Fedora Linux 8799 Published by

The following security updates have been released for Fedora Linux 39:

[SECURITY] Fedora 39 Update: nss-3.103.0-1.fc39
[SECURITY] Fedora 39 Update: firefox-129.0-1.fc39
[SECURITY] Fedora 39 Update: chromium-127.0.6533.99-1.fc39
[SECURITY] Fedora 39 Update: neatvnc-0.8.1-1.fc39




[SECURITY] Fedora 39 Update: nss-3.103.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4fcf85b0ff
2024-08-12 04:58:00.143535
--------------------------------------------------------------------------------

Name : nss
Product : Fedora 39
Version : 3.103.0
Release : 1.fc39
URL : http://www.mozilla.org/projects/security/pki/nss/
Summary : Network Security Services
Description :
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.

--------------------------------------------------------------------------------
Update Information:

Update NSS to 3.103.0
Update to Firefox 129.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug 5 2024 Frantisek Krenzelok [krenzelok.frantisek@gmail.com] - 3.103.0-1
- Update NSS to 3.103.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4fcf85b0ff' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: firefox-129.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4fcf85b0ff
2024-08-12 04:58:00.143535
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 39
Version : 129.0
Release : 1.fc39
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

Update NSS to 3.103.0
Update to Firefox 129.0
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 30 2024 Martin Stransky [stransky@redhat.com] - 129.0-1
- Update to 129.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4fcf85b0ff' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: chromium-127.0.6533.99-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b60f51180f
2024-08-12 04:58:00.143528
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 39
Version : 127.0.6533.99
Release : 1.fc39
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 127.0.6533.99
* Critical CVE-2024-7532: Out of bounds memory access in ANGLE
* High CVE-2024-7533: Use after free in Sharing
* High CVE-2024-7550: Type Confusion in V8
* High CVE-2024-7534: Heap buffer overflow in Layout
* High CVE-2024-7535: Inappropriate implementation in V8
* High CVE-2024-7536: Use after free in WebAudio
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 7 2024 Than Ngo [than@redhat.com] - 127.0.6533.99-1
- update to 127.0.6533.99
* Critical CVE-2024-7532: Out of bounds memory access in ANGLE
* High CVE-2024-7533: Use after free in Sharing
* High CVE-2024-7550: Type Confusion in V8
* High CVE-2024-7534: Heap buffer overflow in Layout
* High CVE-2024-7535: Inappropriate implementation in V8
* High CVE-2024-7536: Use after free in WebAudio
* Tue Aug 6 2024 Than Ngo [than@redhat.com] - 127.0.6533.88-3
- fix rhbz#2294773 - Allow enabling vulkan on ozone wayland for AMD vaapi
- add ppc64le patch to fix runtime assertion trap on ppc64el systems
- refresh ppc64le patch to work around broken 64k allocator code on arm64
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2303050 - CVE-2024-7055 chromium: From NVD collector [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2303050
[ 2 ] Bug #2303343 - CVE-2024-6988 chromium: Use after free in Downloads [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2303343
[ 3 ] Bug #2303344 - CVE-2024-6988 chromium: Use after free in Downloads [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2303344
[ 4 ] Bug #2303345 - CVE-2024-6988 chromium: Use after free in Downloads [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2303345
[ 5 ] Bug #2303348 - CVE-2024-7533 chromium: Use after free in Sharing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303348
[ 6 ] Bug #2303349 - CVE-2024-7533 chromium: Use after free in Sharing [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303349
[ 7 ] Bug #2303350 - CVE-2024-7550 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303350
[ 8 ] Bug #2303351 - CVE-2024-7550 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303351
[ 9 ] Bug #2303352 - CVE-2024-7534 chromium: Heap buffer overflow in Layout [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303352
[ 10 ] Bug #2303353 - CVE-2024-7534 chromium: Heap buffer overflow in Layout [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303353
[ 11 ] Bug #2303354 - CVE-2024-6989 chromium: Use after free in Loader [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303354
[ 12 ] Bug #2303355 - CVE-2024-6989 chromium: Use after free in Loader [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303355
[ 13 ] Bug #2303356 - CVE-2024-7535 chromium: Inappropriate implementation in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303356
[ 14 ] Bug #2303357 - CVE-2024-7535 chromium: Inappropriate implementation in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303357
[ 15 ] Bug #2303359 - CVE-2024-7536 chromium: Use after free in WebAudio [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303359
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b60f51180f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: neatvnc-0.8.1-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-7250fa4a78
2024-08-12 04:58:00.143423
--------------------------------------------------------------------------------

Name : neatvnc
Product : Fedora 39
Version : 0.8.1
Release : 1.fc39
URL : https://github.com/any1/neatvnc
Summary : a liberally licensed VNC server library
Description :

This is a liberally licensed VNC server library that's intended to be
fast and neat. Note: This is a beta release, so the interface is not
yet stable.

--------------------------------------------------------------------------------
Update Information:

new version RHBZ #2302449,2302450
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 2 2024 Bob Hepple [bob.hepple@gmail.com] - 0.8.1-1
- new version RHBZ #2302449,2302450
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.8.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2302449 - CVE-2024-42458 neatvnc: improper validation of chosen security type [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2302449
[ 2 ] Bug #2302450 - CVE-2024-42458 neatvnc: improper validation of chosen security type [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2302450
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-7250fa4a78' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--