Fedora Linux 8485 Published by

The following security updates are available for Fedora Linux:

Fedora 38 Update: thunderbird-115.7.0-1.fc38
Fedora 38 Update: chromium-121.0.6167.85-1.fc38
Fedora 38 Update: firefox-122.0-1.fc38
Fedora 38 Update: dotnet8.0-8.0.101-1.fc38
Fedora 38 Update: freeipa-4.10.3-1.fc38
Fedora 39 Update: chromium-121.0.6167.85-1.fc39
Fedora 39 Update: freeipa-4.11.1-1.fc39




Fedora 38 Update: thunderbird-115.7.0-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-278a776610
2024-01-26 00:42:11.402051
--------------------------------------------------------------------------------

Name : thunderbird
Product : Fedora 38
Version : 115.7.0
Release : 1.fc38
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

Update to 115.7.0 * https://www.mozilla.org/en-
US/security/advisories/mfsa2024-04/ * https://www.thunderbird.net/en-
US/thunderbird/115.7.0/releasenotes/
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 24 2024 Eike Rathke [erack@redhat.com] - 115.7.0-1
- Update to 115.7.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-278a776610' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: chromium-121.0.6167.85-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e42978d12c
2024-01-26 00:42:11.402042
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 38
Version : 121.0.6167.85
Release : 1.fc38
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

update to 121.0.6167.85 * High CVE-2024-0807: Use after free in WebAudio *
High CVE-2024-0812: Inappropriate implementation in Accessibility * High
CVE-2024-0808: Integer underflow in WebUI * Medium CVE-2024-0810: Insufficient
policy enforcement in DevTools * Medium CVE-2024-0814: Incorrect security UI
in Payments * Medium CVE-2024-0813: Use after free in Reading Mode * Medium
CVE-2024-0806: Use after free in Passwords * Medium CVE-2024-0805:
Inappropriate implementation in Downloads * Medium CVE-2024-0804: Insufficient
policy enforcement in iOS Security UI * Low CVE-2024-0811: Inappropriate
implementation in Extensions API * Low CVE-2024-0809: Inappropriate
implementation in Autofill
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 24 2024 Than Ngo [than@redhat.com] - 121.0.6167.85-1
- update to 121.0.6167.85
* High CVE-2024-0807: Use after free in WebAudio
* High CVE-2024-0812: Inappropriate implementation in Accessibility
* High CVE-2024-0808: Integer underflow in WebUI
* Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
* Medium CVE-2024-0814: Incorrect security UI in Payments
* Medium CVE-2024-0813: Use after free in Reading Mode
* Medium CVE-2024-0806: Use after free in Passwords
* Medium CVE-2024-0805: Inappropriate implementation in Downloads
* Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
* Low CVE-2024-0811: Inappropriate implementation in Extensions API
* Low CVE-2024-0809: Inappropriate implementation in Autofill
* Tue Jan 23 2024 Than Ngo [than@redhat.com] - 121.0.6167.71-1
- update to 121.0.6167.71
* Tue Jan 23 2024 Fedora Release Engineering [releng@fedoraproject.org] - 120.0.6099.224-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2260065 - CVE-2024-0806 CVE-2024-0807 CVE-2024-0808 CVE-2024-0810 CVE-2024-0812 CVE-2024-0813 CVE-2024-0814 chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2260065
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e42978d12c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: firefox-122.0-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f7e3c98cd6
2024-01-26 00:42:11.402024
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 38
Version : 122.0
Release : 1.fc38
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

- Updated to new upstream (122.0)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 19 2024 Martin Stransky [stransky@redhat.com]- 122.0-1
- Update to 122.0
* Fri Jan 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 121.0.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f7e3c98cd6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: dotnet8.0-8.0.101-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d5de04f5cd
2024-01-26 00:42:11.401898
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 38
Version : 8.0.101
Release : 1.fc38
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the January 2024 update for .NET 8. Release Notes:
https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.1/8.0.1.md
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 9 2024 Omair Majid [omajid@redhat.com] - 8.0.101-1
- Update to .NET SDK 8.0.101 and Runtime 8.0.1
* Tue Dec 12 2023 Omair Majid [omajid@redhat.com] - 8.0.100-2
- Enable gpg signature verification
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d5de04f5cd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: freeipa-4.10.3-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-403145c4fb
2024-01-26 00:42:11.401778
--------------------------------------------------------------------------------

Name : freeipa
Product : Fedora 38
Version : 4.10.3
Release : 1.fc38
URL : http://www.freeipa.org/
Summary : The Identity, Policy and Audit system
Description :
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).

--------------------------------------------------------------------------------
Update Information:

Upstream security release for CVE-2023-5455. Release notes:
https://www.freeipa.org/release-notes/4-10-3.html
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 10 2024 Alexander Bokovoy [abokovoy@redhat.com] - 4.10.3-1
- Security release: CVE-2023-5455
- Resolves: rhbz#2257646
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2257646 - CVE-2023-5455 freeipa: ipa: Invalid CSRF protection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2257646
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-403145c4fb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: chromium-121.0.6167.85-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-3f7345570a
2024-01-26 00:37:56.448009
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 39
Version : 121.0.6167.85
Release : 1.fc39
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

update to 121.0.6167.85 * High CVE-2024-0807: Use after free in WebAudio *
High CVE-2024-0812: Inappropriate implementation in Accessibility * High
CVE-2024-0808: Integer underflow in WebUI * Medium CVE-2024-0810: Insufficient
policy enforcement in DevTools * Medium CVE-2024-0814: Incorrect security UI
in Payments * Medium CVE-2024-0813: Use after free in Reading Mode * Medium
CVE-2024-0806: Use after free in Passwords * Medium CVE-2024-0805:
Inappropriate implementation in Downloads * Medium CVE-2024-0804: Insufficient
policy enforcement in iOS Security UI * Low CVE-2024-0811: Inappropriate
implementation in Extensions API * Low CVE-2024-0809: Inappropriate
implementation in Autofill
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 24 2024 Than Ngo [than@redhat.com] - 121.0.6167.85-1
- update to 121.0.6167.85
* High CVE-2024-0807: Use after free in WebAudio
* High CVE-2024-0812: Inappropriate implementation in Accessibility
* High CVE-2024-0808: Integer underflow in WebUI
* Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
* Medium CVE-2024-0814: Incorrect security UI in Payments
* Medium CVE-2024-0813: Use after free in Reading Mode
* Medium CVE-2024-0806: Use after free in Passwords
* Medium CVE-2024-0805: Inappropriate implementation in Downloads
* Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
* Low CVE-2024-0811: Inappropriate implementation in Extensions API
* Low CVE-2024-0809: Inappropriate implementation in Autofill
* Tue Jan 23 2024 Than Ngo [than@redhat.com] - 121.0.6167.71-1
- update to 121.0.6167.71
* Tue Jan 23 2024 Fedora Release Engineering [releng@fedoraproject.org] - 120.0.6099.224-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2260065 - CVE-2024-0806 CVE-2024-0807 CVE-2024-0808 CVE-2024-0810 CVE-2024-0812 CVE-2024-0813 CVE-2024-0814 chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2260065
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-3f7345570a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: freeipa-4.11.1-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-9ab2666594
2024-01-26 00:37:56.447884
--------------------------------------------------------------------------------

Name : freeipa
Product : Fedora 39
Version : 4.11.1
Release : 1.fc39
URL : http://www.freeipa.org/
Summary : The Identity, Policy and Audit system
Description :
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).

--------------------------------------------------------------------------------
Update Information:

Security update for CVE-2023-5455 Release notes:
https://www.freeipa.org/release-notes/4-11-1.html
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 10 2024 Alexander Bokovoy [abokovoy@redhat.com] - 4.11.1-1
- Security release: CVE-2023-5455
- Resolves: rhbz#2257646
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2257646 - CVE-2023-5455 freeipa: ipa: Invalid CSRF protection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2257646
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-9ab2666594' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--