Fedora Security Advisories

FEDORA-2024-dada06a500 Packages in this update:

• pypy-7.3.15-3.fc39

Update description:

Security fix for CVE-2023-5752 (in the bundled pip).

FEDORA-2024-797928fed3 Packages in this update:

• pypy-7.3.15-3.fc38

Update description:

Security fix for CVE-2023-5752 (in the bundled pip).

FEDORA-2024-305522ab38 Packages in this update:

• pypy-7.3.15-3.fc41

Update description:

Automatic update for pypy-7.3.15-3.fc41.

Changelog * Tue Apr 30 2024 Charalampos Stratakis <cstratak@redhat.com> - 7.3.15-3 - Security fix for CVE-2023-5752 for the bundled pip wheel - Resolves: rhbz#2250771

FEDORA-2024-bd9e67c117 Packages in this update:

• et-6.2.8-1.fc38

Update description:

Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258

Unbundle cpp-httlib, fixing CVE-2023-26130

FEDORA-EPEL-2024-90aea0505b Packages in this update:

• et-6.2.8-1.el9

Update description:

Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258

FEDORA-2024-b745c97f4b Packages in this update:

• et-6.2.8-1.fc40

Update description:

Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258

Unbundle cpp-httlib, fixing CVE-2023-26130

FEDORA-2024-94a155818c Packages in this update:

• et-6.2.8-1.fc39

Update description:

Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258

Unbundle cpp-httlib, fixing CVE-2023-26130

FEDORA-2024-07b7b83a4f Packages in this update:

• R-4.3.3-2.fc39

Update description:

Security fix for CVE-2024-27322

FEDORA-2024-bc590cb3f1 Packages in this update:

• R-4.3.3-2.fc38

Update description:

Security fix for CVE-2024-27322

FEDORA-2024-0539d2c8b0 Packages in this update:

• chromium-124.0.6367.91-1.fc40

Update description:

update to 124.0.6367.91

update to 124.0.6367.78

* Critical CVE-2024-4058: Type Confusion in ANGLE * High CVE-2024-4059: Out of bounds read in V8 API * High CVE-2024-4060: Use after free in Dawn

FEDORA-EPEL-2024-68b6d0dafe Packages in this update:

• chromium-124.0.6367.91-1.el9

Update description:

update to 124.0.6367.91

update to 124.0.6367.78

* Critical CVE-2024-4058: Type Confusion in ANGLE * High CVE-2024-4059: Out of bounds read in V8 API * High CVE-2024-4060: Use after free in Dawn

update to 124.0.6367.60

• High CVE-2024-3832: Object corruption in V8
• High CVE-2024-3833: Object corruption in WebAssembly
• High CVE-2024-3914: Use after free in V8
• High CVE-2024-3834: Use after free in Downloads
• Medium CVE-2024-3837: Use after free in QUIC
• Medium CVE-2024-3838: Inappropriate implementation in Autofill
• Medium CVE-2024-3839: Out of bounds read in Fonts
• Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
• Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
• Medium CVE-2024-3843: Insufficient data validation in Downloads
• Low CVE-2024-3844: Inappropriate implementation in Extensions
• Low CVE-2024-3845: Inappropriate implementation in Network
• Low CVE-2024-3846: Inappropriate implementation in Prompts
• Low CVE-2024-3847: Insufficient policy enforcement in WebUI

update to 123.0.6312.122

• High CVE-2024-3157: Out of bounds write in Compositing
• High CVE-2024-3516: Heap buffer overflow in ANGLE
• High CVE-2024-3515: Use after free in Dawn

FEDORA-2024-0c9d3b51d4 Packages in this update:

• tpm2-tools-5.7-1.fc40
• tpm2-tss-4.1.0-1.fc40

Update description:

tpm2-tss:

Fixed CVE-2024-29040

tpm2-tools:

Fixed CVE-2024-29038 Fixed CVE-2024-29039

FEDORA-2024-4512dc54af Packages in this update:

• tpm2-tools-5.5.1-1.fc39
• tpm2-tss-4.0.2-1.fc39

Update description:

tpm2-tss:

Fixed CVE-2024-29040

tpm2-tools:

Fixed CVE-2024-29038 Fixed CVE-2024-29039

FEDORA-2024-3265d70b61 Packages in this update:

• tpm2-tools-5.5.1-1.fc38
• tpm2-tss-4.0.2-1.fc38

Update description:

tpm2-tss:

Fixed CVE-2024-29040

tpm2-tools:

Fixed CVE-2024-29038 Fixed CVE-2024-29039

FEDORA-2024-a1246372a4 Packages in this update:

• webkit2gtk4.0-2.44.1-1.fc40

Update description:

Update to 2.44.1

FEDORA-2024-bc0db39a14 Packages in this update:

• kernel-6.8.8-200.fc39

Update description:

The 6.8.8 stable kernel update contains a number of important fixes across the tree.

FEDORA-2024-f35f9525d6 Packages in this update:

• kernel-6.8.8-100.fc38

Update description:

The 6.8.8 stable kernel update contains a number of important fixes across the tree.

FEDORA-2024-010fe8772a Packages in this update:

• kernel-6.8.8-300.fc40

Update description:

The 6.8.8 stable kernel update contains a number of important fixes across the tree.

FEDORA-2024-11821b16ac Packages in this update:

• gdcm-3.0.23-5.fc39

Update description: Security fixes

• TALOS-2024-1924, CVE-2024-22391: heap overflow
• TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
• TALOS-2024-1944, CVE-2024-25569: out-of-bounds read

Bug fixes

• Replace deprecated PyEval_CallObject for compatibility with Python 3.13

FEDORA-EPEL-2024-f5884f808a Packages in this update:

• gdcm-3.0.12-7.el9

Update description: Security fixes

• TALOS-2024-1924, CVE-2024-22391: heap overflow
• TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
• TALOS-2024-1944, CVE-2024-25569: out-of-bounds read

Bug fixes

• Replace deprecated PyEval_CallObject for compatibility with Python 3.13