Fedora Linux 8797 Published by

The following security updates have been released for Fedora 40:

[SECURITY] Fedora 40 Update: calibre-7.17.0-3.fc40
[SECURITY] Fedora 40 Update: dotnet8.0-8.0.108-1.fc40
[SECURITY] Fedora 40 Update: webkit2gtk4.0-2.44.3-2.fc40
[SECURITY] Fedora 40 Update: webkitgtk-2.44.3-2.fc40




[SECURITY] Fedora 40 Update: calibre-7.17.0-3.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a455bea9ca
2024-08-27 17:07:11.621204
--------------------------------------------------------------------------------

Name : calibre
Product : Fedora 40
Version : 7.17.0
Release : 3.fc40
URL : https://calibre-ebook.com/
Summary : E-book converter and library manager
Description :
Calibre is meant to be a complete e-library solution. It includes library
management, format conversion, news feeds to ebook conversion as well as
e-book reader sync features.

Calibre is primarily a ebook cataloging program. It manages your ebook
collection for you. It is designed around the concept of the logical book,
i.e. a single entry in the database that may correspond to ebooks in several
formats. It also supports conversion to and from a dozen different ebook
formats.

Supported input formats are: MOBI, LIT, PRC, EPUB, CHM, ODT, HTML, CBR, CBZ,
RTF, TXT, PDF and LRS.

--------------------------------------------------------------------------------
Update Information:

Fix fonts for < f41 releases.
Upgrade to latest upstream release to fix 4 CVE's and enable new hardware
--------------------------------------------------------------------------------
ChangeLog:

* Sun Aug 25 2024 Kevin Fenzi [kevin@scrye.com] - 7.17.0-2
- Fix font conditionals to handle f40 and older correctly
* Sat Aug 24 2024 Kevin Fenzi [kevin@scrye.com] - 7.17.0-1
- Update to 7.17.0. Fixes rhbz#2307557
* Wed Aug 21 2024 Parag Nemade [pnemade@fedoraproject.org] - 7.16.0-3
- Update to use new Liberation fonts installation path for F41+ releases.
* Thu Aug 15 2024 Kevin Fenzi [kevin@scrye.com] - 7.16.0-2
- Remove pycryptdome as a BuildRequires
* Sun Aug 4 2024 Kevin Fenzi [kevin@scrye.com] - 7.16.0-1
- Update to calibre 7.16.0. Fixes rhbz#2302040
* Sat Jul 20 2024 Kevin Fenzi [kevin@scrye.com] - 7.15.0-1
- Update to 7.15.0. Fixes rhbz#2298824
* Wed Jul 17 2024 Fedora Release Engineering [releng@fedoraproject.org] - 7.14.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jul 13 2024 Kevin Fenzi [kevin@scrye.com] - 7.14.0-1
- Update to 7.14.0. Fixes rhbz#2297462
* Sun Jul 7 2024 Kevin Fenzi [kevin@scrye.com] - 7.13.0-2
- correct path for liberation fonts
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2303060 - CVE-2024-7009 calibre: From NVD collector [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2303060
[ 2 ] Bug #2303063 - CVE-2024-7008 calibre: Unsanitized user-input in Calibre allow attackers to perform reflected cross-site scripting [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2303063
[ 3 ] Bug #2303065 - CVE-2024-6782 calibre: Improper access control in Calibre allow unauthenticated attackers to achieve remote code execution. [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2303065
[ 4 ] Bug #2303067 - CVE-2024-6781 calibre: Path traversal in Calibre allow unauthenticated attackers to achieve arbitrary file read. [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2303067
[ 5 ] Bug #2307794 - Crash at start of "calibre"
https://bugzilla.redhat.com/show_bug.cgi?id=2307794
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a455bea9ca' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: dotnet8.0-8.0.108-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f4eb809b49
2024-08-27 17:07:11.621114
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 40
Version : 8.0.108
Release : 1.fc40
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the August 2024 monthly update for .NET 8. This includes a fix for
CVE-2024-38167
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.8/8.0.108.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.8/8.0.8.md
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 13 2024 Omair Majid [omajid@redhat.com] - 8.0.108-1
- Update to .NET SDK 8.0.108 and Runtime 8.0.8
* Wed Jul 17 2024 Fedora Release Engineering [releng@fedoraproject.org] - 8.0.107-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f4eb809b49' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: webkit2gtk4.0-2.44.3-2.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-1f1c0537d3
2024-08-27 17:07:11.621078
--------------------------------------------------------------------------------

Name : webkit2gtk4.0
Product : Fedora 40
Version : 2.44.3
Release : 2.fc40
URL : https://www.webkitgtk.org/
Summary : WebKitGTK for GTK 3 and libsoup 2
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform. This package contains WebKitGTK for GTK 3 and libsoup 2.

--------------------------------------------------------------------------------
Update Information:

Update to 2.44.3
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 16 2024 Michael Catanzaro [mcatanzaro@redhat.com] - 2.44.3-2
- Add patch to fix WebAssembly
* Wed Aug 14 2024 Pete Walter [pwalter@fedoraproject.org] - 2.44.3-1
- Update to 2.44.3
* Sat Jul 20 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.44.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Tue Jun 18 2024 Michael Catanzaro [mcatanzaro@redhat.com] - 2.44.2-2
- Add patch to fix excessive CPU usage
* Tue Jun 18 2024 Pete Walter [pwalter@fedoraproject.org] - 2.44.2-1
- Update to 2.44.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2282416 - CVE-2024-27834 webkit2gtk4.0: webkit: pointer authentication bypass [fedora-rawhide]
https://bugzilla.redhat.com/show_bug.cgi?id=2282416
[ 2 ] Bug #2301845 - CVE-2024-40776 webkit2gtk4.0: Use after free may lead to Remote Code Execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2301845
[ 3 ] Bug #2302091 - CVE-2024-40782 webkit2gtk4.0: Use after free may lead to Remote Code Execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2302091
[ 4 ] Bug #2302092 - CVE-2024-40780 webkit2gtk4.0: Out-of-bounds read was addressed with improved bounds checking [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2302092
[ 5 ] Bug #2302098 - CVE-2024-40779 webkit2gtk4.0: Out-of-bounds read was addressed with improved bounds checking [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2302098
[ 6 ] Bug #2302105 - CVE-2024-40789 webkit2gtk4.0: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2302105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-1f1c0537d3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: webkitgtk-2.44.3-2.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-6b8845e3f0
2024-08-27 17:07:11.621055
--------------------------------------------------------------------------------

Name : webkitgtk
Product : Fedora 40
Version : 2.44.3
Release : 2.fc40
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.

--------------------------------------------------------------------------------
Update Information:

Fix web process cache suspend/resume when sandbox is enabled.
Fix accelerated images disappearing after scrolling.
Fix video flickering with DMA-BUF sink.
Fix pointer lock on X11.
Fix movement delta on mouse events in GTK3.
Undeprecate console message API and make it available in 2022 API.
Fix several crashes and rendering issues.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 15 2024 Michael Catanzaro [mcatanzaro@redhat.com] - 2.44.3-2
- Add patch to fix WebAssembly
* Tue Aug 13 2024 Michael Catanzaro [mcatanzaro@redhat.com] - 2.44.3-1
- Update to 2.44.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2301844 - CVE-2024-40776 webkitgtk: Use after free may lead to Remote Code Execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2301844
[ 2 ] Bug #2302095 - CVE-2024-40779 webkitgtk: Out-of-bounds read was addressed with improved bounds checking [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2302095
[ 3 ] Bug #2302096 - CVE-2024-40780 webkitgtk: Out-of-bounds read was addressed with improved bounds checking [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2302096
[ 4 ] Bug #2302097 - CVE-2024-40789 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2302097
[ 5 ] Bug #2302101 - CVE-2024-40782 webkitgtk: Use after free may lead to Remote Code Execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2302101
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6b8845e3f0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--