The following Fedora EPEL 9 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-3d9a822df5 rust-pore-0.1.8-5.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
chromium-120.0.6099.62-2.el9 initoverlayfs-0.98-1.el9 java-latest-openjdk-21.0.1.0.12-1.rolling.el9 libssh2-1.11.0-1.el9 netdata-1.44.0-1.el9 python-awscrt-0.19.19-2.el9 qt-creator-8.0.2-2.el9 rust-once_cell-1.19.0-1.el9 wordpress-6.4.2-1.el9
Details about builds:
================================================================================ chromium-120.0.6099.62-2.el9 (FEDORA-EPEL-2023-8d617060ef) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information:
Update to 120.0.6099.62, upstream release fixes follow security issues: * High CVE-2023-6508: Use after free in Media Stream * High CVE-2023-6509: Use after free in Side Panel Search * Medium CVE-2023-6510: Use after free in Media Capture * Low CVE-2023-6511: Inappropriate implementation in Autofill * Low CVE-2023-6512: Inappropriate implementation in Web Browser UI ---- update to 119.0.6045.199, upstream security release * High CVE-2023-6348: Type Confusion in Spellcheck * High CVE-2023-6347: Use after free in Mojo * High CVE-2023-6346: Use after free in WebAudio * High CVE-2023-6350: Out of bounds memory access in libavif * High CVE-2023-6351: Use after free in libavif * High CVE-2023-6345: Integer overflow in Skia -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 6 2023 Than Ngo than@redhat.com - 120.0.6099.62-2 - drop unsupported ldflag which caused build failure * Tue Dec 5 2023 Than Ngo than@redhat.com - 120.0.6099.62-1 - update to 120.0.6099.62 - fixed bz#2252874, built with control flow integrity (CFI) support * Sat Dec 2 2023 Than Ngo than@redhat.com - 120.0.6099.56-1 - update to 120.0.6099.56 - enable qt6 UI backend * Sat Dec 2 2023 Than Ngo than@redhat.com - 119.0.6045.199-2 - fixed bz#2242271, built with bundleminizip in fedora > 39 - fixed bz#2251884, built with fstack-protector-strong for improved security * Wed Nov 29 2023 Than Ngo than@redhat.com - 119.0.6045.199-1 - update to 119.0.6045.199 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2252009 - CVE-2023-6346 CVE-2023-6347 CVE-2023-6350 CVE-2023-6351 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2252009 [ 2 ] Bug #2252188 - CVE-2023-6345 chromium: chromium-browser: Integer overflow [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2252188 [ 3 ] Bug #2252191 - CVE-2023-6348 chromium: chromium-browser: Type Confusion in Spellcheck [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2252191 [ 4 ] Bug #2253151 - CVE-2023-6508 chromium: Use after free in Media Stream [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253151 [ 5 ] Bug #2253154 - CVE-2023-6509 chromium: Use after free in Side Panel Search [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253154 [ 6 ] Bug #2253157 - CVE-2023-6510 chromium: Use after free in Media Capture [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253157 [ 7 ] Bug #2253161 - CVE-2023-6511 chromium: Inappropriate implementation in Autofill [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253161 [ 8 ] Bug #2253164 - CVE-2023-6512 chromium: Inappropriate implementation in Web Browser UI [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253164 --------------------------------------------------------------------------------
================================================================================ initoverlayfs-0.98-1.el9 (FEDORA-EPEL-2023-6765518a30) An initial scalable filesystem for Linux operating systems -------------------------------------------------------------------------------- Update Information:
Release 0.98 -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 7 2023 Stephen Smoogen ssmoogen@redhat.com - 0.98-1 - Release 0.98 - Improve documentation (PR31 and ecurtin) - Only wait for bootfs storage device if it is configured (PR32) * Fri Nov 17 2023 Eric Curtin ecurtin@redhat.com - 0.97-1 - Raspberry Pi 4 enablement. --------------------------------------------------------------------------------
================================================================================ java-latest-openjdk-21.0.1.0.12-1.rolling.el9 (FEDORA-EPEL-2023-f623b9081e) OpenJDK 21 Runtime Environment -------------------------------------------------------------------------------- Update Information:
updated to octrober cpu -------------------------------------------------------------------------------- ChangeLog:
* Wed Nov 22 2023 Jiri Vanek jvanek@redhat.com - 1:21.0.1.0.12-1.rolling - updated to OpenJDK 21.0.1 (2023-10-17) * Fri Sep 29 2023 Yaakov Selkowitz yselkowi@redhat.com - 1:21.0.0.0.35-3.rolling - Fix flatpak build by handling different installation prefixes of package dependencies * Tue Sep 19 2023 Jiri Vanek jvanek@redhat.com - 1:21.0.0.0.35-2.rolling - adapted to new path in sources - repacked alt-java from misc subpkg - adapted alt-java to grep correctly prctl - removed no longer prepared nss.cfg * Tue Aug 29 2023 Jiri Vanek jvanek@redhat.com - 1:21.0.0.0.35-1.rolling - updated to jdk 21 --------------------------------------------------------------------------------
================================================================================ libssh2-1.11.0-1.el9 (FEDORA-EPEL-2023-1b67b5f664) A library implementing the SSH2 protocol -------------------------------------------------------------------------------- Update Information:
This is an update to the current upstream release version, with a number of enhancements including Ed25519, ETM-MAC and AES-GCM support. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 1 2023 Paul Howarth paul@city-fan.org - 1.11.0-1 - Update to 1.11.0 (rhbz#2211200) - Adds support for encrypt-then-mac (ETM) MACs - Adds support for AES-GCM crypto protocols - Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys - Adds support for RSA certificate authentication - Adds FIDO support with *_sk() functions - Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends - Adds Agent Forwarding and libssh2_agent_sign() - Adds support for Channel Signal message libssh2_channel_signal_ex() - Adds support to get the user auth banner message libssh2_userauth_banner() - Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options - Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex() - Adds wolfSSL support to CMake file - Adds mbedTLS 3.x support - Adds LibreSSL 3.5 support - Adds support for CMake "unity" builds - Adds CMake support for building shared and static libs in a single pass - Adds symbol hiding support to CMake - Adds support for libssh2.rc for all build tools - Adds .zip, .tar.xz and .tar.bz2 release tarballs - Enables ed25519 key support for LibreSSL 3.7.0 or higher - Improves OpenSSL 1.1 and 3 compatibility - Now requires OpenSSL 1.0.2 or newer - Now requires CMake 3.1 or newer - SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs - SFTP: No longer has a packet limit when reading a directory - SFTP: Now parses attribute extensions if they exist - SFTP: No longer will busy loop if SFTP fails to initialize - SFTP: Now clear various errors as expected - SFTP: No longer skips files if the line buffer is too small - SCP: Add option to not quote paths - SCP: Enables 64-bit offset support unconditionally - Now skips leading \r and \n characters in banner_receive() - Enables secure memory zeroing with all build tools on all platforms - No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive - Speed up base64 encoding by 7x - Assert if there is an attempt to write a value that is too large - WinCNG: fix memory leak in _libssh2_dh_secret() - Added protection against possible null pointer dereferences - Agent now handles overly large comment lengths - Now ensure KEX replies don't include extra bytes - Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER - Fixed possible buffer overflow in keyboard interactive code path - Fixed overlapping memcpy() - Fixed Windows UWP builds - Fixed DLL import name - Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows - Support for building with gcc versions older than 8 - Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files - Restores ANSI C89 compliance - Enabled new compiler warnings and fixed/silenced them - Improved error messages - Now uses CIFuzz - Numerous minor code improvements - Improvements to CI builds - Improvements to unit tests - Improvements to doc files - Improvements to example files - Removed "old gex" build option - Removed no-encryption/no-mac builds - Removed support for NetWare and Watcom wmake build files - Avoid use of deprecated patch syntax - Build static library but don't package it since it's required for the test suite (https://github.com/libssh2/libssh2/issues/1056) - Remove redundant references to %{_libdir} from pkgconfig file - Add patch to work around strict permissions issues for sshd tests * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 1.10.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Oct 28 2022 Todd Zullinger tmz@pobox.com - 1.10.0-6 - Verify upstream release signatures * Thu Jul 21 2022 Fedora Release Engineering releng@fedoraproject.org - 1.10.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Sun Jan 23 2022 Paul Howarth paul@city-fan.org - 1.10.0-4 - In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box, so we need to re-enable them as a workaround for the test suite until upstream updates the tests See: https://github.com/libssh2/libssh2/issues/630 - Drop other test workarounds, none of them being needed any longer * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 1.10.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Tue Sep 14 2021 Sahana Prasad sahana@redhat.com - 1.10.0-2 - Rebuilt with OpenSSL 3.0.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2253412 - Please rebase libssh2 in EPEL 9 to 1.11.0 https://bugzilla.redhat.com/show_bug.cgi?id=2253412 --------------------------------------------------------------------------------
================================================================================ netdata-1.44.0-1.el9 (FEDORA-EPEL-2023-c76dcf8d1f) Real-time performance monitoring -------------------------------------------------------------------------------- Update Information:
Update from upstream -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 7 2023 Didier Fabert didier.fabert@gmail.com 1.44.0-1 - Update from upstream --------------------------------------------------------------------------------
================================================================================ python-awscrt-0.19.19-2.el9 (FEDORA-EPEL-2023-910ad77450) Python bindings for the AWS Common Runtime -------------------------------------------------------------------------------- Update Information:
Update for python-awscrt-0.19.19-2.el9. ##### **Changelog for python-awscrt** ``` * Wed Dec 06 2023 Nikola Forr�� nforro@redhat.com - 0.19.19-2 - Add Packit config * Thu Nov 30 2023 Packit hello@packit.dev - 0.19.19-1 - [packit] 0.19.19 upstream release - Resolves rhbz#2250726 * Fri Nov 17 2023 Packit hello@packit.dev - 0.19.13-1 - [packit] 0.19.13 upstream release - Resolves rhbz#2247105 * Wed Oct 25 2023 Packit hello@packit.dev - 0.19.6-1 - [packit] 0.19.6 upstream release - Resolves rhbz#2211521 Upstream tag: v0.19.6 Upstream commit: b83949d0 * Mon Oct 16 2023 Packit hello@packit.dev - 0.19.3-1 - [packit] 0.19.3 upstream release * Mon Oct 02 2023 Packit hello@packit.dev - 0.19.2-1 - [packit] 0.19.2 upstream release ``` -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 6 2023 Nikola Forr�� nforro@redhat.com - 0.19.19-2 - Add Packit config * Thu Nov 30 2023 Packit hello@packit.dev - 0.19.19-1 - [packit] 0.19.19 upstream release - Resolves rhbz#2250726 * Fri Nov 17 2023 Packit hello@packit.dev - 0.19.13-1 - [packit] 0.19.13 upstream release - Resolves rhbz#2247105 * Wed Oct 25 2023 Packit hello@packit.dev - 0.19.6-1 - [packit] 0.19.6 upstream release - Resolves rhbz#2211521 Upstream tag: v0.19.6 Upstream commit: b83949d0 * Mon Oct 16 2023 Packit hello@packit.dev - 0.19.3-1 - [packit] 0.19.3 upstream release * Mon Oct 2 2023 Packit hello@packit.dev - 0.19.2-1 - [packit] 0.19.2 upstream release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2250726 - python-awscrt-0.19.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=2250726 --------------------------------------------------------------------------------
================================================================================ qt-creator-8.0.2-2.el9 (FEDORA-EPEL-2023-4f4cc2f9b2) Cross-platform IDE for Qt -------------------------------------------------------------------------------- Update Information:
Update to version 8.0.2 -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 7 2023 Thomas Zimmermann thomas.zimmermann@voestalpine.com - 8.0.2-1 - Update to Version 8.0.2 - Unbundle clang -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2102604 - qt-creator requires rebuild due to clang-libs update 14.0.5 https://bugzilla.redhat.com/show_bug.cgi?id=2102604 [ 2 ] Bug #2253404 - Request to rebuild qt-creator for RHEL 9.3 https://bugzilla.redhat.com/show_bug.cgi?id=2253404 --------------------------------------------------------------------------------
================================================================================ rust-once_cell-1.19.0-1.el9 (FEDORA-EPEL-2023-cbc8151b4a) Single assignment cells and lazy values -------------------------------------------------------------------------------- Update Information:
Update to version 1.19.0. -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 7 2023 Jan Stan��k jstanek@redhat.com - 1.19.0-1 - Update to version 1.19.0 (rhbz#2253436) --------------------------------------------------------------------------------
================================================================================ wordpress-6.4.2-1.el9 (FEDORA-EPEL-2023-af4a7bbba9) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:
**WordPress 6.4.2 Maintenance & Security Release** Security updates included in this release * A Remote Code Execution vulnerability that is not directly exploitable in core, however the security team feels that there is a potential for high severity when combined with some plugins, especially in multisite installs. See [Upstream announcement](https://wordpress.org/news/2023/12/wordpress-6-4-2-maintenance- security-release/) -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 7 2023 Remi Collet remi@remirepo.net - 6.4.2-1 - WordPress 6.4.2 Maintenance & Security Release --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org