Fedora Linux 8546 Published by

Updated Amavis and Chromium packages are available for Fedora Linux to address security issues:

Fedora 39 Update: amavis-2.13.1-1.fc39
Fedora 38 Update: chromium-123.0.6312.58-1.fc38




Fedora 39 Update: amavis-2.13.1-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-3cf9eb64ba
2024-03-23 00:57:24.467296
--------------------------------------------------------------------------------

Name : amavis
Product : Fedora 39
Version : 2.13.1
Release : 1.fc39
URL : https://gitlab.com/amavis/amavis
Summary : Email filter with virus scanner and spamassassin support
Description :
amavis is a high-performance and reliable interface between mailer
(MTA) and one or more content checkers: virus scanners, and/or
Mail::SpamAssassin Perl module. It is written in Perl, assuring high
reliability, portability and maintainability. It talks to MTA via (E)SMTP
or LMTP, or by using helper programs. No timing gaps exist in the design
which could cause a mail loss.

--------------------------------------------------------------------------------
Update Information:

Update to version 2.13.1
Fix CVE-2024-28054
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 14 2024 Juan Orti Alcaine [jortialc@redhat.com] - 2.13.1-1
- Update to version 2.13.1
* Mon Jan 22 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.13.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.13.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-3cf9eb64ba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: chromium-123.0.6312.58-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-01f4c93547
2024-03-23 00:51:57.193889
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 38
Version : 123.0.6312.58
Release : 1.fc38
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 123.0.6312.58
* High CVE-2024-2625: Object lifecycle issue in V8
* Medium CVE-2024-2626: Out of bounds read in Swiftshader
* Medium CVE-2024-2627: Use after free in Canvas
* Medium CVE-2024-2628: Inappropriate implementation in Downloads
* Medium CVE-2024-2629: Incorrect security UI in iOS
* Medium CVE-2024-2630: Inappropriate implementation in iOS
* Low CVE-2024-2631: Inappropriate implementation in iOS
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 20 2024 Than Ngo [than@redhat.com] - 123.0.6312.58-1
- update to 123.0.6312.58
* High CVE-2024-2625: Object lifecycle issue in V8
* Medium CVE-2024-2626: Out of bounds read in Swiftshader
* Medium CVE-2024-2627: Use after free in Canvas
* Medium CVE-2024-2628: Inappropriate implementation in Downloads
* Medium CVE-2024-2629: Incorrect security UI in iOS
* Medium CVE-2024-2630: Inappropriate implementation in iOS
* Low CVE-2024-2631: Inappropriate implementation in iOS
* Fri Mar 15 2024 Than Ngo [than@redhat.com] - 123.0.6312.46-1
- update to 123.0.6312.46
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2270389 - CVE-2024-2626 CVE-2024-2627 CVE-2024-2628 CVE-2024-2629 CVE-2024-2630 CVE-2024-2631 chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2270389
[ 2 ] Bug #2270393 - CVE-2024-2625 chromium: chromium-browser: Object lifecycle issue in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2270393
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-01f4c93547' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--