The following Fedora EPEL 8 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-99a9054ad1 netatalk-3.1.18-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-18e8d4f55b mbedtls-2.28.5-1.el8 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e2dd7ffa65 trafficserver-9.2.3-1.el8 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-2b36013026 libcue-2.3.0-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
chromium-118.0.5993.70-1.el8 distribution-gpg-keys-1.98-1.el8 fedora-license-data-1.32-1.el8 rpminspect-1.12.1-1.el8 x2gokdriveclient-0.0.0.1-2.el8
Details about builds:
================================================================================ chromium-118.0.5993.70-1.el8 (FEDORA-EPEL-2023-53a7bc5700) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information:
Update to 118.0.5993.70. Include following security fixes: - CVE-2023-5218: Use after free in Site Isolation. - CVE-2023-5487: Inappropriate implementation in Fullscreen. - CVE-2023-5484: Inappropriate implementation in Navigation. - CVE-2023-5475: Inappropriate implementation in DevTools. - CVE-2023-5483: Inappropriate implementation in Intents. - CVE-2023-5481: Inappropriate implementation in Downloads. - CVE-2023-5476: Use after free in Blink History. - CVE-2023-5474: Heap buffer overflow in PDF. - CVE-2023-5479: Inappropriate implementation in Extensions API. - CVE-2023-5485: Inappropriate implementation in Autofill. - CVE-2023-5478: Inappropriate implementation in Autofill. - CVE-2023-5477: Inappropriate implementation in Installer. - CVE-2023-5486: Inappropriate implementation in Input. - CVE-2023-5473: Use after free in Cast. ---- update to 117.0.5938.149. -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 11 2023 Than Ngo than@redhat.com - 118.0.5993.70-1 - update to 118.0.5993.70 - CVE-2023-5218: Use after free in Site Isolation. - CVE-2023-5487: Inappropriate implementation in Fullscreen. - CVE-2023-5484: Inappropriate implementation in Navigation. - CVE-2023-5475: Inappropriate implementation in DevTools. - CVE-2023-5483: Inappropriate implementation in Intents. - CVE-2023-5481: Inappropriate implementation in Downloads. - CVE-2023-5476: Use after free in Blink History. - CVE-2023-5474: Heap buffer overflow in PDF. - CVE-2023-5479: Inappropriate implementation in Extensions API. - CVE-2023-5485: Inappropriate implementation in Autofill. - CVE-2023-5478: Inappropriate implementation in Autofill. - CVE-2023-5477: Inappropriate implementation in Installer. - CVE-2023-5486: Inappropriate implementation in Input. - CVE-2023-5473: Use after free in Cast. * Sat Oct 7 2023 Than Ngo than@redhat.com - 118.0.5993.54-1 - update to 118.0.5993.54 - drop use_gnome_keyring as it's removed by upstream * Thu Oct 5 2023 Than Ngo than@redhat.com - 117.0.5938.149-1 - update to 117.0.5938.149 - fix CVE-2023-5346: Type Confusion in V8 * Fri Sep 29 2023 Than Ngo than@redhat.com - 117.0.5938.132-2 - add workaround for the crash on BTI capable system -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2242073 - CVE-2023-5346 chromium: chromium-browser: Type Confusion in V8 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2242073 [ 2 ] Bug #2242074 - CVE-2023-5346 chromium: chromium-browser: Type Confusion in V8 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2242074 --------------------------------------------------------------------------------
================================================================================ distribution-gpg-keys-1.98-1.el8 (FEDORA-EPEL-2023-6a70cf7c13) GPG keys of various Linux distributions -------------------------------------------------------------------------------- Update Information:
Automatic update for distribution-gpg-keys-1.98-1.el8. ##### **Changelog for distribution-gpg-keys** ``` * Thu Oct 12 2023 Miroslav Such�� msuchy@redhat.com 1.98-1 - update copr keys - Add openSUSE Backports 2023 key - Update Amazon Linux 2023 public key ``` -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 12 2023 Miroslav Such�� msuchy@redhat.com 1.98-1 - update copr keys - Add openSUSE Backports 2023 key - Update Amazon Linux 2023 public key --------------------------------------------------------------------------------
================================================================================ fedora-license-data-1.32-1.el8 (FEDORA-EPEL-2023-de7de1f5ac) Fedora Linux license data -------------------------------------------------------------------------------- Update Information:
Automatic update for fedora-license-data-1.32-1.el8. ##### **Changelog for fedora-license-data** ``` * Thu Oct 12 2023 Miroslav Such�� msuchy@redhat.com 1.32-1 - new not allowed license LicenseRef-Riverbank-SIP - new license: LGPL-2.1-only_WITH_Linux-syscall-note - new license: LicenseRef-Fedora-Logos - new license: GPL-3.0-or-later WITH GNU-compiler-exception - new license: HPND- doc-sell - new license: BSD-3-Clause-flex - new license: HPND-doc - new license: LGPL-2.1-or-later WITH GCC-exception-2.0 - Add GPL-2.0-or-later WITH GPL-3.0-linking-source-exception - new license: BSD-3-Clause-HP - new license: GFDL-1.3-no-invariants-only - new license: OLDAP-2.7 - new license: Adobe-Utopia - new license: python-ldap - new license: lsof ``` -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 12 2023 Miroslav Such�� msuchy@redhat.com 1.32-1 - new not allowed license LicenseRef-Riverbank-SIP - new license: LGPL-2.1-only_WITH_Linux-syscall-note - new license: LicenseRef-Fedora-Logos - new license: GPL-3.0-or-later WITH GNU-compiler-exception - new license: HPND-doc-sell - new license: BSD-3-Clause-flex - new license: HPND-doc - new license: LGPL-2.1-or-later WITH GCC-exception-2.0 - Add GPL-2.0-or-later WITH GPL-3.0-linking-source-exception - new license: BSD-3-Clause-HP - new license: GFDL-1.3-no-invariants-only - new license: OLDAP-2.7 - new license: Adobe-Utopia - new license: python-ldap - new license: lsof --------------------------------------------------------------------------------
================================================================================ rpminspect-1.12.1-1.el8 (FEDORA-EPEL-2023-bc8ed572ed) Build deviation analysis and compliance tool -------------------------------------------------------------------------------- Update Information:
Upgrade to rpminspect-1.12.1 -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 12 2023 David Cantrell dcantrell@redhat.com - 1.12.1-1 - Upgrade to rpminspect-1.12.1 * Thu Oct 12 2023 David Cantrell dcantrell@redhat.com - 1.12-1 - Upgrade to rpminspect-1.12 --------------------------------------------------------------------------------
================================================================================ x2gokdriveclient-0.0.0.1-2.el8 (FEDORA-EPEL-2023-996a36ba43) X2Go KDrive Client application -------------------------------------------------------------------------------- Update Information:
X2Go KDrive client -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 28 2023 Orion Poplawski orion@nwra.com - 0.0.0.1-2 - Add BR for gcc-c++ - Fix License tag - Use %global * Thu Jun 15 2023 Orion Poplawski orion@nwra.com - 0.0.0.1-1 - Initial Fedora package --------------------------------------------------------------------------------