The following Fedora EPEL 9 Security updates need testing:
Age URL
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-bab8814ee2
python-aiohttp-3.9.5-1.el9
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-0c24da3136
chromium-124.0.6367.78-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
c4core-0.1.9^20220802gitda43293-12.el9
clamav-1.0.6-1.el9
fedora-license-data-1.46-1.el9
gdcm-3.0.12-7.el9
gtk-layer-shell-0.8.2-3.el9
kiwi-10.0.11-2.el9
ncdu-1.20-1.el9
Details about builds:
================================================================================
c4core-0.1.9^20220802gitda43293-12.el9 (FEDORA-EPEL-2024-3f0ad000f8)
C++ core utilities
--------------------------------------------------------------------------------
Update Information:
Better ensure that the system fast_float is used
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 26 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0.1.9^20220802gitda43293-12
- Better ensure that the system fast_float is used
* Fri Apr 26 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0.1.9^20220802gitda43293-11
- Minor improvement to the description text
--------------------------------------------------------------------------------
================================================================================
clamav-1.0.6-1.el9 (FEDORA-EPEL-2024-25c9732d41)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
ClamAV 1.0.6 is a critical patch release with the following fixes:
Updated select Rust dependencies to the latest versions. This resolved Cargo
audit complaints and included PNG parser bug fixes.
GitHub pull
requesthttps://github.com/Cisco-Talos/clamav/pull/1225
Fixed a bug causing some text to be truncated when converting from UTF-16.
GitHub pull
requesthttps://github.com/Cisco-Talos/clamav/pull/1232
Fixed assorted complaints identified by Coverity static analysis.
GitHub pull
requesthttps://github.com/Cisco-Talos/clamav/pull/1237
Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config
option to be pruned and then re-downloaded with every update.
GitHub pull
requesthttps://github.com/Cisco-Talos/clamav/pull/1240
Added the new 'valhalla' database name to the list of optional databases in
preparation for future work.
GitHub pull
requesthttps://github.com/Cisco-Talos/clamav/pull/1240
Silenced a warning "Unexpected early end-of-file" that occured when scanning
some PNG files.
GitHub pull
requesthttps://github.com/Cisco-Talos/clamav/pull/1216
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 26 2024 Orion Poplawski <orion(a)nwra.com> - 1.0.6-1
- Update to 1.0.6
* Mon Apr 8 2024 S��rgio Basto <sergio(a)serjux.com> - 1.0.5-5
- Update clamav-data and README.fedora.md
* Thu Apr 4 2024 John Sullivan <jsullivan(a)nasuni.com> - 1.0.5-4
- Update EPEL 7 and 8 support for 1.0.5
--------------------------------------------------------------------------------
================================================================================
fedora-license-data-1.46-1.el9 (FEDORA-EPEL-2024-dfb4fe2705)
Fedora Linux license data
--------------------------------------------------------------------------------
Update Information:
Automatic update for fedora-license-data-1.46-1.el9.
Changelog for fedora-license-data
* Fri Apr 26 2024 Miroslav Such�� <msuchy(a)redhat.com> 1.46-1
- rename LicenseRef-Catharon to Catharon
- add NCL license
- add HPND-UC-export-US license
- Add GPL-2.0-only_WITH_cryptsetup-OpenSSL-exception
- add Sun-PPP-2000 license
- add BSD-2-clause-first-lines license
- add pkgconf license
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 26 2024 Miroslav Such�� <msuchy(a)redhat.com> 1.46-1
- rename LicenseRef-Catharon to Catharon
- add NCL license
- add HPND-UC-export-US license
- Add GPL-2.0-only_WITH_cryptsetup-OpenSSL-exception
- add Sun-PPP-2000 license
- add BSD-2-clause-first-lines license
- add pkgconf license
--------------------------------------------------------------------------------
================================================================================
gdcm-3.0.12-7.el9 (FEDORA-EPEL-2024-f5884f808a)
Grassroots DiCoM is a C++ library to parse DICOM medical files
--------------------------------------------------------------------------------
Update Information:
Security fixes
TALOS-2024-1924, CVE-2024-22391: heap overflow
TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
TALOS-2024-1944, CVE-2024-25569: out-of-bounds read
Bug fixes
Replace deprecated PyEval_CallObject for compatibility with Python 3.13
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 26 2024 Sandro <devel(a)penguinpee.nl> - 3.0.12-7
- Apply security patches
- Fix TALOS-2024-1924, CVE-2024-22391 (RHBZ#2277288)
- Fix TALOS-2024-1935, CVE-2024-22373 (RHBZ#2277292)
- Fix TALOS-2024-1944, CVE-2024-25569 (RHBZ#2277296)
* Fri Apr 26 2024 Sandro <devel(a)penguinpee.nl> - 3.0.12-6
- Replace deprecated PyEval_CallObject() (RHBZ#2245816)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2277284 - CVE-2024-22391 gdcm: crafted malformed file can lead to memory
corruption due to heap overflow
https://bugzilla.redhat.com/show_bug.cgi?id=2277284
[ 2 ] Bug #2277289 - CVE-2024-22373 gdcm: out-of-bounds write vulnerability lead to a
heap buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=2277289
[ 3 ] Bug #2277293 - CVE-2024-25569 gdcm: out-of-bounds read vulnerability in the
RAWCodec::DecodeBytes
https://bugzilla.redhat.com/show_bug.cgi?id=2277293
--------------------------------------------------------------------------------
================================================================================
gtk-layer-shell-0.8.2-3.el9 (FEDORA-EPEL-2024-530c3ce743)
Library to create components for Wayland using the Layer Shell
--------------------------------------------------------------------------------
Update Information:
See commit history
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 24 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jan 20 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 5 2024 Packit <hello(a)packit.dev> - 0.8.2-1
- [packit] 0.8.2 upstream release
- Resolves rhbz#2256997
* Fri Jan 5 2024 Artem Polishchuk <ego.cordatus(a)gmail.com> - 0.8.1-5
- packit: Update config
* Fri Jan 5 2024 Artem Polishchuk <ego.cordatus(a)gmail.com> - 0.8.1-4
- license: Convert to SPDX
* Fri Jan 5 2024 Artem Polishchuk <ego.cordatus(a)gmail.com> - 0.8.1-3
- build: Add Packit config
* Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
kiwi-10.0.11-2.el9 (FEDORA-EPEL-2024-7008d7350c)
Flexible operating system image builder
--------------------------------------------------------------------------------
Update Information:
This update backports a fix for package removal when using dnf5.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 26 2024 Adam Williamson <awilliam(a)redhat.com> - 10.0.11-2
- Backport PR #2546 to fix package removal with dnf5
--------------------------------------------------------------------------------
================================================================================
ncdu-1.20-1.el9 (FEDORA-EPEL-2024-756403678c)
Text-based disk usage viewer
--------------------------------------------------------------------------------
Update Information:
Update to 1.20. Changes in this version:
Revert default color scheme back to ���off���
Rewrite man page in mdoc, drop pod2man dependency
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 21 2024 Richard Fearn <richardfearn(a)gmail.com> - 1.20-1
- Update to 1.20
* Thu Jan 25 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.19-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.19-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2276264 - ncdu 1.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2276264
--------------------------------------------------------------------------------