The following Fedora EPEL 8 Security updates need testing:
Age URL
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-109c5d3d12
gifsicle-1.95-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
cpp-jwt-1.4-7.el8
dr_libs-0-0.24.20240227gitda35f9d.el8
suricata-6.0.16-1.el8
Details about builds:
================================================================================
cpp-jwt-1.4-7.el8 (FEDORA-EPEL-2024-16cf23e0e6)
JSON Web Token library for C++
--------------------------------------------------------------------------------
Update Information:
Fix side channel vulnerability
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 27 2024 Jonathan Wright <jonathan(a)almalinux.org> - 1.4-7
- Fix side channel vulnerability rhbz#2263329
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263329 - Side-channel in cpp-jwt
https://bugzilla.redhat.com/show_bug.cgi?id=2263329
--------------------------------------------------------------------------------
================================================================================
dr_libs-0-0.24.20240227gitda35f9d.el8 (FEDORA-EPEL-2024-402d963e0b)
Single-file audio decoding libraries for C/C++
--------------------------------------------------------------------------------
Update Information:
dr_flac
v0.12.42 - 2023-11-02
Fix build for ARMv6-M.
Fix a compilation warning with GCC.
dr_mp3
v0.6.39 - 2024-02-27
Fix a Wdouble-promotion warning.
v0.6.38 - 2023-11-02
Fix build for ARMv6-M.
dr_wav
v0.13.16 - 2024-02-27
Fix a Wdouble-promotion warning.
v0.13.15 - 2024-01-23
Relax some unnecessary validation that prevented some files from loading.
v0.13.14 - 2023-12-02
Fix a warning about an unused variable.
v0.13.13 - 2023-11-02
Fix a warning when compiling with Clang.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 27 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0-0.24
- Update to 0^20240226gitda35f9d (dr_wav 0.13.15, dr_mp3 0.6.39, dr_flac
0.12.42)
--------------------------------------------------------------------------------
================================================================================
suricata-6.0.16-1.el8 (FEDORA-EPEL-2024-5d281b1780)
Intrusion Detection System
--------------------------------------------------------------------------------
Update Information:
This update fixes: CVE-2024-23835, CVE-2024-23836, CVE-2024-23837,
CVE-2024-23839, CVE-2024-24568.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 26 2024 Steve Grubb <sgrubb(a)redhat.com> 6.0.16-1
- New security and bugfix release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2266171 - CVE-2024-24568 suricata: potential bypass of rules inspecting HTTP2
headers [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2266171
[ 2 ] Bug #2266172 - CVE-2024-24568 suricata: potential bypass of rules inspecting HTTP2
headers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2266172
--------------------------------------------------------------------------------