Fedora Security Advisories

FEDORA-2024-f93392509c Packages in this update:

• chromium-124.0.6367.155-1.fc38

Update description:

• update to 124.0.6367.155

  • High CVE-2024-4558: Use after free in ANGLE
  • High CVE-2024-4559: Heap buffer overflow in WebAudio

update to 124.0.6367.118

* High CVE-2024-4331: Use after free in Picture In Picture * High CVE-2024-4368: Use after free in Dawn

update to 124.0.6367.91

FEDORA-2024-55e7e839f1 Packages in this update:

• chromium-124.0.6367.155-1.fc39

Update description:

• update to 124.0.6367.155

  • High CVE-2024-4558: Use after free in ANGLE
  • High CVE-2024-4559: Heap buffer overflow in WebAudio

FEDORA-2024-fd2569c4e9 Packages in this update:

• glib2-2.78.6-1.fc39
• gnome-shell-45.6-2.fc39

Update description:

Resolve CVE-2024-34397 (GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing), and also update gnome-shell to ensure this fix does not break the screencast feature.

FEDORA-2024-635a54eb7e Packages in this update:

• glib2-2.80.2-1.fc40
• gnome-shell-46.1-2.fc40

Update description:

Resolve CVE-2024-34397 (GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing), and also update gnome-shell to ensure this fix does not break the screencast feature.

FEDORA-2024-2ce1c754f7 Packages in this update:

• mingw-glib2-2.80.1-1.fc40

Update description:

Update glib2 to fix CVE-2024-34397.

FEDORA-2024-be032e564d Packages in this update:

• mingw-glib2-2.78.5-1.fc39

Update description:

Update glib2 to fix CVE-2024-34397.

FEDORA-2024-775b385d13 Packages in this update:

• glib2-2.78.5-1.fc39

Update description:

Resolve CVE-2024-34397 (GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing), and also update gnome-shell to ensure this fix does not break the screencast feature.

FEDORA-2024-731f6da9a5 Packages in this update:

• glib2-2.80.1-1.fc40

Update description:

Resolve CVE-2024-34397 (GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing), and also update gnome-shell to ensure this fix does not break the screencast feature.

FEDORA-EPEL-2024-f7310355bb Packages in this update:

• djvulibre-3.5.28-5.el8

Update description:

Security fix for CVE-2021-46310 and CVE-2021-46312.

FEDORA-EPEL-2024-ff0fd23aa7 Packages in this update:

• djvulibre-3.5.28-4.el9

Update description:

Security fix for CVE-2021-46310 and CVE-2021-46312.

FEDORA-2024-e8b9bedd36 Packages in this update:

• djvulibre-3.5.28-6.fc38

Update description:

Security fix for CVE-2021-46310 and CVE-2021-46312.

FEDORA-2024-d20163632f Packages in this update:

• djvulibre-3.5.28-9.fc40

Update description:

Security fix for CVE-2021-46310 and CVE-2021-46312.

FEDORA-2024-891c09df97 Packages in this update:

• djvulibre-3.5.28-7.fc39

Update description:

Security fix for CVE-2021-46310 and CVE-2021-46312.

FEDORA-2024-e609c057ad Packages in this update:

• mingw-python-jinja2-3.1.4-1.fc39

Update description:

Update to jinja2-3.1.4, fixes CVE-2024-34064.

FEDORA-2024-e3caf31c98 Packages in this update:

• mingw-python-jinja2-3.1.4-1.fc40

Update description:

Update to jinja2-3.1.4, fixes CVE-2024-34064.

FEDORA-2024-8e8ff9d6ec Packages in this update:

• mingw-python-werkzeug-3.0.3-1.fc40

Update description:

Update to werkzeug-3.0.3, fixes CVE-2024-34069.

FEDORA-2024-24e4bba70f Packages in this update:

• python-tqdm-4.66.4-2.fc38

Update description:

Address CVE-2024-34062 (local code execution)

FEDORA-2024-ef71921bde Packages in this update:

• python-tqdm-4.66.4-2.fc39

Update description:

Address CVE-2024-34062 (local code execution)

FEDORA-2024-35acb3b48f Packages in this update:

• python-tqdm-4.66.4-2.fc40

Update description:

Address CVE-2024-34062 (local code execution)

FEDORA-2024-93f31f5de6 Packages in this update:

• nano-7.2-7.fc40

Update description:

fix emergency file replacement vulnerability

Resolves: rhbz#2277586