Fedora Linux 8771 Published by

Fedora Linux has received several security updates for Fedora 41 (beta), including edk2-20240813-2, libgsf-1.14.53-1, rust-tonic-build-0.12.3-1, rust-tower-http-0.6.1-1, rust-tower-http0.5-0.5.2-1, rust-hyper-rustls-0.27.3-1, rust-rustls-native-certs0.7-0.7.3-1, rust-reqwest-0.12.8-1, and koji-1.35.1-1:

Fedora 41 Update: edk2-20240813-2.fc41
Fedora 41 Update: libgsf-1.14.53-1.fc41
Fedora 41 Update: rust-tonic-build-0.12.3-1.fc41
Fedora 41 Update: rust-tonic-0.12.3-1.fc41
Fedora 41 Update: rust-tower-http-0.6.1-1.fc41
Fedora 41 Update: rust-tower-http0.5-0.5.2-1.fc41
Fedora 41 Update: rust-tower0.4-0.4.13-1.fc41
Fedora 41 Update: rust-hyper-rustls-0.27.3-1.fc41
Fedora 41 Update: rust-tonic-types-0.12.3-1.fc41
Fedora 41 Update: rust-rustls-native-certs0.7-0.7.3-1.fc41
Fedora 41 Update: rust-reqwest-0.12.8-1.fc41
Fedora 41 Update: rust-rustls-native-certs-0.8.0-1.fc41
Fedora 41 Update: rust-tower-0.5.1-1.fc41
Fedora 41 Update: koji-1.35.1-1.fc41




[SECURITY] Fedora 41 Update: edk2-20240813-2.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-9cc95d56ce
2024-10-15 00:15:42.652984
--------------------------------------------------------------------------------

Name : edk2
Product : Fedora 41
Version : 20240813
Release : 2.fc41
URL : http://www.tianocore.org
Summary : UEFI firmware for 64-bit virtual machines
Description :
EDK II is a modern, feature-rich, cross-platform firmware development
environment for the UEFI and PI specifications. This package contains sample
64-bit UEFI firmware builds for QEMU and KVM.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-6237 (openssl: Excessive time spent checking invalid
RSA public keys)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 11 2024 Paolo Bonzini [pbonzini@redhat.com] - 20240813-2
- add openssl fix for CVE-2023-6237
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2258502 - CVE-2023-6237 openssl: Excessive time spent checking invalid RSA public keys
https://bugzilla.redhat.com/show_bug.cgi?id=2258502
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-9cc95d56ce' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: libgsf-1.14.53-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ff08c2b41a
2024-10-15 00:15:42.652959
--------------------------------------------------------------------------------

Name : libgsf
Product : Fedora 41
Version : 1.14.53
Release : 1.fc41
URL : https://gitlab.gnome.org/GNOME/libgsf/
Summary : GNOME Structured File library
Description :
A library for reading and writing structured files (e.g. MS OLE and Zip)

--------------------------------------------------------------------------------
Update Information:

Fixes for memory vulnerabilities.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 11 2024 Gwyn Ciesla [gwync@protonmail.com] - 1.14.53-1
- 1.14.53
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2317953 - (CVE-2024-42415) - CVE-2024-42415 libgsf: Compound Document Binary File Sector Allocation Table integer overflow vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2317953
[ 2 ] Bug #2317954 - (CVE-2024-36474) - CVE-2024-36474 libgsf: Compound Document Binary File Directory integer overflow vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2317954
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ff08c2b41a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: rust-tonic-build-0.12.3-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-347164df1c
2024-10-15 00:15:42.652894
--------------------------------------------------------------------------------

Name : rust-tonic-build
Product : Fedora 41
Version : 0.12.3
Release : 1.fc41
URL : https://crates.io/crates/tonic-build
Summary : Codegen module of tonic gRPC implementation
Description :
Codegen module of `tonic` gRPC implementation.

--------------------------------------------------------------------------------
Update Information:

Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package
for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version
0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for
version 0.5.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 8 2024 Cristian Le [cristian.le@mpsd.mpg.de] - 0.12.3-1
- Update to version 0.12.3 (RHBZ#2314946)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2316020 - CVE-2024-47609 rust-tonic: Remotely exploitable DoS in Tonic `