Fedora Linux 8546 Published by

The following security updates have been released for Fedora Linux:

Fedora 38 Update: qpdf-11.6.4-2.fc38
Fedora 38 Update: wpa_supplicant-2.10-7.fc38
Fedora 39 Update: qpdf-11.6.4-2.fc39
Fedora 39 Update: exercism-3.3.0-1.fc39




Fedora 38 Update: qpdf-11.6.4-2.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-daa7df59d6
2024-03-10 01:22:42.150462
--------------------------------------------------------------------------------

Name : qpdf
Product : Fedora 38
Version : 11.6.4
Release : 2.fc38
URL : https://qpdf.sourceforge.io/
Summary : Command-line tools and library for transforming PDF files
Description :
QPDF is a command-line program that does structural, content-preserving
transformations on PDF files. It could have been called something
like pdf-to-pdf. It includes support for merging and splitting PDFs
and to manipulate the list of pages in a PDF file. It is not a PDF viewer
or a program capable of converting PDF into other formats.

--------------------------------------------------------------------------------
Update Information:

2267205 - CVE-2024-24246 qpdf - Heap Buffer Overflow vulnerability in qpdf
[fedora-all]
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 1 2024 Zdenek Dohnal [zdohnal@redhat.com] - 11.6.4-2
- 2267205 - CVE-2024-24246 qpdf - Heap Buffer Overflow vulnerability in qpdf [fedora-all]
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2267204 - CVE-2024-24246 qpdf: Heap Buffer Overflow vulnerability in qpdf
https://bugzilla.redhat.com/show_bug.cgi?id=2267204
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-daa7df59d6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: wpa_supplicant-2.10-7.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-36d2be00d0
2024-03-10 01:22:42.150421
--------------------------------------------------------------------------------

Name : wpa_supplicant
Product : Fedora 38
Version : 2.10
Release : 7.fc38
URL : http://w1.fi/wpa_supplicant/
Summary : WPA/WPA2/IEEE 802.1X Supplicant
Description :
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support
for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA
component that is used in the client stations. It implements key negotiation
with a WPA Authenticator and it controls the roaming and IEEE 802.11
authentication/association of the wlan driver.

--------------------------------------------------------------------------------
Update Information:

backport fix for PEAP client (CVE-2023-52160)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 22 2024 Davide Caratti [dcaratti@redhat.com] - 1:2.10-7
- Backport fix for PEAP client (CVE-2023-52160)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2264594 - TRIAGE CVE-2023-52160 wpa_supplicant: potential authorization bypass [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2264594
[ 2 ] Bug #2265479 - unpatched CVE-2023-52160 in Fedora 38 & 39
https://bugzilla.redhat.com/show_bug.cgi?id=2265479
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-36d2be00d0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: qpdf-11.6.4-2.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8762164e47
2024-03-10 01:06:45.872378
--------------------------------------------------------------------------------

Name : qpdf
Product : Fedora 39
Version : 11.6.4
Release : 2.fc39
URL : https://qpdf.sourceforge.io/
Summary : Command-line tools and library for transforming PDF files
Description :
QPDF is a command-line program that does structural, content-preserving
transformations on PDF files. It could have been called something
like pdf-to-pdf. It includes support for merging and splitting PDFs
and to manipulate the list of pages in a PDF file. It is not a PDF viewer
or a program capable of converting PDF into other formats.

--------------------------------------------------------------------------------
Update Information:

2267205 - CVE-2024-24246 qpdf - Heap Buffer Overflow vulnerability in qpdf
[fedora-all]
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 1 2024 Zdenek Dohnal [zdohnal@redhat.com] - 11.6.4-2
- 2267205 - CVE-2024-24246 qpdf - Heap Buffer Overflow vulnerability in qpdf [fedora-all]
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2267204 - CVE-2024-24246 qpdf: Heap Buffer Overflow vulnerability in qpdf
https://bugzilla.redhat.com/show_bug.cgi?id=2267204
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8762164e47' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: exercism-3.3.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-cafa04a149
2024-03-10 01:06:45.872372
--------------------------------------------------------------------------------

Name : exercism
Product : Fedora 39
Version : 3.3.0
Release : 1.fc39
URL : https://github.com/exercism/cli
Summary : Exercism command-line interface
Description :
Exercism provides a way to do the problems on https://exercism.io.

This CLI ships as a binary with no additional run-time requirements. This means
that if you're doing the Haskell problems on exercism you don't need a working
Python or Ruby environment simply to fetch and submit exercises.

--------------------------------------------------------------------------------
Update Information:

Update to latest version
Security fix for CVE-2023-39325
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 1 2024 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 3.3.0-1
- Update to latest version (#2264431)
* Sun Feb 11 2024 Maxwell G [maxwell@gtmx.me] - 3.2.0-4
- Rebuild for golang 1.22.0
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2248209 - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)
https://bugzilla.redhat.com/show_bug.cgi?id=2248209
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-cafa04a149' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--