The following Fedora EPEL 7 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-36e0ca3184 netatalk-3.1.18-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-d499e96867 trafficserver-9.2.3-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-b5d558ab14 libcue-2.2.1-13.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
chromium-118.0.5993.70-1.el7 distribution-gpg-keys-1.98-1.el7 fedora-license-data-1.32-1.el7 nghttp2-1.33.0-1.2.el7 rpminspect-1.12.1-1.el7
Details about builds:
================================================================================ chromium-118.0.5993.70-1.el7 (FEDORA-EPEL-2023-c730ef027d) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information:
Update to 118.0.5993.70. Include following security fixes: - CVE-2023-5218: Use after free in Site Isolation. - CVE-2023-5487: Inappropriate implementation in Fullscreen. - CVE-2023-5484: Inappropriate implementation in Navigation. - CVE-2023-5475: Inappropriate implementation in DevTools. - CVE-2023-5483: Inappropriate implementation in Intents. - CVE-2023-5481: Inappropriate implementation in Downloads. - CVE-2023-5476: Use after free in Blink History. - CVE-2023-5474: Heap buffer overflow in PDF. - CVE-2023-5479: Inappropriate implementation in Extensions API. - CVE-2023-5485: Inappropriate implementation in Autofill. - CVE-2023-5478: Inappropriate implementation in Autofill. - CVE-2023-5477: Inappropriate implementation in Installer. - CVE-2023-5486: Inappropriate implementation in Input. - CVE-2023-5473: Use after free in Cast. ---- update to 117.0.5938.149. -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 11 2023 Than Ngo than@redhat.com - 118.0.5993.70-1 - update to 118.0.5993.70 - CVE-2023-5218: Use after free in Site Isolation. - CVE-2023-5487: Inappropriate implementation in Fullscreen. - CVE-2023-5484: Inappropriate implementation in Navigation. - CVE-2023-5475: Inappropriate implementation in DevTools. - CVE-2023-5483: Inappropriate implementation in Intents. - CVE-2023-5481: Inappropriate implementation in Downloads. - CVE-2023-5476: Use after free in Blink History. - CVE-2023-5474: Heap buffer overflow in PDF. - CVE-2023-5479: Inappropriate implementation in Extensions API. - CVE-2023-5485: Inappropriate implementation in Autofill. - CVE-2023-5478: Inappropriate implementation in Autofill. - CVE-2023-5477: Inappropriate implementation in Installer. - CVE-2023-5486: Inappropriate implementation in Input. - CVE-2023-5473: Use after free in Cast. * Sat Oct 7 2023 Than Ngo than@redhat.com - 118.0.5993.54-1 - update to 118.0.5993.54 - drop use_gnome_keyring as it's removed by upstream * Thu Oct 5 2023 Than Ngo than@redhat.com - 117.0.5938.149-1 - update to 117.0.5938.149 - fix CVE-2023-5346: Type Confusion in V8 * Fri Sep 29 2023 Than Ngo than@redhat.com - 117.0.5938.132-2 - add workaround for the crash on BTI capable system -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2242073 - CVE-2023-5346 chromium: chromium-browser: Type Confusion in V8 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2242073 [ 2 ] Bug #2242074 - CVE-2023-5346 chromium: chromium-browser: Type Confusion in V8 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2242074 --------------------------------------------------------------------------------
================================================================================ distribution-gpg-keys-1.98-1.el7 (FEDORA-EPEL-2023-176b8b9d36) GPG keys of various Linux distributions -------------------------------------------------------------------------------- Update Information:
Automatic update for distribution-gpg-keys-1.98-1.el7. ##### **Changelog for distribution-gpg-keys** ``` * Thu Oct 12 2023 Miroslav Such�� msuchy@redhat.com 1.98-1 - update copr keys - Add openSUSE Backports 2023 key - Update Amazon Linux 2023 public key ``` -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 12 2023 Miroslav Such�� msuchy@redhat.com 1.98-1 - update copr keys - Add openSUSE Backports 2023 key - Update Amazon Linux 2023 public key --------------------------------------------------------------------------------
================================================================================ fedora-license-data-1.32-1.el7 (FEDORA-EPEL-2023-a93a09d2b7) Fedora Linux license data -------------------------------------------------------------------------------- Update Information:
Automatic update for fedora-license-data-1.32-1.el7. ##### **Changelog for fedora-license-data** ``` * Thu Oct 12 2023 Miroslav Such�� msuchy@redhat.com 1.32-1 - new not allowed license LicenseRef-Riverbank-SIP - new license: LGPL-2.1-only_WITH_Linux-syscall-note - new license: LicenseRef-Fedora-Logos - new license: GPL-3.0-or-later WITH GNU-compiler-exception - new license: HPND- doc-sell - new license: BSD-3-Clause-flex - new license: HPND-doc - new license: LGPL-2.1-or-later WITH GCC-exception-2.0 - Add GPL-2.0-or-later WITH GPL-3.0-linking-source-exception - new license: BSD-3-Clause-HP - new license: GFDL-1.3-no-invariants-only - new license: OLDAP-2.7 - new license: Adobe-Utopia - new license: python-ldap - new license: lsof ``` -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 12 2023 Miroslav Such�� msuchy@redhat.com 1.32-1 - new not allowed license LicenseRef-Riverbank-SIP - new license: LGPL-2.1-only_WITH_Linux-syscall-note - new license: LicenseRef-Fedora-Logos - new license: GPL-3.0-or-later WITH GNU-compiler-exception - new license: HPND-doc-sell - new license: BSD-3-Clause-flex - new license: HPND-doc - new license: LGPL-2.1-or-later WITH GCC-exception-2.0 - Add GPL-2.0-or-later WITH GPL-3.0-linking-source-exception - new license: BSD-3-Clause-HP - new license: GFDL-1.3-no-invariants-only - new license: OLDAP-2.7 - new license: Adobe-Utopia - new license: python-ldap - new license: lsof --------------------------------------------------------------------------------
================================================================================ nghttp2-1.33.0-1.2.el7 (FEDORA-EPEL-2023-c21e7d6bd5) Experimental HTTP/2 client, server and proxy -------------------------------------------------------------------------------- Update Information:
- fix HTTP/2 Rapid Reset (CVE-2023-44487) -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 12 2023 Jan Macku jamacku@redhat.com - 1.33.0-1.2 - fix HTTP/2 Rapid Reset (CVE-2023-44487) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2242803 - CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) https://bugzilla.redhat.com/show_bug.cgi?id=2242803 --------------------------------------------------------------------------------
================================================================================ rpminspect-1.12.1-1.el7 (FEDORA-EPEL-2023-5e1f6d3acd) Build deviation analysis and compliance tool -------------------------------------------------------------------------------- Update Information:
Upgrade to rpminspect-1.12.1 -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 12 2023 David Cantrell dcantrell@redhat.com - 1.12.1-1 - Upgrade to rpminspect-1.12.1 * Thu Oct 12 2023 David Cantrell dcantrell@redhat.com - 1.12-1 - Upgrade to rpminspect-1.12 --------------------------------------------------------------------------------