Fedora Linux 8487 Published by

Updated squid and podman-tui security updates are available for Fedora Linux:

Fedora 39 Update: squid-6.6-1.fc39
Fedora 39 Update: podman-tui-0.15.0-1.fc39
Fedora 38 Update: squid-6.6-1.fc38
Fedora 38 Update: podman-tui-0.15.0-1.fc38




Fedora 39 Update: squid-6.6-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-ab77331a34
2023-12-29 01:13:03.775135
--------------------------------------------------------------------------------

Name : squid
Product : Fedora 39
Version : 6.6
Release : 1.fc39
URL : http://www.squid-cache.org
Summary : The Squid proxy caching server
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.

--------------------------------------------------------------------------------
Update Information:

- New version 6.6 - Important security fixes - Removed gopher support
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 13 2023 Yaakov Selkowitz [yselkowi@redhat.com] - 7:6.6-1
- new version 6.6
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2250224 - CVE-2023-46724 squid: Denial of Service in SSL Certificate validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2250224
[ 2 ] Bug #2250229 - TRIAGE CVE-2023-46728 squid: NULL pointer dereference in the gopher protocol code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2250229
[ 3 ] Bug #2252919 - CVE-2023-49288 squid: Use-After-Free in the HTTP Collapsed Forwarding Feature [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2252919
[ 4 ] Bug #2252924 - CVE-2023-49286 squid: Incorrect Check of Function Return Value In Helper Process management [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2252924
[ 5 ] Bug #2252927 - CVE-2023-49285 squid: Buffer over-read in the HTTP Message processing feature [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2252927
[ 6 ] Bug #2253417 - squid-6.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2253417
[ 7 ] Bug #2254686 - CVE-2023-50269 squid: denial of service in HTTP request parsing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2254686
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-ab77331a34' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: podman-tui-0.15.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-20feb865d8
2023-12-29 01:13:03.775083
--------------------------------------------------------------------------------

Name : podman-tui
Product : Fedora 39
Version : 0.15.0
Release : 1.fc39
URL : https://github.com/containers/podman-tui
Summary : Podman Terminal User Interface
Description :

podman-tui is a terminal user interface for Podman v4.
podman-tui is using podman.socket service to communicate with podman environment
and SSH to connect to remote podman machines.

--------------------------------------------------------------------------------
Update Information:

release v0.15.0 includes security fix for [CVE-2023-48795]
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 20 2023 Navid Yaghoobi [navidys@fedoraproject.org] - 0.15.0-1
- release v0.15.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2255104 - CVE-2023-48795 podman-tui: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255104
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-20feb865d8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: squid-6.6-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-6317eaa767
2023-12-29 01:04:00.859711
--------------------------------------------------------------------------------

Name : squid
Product : Fedora 38
Version : 6.6
Release : 1.fc38
URL : http://www.squid-cache.org
Summary : The Squid proxy caching server
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.

--------------------------------------------------------------------------------
Update Information:

- New version 6.6 - Important security fixes - Removed gopher support
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 13 2023 Yaakov Selkowitz [yselkowi@redhat.com] - 7:6.6-1
- new version 6.6
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2250224 - CVE-2023-46724 squid: Denial of Service in SSL Certificate validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2250224
[ 2 ] Bug #2250229 - TRIAGE CVE-2023-46728 squid: NULL pointer dereference in the gopher protocol code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2250229
[ 3 ] Bug #2252919 - CVE-2023-49288 squid: Use-After-Free in the HTTP Collapsed Forwarding Feature [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2252919
[ 4 ] Bug #2252924 - CVE-2023-49286 squid: Incorrect Check of Function Return Value In Helper Process management [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2252924
[ 5 ] Bug #2252927 - CVE-2023-49285 squid: Buffer over-read in the HTTP Message processing feature [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2252927
[ 6 ] Bug #2253417 - squid-6.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2253417
[ 7 ] Bug #2254686 - CVE-2023-50269 squid: denial of service in HTTP request parsing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2254686
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-6317eaa767' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: podman-tui-0.15.0-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-cb8c606fbb
2023-12-29 01:04:00.859658
--------------------------------------------------------------------------------

Name : podman-tui
Product : Fedora 38
Version : 0.15.0
Release : 1.fc38
URL : https://github.com/containers/podman-tui
Summary : Podman Terminal User Interface
Description :

podman-tui is a terminal user interface for Podman v4.
podman-tui is using podman.socket service to communicate with podman environment
and SSH to connect to remote podman machines.

--------------------------------------------------------------------------------
Update Information:

release v0.15.0 includes security fix for [CVE-2023-48795]
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 20 2023 Navid Yaghoobi [navidys@fedoraproject.org] - 0.15.0-1
- release v0.15.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2255104 - CVE-2023-48795 podman-tui: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255104
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-cb8c606fbb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--