Fedora Linux 8799 Published by

Fedora Linux has received multiple security updates, including Thunderbird, Syncthing, and PHP-tcpdf:

Fedora 40 Update: thunderbird-128.4.0-1.fc40
Fedora 40 Update: syncthing-1.28.0-1.fc40
Fedora 40 Update: php-tcpdf-6.7.7-1.fc40
Fedora 41 Update: thunderbird-128.4.0-1.fc41
Fedora 41 Update: syncthing-1.28.0-1.fc41
Fedora 41 Update: php-tcpdf-6.7.7-1.fc41
Fedora 39 Update: syncthing-1.28.0-1.fc39
Fedora 39 Update: php-tcpdf-6.7.7-1.fc39



[SECURITY] Fedora 40 Update: thunderbird-128.4.0-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d1ba38d9a6
2024-11-06 04:49:15.942097
--------------------------------------------------------------------------------

Name : thunderbird
Product : Fedora 40
Version : 128.4.0
Release : 1.fc40
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

Update to 128.4.0
https://www.thunderbird.net/en-US/thunderbird/128.4.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 28 2024 Eike Rathke [erack@redhat.com] - 128.4.0-1
- Update to 128.4.0 build1
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d1ba38d9a6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: syncthing-1.28.0-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4d24786142
2024-11-06 04:49:15.942027
--------------------------------------------------------------------------------

Name : syncthing
Product : Fedora 40
Version : 1.28.0
Release : 1.fc40
URL : https://syncthing.net
Summary : Continuous File Synchronization
Description :
Syncthing replaces other file synchronization services with something
open, trustworthy and decentralized. Your data is your data alone and
you deserve to choose where it is stored, if it is shared with some
third party and how it's transmitted over the Internet. Using syncthing,
that control is returned to you.

This package contains the syncthing client binary and systemd services.

--------------------------------------------------------------------------------
Update Information:

Update to version 1.28.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.28.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 28 2024 Fabio Valentini [decathorpe@gmail.com] - 1.28.0-1
- Update to version 1.28.0; Fixes RHBZ#2319211
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2292676 - CVE-2024-24789 syncthing: golang: archive/zip: Incorrect handling of certain ZIP files [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2292676
[ 2 ] Bug #2292720 - CVE-2024-24789 syncthing: golang: archive/zip: Incorrect handling of certain ZIP files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2292720
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4d24786142' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: php-tcpdf-6.7.7-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-afeeca72ce
2024-11-06 04:49:15.942005
--------------------------------------------------------------------------------

Name : php-tcpdf
Product : Fedora 40
Version : 6.7.7
Release : 1.fc40
URL : http://www.tcpdf.org
Summary : PHP class for generating PDF documents and barcodes
Description :
PHP class for generating PDF documents.

* no external libraries are required for the basic functions;
* all standard page formats, custom page formats, custom margins and units
of measure;
* UTF-8 Unicode and Right-To-Left languages;
* TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0 fonts;
* font subsetting;
* methods to publish some XHTML + CSS code, Javascript and Forms;
* images, graphic (geometric figures) and transformation methods;
* supports JPEG, PNG and SVG images natively, all images supported by GD
(GD, GD2, GD2PART, GIF, JPEG, PNG, BMP, XBM, XPM) and all images supported
via ImagMagick (http: www.imagemagick.org/www/formats.html)
* 1D and 2D barcodes: CODE 39, ANSI MH10.8M-1983, USD-3, 3 of 9, CODE 93,
USS-93, Standard 2 of 5, Interleaved 2 of 5, CODE 128 A/B/C, 2 and 5 Digits
UPC-Based Extention, EAN 8, EAN 13, UPC-A, UPC-E, MSI, POSTNET, PLANET,
RMS4CC (Royal Mail 4-state Customer Code), CBC (Customer Bar Code),
KIX (Klant index - Customer index), Intelligent Mail Barcode, Onecode,
USPS-B-3200, CODABAR, CODE 11, PHARMACODE, PHARMACODE TWO-TRACKS,
Datamatrix ECC200, QR-Code, PDF417;
* ICC Color Profiles, Grayscale, RGB, CMYK, Spot Colors and Transparencies;
* automatic page header and footer management;
* document encryption up to 256 bit and digital signature certifications;
* transactions to UNDO commands;
* PDF annotations, including links, text and file attachments;
* text rendering modes (fill, stroke and clipping);
* multiple columns mode;
* no-write page regions;
* bookmarks and table of content;
* text hyphenation;
* text stretching and spacing (tracking/kerning);
* automatic page break, line break and text alignments including justification;
* automatic page numbering and page groups;
* move and delete pages;
* page compression (requires php-zlib extension);
* XOBject templates;
* PDF/A-1b (ISO 19005-1:2005) support.

By default, TCPDF uses the GD library which is know as slower than ImageMagick
solution. You can optionally install php-pecl-imagick; TCPDF will use it.

--------------------------------------------------------------------------------
Update Information:

Version 6.7.7 (2024-10-26)
Update regular expression to avoid ReDoS (CVE-2024-22641)
[PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675
SVG detection fix for inline data images #646
Fix count svg #647
Since the version 6.7.4, the "0" is considered like empty string and not
displayed
Fixed handling of transparency in PDF/A mode in addExtGState method
Encrypt /DA string when document is encrypted
Improve quality of generated seed, avoid potential security pitfall
Try to use random_bytes() first if it's available
Do not include the server parameters in the generated seed, as they might
contain sensitive data
Fix bug on _getannotsrefs when there are empty signature appearances but not
other annot on a page
Fix SVG coordinate parser that caused drawing artifacts
Remove usage of xml_set_object() function
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 28 2024 Remi Collet [remi@remirepo.net] - 6.7.7-1
- update to 6.7.7
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-afeeca72ce' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: thunderbird-128.4.0-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2b2993a69d
2024-11-06 03:51:37.801269
--------------------------------------------------------------------------------

Name : thunderbird
Product : Fedora 41
Version : 128.4.0
Release : 1.fc41
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

Update to 128.4.0
https://www.thunderbird.net/en-US/thunderbird/128.4.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 28 2024 Eike Rathke [erack@redhat.com] - 128.4.0-1
- Update to 128.4.0 build1
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2b2993a69d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: syncthing-1.28.0-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-aa6e72c713
2024-11-06 03:51:37.801150
--------------------------------------------------------------------------------

Name : syncthing
Product : Fedora 41
Version : 1.28.0
Release : 1.fc41
URL : https://syncthing.net
Summary : Continuous File Synchronization
Description :
Syncthing replaces other file synchronization services with something
open, trustworthy and decentralized. Your data is your data alone and
you deserve to choose where it is stored, if it is shared with some
third party and how it's transmitted over the Internet. Using syncthing,
that control is returned to you.

This package contains the syncthing client binary and systemd services.

--------------------------------------------------------------------------------
Update Information:

Update to version 1.28.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.28.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 28 2024 Fabio Valentini [decathorpe@gmail.com] - 1.28.0-1
- Update to version 1.28.0; Fixes RHBZ#2319211
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2292676 - CVE-2024-24789 syncthing: golang: archive/zip: Incorrect handling of certain ZIP files [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2292676
[ 2 ] Bug #2292720 - CVE-2024-24789 syncthing: golang: archive/zip: Incorrect handling of certain ZIP files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2292720
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-aa6e72c713' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: php-tcpdf-6.7.7-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b00678c08a
2024-11-06 03:51:37.801112
--------------------------------------------------------------------------------

Name : php-tcpdf
Product : Fedora 41
Version : 6.7.7
Release : 1.fc41
URL : http://www.tcpdf.org
Summary : PHP class for generating PDF documents and barcodes
Description :
PHP class for generating PDF documents.

* no external libraries are required for the basic functions;
* all standard page formats, custom page formats, custom margins and units
of measure;
* UTF-8 Unicode and Right-To-Left languages;
* TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0 fonts;
* font subsetting;
* methods to publish some XHTML + CSS code, Javascript and Forms;
* images, graphic (geometric figures) and transformation methods;
* supports JPEG, PNG and SVG images natively, all images supported by GD
(GD, GD2, GD2PART, GIF, JPEG, PNG, BMP, XBM, XPM) and all images supported
via ImagMagick (http: www.imagemagick.org/www/formats.html)
* 1D and 2D barcodes: CODE 39, ANSI MH10.8M-1983, USD-3, 3 of 9, CODE 93,
USS-93, Standard 2 of 5, Interleaved 2 of 5, CODE 128 A/B/C, 2 and 5 Digits
UPC-Based Extention, EAN 8, EAN 13, UPC-A, UPC-E, MSI, POSTNET, PLANET,
RMS4CC (Royal Mail 4-state Customer Code), CBC (Customer Bar Code),
KIX (Klant index - Customer index), Intelligent Mail Barcode, Onecode,
USPS-B-3200, CODABAR, CODE 11, PHARMACODE, PHARMACODE TWO-TRACKS,
Datamatrix ECC200, QR-Code, PDF417;
* ICC Color Profiles, Grayscale, RGB, CMYK, Spot Colors and Transparencies;
* automatic page header and footer management;
* document encryption up to 256 bit and digital signature certifications;
* transactions to UNDO commands;
* PDF annotations, including links, text and file attachments;
* text rendering modes (fill, stroke and clipping);
* multiple columns mode;
* no-write page regions;
* bookmarks and table of content;
* text hyphenation;
* text stretching and spacing (tracking/kerning);
* automatic page break, line break and text alignments including justification;
* automatic page numbering and page groups;
* move and delete pages;
* page compression (requires php-zlib extension);
* XOBject templates;
* PDF/A-1b (ISO 19005-1:2005) support.

By default, TCPDF uses the GD library which is know as slower than ImageMagick
solution. You can optionally install php-pecl-imagick; TCPDF will use it.

--------------------------------------------------------------------------------
Update Information:

Version 6.7.7 (2024-10-26)
Update regular expression to avoid ReDoS (CVE-2024-22641)
[PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675
SVG detection fix for inline data images #646
Fix count svg #647
Since the version 6.7.4, the "0" is considered like empty string and not
displayed
Fixed handling of transparency in PDF/A mode in addExtGState method
Encrypt /DA string when document is encrypted
Improve quality of generated seed, avoid potential security pitfall
Try to use random_bytes() first if it's available
Do not include the server parameters in the generated seed, as they might
contain sensitive data
Fix bug on _getannotsrefs when there are empty signature appearances but not
other annot on a page
Fix SVG coordinate parser that caused drawing artifacts
Remove usage of xml_set_object() function
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 28 2024 Remi Collet [remi@remirepo.net] - 6.7.7-1
- update to 6.7.7
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b00678c08a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: syncthing-1.28.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4fc7cdc194
2024-11-06 02:43:53.691855
--------------------------------------------------------------------------------

Name : syncthing
Product : Fedora 39
Version : 1.28.0
Release : 1.fc39
URL : https://syncthing.net
Summary : Continuous File Synchronization
Description :
Syncthing replaces other file synchronization services with something
open, trustworthy and decentralized. Your data is your data alone and
you deserve to choose where it is stored, if it is shared with some
third party and how it's transmitted over the Internet. Using syncthing,
that control is returned to you.

This package contains the syncthing client binary and systemd services.

--------------------------------------------------------------------------------
Update Information:

Update to version 1.28.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.28.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 28 2024 Fabio Valentini [decathorpe@gmail.com] - 1.28.0-1
- Update to version 1.28.0; Fixes RHBZ#2319211
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2292676 - CVE-2024-24789 syncthing: golang: archive/zip: Incorrect handling of certain ZIP files [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2292676
[ 2 ] Bug #2292720 - CVE-2024-24789 syncthing: golang: archive/zip: Incorrect handling of certain ZIP files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2292720
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4fc7cdc194' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: php-tcpdf-6.7.7-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0b2854c95b
2024-11-06 02:43:53.691846
--------------------------------------------------------------------------------

Name : php-tcpdf
Product : Fedora 39
Version : 6.7.7
Release : 1.fc39
URL : http://www.tcpdf.org
Summary : PHP class for generating PDF documents and barcodes
Description :
PHP class for generating PDF documents.

* no external libraries are required for the basic functions;
* all standard page formats, custom page formats, custom margins and units
of measure;
* UTF-8 Unicode and Right-To-Left languages;
* TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0 fonts;
* font subsetting;
* methods to publish some XHTML + CSS code, Javascript and Forms;
* images, graphic (geometric figures) and transformation methods;
* supports JPEG, PNG and SVG images natively, all images supported by GD
(GD, GD2, GD2PART, GIF, JPEG, PNG, BMP, XBM, XPM) and all images supported
via ImagMagick (http: www.imagemagick.org/www/formats.html)
* 1D and 2D barcodes: CODE 39, ANSI MH10.8M-1983, USD-3, 3 of 9, CODE 93,
USS-93, Standard 2 of 5, Interleaved 2 of 5, CODE 128 A/B/C, 2 and 5 Digits
UPC-Based Extention, EAN 8, EAN 13, UPC-A, UPC-E, MSI, POSTNET, PLANET,
RMS4CC (Royal Mail 4-state Customer Code), CBC (Customer Bar Code),
KIX (Klant index - Customer index), Intelligent Mail Barcode, Onecode,
USPS-B-3200, CODABAR, CODE 11, PHARMACODE, PHARMACODE TWO-TRACKS,
Datamatrix ECC200, QR-Code, PDF417;
* ICC Color Profiles, Grayscale, RGB, CMYK, Spot Colors and Transparencies;
* automatic page header and footer management;
* document encryption up to 256 bit and digital signature certifications;
* transactions to UNDO commands;
* PDF annotations, including links, text and file attachments;
* text rendering modes (fill, stroke and clipping);
* multiple columns mode;
* no-write page regions;
* bookmarks and table of content;
* text hyphenation;
* text stretching and spacing (tracking/kerning);
* automatic page break, line break and text alignments including justification;
* automatic page numbering and page groups;
* move and delete pages;
* page compression (requires php-zlib extension);
* XOBject templates;
* PDF/A-1b (ISO 19005-1:2005) support.

By default, TCPDF uses the GD library which is know as slower than ImageMagick
solution. You can optionally install php-pecl-imagick; TCPDF will use it.

--------------------------------------------------------------------------------
Update Information:

Version 6.7.7 (2024-10-26)
Update regular expression to avoid ReDoS (CVE-2024-22641)
[PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675
SVG detection fix for inline data images #646
Fix count svg #647
Since the version 6.7.4, the "0" is considered like empty string and not
displayed
Fixed handling of transparency in PDF/A mode in addExtGState method
Encrypt /DA string when document is encrypted
Improve quality of generated seed, avoid potential security pitfall
Try to use random_bytes() first if it's available
Do not include the server parameters in the generated seed, as they might
contain sensitive data
Fix bug on _getannotsrefs when there are empty signature appearances but not
other annot on a page
Fix SVG coordinate parser that caused drawing artifacts
Remove usage of xml_set_object() function
Version 6.7.6 (2024-10-06)
Forbid access to parent folder in HTML images.
Version 6.7.5 (2024-04-20)
Update GitHub actions
fix: CSV-2024-22640 (#712)
Version 6.7.4 (2024-03-24)
Upgrade tcpdf tag encryption algorithm.
Fix regression issue #699.
Fix security issue.
[BREAKING CHANGE] The tcpdf HTML tag syntax has changed, see example_049.php.
New K_ALLOWED_TCPDF_TAGS configuration constant to set the allowed methods for
the tcdpf HTML tag.
Raised minimum PHP version to PHP 5.5.0.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 28 2024 Remi Collet [remi@remirepo.net] - 6.7.7-1
- update to 6.7.7
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0b2854c95b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--