Fedora Linux 8637 Published by

The following security updates have been released for Fedora Linux:

Fedora 39 Update: firefox-128.0-1.fc39
Fedora 39 Update: squid-6.10-1.fc39
Fedora 40 Update: qt6-qtbase-6.7.2-3.fc40
Fedora 40 Update: onnx-1.14.1-3.fc40
Fedora 40 Update: squid-6.10-1.fc40
Fedora 40 Update: wordpress-6.5.5-1.fc40
Fedora 40 Update: dotnet8.0-8.0.105-1.fc40




Fedora 39 Update: firefox-128.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-fc815ee65f
2024-07-11 01:21:45.282903
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 39
Version : 128.0
Release : 1.fc39
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

Updated to latest upstream (128.0)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 2 2024 Martin Stransky [stransky@redhat.com] - 128.0-1
- Update to 128.0
* Tue Jul 2 2024 Martin Stransky [stransky@redhat.com] - 127.0.2-2
- Allow to override MOZ_DBUS_APP_NAME
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-fc815ee65f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 39 Update: squid-6.10-1.fc39


--



Fedora 40 Update: qt6-qtbase-6.7.2-3.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-9bf3ff4133
2024-07-11 01:14:50.363603
--------------------------------------------------------------------------------

Name : qt6-qtbase
Product : Fedora 40
Version : 6.7.2
Release : 3.fc40
URL : http://qt-project.org/
Summary : Qt6 - QtBase components
Description :
Qt is a software toolkit for developing applications.

This package contains base tools, like string, xml, and network
handling.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2024-39936.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 8 2024 Jan Grulich [jgrulich@redhat.com] - 6.7.2-3
- HTTP2: Delay any communication until encrypted() can be responded to
Resolves: CVE-2024-39936
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2295882 - CVE-2024-39936 qt6-qtbase: Delay any communication until encrypted() can be responded to [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2295882
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-9bf3ff4133' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 40 Update: onnx-1.14.1-3.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d9c7181a19
2024-07-11 01:14:50.363448
--------------------------------------------------------------------------------

Name : onnx
Product : Fedora 40
Version : 1.14.1
Release : 3.fc40
URL : https://github.com/onnx/onnx
Summary : Open standard for machine learning interoperability
Description :
onnx provides an open source format for AI models, both deep learning and
traditional ML. It defines an extensible computation graph model, as well as
definitions of built-in operators and standard data types.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-5187
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 2 2024 Alejandro Alvarez Ayllon [a.alvarezayllon@gmail.com] - 1.14.1-3
- Backport of fix for CVE-2024-5187
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2290806 - CVE-2024-5187 onnx: arbitrary file overwrite in download_model_with_test_data
https://bugzilla.redhat.com/show_bug.cgi?id=2290806
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d9c7181a19' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 40 Update: squid-6.10-1.fc40


--



Fedora 40 Update: wordpress-6.5.5-1.fc40


--



Fedora 40 Update: dotnet8.0-8.0.105-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-56fb9c0762
2024-07-11 01:14:50.363287
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 40
Version : 8.0.105
Release : 1.fc40
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the May 2024 release for .NET 8.
This is a security update for .NET 8.
Release notes: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.5/8.0.5.md
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 14 2024 Omair Majid [omajid@redhat.com] - 8.0.105-1
- Update to .NET SDK 8.0.105 and Runtime 8.0.5
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-56fb9c0762' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--