Post Content
Category Archives: Advisories
GLSA 202408-23: GnuPG: Multiple Vulnerabilities
strongswan-5.9.14-5.el10_0
FEDORA-EPEL-2024-196be160cb
Packages in this update:
strongswan-5.9.14-5.el10_0
Update description:
Automatic update for strongswan-5.9.14-5.el10_0.
Changelog
* Sat Jul 27 2024 Michel Lind <salimma@fedoraproject.org> – 5.9.14-5
– Depend on openssl-devel-engine since we still use this deprecated feature (rhbz#2295335)
* Fri Jul 26 2024 Miroslav Suchý <msuchy@redhat.com> – 5.9.14-4
– convert license to SPDX
* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> – 5.9.14-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jun 7 2024 Python Maint <python-maint@redhat.com> – 5.9.14-2
– Rebuilt for Python 3.13
* Fri May 31 2024 Paul Wouters <paul.wouters@aiven.io> – 5.9.14-1
– Resolves: rhbz#2254560 CVE-2023-41913 buffer overflow and possible RCE
– Resolved: rhbz#2250666 Update to 5.9.14 (IKEv2 OCSP extensions, seqno/regno overflow handling
– Update to 5.9.13 (OCSP nonce set regression configuration option charon.ocsp_nonce_len)
– Update to 5.9.12 (CVE-2023-41913 fix, various IKEv2 fixes)
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> – 5.9.11-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> – 5.9.11-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jul 14 2023 Paul Wouters <paul.wouters@aiven.io – 5.9.11-1
– Resolves: rhbz#2214186 strongswan-5.9.11 is available
* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> – 5.9.10-2
– Rebuilt for Python 3.12
* Thu Mar 2 2023 Paul Wouters <paul.wouters@aiven.io – 5.9.10-1
– Update to 5.9.10
* Tue Feb 28 2023 Paul Wouters <paul.wouters@aiven.io – 5.9.9-3
– Resolves: CVE-2023-26463 authorization bypass in TLS-based EAP methods
* Mon Jan 16 2023 Petr Menšík <pemensik@redhat.com> – 5.9.9-2
– Use configure paths in manual pages (#2106120)
* Sun Jan 15 2023 Petr Menšík <pemensik@redhat.com> – 5.9.9-1
– Update to 5.9.9 (#2157850)
* Thu Dec 8 2022 Jitka Plesnikova <jplesnik@redhat.com> – 5.9.8-2
– Add BR perl-generators to automatically generates run-time dependencies
for installed Perl files
* Sun Oct 16 2022 Arne Reiter <redhat@arnereiter.de> – 5.9.8-1
– Resolves rhbz#2112274 strongswan-5.9.8 is available
– Patch1 removes CFLAGS -Wno-format which interferes with -Werror=format-security
– Add BuildRequire for autoconf and automake, now required for release
– Remove obsolete patches
rclone-1.67.0-1.fc41
FEDORA-2024-3ef0d3c37d
Packages in this update:
rclone-1.67.0-1.fc41
Update description:
Automatic update for rclone-1.67.0-1.fc41.
Changelog
* Fri Aug 9 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.67.0-1
– Update to 1.67.0 – Closes rhbz#2251762 rhbz#2292717 rhbz#2301235
rhbz#2255106
* Fri Jul 19 2024 Fedora Release Engineering <releng@fedoraproject.org> – 1.64.2-5
– Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> – 1.64.2-4
– Rebuild for golang 1.22.0
* Fri Jan 26 2024 Fedora Release Engineering <releng@fedoraproject.org> – 1.64.2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
USN-6926-3: Linux kernel (Azure) vulnerabilities
黄思聪 discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel did not properly handle certain memory allocation failure
conditions, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-46343)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)
Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and
Shweta Shinde discovered that the Confidential Computing framework in the
Linux kernel for x86 platforms did not properly handle 32-bit emulation on
TDX and SEV. An attacker with access to the VMM could use this to cause a
denial of service (guest crash) or possibly execute arbitrary code.
(CVE-2024-25744)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– HID subsystem;
– I2C subsystem;
– MTD block device drivers;
– Network drivers;
– TTY drivers;
– USB subsystem;
– File systems infrastructure;
– F2FS file system;
– SMB network file system;
– BPF subsystem;
– B.A.T.M.A.N. meshing protocol;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Netfilter;
– Unix domain sockets;
– AppArmor security module;
(CVE-2023-52435, CVE-2024-27013, CVE-2024-35984, CVE-2023-52620,
CVE-2024-35997, CVE-2023-52436, CVE-2024-26884, CVE-2024-26901,
CVE-2023-52469, CVE-2024-35978, CVE-2024-26886, CVE-2024-35982,
CVE-2024-36902, CVE-2024-26857, CVE-2024-26923, CVE-2023-52443,
CVE-2024-27020, CVE-2024-36016, CVE-2024-26840, CVE-2024-26934,
CVE-2023-52449, CVE-2024-26882, CVE-2023-52444, CVE-2023-52752)
firefox-129.0-1.fc39 nss-3.103.0-1.fc39
FEDORA-2024-4fcf85b0ff
Packages in this update:
firefox-129.0-1.fc39
nss-3.103.0-1.fc39
Update description:
Update NSS to 3.103.0
Update to Firefox 129.0
python3-docs-3.12.5-1.fc39 python3.12-3.12.5-1.fc39
FEDORA-2024-ce1992d46f
Packages in this update:
python3.12-3.12.5-1.fc39
python3-docs-3.12.5-1.fc39
Update description:
Update to 3.12.5
Fixes CVE-2024-6923 (email header injection)
python3-docs-3.12.5-1.fc40 python3.12-3.12.5-1.fc40
FEDORA-2024-80d1fe51d0
Packages in this update:
python3.12-3.12.5-1.fc40
python3-docs-3.12.5-1.fc40
Update description:
Update to 3.12.5
Fixes CVE-2024-6923 (email header injection)
firefox-129.0-1.fc40 nss-3.103.0-1.fc40
FEDORA-2024-7f0a88301b
Packages in this update:
firefox-129.0-1.fc40
nss-3.103.0-1.fc40
Update description:
Update NSS to 3.103.0
Update to Firefox 129.0
yyjson-0.10.0-2.el10_0
FEDORA-EPEL-2024-19e0ba9d5a
Packages in this update:
yyjson-0.10.0-2.el10_0
Update description:
Automatic update for yyjson-0.10.0-2.el10_0.
Changelog
* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> – 0.10.0-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Jul 15 2024 Packit <hello@packit.dev> – 0.10.0-1
– Update to 0.10.0 upstream release
– Resolves: rhbz#2297812
* Tue Apr 9 2024 topazus <topazus@outlook.com> – 0.9.0-1
– Update to 0.9.0; fix rhbz#2274045 and rhbz#2266791
* Tue Jan 30 2024 topazus <topazus@outlook.com> – 0.8.0-3
– Fix error of -Wno-implicit-int and -Wno-implicit-function-declaration
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> – 0.8.0-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Dec 12 2023 topazus <topazus@outlook.com> – 0.8.0-1
– initial import; rhbz#2254133