Fedora Linux 8834 Published by

Fedora Linux has received multiple security updates, including moodle-4.3.9-1.fc40, dr_libs-0^20241216git660795b-1.fc40, libxml2-2.12.9-1.fc41, incus-6.8-1.fc41, age-1.2.1-1.fc41, and python-sql-1.5.2-3.fc41:

Fedora 40 Update: moodle-4.3.9-1.fc40
Fedora 40 Update: dr_libs-0^20241216git660795b-1.fc40
Fedora 41 Update: libxml2-2.12.9-1.fc41
Fedora 41 Update: incus-6.8-1.fc41
Fedora 41 Update: age-1.2.1-1.fc41
Fedora 41 Update: moodle-4.4.5-1.fc41
Fedora 41 Update: dr_libs-0^20241216git660795b-1.fc41
Fedora 41 Update: python-sql-1.5.2-3.fc41




[SECURITY] Fedora 40 Update: moodle-4.3.9-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bdda1791b5
2024-12-27 01:24:36.257483+00:00
--------------------------------------------------------------------------------

Name : moodle
Product : Fedora 40
Version : 4.3.9
Release : 1.fc40
URL : https://moodle.org/
Summary : A Course Management System
Description :
Moodle is a course management system (CMS) - a free, Open Source software
package designed using sound pedagogical principles, to help educators create
effective online learning communities.

--------------------------------------------------------------------------------
Update Information:

Multiple CVE fixes
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 17 2024 Gwyn Ciesla [gwync@protonmail.com] - 4.3.9-1
- 4.3.9
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2332795 - CVE-2024-55648 moodle: Potential denial of service risk due to guest sessions' longer timeout period [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332795
[ 2 ] Bug #2332811 - CVE-2024-55647 moodle: Reflected XSS in question bank filter [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332811
[ 3 ] Bug #2332813 - CVE-2024-55646 moodle: Database activity issue in separate groups mode, for users not in a group [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332813
[ 4 ] Bug #2332823 - CVE-2024-55645 moodle: Email change confirmation token available via preference [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332823
[ 5 ] Bug #2332825 - CVE-2024-55644 moodle: Tag index page displays other users tagged with the selected tag [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332825
[ 6 ] Bug #2332827 - CVE-2024-55643 moodle: Unprotected access to sensitive information via learning plan web service [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332827
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bdda1791b5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: dr_libs-0^20241216git660795b-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4b0288e34f
2024-12-27 01:24:36.257427+00:00
--------------------------------------------------------------------------------

Name : dr_libs
Product : Fedora 40
Version : 0^20241216git660795b
Release : 1.fc40
URL : https://github.com/mackron/dr_libs
Summary : Single-file audio decoding libraries for C/C++
Description :
Single-file audio decoding libraries for C/C++.

--------------------------------------------------------------------------------
Update Information:

Update to 0^20241216git660795b
dr_flac 0.12.43: Fix a possible buffer overflow during decoding. Improve
detection of ARM64EC.
dr_mp3 0.6.40: Improve detection of ARM64EC
dr_wav 0.13.17: Fix a possible crash when reading from MS-ADPCM encoded files.
Improve detection of ARM64EC.
Add a SourceLicense field
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 17 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20241216git660795b-1
- Update to 0^20241216git660795b
- dr_flac 0.12.43: Fix a possible buffer overflow during decoding. Improve
detection of ARM64EC.
- dr_mp3 0.6.40: Improve detection of ARM64EC
- dr_wav 0.13.17: Fix a possible crash when reading from MS-ADPCM encoded
files. Improve detection of ARM64EC.
* Thu Dec 12 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20240226gitda35f9d-4
- Add a SourceLicense field
* Wed Jul 17 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0^20240226gitda35f9d-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4b0288e34f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: libxml2-2.12.9-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-867a14de12
2024-12-27 01:20:43.467650+00:00
--------------------------------------------------------------------------------

Name : libxml2
Product : Fedora 41
Version : 2.12.9
Release : 1.fc41
URL : https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home
Summary : Library providing XML and HTML support
Description :
This library allows to manipulate XML files. It includes support
to read, modify and write XML and HTML files. There is DTDs support
this includes parsing and validation even with complex DtDs, either
at parse time or later once the document has been modified. The output
can be a simple SAX stream or and in-memory DOM like representations.
In this case one can use the built-in XPath and XPointer implementation
to select sub nodes or ranges. A flexible Input/Output mechanism is
available, with existing HTTP and FTP modules and combined to an
URI library.

--------------------------------------------------------------------------------
Update Information:

Update to 2.12.9
Fixes CVE-2024-40896.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 24 2024 David King [amigadave@amigadave.com] - 2.12.9-1
- Update to 2.12.9 (#2333939)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2333939 - CVE-2024-40896 libxml2: XXE vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2333939
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-867a14de12' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: incus-6.8-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0912cd3ad9
2024-12-27 01:20:43.467602+00:00
--------------------------------------------------------------------------------

Name : incus
Product : Fedora 41
Version : 6.8
Release : 1.fc41
URL : https://linuxcontainers.org/incus
Summary : Powerful system container and virtual machine manager
Description :
Container hypervisor based on LXC
Incus offers a REST API to remotely manage containers over the network,
using an image based work-flow and with support for live migration.

This package contains the Incus daemon.

--------------------------------------------------------------------------------
Update Information:

Update to 6.8 to get various features and fixes
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2024 Neal Gompa [ngompa@fedoraproject.org] - 6.8-1
- Update to 6.8
- Another fix for incus socket
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2279094 - incus-6.8.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2279094
[ 2 ] Bug #2292096 - incus.service missing an environment variable INCUS_SOCKET
https://bugzilla.redhat.com/show_bug.cgi?id=2292096
[ 3 ] Bug #2328736 - [abrt] incus-client: runtime.raise(): incus killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=2328736
[ 4 ] Bug #2331983 - CVE-2024-45337 incus: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331983
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0912cd3ad9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: age-1.2.1-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4f08c1a90a
2024-12-27 01:20:43.467572+00:00
--------------------------------------------------------------------------------

Name : age
Product : Fedora 41
Version : 1.2.1
Release : 1.fc41
URL : https://github.com/FiloSottile/age
Summary : Simple, modern and secure encryption tool
Description :
A simple, modern and secure encryption tool (and Go library) with small
explicit keys, no config options, and UNIX-style composability.

--------------------------------------------------------------------------------
Update Information:

Update to 1.2.1 to fix
https://github.com/FiloSottile/age/security/advisories/GHSA-32gq-x56h-299c
security issue.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2024 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.2.1-1
- Update to 1.2.1 - Closes rhbz#2333048
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2331964 - CVE-2024-45337 age: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331964
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4f08c1a90a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: moodle-4.4.5-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ddb5f7c0a3
2024-12-27 01:20:43.467440+00:00
--------------------------------------------------------------------------------

Name : moodle
Product : Fedora 41
Version : 4.4.5
Release : 1.fc41
URL : https://moodle.org/
Summary : A Course Management System
Description :
Moodle is a course management system (CMS) - a free, Open Source software
package designed using sound pedagogical principles, to help educators create
effective online learning communities.

--------------------------------------------------------------------------------
Update Information:

Multiple CVE fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 17 2024 Gwyn Ciesla [gwync@protonmail.com] - 4.4.5-1
- 4.4.5
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2332796 - CVE-2024-55648 moodle: Potential denial of service risk due to guest sessions' longer timeout period [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332796
[ 2 ] Bug #2332812 - CVE-2024-55647 moodle: Reflected XSS in question bank filter [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332812
[ 3 ] Bug #2332814 - CVE-2024-55646 moodle: Database activity issue in separate groups mode, for users not in a group [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332814
[ 4 ] Bug #2332824 - CVE-2024-55645 moodle: Email change confirmation token available via preference [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332824
[ 5 ] Bug #2332826 - CVE-2024-55644 moodle: Tag index page displays other users tagged with the selected tag [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332826
[ 6 ] Bug #2332828 - CVE-2024-55643 moodle: Unprotected access to sensitive information via learning plan web service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332828
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ddb5f7c0a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: dr_libs-0^20241216git660795b-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-72a8e64069
2024-12-27 01:20:43.467370+00:00
--------------------------------------------------------------------------------

Name : dr_libs
Product : Fedora 41
Version : 0^20241216git660795b
Release : 1.fc41
URL : https://github.com/mackron/dr_libs
Summary : Single-file audio decoding libraries for C/C++
Description :
Single-file audio decoding libraries for C/C++.

--------------------------------------------------------------------------------
Update Information:

Update to 0^20241216git660795b
dr_flac 0.12.43: Fix a possible buffer overflow during decoding. Improve
detection of ARM64EC.
dr_mp3 0.6.40: Improve detection of ARM64EC
dr_wav 0.13.17: Fix a possible crash when reading from MS-ADPCM encoded files.
Improve detection of ARM64EC.
Add a SourceLicense field
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 17 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20241216git660795b-1
- Update to 0^20241216git660795b
- dr_flac 0.12.43: Fix a possible buffer overflow during decoding. Improve
detection of ARM64EC.
- dr_mp3 0.6.40: Improve detection of ARM64EC
- dr_wav 0.13.17: Fix a possible crash when reading from MS-ADPCM encoded
files. Improve detection of ARM64EC.
* Thu Dec 12 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20240226gitda35f9d-4
- Add a SourceLicense field
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-72a8e64069' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: python-sql-1.5.2-3.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-1a2f1733ad
2024-12-27 01:20:43.467349+00:00
--------------------------------------------------------------------------------

Name : python-sql
Product : Fedora 41
Version : 1.5.2
Release : 3.fc41
URL : https://pypi.python.org/pypi/python-sql
Summary : Python library to write SQL queries
Description :
python-sql is a library to write SQL queries in a pythonic way.

--------------------------------------------------------------------------------
Update Information:

update to 1.5.2
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 22 2024 Dan Horák - 1.5.2-3
- tox is not required at all (rhbz#2319722)
* Tue Oct 22 2024 Dan Horák - 1.5.2-2
- update to modern Python guidelines (rhbz#2319722)
* Tue Oct 1 2024 Dan Horák - 1.5.2-1
- updated to 1.5.2 (rhbz#2315775)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2332735 - CVE-2024-9774 python-sql: python-sql Unary operators does not escape non-Expression [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332735
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-1a2f1733ad' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------