Fedora Linux 8771 Published by

The following security updates have been released for Fedora Linux:

Fedora 39 Update: gnome-shell-45.6-2.fc39
Fedora 39 Update: glib2-2.78.6-1.fc39
Fedora 39 Update: uriparser-0.9.8-1.fc39
Fedora 39 Update: tcpdump-4.99.4-4.fc39
Fedora 39 Update: tpm2-tss-4.0.2-1.fc39
Fedora 39 Update: tpm2-tools-5.5.1-1.fc39
Fedora 38 Update: uriparser-0.9.8-1.fc38
Fedora 38 Update: tpm2-tools-5.5.1-1.fc38




Fedora 39 Update: gnome-shell-45.6-2.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-fd2569c4e9
2024-05-14 03:27:20.127802
--------------------------------------------------------------------------------

Name : gnome-shell
Product : Fedora 39
Version : 45.6
Release : 2.fc39
URL : https://wiki.gnome.org/Projects/GnomeShell
Summary : Window management and application launching for GNOME
Description :
GNOME Shell provides core user interface functions for the GNOME 3 desktop,
like switching to windows and launching applications. GNOME Shell takes
advantage of the capabilities of modern graphics hardware and introduces
innovative user interface concepts to provide a visually attractive and
easy to use experience.

--------------------------------------------------------------------------------
Update Information:

Resolve CVE-2024-34397 (GDBus signal subscriptions for well-known names are
vulnerable to unicast spoofing), and also update gnome-shell to ensure this fix
does not break the screencast feature.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 7 2024 Michael Catanzaro [mcatanzaro@redhat.com] - 45.6-2
- Fix screencast proxy bus name
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2279640 - CVE-2024-34397 glib2: Signal subscription vulnerabilities [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2279640
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-fd2569c4e9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: glib2-2.78.6-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-fd2569c4e9
2024-05-14 03:27:20.127802
--------------------------------------------------------------------------------

Name : glib2
Product : Fedora 39
Version : 2.78.6
Release : 1.fc39
URL : https://www.gtk.org
Summary : A library of handy utility functions
Description :
GLib is the low-level core library that forms the basis for projects
such as GTK+ and GNOME. It provides data structure handling for C,
portability wrappers, and interfaces for such runtime functionality
as an event loop, threads, dynamic loading, and an object system.

--------------------------------------------------------------------------------
Update Information:

Resolve CVE-2024-34397 (GDBus signal subscriptions for well-known names are
vulnerable to unicast spoofing), and also update gnome-shell to ensure this fix
does not break the screencast feature.
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 9 2024 Michael Catanzaro [mcatanzaro@redhat.com] - 2.78.6-1
- Update to 2.78.6
* Tue May 7 2024 Michael Catanzaro [mcatanzaro@redhat.com] - 2.78.5-1
- Update to 2.78.5
* Wed Feb 21 2024 Nieves Montero [nmontero@redhat.com] - 2.78.4-1
- Update to 2.78.4
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2279640 - CVE-2024-34397 glib2: Signal subscription vulnerabilities [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2279640
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-fd2569c4e9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: uriparser-0.9.8-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-40e8512956
2024-05-14 03:27:20.127763
--------------------------------------------------------------------------------

Name : uriparser
Product : Fedora 39
Version : 0.9.8
Release : 1.fc39
URL : https://uriparser.github.io/
Summary : URI parsing library - RFC 3986
Description :
Uriparser is a strictly RFC 3986 compliant URI parsing library written
in C. uriparser is cross-platform, fast, supports Unicode and is
licensed under the New BSD license.

--------------------------------------------------------------------------------
Update Information:

Update to uriparser-0.9.8.
--------------------------------------------------------------------------------
ChangeLog:

* Sun May 5 2024 Sandro Mani [manisandro@gmail.com] - 0.9.8-1
- Update to 0.9.8
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.9.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Neal Gompa [ngompa@fedoraproject.org] - 0.9.7-4
- Move cmake files to the devel subpackage
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2278811 - CVE-2024-34402 CVE-2024-34403 uriparser: various flaws [fedora-38]
https://bugzilla.redhat.com/show_bug.cgi?id=2278811
[ 2 ] Bug #2278812 - CVE-2024-34402 CVE-2024-34403 uriparser: various flaws [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2278812
[ 3 ] Bug #2278813 - CVE-2024-34402 CVE-2024-34403 uriparser: various flaws [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2278813
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-40e8512956' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: tcpdump-4.99.4-4.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-272860364f
2024-05-14 03:27:20.127686
--------------------------------------------------------------------------------

Name : tcpdump
Product : Fedora 39
Version : 4.99.4
Release : 4.fc39
URL : http://www.tcpdump.org
Summary : A network traffic monitoring tool
Description :
Tcpdump is a command-line tool for monitoring network traffic.
Tcpdump can capture and display the packet headers on a particular
network interface or on all interfaces. Tcpdump can display all of
the packet headers, or just the ones that match particular criteria.

Install tcpdump if you need a program to monitor network traffic.

--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2024-2397
--------------------------------------------------------------------------------
ChangeLog:

* Sun May 5 2024 Michal Ruprich [mruprich@redhat.com] - 14:4.99.4-4
- Resolves: #2274793 - Crafted .pcap file may lead to Denial of Service
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2274793 - TRIAGE CVE-2024-2397 tcpdump: Crafted .pcap file may lead to Denial of Service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2274793
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-272860364f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: tpm2-tss-4.0.2-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4512dc54af
2024-05-14 03:27:20.127662
--------------------------------------------------------------------------------

Name : tpm2-tss
Product : Fedora 39
Version : 4.0.2
Release : 1.fc39
URL : https://github.com/tpm2-software/tpm2-tss
Summary : TPM2.0 Software Stack
Description :
tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system
APIs. It sits between TPM driver and applications, providing TPM2.0 specified
APIs for applications to access TPM module through kernel TPM drivers.

--------------------------------------------------------------------------------
Update Information:

tpm2-tss:
Fixed CVE-2024-29040
tpm2-tools:
Fixed CVE-2024-29038
Fixed CVE-2024-29039
--------------------------------------------------------------------------------
ChangeLog:

* Sun Apr 28 2024 Peter Robinson [pbrobinson@fedoraproject.org] - 4.0.2-1
- Update to 4.0.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2271763 - tpm2-tss-4.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2271763
[ 2 ] Bug #2277437 - tpm2-tools-5.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2277437
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4512dc54af' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: tpm2-tools-5.5.1-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4512dc54af
2024-05-14 03:27:20.127662
--------------------------------------------------------------------------------

Name : tpm2-tools
Product : Fedora 39
Version : 5.5.1
Release : 1.fc39
URL : https://github.com/tpm2-software/tpm2-tools
Summary : A bunch of TPM testing toolS build upon tpm2-tss
Description :
tpm2-tools is a batch of tools for tpm2.0. It is based on tpm2-tss.

--------------------------------------------------------------------------------
Update Information:

tpm2-tss:
Fixed CVE-2024-29040
tpm2-tools:
Fixed CVE-2024-29038
Fixed CVE-2024-29039
--------------------------------------------------------------------------------
ChangeLog:

* Sun Apr 28 2024 Peter Robinson [pbrobinson@fedoraproject.org] - 5.5.1-1
- Update to 5.5.1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2271763 - tpm2-tss-4.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2271763
[ 2 ] Bug #2277437 - tpm2-tools-5.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2277437
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4512dc54af' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: uriparser-0.9.8-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-410d4ecabe
2024-05-14 01:32:20.839827
--------------------------------------------------------------------------------

Name : uriparser
Product : Fedora 38
Version : 0.9.8
Release : 1.fc38
URL : https://uriparser.github.io/
Summary : URI parsing library - RFC 3986
Description :
Uriparser is a strictly RFC 3986 compliant URI parsing library written
in C. uriparser is cross-platform, fast, supports Unicode and is
licensed under the New BSD license.

--------------------------------------------------------------------------------
Update Information:

Update to uriparser-0.9.8.
--------------------------------------------------------------------------------
ChangeLog:

* Sun May 5 2024 Sandro Mani [manisandro@gmail.com] - 0.9.8-1
- Update to 0.9.8
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.9.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Neal Gompa [ngompa@fedoraproject.org] - 0.9.7-4
- Move cmake files to the devel subpackage
* Sat Jul 22 2023 Fedora Release Engineering [releng@fedoraproject.org] - 0.9.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2278811 - CVE-2024-34402 CVE-2024-34403 uriparser: various flaws [fedora-38]
https://bugzilla.redhat.com/show_bug.cgi?id=2278811
[ 2 ] Bug #2278812 - CVE-2024-34402 CVE-2024-34403 uriparser: various flaws [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2278812
[ 3 ] Bug #2278813 - CVE-2024-34402 CVE-2024-34403 uriparser: various flaws [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2278813
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-410d4ecabe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: tpm2-tools-5.5.1-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-3265d70b61
2024-05-14 01:32:20.839753
--------------------------------------------------------------------------------

Name : tpm2-tools
Product : Fedora 38
Version : 5.5.1
Release : 1.fc38
URL : https://github.com/tpm2-software/tpm2-tools
Summary : A bunch of TPM testing toolS build upon tpm2-tss
Description :
tpm2-tools is a batch of tools for tpm2.0. It is based on tpm2-tss.

--------------------------------------------------------------------------------
Update Information:

tpm2-tss:
Fixed CVE-2024-29040
tpm2-tools:
Fixed CVE-2024-29038
Fixed CVE-2024-29039
--------------------------------------------------------------------------------
ChangeLog:

* Sun Apr 28 2024 Peter Robinson [pbrobinson@fedoraproject.org] - 5.5.1-1
- Update to 5.5.1
* Sat Jul 22 2023 Fedora Release Engineering [releng@fedoraproject.org] - 5.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2271763 - tpm2-tss-4.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2271763
[ 2 ] Bug #2277437 - tpm2-tools-5.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2277437
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-3265d70b61' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--