space when running the Toolbx tests

* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:5.0.0~rc3-3
– Silence warnings about deprecated grep(1) use in test logs

* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:5.0.0~rc3-2
– Update how Toolbx is spelt

* Thu Feb 22 2024 Packit <hello@packit.dev> – 5:5.0.0~rc3-1
– [packit] 5.0.0-rc3 upstream release

Automatic update for podman-5.0.0~rc5-1.fc40.

Changelog for podman

* Fri Mar 08 2024 Packit <hello@packit.dev> – 5:5.0.0~rc5-1
– [packit] 5.0.0-rc5 upstream release

* Tue Mar 05 2024 Packit <hello@packit.dev> – 5:5.0.0~rc4-1
– [packit] 5.0.0-rc4 upstream release

* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:5.0.0~rc3-5
– Show the toolbox RPMs used to run the tests

* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:5.0.0~rc3-4
– Avoid running out of storage space when running the Toolbx tests

* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:5.0.0~rc3-3
– Silence warnings about deprecated grep(1) use in test logs

* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:5.0.0~rc3-2
– Update how Toolbx is spelt

* Thu Feb 22 2024 Packit <hello@packit.dev> – 5:5.0.0~rc3-1
– [packit] 5.0.0-rc3 upstream release

Automatic update for podman-5.0.0~rc4-1.fc40.

Automatic update for podman-5.0.0~rc3-1.fc40.

Removing podman 5.0.0-rc6 build to let the rest of this get past gating. We already have v5.0.0 bodhi for f40.

Read More

Advisories

USN-6703-1: Firefox vulnerabilities

Read Time:1 Minute, 22 Second

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-2609,
CVE-2024-2611, CVE-2024-2614, CVE-2024-2615)

Hubert Kario discovered that Firefox had a timing side-channel when
performing RSA decryption. A remote attacker could possibly use this
issue to recover sensitive information. (CVE-2023-5388)

It was discovered that Firefox did not properly handle WASM register
values in some circumstances. An attacker could potentially exploit this
issue to cause a denial of service. (CVE-2024-2606)

Gary Kwong discovered that Firefox incorrectly updated return registers
for JIT code on Armv7-A systems. An attacker could potentially exploit
this issue to execute arbitrary code. (CVE-2024-2607)

Ronald Crane discovered that Firefox did not properly manage memory during
character encoding. An attacker could potentially exploit this issue to
cause a denial of service. (CVE-2024-2608)

Georg Felber and Marco Squarcina discovered that Firefox incorrectly
handled html and body tags. An attacker who was able to inject markup into
a page otherwise protected by a Content Security Policy may have been able
obtain sensitive information. (CVE-2024-2610)

Ronald Crane discovered a use-after-free in Firefox when handling code in
SafeRefPtr. An attacker could potentially exploit this issue to cause a
denial of service, or execute arbitrary code. (CVE-2024-2612)

Max Inden discovered that Firefox incorrectly handled QUIC ACK frame
decoding. A attacker could potentially exploit this issue to cause a
denial of service. (CVE-2024-2613)

Read More

Advisories

USN-6702-1: Linux kernel vulnerabilities

Read Time:55 Second

It was discovered that the NVIDIA Tegra XUSB pad controller driver in the
Linux kernel did not properly handle return values in certain error
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-23000)

It was discovered that the ARM Mali Display Processor driver implementation
in the Linux kernel did not properly handle certain error conditions. A
local attacker could possibly use this to cause a denial of service (system
crash). (CVE-2023-23004)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)

It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)

Read More