The following Fedora EPEL 7 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-07e8f5f1f0
libopenmpt-0.7.6-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-d9102d9191
clojure-1.8.0-3.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1f6e851537
trafficserver-9.2.4-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-866ac60917
nghttp2-1.33.0-1.3.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
chromium-123.0.6312.105-1.el7
teem-1.11.0-59.el7
wcd-6.0.5-3.el7
Details about builds:
================================================================================
chromium-123.0.6312.105-1.el7 (FEDORA-EPEL-2024-3cb841c5f0)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
update to 123.0.6312.105
High CVE-2024-3156: Inappropriate implementation in V8
High CVE-2024-3158: Use after free in Bookmarks
High CVE-2024-3159: Out of bounds memory access in V8
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Than Ngo <than(a)redhat.com> - 123.0.6312.105-1
- update to 123.0.6312.105
* High CVE-2024-3156: Inappropriate implementation in V8
* High CVE-2024-3158: Use after free in Bookmarks
* High CVE-2024-3159: Out of bounds memory access in V8
* Wed Mar 27 2024 Than Ngo <than(a)redhat.com> - 123.0.6312.86-2
- update to 123.0.6312.86
* Critical CVE-2024-2883: Use after free in ANGLE
* High CVE-2024-2885: Use after free in Daw
* High CVE-2024-2886: Use after free in WebCodecs
* High CVE-2024-2887: Type Confusion in WebAssembly
* Sat Mar 23 2024 Than Ngo <than(a)redhat.com> - 123.0.6312.58-2
- fixed bz#2269768 - enable build ppc64le package for F40
- fixed bz#2270321 - VAAPI flags in chromium.conf are out of date
- fixed bz#2271183 - disable screen ai service
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2271849 - CVE-2024-2883 chromium: Use after free in ANGLE [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2271849
[ 2 ] Bug #2271855 - CVE-2024-2885 chromium: Use after free in Dawn [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2271855
[ 3 ] Bug #2271861 - CVE-2024-2886 chromium: Use after free in WebCodecs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2271861
[ 4 ] Bug #2271867 - CVE-2024-2887 chromium: Type Confusion in WebAssembly [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2271867
[ 5 ] Bug #2272870 - CVE-2024-3156 CVE-2024-3158 chromium: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272870
[ 6 ] Bug #2272877 - CVE-2024-3159 chromium: chromium-browser: Out of bounds memory
access in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272877
--------------------------------------------------------------------------------
================================================================================
teem-1.11.0-59.el7 (FEDORA-EPEL-2024-f7af304d4c)
Libraries for processing and visualizing scientific raster data
--------------------------------------------------------------------------------
Update Information:
Actually install the man pages; update License to SPDX
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.11.0-59
- Actually install the man pages
* Fri Apr 5 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.11.0-57
- Run tests serially *without* overriding spec-file macros
* Fri Apr 5 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.11.0-56
- Update License to SPDX
* Fri Apr 5 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.11.0-55
- Improve summary for -libs subpackage
--------------------------------------------------------------------------------
================================================================================
wcd-6.0.5-3.el7 (FEDORA-EPEL-2024-7d01d6199f)
Wherever Change Directory: chdir for DOS and Unix
--------------------------------------------------------------------------------
Update Information:
Fix a typo in the Summary of the -doc subpackage
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> - 6.0.5-3
- Fix a typo in the Summary of the -doc subpackage
--------------------------------------------------------------------------------