Fedora Linux 8552 Published by

The following security updates are available for Fedora Linux:

Fedora 38 Update: chromium-122.0.6261.57-1.fc38
Fedora 38 Update: mingw-openexr-3.1.10-4.fc38
Fedora 38 Update: mingw-python3-3.11.8-1.fc38
Fedora 38 Update: mingw-expat-2.6.0-1.fc38
Fedora 39 Update: mingw-expat-2.6.0-1.fc39
Fedora 39 Update: mingw-openexr-3.1.10-4.fc39
Fedora 39 Update: mingw-python3-3.11.8-1.fc39




Fedora 38 Update: chromium-122.0.6261.57-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-6a879cfa63
2024-02-25 01:24:47.525768
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 38
Version : 122.0.6261.57
Release : 1.fc38
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 122.0.6261.57
High CVE-2024-1669: Out of bounds memory access in Blink
High CVE-2024-1670: Use after free in Mojo
Medium CVE-2024-1671: Inappropriate implementation in Site Isolation
Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy
Medium CVE-2024-1673: Use after free in Accessibility
Medium CVE-2024-1674: Inappropriate implementation in Navigation
Medium CVE-2024-1675: Insufficient policy enforcement in Download
Low CVE-2024-1676: Inappropriate implementation in Navigation
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 21 2024 Than Ngo [than@redhat.com] - 122.0.6261.57-1
- update to 122.0.6261.57
* High CVE-2024-1669: Out of bounds memory access in Blink
* High CVE-2024-1670: Use after free in Mojo
* Medium CVE-2024-1671: Inappropriate implementation in Site Isolation
* Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy
* Medium CVE-2024-1673: Use after free in Accessibility
* Medium CVE-2024-1674: Inappropriate implementation in Navigation
* Medium CVE-2024-1675: Insufficient policy enforcement in Download
* Low CVE-2024-1676: Inappropriate implementation in Navigation.
* Sun Feb 18 2024 Than Ngo [than@redhat.com] - 122.0.6261.39-1
- update to 122.0.6261.39
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6a879cfa63' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: mingw-openexr-3.1.10-4.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f4d51715fe
2024-02-25 01:24:47.525747
--------------------------------------------------------------------------------

Name : mingw-openexr
Product : Fedora 38
Version : 3.1.10
Release : 4.fc38
URL : http://www.openexr.com/
Summary : MinGW Windows openexr library
Description :
MinGW Windows openexr library.

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2023-5841.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 16 2024 Sandro Mani [manisandro@gmail.com] - 3.1.10-4
- Backport patch for CVE-2023-5841
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Aug 4 2023 Sandro Mani [manisandro@gmail.com] - 3.1.10-1
- Update to 3.1.10
* Thu Jul 20 2023 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jul 18 2023 Sandro Mani [manisandro@gmail.com] - 3.1.9-1
- Update to 3.1.9
* Fri May 19 2023 Sandro Mani [manisandro@gmail.com] - 3.1.7-1
- Update to 3.1.7
* Mon Mar 20 2023 Sandro Mani [manisandro@gmail.com] - 3.1.6-1
- Update to 3.1.6
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2262407 - TRIAGE CVE-2023-5841 mingw-openexr: OpenEXR: Heap Overflow in Scanline Deep Data Parsing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2262407
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f4d51715fe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: mingw-python3-3.11.8-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-94e0390e4e
2024-02-25 01:24:47.525729
--------------------------------------------------------------------------------

Name : mingw-python3
Product : Fedora 38
Version : 3.11.8
Release : 1.fc38
URL : https://www.python.org/
Summary : MinGW Windows python3
Description :
MinGW Windows python3

--------------------------------------------------------------------------------
Update Information:

Update to python3.11.8, backport fix for CVE-2023-27043.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 16 2024 Sandro Mani [manisandro@gmail.com] - 3.11.8-1
- Update to 3.11.8
- Backport patch for CVE-2023-27043
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.11.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.11.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2196185 - CVE-2023-27043 mingw-python3: python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2196185
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-94e0390e4e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: mingw-expat-2.6.0-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b8656bc059
2024-02-25 01:24:47.525735
--------------------------------------------------------------------------------

Name : mingw-expat
Product : Fedora 38
Version : 2.6.0
Release : 1.fc38
URL : http://www.libexpat.org/
Summary : MinGW Windows port of expat XML parser library
Description :
This is expat, the C library for parsing XML, written by James Clark. Expat
is a stream oriented XML parser. This means that you register handlers with
the parser prior to starting the parse. These handlers are called when the
parser discovers the associated structures in the document being parsed. A
start tag is an example of the kind of structures for which you may
register handlers.

--------------------------------------------------------------------------------
Update Information:

Update to 2.6.0, fixes CVE-2023-52425, CVE-2023-52426.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 16 2024 Sandro Mani [manisandro@gmail.com] - 2.6.0-1
- Update to 2.6.0
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.5.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.5.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering [releng@fedoraproject.org] - 2.5.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2262883 - TRIAGE CVE-2023-52425 mingw-expat: expat: parsing large tokens can trigger a denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2262883
[ 2 ] Bug #2262886 - TRIAGE CVE-2023-52426 mingw-expat: expat: recursive XML entity expansion vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2262886
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b8656bc059' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: mingw-expat-2.6.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-fbe1f0c1aa
2024-02-25 01:24:49.965736
--------------------------------------------------------------------------------

Name : mingw-expat
Product : Fedora 39
Version : 2.6.0
Release : 1.fc39
URL : http://www.libexpat.org/
Summary : MinGW Windows port of expat XML parser library
Description :
This is expat, the C library for parsing XML, written by James Clark. Expat
is a stream oriented XML parser. This means that you register handlers with
the parser prior to starting the parse. These handlers are called when the
parser discovers the associated structures in the document being parsed. A
start tag is an example of the kind of structures for which you may
register handlers.

--------------------------------------------------------------------------------
Update Information:

Update to 2.6.0, fixes CVE-2023-52425, CVE-2023-52426.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 16 2024 Sandro Mani [manisandro@gmail.com] - 2.6.0-1
- Update to 2.6.0
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.5.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.5.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2262883 - TRIAGE CVE-2023-52425 mingw-expat: expat: parsing large tokens can trigger a denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2262883
[ 2 ] Bug #2262886 - TRIAGE CVE-2023-52426 mingw-expat: expat: recursive XML entity expansion vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2262886
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-fbe1f0c1aa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: mingw-openexr-3.1.10-4.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-7fc5bae919
2024-02-25 01:24:49.965749
--------------------------------------------------------------------------------

Name : mingw-openexr
Product : Fedora 39
Version : 3.1.10
Release : 4.fc39
URL : http://www.openexr.com/
Summary : MinGW Windows openexr library
Description :
MinGW Windows openexr library.

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2023-5841.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 16 2024 Sandro Mani [manisandro@gmail.com] - 3.1.10-4
- Backport patch for CVE-2023-5841
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2262407 - TRIAGE CVE-2023-5841 mingw-openexr: OpenEXR: Heap Overflow in Scanline Deep Data Parsing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2262407
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-7fc5bae919' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: mingw-python3-3.11.8-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8df4ac93d7
2024-02-25 01:24:49.965730
--------------------------------------------------------------------------------

Name : mingw-python3
Product : Fedora 39
Version : 3.11.8
Release : 1.fc39
URL : https://www.python.org/
Summary : MinGW Windows python3
Description :
MinGW Windows python3

--------------------------------------------------------------------------------
Update Information:

Update to python3.11.8, backport fix for CVE-2023-27043.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 16 2024 Sandro Mani [manisandro@gmail.com] - 3.11.8-1
- Update to 3.11.8
- Backport patch for CVE-2023-27043
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.11.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.11.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2196185 - CVE-2023-27043 mingw-python3: python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2196185
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8df4ac93d7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--