Fedora Linux 8861 Published by

Fedora Linux has been updated with multiple security enhancements, including pam-u2f-1.3.2-1.fc40, rsync-3.4.1-1.fc40, containers-common-0.61.1-1.fc41, podman-5.3.2-1.fc41, buildah-1.38.1-1.fc41, and golang-1.23.5-1.fc41:

Fedora 40 Update: pam-u2f-1.3.2-1.fc40
Fedora 40 Update: rsync-3.4.1-1.fc40
Fedora 41 Update: containers-common-0.61.1-1.fc41
Fedora 41 Update: podman-5.3.2-1.fc41
Fedora 41 Update: buildah-1.38.1-1.fc41
Fedora 41 Update: golang-1.23.5-1.fc41





[SECURITY] Fedora 40 Update: pam-u2f-1.3.2-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b58b563b77
2025-01-25 02:56:47.361077+00:00
--------------------------------------------------------------------------------

Name : pam-u2f
Product : Fedora 40
Version : 1.3.2
Release : 1.fc40
URL : https://github.com/Yubico/pam-u2f
Summary : Implements PAM authentication over U2F
Description :
The PAM U2F module provides an easy way to integrate the Yubikey (or
other U2F-compliant authenticators) into your existing user
authentication infrastructure.

--------------------------------------------------------------------------------
Update Information:

pam-u2f 1.3.1 includes a fix to resolve CVE-2025-23013 (Partial Authentication
Bypass). CVSS score 7.3. 1.3.2 is a fix for a regression that could impact
existing use cases.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 16 2025 Gary Buhrmaster [gary.buhrmaster@gmail.com] - 1.3.2-1
- Update to 1.3.2 - resolves rhbz#2338418
1.3.2 fixes a potentially breaking issue with tightened authfile checking with 1.3.1
* Tue Jan 14 2025 Gary Buhrmaster [gary.buhrmaster@gmail.com] - 1.3.1-1
- Update to 1.3.1 - resolves rhbz#2337634
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.3.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2338114 - CVE-2025-23013 pam-u2f: Partial Authentication Bypass in pam-u2f Software Package [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2338114
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b58b563b77' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rsync-3.4.1-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b28759cb95
2025-01-25 02:56:47.361039+00:00
--------------------------------------------------------------------------------

Name : rsync
Product : Fedora 40
Version : 3.4.1
Release : 1.fc40
URL : https://rsync.samba.org/
Summary : A program for synchronizing files over a network
Description :
Rsync uses a reliable algorithm to bring remote and host files into
sync very quickly. Rsync is fast because it just sends the differences
in the files over the network instead of sending the complete
files. Rsync is often used as a very powerful mirroring process or
just as a more capable replacement for the rcp command. A technical
report which describes the rsync algorithm is included in this
package.

--------------------------------------------------------------------------------
Update Information:

New version 3.4.1, a couple of fixes for the 3.4.0 release.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 16 2025 Michal Ruprich [mruprich@redhat.com] - 3.4.1-0
- New version 3.4.1 - a couple of minor fixes for 3.4.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2338383 - rsync-3.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2338383
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b28759cb95' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: containers-common-0.61.1-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-908dfe95f6
2025-01-25 02:16:27.035742+00:00
--------------------------------------------------------------------------------

Name : containers-common
Product : Fedora 41
Version : 0.61.1
Release : 1.fc41
URL : https://github.com/containers/common
Summary : Common configuration and documentation for containers
Description :
This package contains common configuration files and documentation for container
tools ecosystem, such as Podman, Buildah and Skopeo.

It is required because the most of configuration files and docs come from projects
which are vendored into Podman, Buildah, Skopeo, etc. but they are not packaged
separately.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-11218 - fixed in buildah 1.38.1, podman 5.3.2
Automatic update for buildah-1.38.1-1.fc41, containers-common-0.61.1-1.fc41,
podman-5.3.2-1.fc41.
Changelog for buildah
* Tue Jan 21 2025 Packit [hello@packit.dev] - 2:1.38.1-1
- Update to 1.38.1 upstream release
Changelog for containers-common
* Thu Jan 16 2025 Packit [hello@packit.dev] - 5:0.61.1-1
- Update to 0.61.1 upstream release
Changelog for podman
* Wed Jan 22 2025 Packit [hello@packit.dev] - 5:5.3.2-1
- Update to 5.3.2 upstream release
* Wed Jan 22 2025 Lokesh Mandvekar [lsm5@fedoraproject.org] - 5:5.3.1-4
- remove patch merged in upcoming upstream release
* Fri Jan 17 2025 Mikhail Gavrilov [mikhail.v.gavrilov@gmail.com] - 5:5.3.1-3
- apply MR https://github.com/containers/storage/pull/2193
* Wed Nov 27 2024 Lokesh Mandvekar [lsm5@fedoraproject.org] - 5:5.3.1-2
- remove unused patch
apply MR https://github.com/containers/storage/pull/2193
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 16 2025 Packit [hello@packit.dev] - 5:0.61.1-1
- Update to 0.61.1 upstream release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2326231 - CVE-2024-11218 podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile
https://bugzilla.redhat.com/show_bug.cgi?id=2326231
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-908dfe95f6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: podman-5.3.2-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-908dfe95f6
2025-01-25 02:16:27.035742+00:00
--------------------------------------------------------------------------------

Name : podman
Product : Fedora 41
Version : 5.3.2
Release : 1.fc41
URL : https://podman.io/
Summary : Manage Pods, Containers and Container Images
Description :
podman (Pod Manager) is a fully featured container engine that is a simple
daemonless tool. podman provides a Docker-CLI comparable command line that
eases the transition from other container engines and allows the management of
pods, containers and images. Simply put: alias docker=podman.
Most podman commands can be run as a regular user, without requiring
additional privileges.

podman uses Buildah(1) internally to create container images.
Both tools share image (not container) storage, hence each can use or
manipulate images (but not containers) created by the other.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-11218 - fixed in buildah 1.38.1, podman 5.3.2
Automatic update for buildah-1.38.1-1.fc41, containers-common-0.61.1-1.fc41,
podman-5.3.2-1.fc41.
Changelog for buildah
* Tue Jan 21 2025 Packit [hello@packit.dev] - 2:1.38.1-1
- Update to 1.38.1 upstream release
Changelog for containers-common
* Thu Jan 16 2025 Packit [hello@packit.dev] - 5:0.61.1-1
- Update to 0.61.1 upstream release
Changelog for podman
* Wed Jan 22 2025 Packit [hello@packit.dev] - 5:5.3.2-1
- Update to 5.3.2 upstream release
* Wed Jan 22 2025 Lokesh Mandvekar [lsm5@fedoraproject.org] - 5:5.3.1-4
- remove patch merged in upcoming upstream release
* Fri Jan 17 2025 Mikhail Gavrilov [mikhail.v.gavrilov@gmail.com] - 5:5.3.1-3
- apply MR https://github.com/containers/storage/pull/2193
* Wed Nov 27 2024 Lokesh Mandvekar [lsm5@fedoraproject.org] - 5:5.3.1-2
- remove unused patch
apply MR https://github.com/containers/storage/pull/2193
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 22 2025 Packit [hello@packit.dev] - 5:5.3.2-1
- Update to 5.3.2 upstream release
* Wed Jan 22 2025 Lokesh Mandvekar [lsm5@fedoraproject.org] - 5:5.3.1-4
- remove patch merged in upcoming upstream release
* Fri Jan 17 2025 Mikhail Gavrilov [mikhail.v.gavrilov@gmail.com] - 5:5.3.1-3
- apply MR https://github.com/containers/storage/pull/2193
* Wed Nov 27 2024 Lokesh Mandvekar [lsm5@fedoraproject.org] - 5:5.3.1-2
- remove unused patch
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2326231 - CVE-2024-11218 podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile
https://bugzilla.redhat.com/show_bug.cgi?id=2326231
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-908dfe95f6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: buildah-1.38.1-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-908dfe95f6
2025-01-25 02:16:27.035742+00:00
--------------------------------------------------------------------------------

Name : buildah
Product : Fedora 41
Version : 1.38.1
Release : 1.fc41
URL : https://buildah.io
Summary : A command line tool used for creating OCI Images
Description :
The buildah package provides a command line tool which can be used to
* create a working container from scratch
or
* create a working container from an image as a starting point
* mount/umount a working container's root file system for manipulation
* save container's root file system layer to create a new image
* delete a working container or an image

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-11218 - fixed in buildah 1.38.1, podman 5.3.2
Automatic update for buildah-1.38.1-1.fc41, containers-common-0.61.1-1.fc41,
podman-5.3.2-1.fc41.
Changelog for buildah
* Tue Jan 21 2025 Packit [hello@packit.dev] - 2:1.38.1-1
- Update to 1.38.1 upstream release
Changelog for containers-common
* Thu Jan 16 2025 Packit [hello@packit.dev] - 5:0.61.1-1
- Update to 0.61.1 upstream release
Changelog for podman
* Wed Jan 22 2025 Packit [hello@packit.dev] - 5:5.3.2-1
- Update to 5.3.2 upstream release
* Wed Jan 22 2025 Lokesh Mandvekar [lsm5@fedoraproject.org] - 5:5.3.1-4
- remove patch merged in upcoming upstream release
* Fri Jan 17 2025 Mikhail Gavrilov [mikhail.v.gavrilov@gmail.com] - 5:5.3.1-3
- apply MR https://github.com/containers/storage/pull/2193
* Wed Nov 27 2024 Lokesh Mandvekar [lsm5@fedoraproject.org] - 5:5.3.1-2
- remove unused patch
apply MR https://github.com/containers/storage/pull/2193
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 21 2025 Packit [hello@packit.dev] - 2:1.38.1-1
- Update to 1.38.1 upstream release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2326231 - CVE-2024-11218 podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile
https://bugzilla.redhat.com/show_bug.cgi?id=2326231
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-908dfe95f6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: golang-1.23.5-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-70a32aa438
2025-01-25 02:16:27.035712+00:00
--------------------------------------------------------------------------------

Name : golang
Product : Fedora 41
Version : 1.23.5
Release : 1.fc41
URL : https://go.dev
Summary : The Go Programming Language
Description :
The Go Programming Language.

--------------------------------------------------------------------------------
Update Information:

Includes security fixes to the crypto/x509 and net/http packages
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 17 2025 Mike Rochefort [mroche@omenos.dev] - 1.23.5-1
- Update to 1.23.5 upstream release
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-70a32aa438' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--