Fedora Linux 8797 Published by

The following two security updates have been released for Fedora Linux 39:

[SECURITY] Fedora 39 Update: trafficserver-9.2.5-1.fc39
[SECURITY] Fedora 39 Update: ffmpeg-6.1.1-4.fc39




[SECURITY] Fedora 39 Update: trafficserver-9.2.5-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2243c5abee
2024-08-05 06:46:38.999971
--------------------------------------------------------------------------------

Name : trafficserver
Product : Fedora 39
Version : 9.2.5
Release : 1.fc39
URL : https://trafficserver.apache.org/
Summary : Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
Description :
Traffic Server is a high-performance building block for cloud services.
It's more than just a caching proxy server; it also has support for
plugins to build large scale web applications. Key features:

Caching - Improve your response time, while reducing server load and
bandwidth needs by caching and reusing frequently-requested web pages,
images, and web service calls.

Proxying - Easily add keep-alive, filter or anonymize content
requests, or add load balancing by adding a proxy layer.

Fast - Scales well on modern SMP hardware, handling 10s of thousands
of requests per second.

Extensible - APIs to write your own plug-ins to do anything from
modifying HTTP headers to handling ESI requests to writing your own
cache algorithm.

Proven - Handling over 400TB a day at Yahoo! both as forward and
reverse proxies, Apache Traffic Server is battle hardened.

--------------------------------------------------------------------------------
Update Information:

Update to upstream 9.2.5
Resolves CVE-2023-38522, CVE-2024-35161, CVE-2024-35296
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 25 2024 Jered Floyd 9.2.5-1
- Update to upstream 9.2.5
- Resolves CVE-2023-38522, CVE-2024-35161, CVE-2024-35296
* Wed Jul 24 2024 Miroslav SuchĂ˝ - 9.2.4-4
- convert license to SPDX
* Sat Jul 20 2024 Fedora Release Engineering - 9.2.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jul 10 2024 Jered Floyd 9.2.4-2
- Enable build with deprecated OpenSSL Engine
https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2243c5abee' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 39 Update: ffmpeg-6.1.1-4.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4d2c8e6f85
2024-08-05 06:46:38.999962
--------------------------------------------------------------------------------

Name : ffmpeg
Product : Fedora 39
Version : 6.1.1
Release : 4.fc39
URL : https://ffmpeg.org/
Summary : A complete solution to record, convert and stream audio and video
Description :
FFmpeg is a leading multimedia framework, able to decode, encode, transcode,
mux, demux, stream, filter and play pretty much anything that humans and
machines have created. It supports the most obscure ancient formats up to the
cutting edge. No matter if they were designed by some standards committee, the
community or a corporation.

This build of ffmpeg is limited in the number of codecs supported.

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2023-49528
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 19 2024 Dominik Mierzejewski [dominik@greysector.net] - 6.1.1-4
- Backport fix for CVE-2023-49528
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2274694 - CVE-2023-49528 ffmpeg: Heap Buffer Overflow vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2274694
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4d2c8e6f85' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--