The following Fedora EPEL 8 Security updates need testing:
Age URL
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-fc233c6d2e
chromium-123.0.6312.58-1.el8
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-0ced8d6066
tinyxml-2.6.2-28.el8
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-acb47e6aea
libopenmpt-0.7.6-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
assimp-5.0.1-7.el8
mbedtls-2.28.8-1.el8
Details about builds:
================================================================================
assimp-5.0.1-7.el8 (FEDORA-EPEL-2024-d0d107787c)
Library to import various 3D model formats into applications
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664
CVE-2023-45666 CVE-2023-45667
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 27 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 5.0.1-7
- Ensure stb_image contains the latest CVE patches
- Fixes RHBZ#2246108, RHBZ#2246114
* Sat Apr 23 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> - 5.0.1-6
- Security fix for CVE-2022-28041
* Thu Dec 30 2021 Rich Mattes <richmattes(a)gmail.com> - 5.0.1-5
- Correct Unlicense shortname (rhbz#2036000)
* Sat Sep 11 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> - 5.0.1-4
- Unbundle stb_image
- Add -static BR���s for header-only libraries utf8cpp and rapidjson
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2246102 - CVE-2023-45661 stb: out of bounds read
https://bugzilla.redhat.com/show_bug.cgi?id=2246102
[ 2 ] Bug #2246103 - CVE-2023-45662 stb: out of bounds read
https://bugzilla.redhat.com/show_bug.cgi?id=2246103
[ 3 ] Bug #2246104 - CVE-2023-45663 stb: memory access violations
https://bugzilla.redhat.com/show_bug.cgi?id=2246104
[ 4 ] Bug #2246105 - CVE-2023-45664 stb: memory access violations
https://bugzilla.redhat.com/show_bug.cgi?id=2246105
[ 5 ] Bug #2246109 - CVE-2023-45666 stb: memory access violation
https://bugzilla.redhat.com/show_bug.cgi?id=2246109
[ 6 ] Bug #2246110 - CVE-2023-45667 stb: memory access violation
https://bugzilla.redhat.com/show_bug.cgi?id=2246110
--------------------------------------------------------------------------------
================================================================================
mbedtls-2.28.8-1.el8 (FEDORA-EPEL-2024-8791118dee)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
Update to 2.28.8
Release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 1 2024 Morten Stevens <mstevens(a)fedoraproject.org> - 2.28.8-1
- Update to 2.28.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2272172 - CVE-2024-28960 mbedtls: Insecure handling of shared memory in PSA
Crypto APIs
https://bugzilla.redhat.com/show_bug.cgi?id=2272172
--------------------------------------------------------------------------------