Fedora Linux 8546 Published by

The following updates have been released for Fedora Linux:

Fedora 38 Update: golang-github-tdewolff-minify-2.20.18-1.fc38
Fedora 38 Update: golang-github-tdewolff-parse-2.7.12-1.fc38
Fedora 38 Update: golang-github-tdewolff-argp-0-0.1.20240227git719bbce.fc38
Fedora 38 Update: cpp-jwt-1.4-7.fc38
Fedora 38 Update: suricata-6.0.16-1.fc38
Fedora 39 Update: golang-github-tdewolff-minify-2.20.18-1.fc39
Fedora 39 Update: golang-github-tdewolff-parse-2.7.12-1.fc39
Fedora 39 Update: golang-github-tdewolff-argp-0-0.1.20240227git719bbce.fc39
Fedora 39 Update: cpp-jwt-1.4-7.fc39
Fedora 39 Update: suricata-6.0.16-1.fc39




Fedora 38 Update: golang-github-tdewolff-minify-2.20.18-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0d4d9925a2
2024-03-07 01:49:42.076811
--------------------------------------------------------------------------------

Name : golang-github-tdewolff-minify
Product : Fedora 38
Version : 2.20.18
Release : 1.fc38
URL : https://github.com/tdewolff/minify
Summary : Go minifiers for web formats
Description :
Minify is a minifier package written in Go. It provides HTML5, CSS3, JS, JSON,
SVG and XML minifiers and an interface to implement any other minifier.
Minification is the process of removing bytes from a file (such as whitespace)
without changing its output and therefore shrinking its size and speeding up
transmission over the internet and possibly parsing. The implemented minifiers
are designed for high performance.

The core functionality associates mimetypes with minification functions,
allowing embedded resources (like CSS or JS within HTML files) to be minified as
well. Users can add new implementations that are triggered based on a mimetype
(or pattern), or redirect to an external command (like ClosureCompiler,
UglifyCSS, ...).

--------------------------------------------------------------------------------
Update Information:

Update to latest version
Security fix for CVE-2023-39325
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 27 2024 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 2.20.18-1
- Update to latest version (#2245375)
* Sun Feb 11 2024 Maxwell G [maxwell@gtmx.me] - 2.12.9-4
- Rebuild for golang 1.22.0
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.12.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jan 20 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.12.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2245375 - golang-github-tdewolff-minify-2.20.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2245375
[ 2 ] Bug #2246794 - golang-github-tdewolff-parse-2.7.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2246794
[ 3 ] Bug #2248340 - golang-github-tdewolff-minify: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2248340
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0d4d9925a2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: golang-github-tdewolff-parse-2.7.12-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0d4d9925a2
2024-03-07 01:49:42.076811
--------------------------------------------------------------------------------

Name : golang-github-tdewolff-parse
Product : Fedora 38
Version : 2.7.12
Release : 1.fc38
URL : https://github.com/tdewolff/parse
Summary : Go parsers for web formats
Description :
Go parsers for web formats.

--------------------------------------------------------------------------------
Update Information:

Update to latest version
Security fix for CVE-2023-39325
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 27 2024 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 2.7.12-1
- Update to latest version (#2246794)
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.7.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jan 20 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.7.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Nov 5 2023 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 2.7.4-1
- Update to latest version (#2246794)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2245375 - golang-github-tdewolff-minify-2.20.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2245375
[ 2 ] Bug #2246794 - golang-github-tdewolff-parse-2.7.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2246794
[ 3 ] Bug #2248340 - golang-github-tdewolff-minify: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2248340
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0d4d9925a2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: golang-github-tdewolff-argp-0-0.1.20240227git719bbce.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0d4d9925a2
2024-03-07 01:49:42.076811
--------------------------------------------------------------------------------

Name : golang-github-tdewolff-argp
Product : Fedora 38
Version : 0
Release : 0.1.20240227git719bbce.fc38
URL : https://github.com/tdewolff/argp
Summary : GNU command line argument parser
Description :
GNU command line argument parser.

--------------------------------------------------------------------------------
Update Information:

Update to latest version
Security fix for CVE-2023-39325
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 27 2024 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 0-0.1
- import rhbz#2250632
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2245375 - golang-github-tdewolff-minify-2.20.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2245375
[ 2 ] Bug #2246794 - golang-github-tdewolff-parse-2.7.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2246794
[ 3 ] Bug #2248340 - golang-github-tdewolff-minify: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2248340
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0d4d9925a2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: cpp-jwt-1.4-7.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d76e37ba62
2024-03-07 01:49:42.076791
--------------------------------------------------------------------------------

Name : cpp-jwt
Product : Fedora 38
Version : 1.4
Release : 7.fc38
URL : https://github.com/arun11299/cpp-jwt
Summary : JSON Web Token library for C++
Description :
JSON Web Token(JWT) is a JSON based standard (RFC-
7519) for creating assertions or access tokens that consists of some
claims (encoded within the assertion). This assertion can be used in some
kind of bearer authentication mechanism that the server will provide to
clients, and the clients can make use of the provided assertion for
accessing resources.

--------------------------------------------------------------------------------
Update Information:

Fix side channel vulnerability
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 27 2024 Jonathan Wright [jonathan@almalinux.org] - 1.4-7
- Fix side channel vulnerability rhbz#2263329
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263329 - Side-channel in cpp-jwt
https://bugzilla.redhat.com/show_bug.cgi?id=2263329
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d76e37ba62' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: suricata-6.0.16-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-7b063bce0a
2024-03-07 01:49:42.076779
--------------------------------------------------------------------------------

Name : suricata
Product : Fedora 38
Version : 6.0.16
Release : 1.fc38
URL : https://suricata-ids.org/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.

--------------------------------------------------------------------------------
Update Information:

This update fixes: CVE-2024-23835, CVE-2024-23836, CVE-2024-23837,
CVE-2024-23839, CVE-2024-24568.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 26 2024 Steve Grubb [sgrubb@redhat.com] 6.0.16-1
- New security and bugfix release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2266171 - CVE-2024-24568 suricata: potential bypass of rules inspecting HTTP2 headers [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2266171
[ 2 ] Bug #2266172 - CVE-2024-24568 suricata: potential bypass of rules inspecting HTTP2 headers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2266172
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-7b063bce0a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: golang-github-tdewolff-minify-2.20.18-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-c3e32c5635
2024-03-07 00:56:19.124151
--------------------------------------------------------------------------------

Name : golang-github-tdewolff-minify
Product : Fedora 39
Version : 2.20.18
Release : 1.fc39
URL : https://github.com/tdewolff/minify
Summary : Go minifiers for web formats
Description :
Minify is a minifier package written in Go. It provides HTML5, CSS3, JS, JSON,
SVG and XML minifiers and an interface to implement any other minifier.
Minification is the process of removing bytes from a file (such as whitespace)
without changing its output and therefore shrinking its size and speeding up
transmission over the internet and possibly parsing. The implemented minifiers
are designed for high performance.

The core functionality associates mimetypes with minification functions,
allowing embedded resources (like CSS or JS within HTML files) to be minified as
well. Users can add new implementations that are triggered based on a mimetype
(or pattern), or redirect to an external command (like ClosureCompiler,
UglifyCSS, ...).

--------------------------------------------------------------------------------
Update Information:

Update to latest version
Security fix for CVE-2023-39325
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 27 2024 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 2.20.18-1
- Update to latest version (#2245375)
* Sun Feb 11 2024 Maxwell G [maxwell@gtmx.me] - 2.12.9-4
- Rebuild for golang 1.22.0
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.12.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jan 20 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.12.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2245375 - golang-github-tdewolff-minify-2.20.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2245375
[ 2 ] Bug #2246794 - golang-github-tdewolff-parse-2.7.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2246794
[ 3 ] Bug #2248340 - golang-github-tdewolff-minify: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2248340
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-c3e32c5635' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: golang-github-tdewolff-parse-2.7.12-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-c3e32c5635
2024-03-07 00:56:19.124151
--------------------------------------------------------------------------------

Name : golang-github-tdewolff-parse
Product : Fedora 39
Version : 2.7.12
Release : 1.fc39
URL : https://github.com/tdewolff/parse
Summary : Go parsers for web formats
Description :
Go parsers for web formats.

--------------------------------------------------------------------------------
Update Information:

Update to latest version
Security fix for CVE-2023-39325
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 27 2024 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 2.7.12-1
- Update to latest version (#2246794)
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.7.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jan 20 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.7.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Nov 5 2023 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 2.7.4-1
- Update to latest version (#2246794)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2245375 - golang-github-tdewolff-minify-2.20.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2245375
[ 2 ] Bug #2246794 - golang-github-tdewolff-parse-2.7.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2246794
[ 3 ] Bug #2248340 - golang-github-tdewolff-minify: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2248340
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-c3e32c5635' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: golang-github-tdewolff-argp-0-0.1.20240227git719bbce.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-c3e32c5635
2024-03-07 00:56:19.124151
--------------------------------------------------------------------------------

Name : golang-github-tdewolff-argp
Product : Fedora 39
Version : 0
Release : 0.1.20240227git719bbce.fc39
URL : https://github.com/tdewolff/argp
Summary : GNU command line argument parser
Description :
GNU command line argument parser.

--------------------------------------------------------------------------------
Update Information:

Update to latest version
Security fix for CVE-2023-39325
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 27 2024 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 0-0.1
- import rhbz#2250632
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2245375 - golang-github-tdewolff-minify-2.20.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2245375
[ 2 ] Bug #2246794 - golang-github-tdewolff-parse-2.7.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2246794
[ 3 ] Bug #2248340 - golang-github-tdewolff-minify: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2248340
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-c3e32c5635' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: cpp-jwt-1.4-7.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-56fbd2cbfa
2024-03-07 00:56:19.124112
--------------------------------------------------------------------------------

Name : cpp-jwt
Product : Fedora 39
Version : 1.4
Release : 7.fc39
URL : https://github.com/arun11299/cpp-jwt
Summary : JSON Web Token library for C++
Description :
JSON Web Token(JWT) is a JSON based standard (RFC-
7519) for creating assertions or access tokens that consists of some
claims (encoded within the assertion). This assertion can be used in some
kind of bearer authentication mechanism that the server will provide to
clients, and the clients can make use of the provided assertion for
accessing resources.

--------------------------------------------------------------------------------
Update Information:

Fix side channel vulnerability
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 27 2024 Jonathan Wright [jonathan@almalinux.org] - 1.4-7
- Fix side channel vulnerability rhbz#2263329
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263329 - Side-channel in cpp-jwt
https://bugzilla.redhat.com/show_bug.cgi?id=2263329
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-56fbd2cbfa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: suricata-6.0.16-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bd4eed8466
2024-03-07 00:56:19.124094
--------------------------------------------------------------------------------

Name : suricata
Product : Fedora 39
Version : 6.0.16
Release : 1.fc39
URL : https://suricata-ids.org/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.

--------------------------------------------------------------------------------
Update Information:

This update fixes: CVE-2024-23835, CVE-2024-23836, CVE-2024-23837,
CVE-2024-23839, CVE-2024-24568.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 26 2024 Steve Grubb [sgrubb@redhat.com] 6.0.16-1
- New security and bugfix release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2266171 - CVE-2024-24568 suricata: potential bypass of rules inspecting HTTP2 headers [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2266171
[ 2 ] Bug #2266172 - CVE-2024-24568 suricata: potential bypass of rules inspecting HTTP2 headers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2266172
[ 3 ] Bug #2267727 - CVE-2024-23836 suricata: crafted traffic can cause denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2267727
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bd4eed8466' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--