Fedora Linux 8727 Published by

The following security updates have been released for Fedora Linux:

Fedora 39 Update: libreswan-4.15-1.fc39
Fedora 39 Update: mingw-gstreamer1-plugins-base-1.22.9-2.fc39
Fedora 39 Update: mingw-gstreamer1-plugins-good-1.22.9-1.fc39
Fedora 39 Update: mingw-gstreamer1-plugins-bad-free-1.22.9-1.fc39
Fedora 39 Update: mingw-gstreamer1-1.22.9-1.fc39
Fedora 40 Update: libreswan-4.15-1.fc40




Fedora 39 Update: libreswan-4.15-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-07c9cfd337
2024-07-01 01:33:14.869106
--------------------------------------------------------------------------------

Name : libreswan
Product : Fedora 39
Version : 4.15
Release : 1.fc39
URL : https://libreswan.org/
Summary : Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
Description :
Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services. These services allow you
to build secure tunnels through untrusted networks. Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network or VPN.

This package contains the daemons and userland tools for setting up
Libreswan.

Libreswan also supports IKEv2 (RFC7296) and Secure Labeling

Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04

--------------------------------------------------------------------------------
Update Information:

Update to 4.15 for CVE-2024-3652
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jun 22 2024 Paul Wouters [paul.wouters@aiven.io] - 4.15-1
- Update libreswan to 4.15 for CVE-2024-3652
- Resolves rhbz#2274448 CVE-2024-3652 libreswan: IKEv1 default AH/ESP
responder can crash and restart
- Allow "ipsec import" to try importing PKCS#12 non-interactively if there
is no password
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2274448 - CVE-2024-3652 libreswan: IKEv1 default AH/ESP responder can crash and restart
https://bugzilla.redhat.com/show_bug.cgi?id=2274448
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-07c9cfd337' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 39 Update: mingw-gstreamer1-plugins-base-1.22.9-2.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-919bc7e512
2024-07-01 01:33:14.869075
--------------------------------------------------------------------------------

Name : mingw-gstreamer1-plugins-base
Product : Fedora 39
Version : 1.22.9
Release : 2.fc39
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 media framework base plug-ins
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plug-ins.

This package contains a set of well-maintained base plug-ins.

--------------------------------------------------------------------------------
Update Information:

Update to gstreamer-1.22.9.
Backport fix for CVE-2024-0444.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jun 22 2024 Sandro Mani [manisandro@gmail.com] - 1.22.9-2
- Backport fix for CVE-2024-4453
* Sat Jan 27 2024 Sandro Mani [manisandro@gmail.com] - 1.22.9-1
- Update to 1.22.9
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Dec 20 2023 Sandro Mani [manisandro@gmail.com] - 1.22.8-1
- Update to 1.22.8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2283001 - CVE-2024-4453 mingw-gstreamer1: gstreamer: EXIF Metadata Parsing Integer Overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2283001
[ 2 ] Bug #2292337 - CVE-2024-0444 mingw-gstreamer1: gstreamer: AV1 Video Parsing Stack-based Buffer Overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2292337
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-919bc7e512' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 39 Update: mingw-gstreamer1-plugins-good-1.22.9-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-919bc7e512
2024-07-01 01:33:14.869075
--------------------------------------------------------------------------------

Name : mingw-gstreamer1-plugins-good
Product : Fedora 39
Version : 1.22.9
Release : 1.fc39
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 plug-ins good
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plugins.

GStreamer Good Plugins is a collection of well-supported plugins of
good quality and under the LGPL license.

--------------------------------------------------------------------------------
Update Information:

Update to gstreamer-1.22.9.
Backport fix for CVE-2024-0444.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 27 2024 Sandro Mani [manisandro@gmail.com] - 1.22.9-1
- Update to 1.22.9
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Dec 20 2023 Sandro Mani [manisandro@gmail.com] - 1.22.8-1
- Update to 1.22.8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2283001 - CVE-2024-4453 mingw-gstreamer1: gstreamer: EXIF Metadata Parsing Integer Overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2283001
[ 2 ] Bug #2292337 - CVE-2024-0444 mingw-gstreamer1: gstreamer: AV1 Video Parsing Stack-based Buffer Overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2292337
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-919bc7e512' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 39 Update: mingw-gstreamer1-plugins-bad-free-1.22.9-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-919bc7e512
2024-07-01 01:33:14.869075
--------------------------------------------------------------------------------

Name : mingw-gstreamer1-plugins-bad-free
Product : Fedora 39
Version : 1.22.9
Release : 1.fc39
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 plug-ins "bad"
Description :
GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.

This package contains plug-ins that aren't tested
well enough, or the code is not of good enough quality.

--------------------------------------------------------------------------------
Update Information:

Update to gstreamer-1.22.9.
Backport fix for CVE-2024-0444.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 27 2024 Sandro Mani [manisandro@gmail.com] - 1.22.9-1
- Update to 1.22.9
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Dec 20 2023 Sandro Mani [manisandro@gmail.com] - 1.22.8-1
- Update to 1.22.8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2283001 - CVE-2024-4453 mingw-gstreamer1: gstreamer: EXIF Metadata Parsing Integer Overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2283001
[ 2 ] Bug #2292337 - CVE-2024-0444 mingw-gstreamer1: gstreamer: AV1 Video Parsing Stack-based Buffer Overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2292337
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-919bc7e512' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 39 Update: mingw-gstreamer1-1.22.9-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-919bc7e512
2024-07-01 01:33:14.869075
--------------------------------------------------------------------------------

Name : mingw-gstreamer1
Product : Fedora 39
Version : 1.22.9
Release : 1.fc39
URL : http://gstreamer.freedesktop.org/
Summary : MinGW Windows Streaming-Media Framework Runtime
Description :
GStreamer is a streaming-media framework, based on graphs of filters
which operate on media data. Applications using this library can do
anything from real-time sound processing to playing videos, and just
about anything else media-related. Its plug-in-based architecture
means that new data types or processing capabilities can be added by
installing new plug-ins.

--------------------------------------------------------------------------------
Update Information:

Update to gstreamer-1.22.9.
Backport fix for CVE-2024-0444.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 27 2024 Sandro Mani [manisandro@gmail.com] - 1.22.9-1
- Update to 1.22.9
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Dec 20 2023 Sandro Mani [manisandro@gmail.com] - 1.22.8-1
- Update to 1.22.8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2283001 - CVE-2024-4453 mingw-gstreamer1: gstreamer: EXIF Metadata Parsing Integer Overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2283001
[ 2 ] Bug #2292337 - CVE-2024-0444 mingw-gstreamer1: gstreamer: AV1 Video Parsing Stack-based Buffer Overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2292337
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-919bc7e512' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



Fedora 40 Update: libreswan-4.15-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-05a6ab143e
2024-07-01 04:50:08.595357
--------------------------------------------------------------------------------

Name : libreswan
Product : Fedora 40
Version : 4.15
Release : 1.fc40
URL : https://libreswan.org/
Summary : Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
Description :
Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services. These services allow you
to build secure tunnels through untrusted networks. Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network or VPN.

This package contains the daemons and userland tools for setting up
Libreswan.

Libreswan also supports IKEv2 (RFC7296) and Secure Labeling

Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04

--------------------------------------------------------------------------------
Update Information:

Update to 4.15 for CVE-2024-3652
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jun 22 2024 Paul Wouters [paul.wouters@aiven.io] - 4.15-1
- Update libreswan to 4.15 for CVE-2024-3652
- Resolves rhbz#2274448 CVE-2024-3652 libreswan: IKEv1 default AH/ESP
responder can crash and restart
- Allow "ipsec import" to try importing PKCS#12 non-interactively if there
is no password
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2274448 - CVE-2024-3652 libreswan: IKEv1 default AH/ESP responder can crash and restart
https://bugzilla.redhat.com/show_bug.cgi?id=2274448
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-05a6ab143e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--