Fedora Linux 8801 Published by

The following security updates have been released for Fedora Linux:

[SECURITY] Fedora 39 Update: firefox-130.0-3.fc39
[SECURITY] Fedora 40 Update: expat-2.6.3-1.fc40
[SECURITY] Fedora 40 Update: aardvark-dns-1.12.2-2.fc40




[SECURITY] Fedora 39 Update: firefox-130.0-3.fc39


--



[SECURITY] Fedora 40 Update: expat-2.6.3-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f27c29c09c
2024-09-10 02:09:08.389608
--------------------------------------------------------------------------------

Name : expat
Product : Fedora 40
Version : 2.6.3
Release : 1.fc40
URL : https://libexpat.github.io/
Summary : An XML parser library
Description :
This is expat, the C library for parsing XML, written by James Clark. Expat
is a stream oriented XML parser. This means that you register handlers with
the parser prior to starting the parse. These handlers are called when the
parser discovers the associated structures in the document being parsed. A
start tag is an example of the kind of structures for which you may
register handlers.

--------------------------------------------------------------------------------
Update Information:

Rebase to version 2.6.3
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 5 2024 Tomas Korbar [tkorbar@redhat.com] - 2.6.3-1
- Rebase to version 2.6.3
- Resolves: rhbz#2309690
- Resolves: CVE-2024-45492
- Resolves: CVE-2024-45491
- Resolves: CVE-2024-45490
* Wed Jul 17 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.6.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2308683 - CVE-2024-45490 expat: Negative Length Parsing Vulnerability in libexpat [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2308683
[ 2 ] Bug #2310144 - CVE-2024-45491 expat: Integer Overflow or Wraparound [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2310144
[ 3 ] Bug #2310150 - CVE-2024-45492 expat: integer overflow [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2310150
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f27c29c09c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: aardvark-dns-1.12.2-2.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-141d029304
2024-09-10 02:09:08.389572
--------------------------------------------------------------------------------

Name : aardvark-dns
Product : Fedora 40
Version : 1.12.2
Release : 2.fc40
URL : https://github.com/containers/aardvark-dns
Summary : Authoritative DNS server for A/AAAA container records
Description :
Authoritative DNS server for A/AAAA container records

Forwards other request to configured resolvers.
Read more about configuration in `src/backend/mod.rs`.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-8418
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 5 2024 Lokesh Mandvekar [lsm5@fedoraproject.org] - 2:1.12.2-2
- install builddeps for tmt tests
* Wed Sep 4 2024 Packit [hello@packit.dev] - 2:1.12.2-1
- Update to 1.12.2 upstream release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2309683 - CVE-2024-8418 containers/aardvark-dns: TCP Query Handling Flaw in Aardvark-dns Leading to Denial of Service
https://bugzilla.redhat.com/show_bug.cgi?id=2309683
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-141d029304' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--