Fedora Linux 8487 Published by

The following security updates have been released for Fedora Linux:

Fedora 39 Update: gtkwave-3.3.118-1.fc39
Fedora 39 Update: golang-x-mod-0.14.0-1.fc39
Fedora 39 Update: golang-x-text-0.14.0-1.fc39
Fedora 39 Update: golang-x-net-0.20.0-1.fc39
Fedora 39 Update: golang-x-crypto-0.18.0-1.fc39
Fedora 39 Update: zbar-0.23.93-1.fc39
Fedora 39 Update: redis-7.2.4-1.fc39
Fedora 38 Update: gtkwave-3.3.118-1.fc38
Fedora 38 Update: golang-x-text-0.14.0-1.fc38
Fedora 38 Update: golang-x-mod-0.14.0-1.fc38
Fedora 38 Update: golang-x-net-0.20.0-1.fc38
Fedora 38 Update: golang-x-crypto-0.18.0-1.fc38
Fedora 38 Update: zbar-0.23.93-1.fc38
Fedora 38 Update: redis-7.0.15-1.fc38



Fedora 39 Update: gtkwave-3.3.118-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2647382c5f
2024-01-18 01:45:03.774820
--------------------------------------------------------------------------------

Name : gtkwave
Product : Fedora 39
Version : 3.3.118
Release : 1.fc39
URL : http://gtkwave.sourceforge.net/
Summary : Waveform Viewer
Description :
GTKWave is a waveform viewer that can view VCD files produced by most Verilog
simulation tools, as well as LXT files produced by certain Verilog simulation
tools.

--------------------------------------------------------------------------------
Update Information:

Cumulative bug-fix update. This update includes fixes for multiple security
issues found by Talos in which specially crafted input files could lead to
arbitrary code execution. A victim would need to open a malicious file to
trigger these vulnerabilities.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 9 2024 Paul Howarth - 3.3.118-1
- Update to 3.3.118
- Update xml2stems to handle newer "loc" vs. "fl" xml tags
- Change preg_regex_c_1 decl to use regex_t* as datatype
- Move gtkwave.appdata.xml to io.github.gtkwave.GTKWave.metainfo.xml
- Fixed popen security advisories:
- TALOS-2023-1786 (CVE-2023-35963, CVE-2023-35960, CVE-2023-35964,
CVE-2023-35959, CVE-2023-35961, CVE-2023-35962)
- Fixed FST security advisories:
- TALOS-2023-1777 (CVE-2023-32650)
- TALOS-2023-1783 (CVE-2023-35704, CVE-2023-35703, CVE-2023-35702)
- TALOS-2023-1785 (CVE-2023-35956, CVE-2023-35957, CVE-2023-35958,
CVE-2023-35955)
- TALOS-2023-1789 (CVE-2023-35969, CVE-2023-35970)
- TALOS-2023-1790 (CVE-2023-35992)
- TALOS-2023-1791 (CVE-2023-35994, CVE-2023-35996, CVE-2023-35997,
CVE-2023-35995)
- TALOS-2023-1792 (CVE-2023-35128)
- TALOS-2023-1793 (CVE-2023-36747, CVE-2023-36746)
- TALOS-2023-1797 (CVE-2023-36864)
- TALOS-2023-1798 (CVE-2023-36915, CVE-2023-36916)
- Fixed evcd2vcd security advisories:
- TALOS-2023-1803 (CVE-2023-34087)
- Fixed VCD security advisories:
- TALOS-2023-1804 (CVE-2023-37416, CVE-2023-37419, CVE-2023-37420,
CVE-2023-37418, CVE-2023-37417)
- TALOS-2023-1805 (CVE-2023-37447, CVE-2023-37446, CVE-2023-37445,
CVE-2023-37444, CVE-2023-37442, CVE-2023-37443)
- TALOS-2023-1806 (CVE-2023-37576, CVE-2023-37577, CVE-2023-37573,
CVE-2023-37578, CVE-2023-37575, CVE-2023-37574)
- TALOS-2023-1807 (CVE-2023-37921, CVE-2023-37923, CVE-2023-37922)
- Fixed VZT security advisories:
- TALOS-2023-1810 (CVE-2023-37282)
- TALOS-2023-1811 (CVE-2023-36861)
- TALOS-2023-1812 (CVE-2023-38618, CVE-2023-38621, CVE-2023-38620,
CVE-2023-38619, CVE-2023-38623, CVE-2023-38622)
- TALOS-2023-1813 (CVE-2023-38649, CVE-2023-38648)
- TALOS-2023-1814 (CVE-2023-38651, CVE-2023-38650)
- TALOS-2023-1815 (CVE-2023-38653, CVE-2023-38652)
- TALOS-2023-1816 (CVE-2023-35004)
- TALOS-2023-1817 (CVE-2023-39235, CVE-2023-39234)
- Fixed LXT2 security advisories:
- TALOS-2023-1818 (CVE-2023-39273, CVE-2023-39271, CVE-2023-39274,
CVE-2023-39275, CVE-2023-39272, CVE-2023-39270)
- TALOS-2023-1819 (CVE-2023-34436)
- TALOS-2023-1820 (CVE-2023-39316, CVE-2023-39317)
- TALOS-2023-1821 (CVE-2023-35057)
- TALOS-2023-1822 (CVE-2023-35989)
- TALOS-2023-1823 (CVE-2023-38657)
- TALOS-2023-1824 (CVE-2023-39413, CVE-2023-39414)
- TALOS-2023-1826 (CVE-2023-39443, CVE-2023-39444)
- TALOS-2023-1827 (CVE-2023-38583)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2257435 - gtkwave: Multiple CVEs published by Talos
https://bugzilla.redhat.com/show_bug.cgi?id=2257435
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2647382c5f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: golang-x-mod-0.14.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-fb32950d11
2024-01-18 01:45:03.774793
--------------------------------------------------------------------------------

Name : golang-x-mod
Product : Fedora 39
Version : 0.14.0
Release : 1.fc39
URL : https://github.com/golang/mod
Summary : Go module mechanics libraries
Description :

This packages holds packages for writing tools that work directly with Go module
mechanics. That is, it is for direct manipulation of Go modules themselves.

--------------------------------------------------------------------------------
Update Information:

Update to v0.14.0 to address CVE-2022-41717 and CVE-2023-39325
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 20 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.14.0-1
- update to v0.14.0, close rhbz#2247966
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2248209 - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)
https://bugzilla.redhat.com/show_bug.cgi?id=2248209
[ 2 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-fb32950d11' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: golang-x-text-0.14.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b85b97c0e9
2024-01-18 01:45:03.774811
--------------------------------------------------------------------------------

Name : golang-x-text
Product : Fedora 39
Version : 0.14.0
Release : 1.fc39
URL : https://github.com/golang/text
Summary : Go text processing support
Description :
Text is a repository of text-related packages related to internationalization
(i18n) and localization (l10n), such as character encodings, text
transformations, and locale-specific text handling.

--------------------------------------------------------------------------------
Update Information:

update to v0.14.0, address CVE-2023-39325
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 20 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.14.0-1
- update to v0.14.0, close rhbz#2248051
* Mon Sep 4 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.13.0-1
- update to v0.13.0, close rhbz#2237073
* Sat Aug 12 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.12.0-1
- v0.12.0, close rhbz#2214528
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests
https://bugzilla.redhat.com/show_bug.cgi?id=2161274
[ 2 ] Bug #2248209 - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)
https://bugzilla.redhat.com/show_bug.cgi?id=2248209
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b85b97c0e9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: golang-x-net-0.20.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-5d8e87ec66
2024-01-18 01:45:03.774767
--------------------------------------------------------------------------------

Name : golang-x-net
Product : Fedora 39
Version : 0.20.0
Release : 1.fc39
URL : https://github.com/golang/net
Summary : Go supplementary network libraries
Description :
This package holds supplementary Go networking libraries.

--------------------------------------------------------------------------------
Update Information:

update to v0.20.0 for CVE-2023-39325
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 9 2024 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.20.0-1
- update to v0.20.0, close rhbz#2257356
* Fri Dec 1 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.19.0-1
- upgrade to v0.19.0, close rhbz#2252108
* Mon Nov 20 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.18.0-1
- update to v0.18.0, close rhbz#2249006
* Wed Oct 11 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.17.0-1
- update to v0.17.0, close rhbz#2243117
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2248209 - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)
https://bugzilla.redhat.com/show_bug.cgi?id=2248209
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-5d8e87ec66' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: golang-x-crypto-0.18.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-7b08207cdb
2024-01-18 01:45:03.774742
--------------------------------------------------------------------------------

Name : golang-x-crypto
Product : Fedora 39
Version : 0.18.0
Release : 1.fc39
URL : https://github.com/golang/crypto
Summary : Go supplementary cryptography libraries
Description :
Go supplementary cryptography libraries.

--------------------------------------------------------------------------------
Update Information:

Update golang-x-crypto to v0.18.0, fix for CVE-2023-48795
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 9 2024 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.18.0-1
- update to v0.18.0, close rhbz#2255095 - CVE-2023-48795 golang-x-crypto:
ssh: Prefix truncation attack on Binary Packet Protocol
* Tue Dec 19 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.17.0-1
- update to v0.17.0, close rhbz#2255153
* Tue Nov 28 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.16.0-1
- update to v0.16.0, close rhbz#2251962
* Mon Nov 20 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.15.0-1
- update to 0.15.0, close rhbz#2248796
* Mon Oct 9 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.14.0-1
- update to v0.14.0, close rhbz#2242424
* Wed Sep 6 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.13.0-1
- update to v0.13.0, close rhbz#2237488
* Sat Aug 12 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.12.0-1
- update to v0.12.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-7b08207cdb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: zbar-0.23.93-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-73d5220ed3
2024-01-18 01:45:03.774733
--------------------------------------------------------------------------------

Name : zbar
Product : Fedora 39
Version : 0.23.93
Release : 1.fc39
URL : http://zbar.sourceforge.net/
Summary : Bar code reader
Description :
ZBar Bar Code Reader is an open source software suite for reading bar
codes from various sources, such as video streams, image files and raw
intensity sensors. It supports EAN-13/UPC-A, UPC-E, EAN-8, Code 128,
Code 93, Code 39, Codabar, Interleaved 2 of 5, QR Code and SQ Code.

--------------------------------------------------------------------------------
Update Information:

0.23.93, fixes for two CVEs
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 9 2024 Gwyn Ciesla [gwync@protonmail.com] - 0.23.93-1
- 0.23.93
* Fri Jan 5 2024 Florian Weimer [fweimer@redhat.com] - 0.23.90-12
- Add missing Py_SIZE to py311.patch
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2235860 - CVE-2023-40890 zbar: stack overflow caused malicious qr code may lead to information diusclosure or arbitrary code execution. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2235860
[ 2 ] Bug #2235863 - CVE-2023-40889 zbar: buffer overflow via crafted qr code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2235863
[ 3 ] Bug #2257396 - Affect by CVE-2023-40889
https://bugzilla.redhat.com/show_bug.cgi?id=2257396
[ 4 ] Bug #2257428 - zbar-0.23.93 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2257428
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-73d5220ed3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: redis-7.2.4-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-6ef42a28c9
2024-01-18 01:45:03.774706
--------------------------------------------------------------------------------

Name : redis
Product : Fedora 39
Version : 7.2.4
Release : 1.fc39
URL : https://redis.io
Summary : A persistent key-value database
Description :
Redis is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.

You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.

In order to achieve its outstanding performance, Redis works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.

Redis also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Redis behave like
a cache.

You can use Redis from most programming languages also.

--------------------------------------------------------------------------------
Update Information:

**Redis 7.2.4 ** Released Tue 09 Jan 2024 10:45:52 IST Upgrade urgency
SECURITY: See security fixes below. Security fixes * (**CVE-2023-41056**) In
some cases, Redis may incorrectly handle resizing of memory buffers which can
result in incorrect accounting of buffer sizes and lead to heap overflow and
potential remote code execution. Bug fixes * Fix crashes of cluster commands
clusters with mixed versions of 7.0 and 7.2 (#12805, #12832) * Fix slot
ownership not being properly handled when deleting a slot from a node (#12564) *
Fix atomicity issues with the RedisModuleEvent_Key module API event (#12733)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 9 2024 Remi Collet [remi@remirepo.net] - 7.2.4-1
- Upstream 7.2.4 release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2257454 - CVE-2023-41056 redis: Heap Buffer Overflow may lead to potential remote code execution
https://bugzilla.redhat.com/show_bug.cgi?id=2257454
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6ef42a28c9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: gtkwave-3.3.118-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-c990070fa4
2024-01-18 01:24:42.646479
--------------------------------------------------------------------------------

Name : gtkwave
Product : Fedora 38
Version : 3.3.118
Release : 1.fc38
URL : http://gtkwave.sourceforge.net/
Summary : Waveform Viewer
Description :
GTKWave is a waveform viewer that can view VCD files produced by most Verilog
simulation tools, as well as LXT files produced by certain Verilog simulation
tools.

--------------------------------------------------------------------------------
Update Information:

Cumulative bug-fix update. This update includes fixes for multiple security
issues found by Talos in which specially crafted input files could lead to
arbitrary code execution. A victim would need to open a malicious file to
trigger these vulnerabilities.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 9 2024 Paul Howarth - 3.3.118-1
- Update to 3.3.118
- Update xml2stems to handle newer "loc" vs. "fl" xml tags
- Change preg_regex_c_1 decl to use regex_t* as datatype
- Move gtkwave.appdata.xml to io.github.gtkwave.GTKWave.metainfo.xml
- Fixed popen security advisories:
- TALOS-2023-1786 (CVE-2023-35963, CVE-2023-35960, CVE-2023-35964,
CVE-2023-35959, CVE-2023-35961, CVE-2023-35962)
- Fixed FST security advisories:
- TALOS-2023-1777 (CVE-2023-32650)
- TALOS-2023-1783 (CVE-2023-35704, CVE-2023-35703, CVE-2023-35702)
- TALOS-2023-1785 (CVE-2023-35956, CVE-2023-35957, CVE-2023-35958,
CVE-2023-35955)
- TALOS-2023-1789 (CVE-2023-35969, CVE-2023-35970)
- TALOS-2023-1790 (CVE-2023-35992)
- TALOS-2023-1791 (CVE-2023-35994, CVE-2023-35996, CVE-2023-35997,
CVE-2023-35995)
- TALOS-2023-1792 (CVE-2023-35128)
- TALOS-2023-1793 (CVE-2023-36747, CVE-2023-36746)
- TALOS-2023-1797 (CVE-2023-36864)
- TALOS-2023-1798 (CVE-2023-36915, CVE-2023-36916)
- Fixed evcd2vcd security advisories:
- TALOS-2023-1803 (CVE-2023-34087)
- Fixed VCD security advisories:
- TALOS-2023-1804 (CVE-2023-37416, CVE-2023-37419, CVE-2023-37420,
CVE-2023-37418, CVE-2023-37417)
- TALOS-2023-1805 (CVE-2023-37447, CVE-2023-37446, CVE-2023-37445,
CVE-2023-37444, CVE-2023-37442, CVE-2023-37443)
- TALOS-2023-1806 (CVE-2023-37576, CVE-2023-37577, CVE-2023-37573,
CVE-2023-37578, CVE-2023-37575, CVE-2023-37574)
- TALOS-2023-1807 (CVE-2023-37921, CVE-2023-37923, CVE-2023-37922)
- Fixed VZT security advisories:
- TALOS-2023-1810 (CVE-2023-37282)
- TALOS-2023-1811 (CVE-2023-36861)
- TALOS-2023-1812 (CVE-2023-38618, CVE-2023-38621, CVE-2023-38620,
CVE-2023-38619, CVE-2023-38623, CVE-2023-38622)
- TALOS-2023-1813 (CVE-2023-38649, CVE-2023-38648)
- TALOS-2023-1814 (CVE-2023-38651, CVE-2023-38650)
- TALOS-2023-1815 (CVE-2023-38653, CVE-2023-38652)
- TALOS-2023-1816 (CVE-2023-35004)
- TALOS-2023-1817 (CVE-2023-39235, CVE-2023-39234)
- Fixed LXT2 security advisories:
- TALOS-2023-1818 (CVE-2023-39273, CVE-2023-39271, CVE-2023-39274,
CVE-2023-39275, CVE-2023-39272, CVE-2023-39270)
- TALOS-2023-1819 (CVE-2023-34436)
- TALOS-2023-1820 (CVE-2023-39316, CVE-2023-39317)
- TALOS-2023-1821 (CVE-2023-35057)
- TALOS-2023-1822 (CVE-2023-35989)
- TALOS-2023-1823 (CVE-2023-38657)
- TALOS-2023-1824 (CVE-2023-39413, CVE-2023-39414)
- TALOS-2023-1826 (CVE-2023-39443, CVE-2023-39444)
- TALOS-2023-1827 (CVE-2023-38583)
* Mon Aug 14 2023 Paul Howarth - 3.3.117-1
- Update to 3.3.117
- Fix stems reader processing code broken in 3.3.114
* Sun Jul 23 2023 Paul Howarth - 3.3.116-1
- Update to 3.3.116
- Fix manpage/odt for vcd2fst command switch documentation for zlibpack
- Add GDK_WINDOWING_WAYLAND check for gdkwayland.h header usage
- Change sprintf to snprintf in fstapi.c
- Fix init crash on show_base_symbols enabled
* Thu Jul 20 2023 Fedora Release Engineering [releng@fedoraproject.org] - 3.3.115-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2257435 - gtkwave: Multiple CVEs published by Talos
https://bugzilla.redhat.com/show_bug.cgi?id=2257435
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-c990070fa4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: golang-x-text-0.14.0-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-fd3545a844
2024-01-18 01:24:42.646453
--------------------------------------------------------------------------------

Name : golang-x-text
Product : Fedora 38
Version : 0.14.0
Release : 1.fc38
URL : https://github.com/golang/text
Summary : Go text processing support
Description :
Text is a repository of text-related packages related to internationalization
(i18n) and localization (l10n), such as character encodings, text
transformations, and locale-specific text handling.

--------------------------------------------------------------------------------
Update Information:

update to v0.14.0, address CVE-2023-39325
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 20 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.14.0-1
- update to v0.14.0, close rhbz#2248051
* Mon Sep 4 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.13.0-1
- update to v0.13.0, close rhbz#2237073
* Sat Aug 12 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.12.0-1
- v0.12.0, close rhbz#2214528
* Thu Jul 20 2023 Fedora Release Engineering [releng@fedoraproject.org] - 0.10.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jun 22 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.10.0-1
- update to v0.10.0, close rhbz#2214528
* Sun Jun 11 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.9.0-1
- bump to v0.9.0, close rhbz#2175494
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests
https://bugzilla.redhat.com/show_bug.cgi?id=2161274
[ 2 ] Bug #2248209 - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)
https://bugzilla.redhat.com/show_bug.cgi?id=2248209
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-fd3545a844' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: golang-x-mod-0.14.0-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ae653fb07b
2024-01-18 01:24:42.646435
--------------------------------------------------------------------------------

Name : golang-x-mod
Product : Fedora 38
Version : 0.14.0
Release : 1.fc38
URL : https://github.com/golang/mod
Summary : Go module mechanics libraries
Description :

This packages holds packages for writing tools that work directly with Go module
mechanics. That is, it is for direct manipulation of Go modules themselves.

--------------------------------------------------------------------------------
Update Information:

Update to v0.14.0 to address CVE-2022-41717 and CVE-2023-39325
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 20 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.14.0-1
- update to v0.14.0, close rhbz#2247966
* Sat Oct 7 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.13.0-1
- update to v0.13.0, close rhbz#2242566
* Sat Aug 12 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.12.0-1
- update to v0.12.0, close rhbz#2175444
* Thu Jul 20 2023 Fedora Release Engineering [releng@fedoraproject.org] - 0.11.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jun 22 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.11.0-1
- update to v0.11.0, close rhbz#2175444
* Sun Jun 11 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.10.0-1
- update to v0.10.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2248209 - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)
https://bugzilla.redhat.com/show_bug.cgi?id=2248209
[ 2 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ae653fb07b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: golang-x-net-0.20.0-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0ac454dafc
2024-01-18 01:24:42.646425
--------------------------------------------------------------------------------

Name : golang-x-net
Product : Fedora 38
Version : 0.20.0
Release : 1.fc38
URL : https://github.com/golang/net
Summary : Go supplementary network libraries
Description :
This package holds supplementary Go networking libraries.

--------------------------------------------------------------------------------
Update Information:

update to v0.20.0 for CVE-2023-39325
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 9 2024 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.20.0-1
- update to v0.20.0, close rhbz#2257356
* Fri Dec 1 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.19.0-1
- upgrade to v0.19.0, close rhbz#2252108
* Mon Nov 20 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.18.0-1
- update to v0.18.0, close rhbz#2249006
* Wed Oct 11 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.17.0-1
- update to v0.17.0, close rhbz#2243117
* Sat Oct 7 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.16.0-1
- update to v0.16.0, close rhbz#2242574
* Wed Sep 6 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.15.0-1
- update to v0.15.0, close rhbz#2237715
* Mon Aug 7 2023 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 0.14.0-1
- Update to 0.14.0 - Closes rhbz#2229647 rhbz#2229599 rhbz#2178463
* Thu Jul 20 2023 Fedora Release Engineering [releng@fedoraproject.org] - 0.10.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sun Jun 11 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.10.0-1
- update to v0.10.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2248209 - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)
https://bugzilla.redhat.com/show_bug.cgi?id=2248209
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0ac454dafc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: golang-x-crypto-0.18.0-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2705241461
2024-01-18 01:24:42.646417
--------------------------------------------------------------------------------

Name : golang-x-crypto
Product : Fedora 38
Version : 0.18.0
Release : 1.fc38
URL : https://github.com/golang/crypto
Summary : Go supplementary cryptography libraries
Description :
Go supplementary cryptography libraries.

--------------------------------------------------------------------------------
Update Information:

Update golang-x-crypto to v0.18.0, fix for CVE-2023-48795
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 9 2024 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.18.0-1
- update to v0.18.0, close rhbz#2255095 - CVE-2023-48795 golang-x-crypto:
ssh: Prefix truncation attack on Binary Packet Protocol
* Tue Dec 19 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.17.0-1
- update to v0.17.0, close rhbz#2255153
* Tue Nov 28 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.16.0-1
- update to v0.16.0, close rhbz#2251962
* Mon Nov 20 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.15.0-1
- update to 0.15.0, close rhbz#2248796
* Mon Oct 9 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.14.0-1
- update to v0.14.0, close rhbz#2242424
* Wed Sep 6 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.13.0-1
- update to v0.13.0, close rhbz#2237488
* Sat Aug 12 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.12.0-1
- update to v0.12.0
* Thu Jul 20 2023 Fedora Release Engineering [releng@fedoraproject.org] - 0.11.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jul 14 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.11.0-1
- update to v0.11.0, close rhbz#2214859
* Thu Jun 22 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.10.0-1
- update to v0.10.0, close rhbz#2214859
* Sun Jun 11 2023 Mark E. Fuller [mark.e.fuller@gmx.de] - 0.9.0-1
- bump to v0.9.0, close rhbz#2175556
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2705241461' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: zbar-0.23.93-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-583e4098b9
2024-01-18 01:24:42.646391
--------------------------------------------------------------------------------

Name : zbar
Product : Fedora 38
Version : 0.23.93
Release : 1.fc38
URL : http://zbar.sourceforge.net/
Summary : Bar code reader
Description :
ZBar Bar Code Reader is an open source software suite for reading bar
codes from various sources, such as video streams, image files and raw
intensity sensors. It supports EAN-13/UPC-A, UPC-E, EAN-8, Code 128,
Code 93, Code 39, Codabar, Interleaved 2 of 5, QR Code and SQ Code.

--------------------------------------------------------------------------------
Update Information:

0.23.93, fixes for two CVEs
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 9 2024 Gwyn Ciesla [gwync@protonmail.com] - 0.23.93-1
- 0.23.93
* Fri Jan 5 2024 Florian Weimer [fweimer@redhat.com] - 0.23.90-12
- Add missing Py_SIZE to py311.patch
* Sat Jul 22 2023 Fedora Release Engineering [releng@fedoraproject.org] - 0.23.90-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jul 7 2023 Michael J Gruber [mjg@fedoraproject.org] - 0.23.90-10
- Fix FTBFS with python 3.12 (rhbz#2220630)
* Thu Jun 15 2023 Python Maint - 0.23.90-9
- Rebuilt for Python 3.12
* Wed Mar 1 2023 Gwyn Ciesla [gwync@protonmail.com] - 0.23.90-8
- migrated to SPDX license
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2235860 - CVE-2023-40890 zbar: stack overflow caused malicious qr code may lead to information diusclosure or arbitrary code execution. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2235860
[ 2 ] Bug #2235863 - CVE-2023-40889 zbar: buffer overflow via crafted qr code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2235863
[ 3 ] Bug #2257396 - Affect by CVE-2023-40889
https://bugzilla.redhat.com/show_bug.cgi?id=2257396
[ 4 ] Bug #2257428 - zbar-0.23.93 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2257428
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-583e4098b9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: redis-7.0.15-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-694899d442
2024-01-18 01:24:42.646382
--------------------------------------------------------------------------------

Name : redis
Product : Fedora 38
Version : 7.0.15
Release : 1.fc38
URL : https://redis.io
Summary : A persistent key-value database
Description :
Redis is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.

You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.

In order to achieve its outstanding performance, Redis works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.

Redis also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Redis behave like
a cache.

You can use Redis from most programming languages also.

--------------------------------------------------------------------------------
Update Information:

**Redis 7.0.15** Released Tue 09 Jan 2024 10:45:52 IST Upgrade urgency
SECURITY: See security fixes below. Security fixes * (**CVE-2023-41056**) In
some cases, Redis may incorrectly handle resizing of memory buffers which can
result in incorrect accounting of buffer sizes and lead to heap overflow and
potential remote code execution.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 9 2024 Remi Collet [remi@remirepo.net] - 7.0.15-1
- Upstream 7.0.15 release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2257454 - CVE-2023-41056 redis: Heap Buffer Overflow may lead to potential remote code execution
https://bugzilla.redhat.com/show_bug.cgi?id=2257454
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-694899d442' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--