[SECURITY] Fedora 33 Update: wpa_supplicant-2.9-8.fc33
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-3430f96019
2021-03-02 15:54:53.504840
--------------------------------------------------------------------------------
Name : wpa_supplicant
Product : Fedora 33
Version : 2.9
Release : 8.fc33
URL : http://w1.fi/wpa_supplicant/
Summary : WPA/WPA2/IEEE 802.1X Supplicant
Description :
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support
for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA
component that is used in the client stations. It implements key negotiation
with a WPA Authenticator and it controls the roaming and IEEE 802.11
authentication/association of the wlan driver.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2021-27803
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 1 2021 Davide Caratti <dcaratti(a)redhat.com> - 1:2.9-8
- Fix a corner case in peer addition based on PD Request (CVE-2021-27803)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1933361 - CVE-2021-27803 wpa_supplicant: wpa_supplicant P2P provision discovery processing vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1933361
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-3430f96019' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 1 month
[SECURITY] Fedora 33 Update: salt-3002.5-1.fc33
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-5756fbf8a6
2021-03-02 15:54:53.504811
--------------------------------------------------------------------------------
Name : salt
Product : Fedora 33
Version : 3002.5
Release : 1.fc33
URL : http://saltstack.org/
Summary : A parallel remote execution system
Description :
Salt is a distributed remote execution system used to execute commands and
query data. It was developed in order to bring the best solutions found in
the world of remote execution together and make them better, faster and more
malleable. Salt accomplishes this via its ability to handle larger loads of
information, and not just dozens, but hundreds or even thousands of individual
servers, handle them quickly and through a simple and manageable interface.
--------------------------------------------------------------------------------
Update Information:
Update to CVE release 3002.5-1 for Python 3 Fixed on this release:
CVE-2021-25283 Fixed in 3002.3: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662
CVE-2021-3148 CVE-2021-3144 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283
CVE-2021-25284 CVE-2021-25284 CVE-2021-3197
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 26 2021 SaltStack Packaging Team <packaging(a)saltstack.com> - 3002.5-1
- Update to CVE release 3002.5-1 for Python 3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1933324 - CVE-2021-3197 salt: Shell injection by including ProxyCommand in an argument [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933324
[ 2 ] Bug #1933326 - CVE-2021-25281 salt: API does not honor eAuth credentials for the wheel_async client [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933326
[ 3 ] Bug #1933329 - CVE-2021-25282 salt: Directory traversal in wheel.pillar_roots.write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933329
[ 4 ] Bug #1933332 - CVE-2021-25283 salt: Jinja renderer does not protect against server-side template injection attacks [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933332
[ 5 ] Bug #1933337 - CVE-2021-3148 salt: Command injection in salt.utils.thin.gen_thin() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933337
[ 6 ] Bug #1933340 - CVE-2021-25284 salt: webutils write passwords in cleartext to /var/log/salt/minion [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933340
[ 7 ] Bug #1933343 - CVE-2020-35662 salt: Certain modules do not always validated SSL certificates [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933343
[ 8 ] Bug #1933345 - CVE-2021-3144 salt: eauth tokens can be used once after expiration [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933345
[ 9 ] Bug #1933348 - CVE-2020-28972 salt: Authentication to vCenter, vSphere, and ESXi servers does not always validate the SSL/TLS certificate [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933348
[ 10 ] Bug #1933351 - CVE-2020-28243 salt: Privilege escalation on a minion when an unprivileged user is able to create files in any non-blacklisted directory [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933351
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-5756fbf8a6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 1 month
Fedora 33 Update: hplip-3.21.2-1.fc33
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-566f59fdf0
2021-03-02 15:54:53.504790
--------------------------------------------------------------------------------
Name : hplip
Product : Fedora 33
Version : 3.21.2
Release : 1.fc33
URL : https://developers.hp.com/hp-linux-imaging-and-printing
Summary : HP Linux Imaging and Printing Project
Description :
The Hewlett-Packard Linux Imaging and Printing Project provides
drivers for HP printers and multi-function peripherals.
--------------------------------------------------------------------------------
Update Information:
1929977 - hplip-3.21.2 is available get out of hp-setup if the device is a
standalone scanner remove the old search algorithm
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 19 2021 Zdenek Dohnal <zdohnal(a)redhat.com> - 3.21.2-1
- 1929977 - hplip-3.21.2 is available
* Fri Feb 19 2021 Zdenek Dohnal <zdohnal(a)redhat.com> - 3.20.11-6
- get out of hp-setup if the device is a standalone scanner
* Thu Feb 18 2021 Zdenek Dohnal <zdohnal(a)redhat.com> - 3.20.11-6
- remove the old search algorithm
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1929977 - hplip-3.21.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1929977
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-566f59fdf0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 1 month
Fedora 33 Update: gnome-boxes-3.38.2-2.fc33
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-3c65e9c024
2021-03-02 15:54:53.504777
--------------------------------------------------------------------------------
Name : gnome-boxes
Product : Fedora 33
Version : 3.38.2
Release : 2.fc33
URL : https://wiki.gnome.org/Apps/Boxes
Summary : A simple GNOME 3 application to access remote or virtual systems
Description :
gnome-boxes lets you easily create, setup, access, and use:
* remote machines
* remote virtual machines
* local virtual machines
* When technology permits, set up access for applications on
local virtual machines
--------------------------------------------------------------------------------
Update Information:
Filter rpm provides for private libraries
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 9 2021 Kalev Lember <klember(a)redhat.com> - 3.38.2-2
- Filter private library provides and requires on private libraries (#1925723)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1925723 - gnome-boxes Provides internal libraries
https://bugzilla.redhat.com/show_bug.cgi?id=1925723
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-3c65e9c024' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 1 month
Fedora 33 Update: dnsmasq-2.84-1.fc33
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-039b93d5e4
2021-03-02 15:54:53.504686
--------------------------------------------------------------------------------
Name : dnsmasq
Product : Fedora 33
Version : 2.84
Release : 1.fc33
URL : http://www.thekelleys.org.uk/dnsmasq/
Summary : A lightweight DHCP/caching DNS server
Description :
Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server.
It is designed to provide DNS and, optionally, DHCP, to a small network.
It can serve the names of local machines which are not in the global
DNS. The DHCP server integrates with the DNS server and allows machines
with DHCP-allocated addresses to appear in the DNS with names configured
either in each host or in a central configuration file. Dnsmasq supports
static and dynamic DHCP leases and BOOTP for network booting of diskless
machines.
--------------------------------------------------------------------------------
Update Information:
Regression fix to recent security fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 26 2021 Petr Men����k <pemensik(a)redhat.com> - 2.84-1
- Update to 2.84
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1920263 - dnsmasq-2.84 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1920263
[ 2 ] Bug #1921152 - failed to send packet: Network is unreachable when resolution is busy.
https://bugzilla.redhat.com/show_bug.cgi?id=1921152
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-039b93d5e4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 1 month
[SECURITY] Fedora 32 Update: salt-3001.6-1.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-904a2dbc0c
2021-03-02 15:34:50.961953
--------------------------------------------------------------------------------
Name : salt
Product : Fedora 32
Version : 3001.6
Release : 1.fc32
URL : http://saltstack.org/
Summary : A parallel remote execution system
Description :
Salt is a distributed remote execution system used to execute commands and
query data. It was developed in order to bring the best solutions found in
the world of remote execution together and make them better, faster and more
malleable. Salt accomplishes this via its ability to handle larger loads of
information, and not just dozens, but hundreds or even thousands of individual
servers, handle them quickly and through a simple and manageable interface.
--------------------------------------------------------------------------------
Update Information:
Update to CVE release 3001.6-1 for Python 3 Fixed in 3001.5: CVE-2020-28243
CVE-2020-28972 CVE-2020-35662 CVE-2021-3148 CVE-2021-3144 CVE-2021-25281
CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3197
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 26 2021 SaltStack Packaging Team <packaging(a)saltstack.com> - 3001.6-1
- Update to CVE release 3001.6-1 for Python 3
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-904a2dbc0c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 1 month
Fedora 32 Update: prusa-slicer-2.2.0-8.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-13c033a187
2021-03-02 15:34:50.961943
--------------------------------------------------------------------------------
Name : prusa-slicer
Product : Fedora 32
Version : 2.2.0
Release : 8.fc32
URL : https://github.com/prusa3d/PrusaSlicer/
Summary : 3D printing slicer optimized for Prusa printers
Description :
PrusaSlicer takes 3D models (STL, OBJ, AMF) and converts them into G-code
instructions for FFF printers or PNG layers for mSLA 3D printers. It's
compatible with any modern printer based on the RepRap toolchain, including all
those based on the Marlin, Prusa, Sprinter and Repetier firmware. It also works
with Mach3, LinuxCNC and Machinekit controllers.
PrusaSlicer is based on Slic3r by Alessandro Ranelucci and the RepRap
community.
--------------------------------------------------------------------------------
Update Information:
Rebuild with openvdb 8.0.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Miro Hron��ok <mhroncok(a)redhat.com> - 2.2.0-8
- Rebuilt for openvdb 8.0
- Fixes: rhbz#1912499
* Fri Jan 1 2021 Richard Shaw <hobbes1069(a)gmail.com> - 2.2.0-7
- Rebuild for OpenEXR 2.5.3.
* Wed Aug 26 2020 Jan Beran <jaberan(a)redhat.com> - 2.2.0-6
- Add fixes for the flatpak build:
disable perltests by default when building flatpak
don't remove Perl modules when building without perltests
* Mon Aug 24 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 2.2.0-5
- Rebuilt for openvdb 7.1
* Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.0-4
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jun 2 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 2.2.0-2
- Rebuilt and fix for Boost 1.73.0 (#1842011)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1933140 - prusa-slicer breaks openvdb upgrade on F32
https://bugzilla.redhat.com/show_bug.cgi?id=1933140
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-13c033a187' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 1 month
[SECURITY] Fedora 32 Update: webkit2gtk3-2.30.5-1.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-e03b328043
2021-03-02 15:34:50.961933
--------------------------------------------------------------------------------
Name : webkit2gtk3
Product : Fedora 32
Version : 2.30.5
Release : 1.fc32
URL : https://www.webkitgtk.org/
Summary : GTK Web content engine library
Description :
WebKitGTK is the port of the portable web rendering engine WebKit to the
GTK platform.
This package contains WebKit2 based WebKitGTK for GTK 3.
--------------------------------------------------------------------------------
Update Information:
* Bring back the WebKitPluginProcess that was removed by mistake. (It will
disappear again soon.) * Fix RunLoop objects leaked in worker threads. * Use
Internet Explorer quirk for Google Docs. (Yes, even this new quirk is broken
already.) * Security fixes: CVE-2020-13558
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1928887 - CVE-2020-13558 webkit2gtk3: webkitgtk: use-after-free may lead to arbitrary code execution via crafted web content [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1928887
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-e03b328043' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 1 month
Fedora 32 Update: elfutils-0.183-1.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-2df31e679c
2021-03-02 15:34:50.961921
--------------------------------------------------------------------------------
Name : elfutils
Product : Fedora 32
Version : 0.183
Release : 1.fc32
URL : http://elfutils.org/
Summary : A collection of utilities and DSOs to handle ELF files and DWARF data
Description :
Elfutils is a collection of utilities, including stack (to show
backtraces), nm (for listing symbols from object files), size
(for listing the section sizes of an object or archive file),
strip (for discarding symbols), readelf (to see the raw ELF file
structures), elflint (to check for well-formed ELF files) and
elfcompress (to compress or decompress ELF sections).
--------------------------------------------------------------------------------
Update Information:
Upgrade to upstream 0.183. debuginfod: New thread-busy metric and more detailed
error metrics. New --fdcache-mintmp and tracking of filesystem freespace.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 8 2021 Mark Wielaard <mjw(a)fedoraproject.org> - 0.183-1
- Upgrade to upstream 0.183
- debuginfod: New thread-busy metric and more detailed error metrics.
New --fdcache-mintmp and tracking of filesystem freespace.
- debuginfod-client: DEBUGINFOD_SONAME macro added to debuginfod.h can
be used to dlopen the libdebuginfod.so library.
New function debuginfod_set_verbose_fd and DEBUGINFOD_VERBOSE
environment variable.
- config: profile.sh and profile.csh won't export DEBUGINFOD_URLS
unless configured --enable-debuginfod-urls[=URLS]
- elflint, readelf: Recognize SHF_GNU_RETAIN.
Handle SHT_X86_64_UNWIND as valid relocation target type.
* Thu Dec 17 2020 Mark Wielaard <mjw(a)fedoraproject.org> - 0.182-2
- Add elfutils-0.182-s390-pid_memory_read.patch
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-2df31e679c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 1 month
Fedora 32 Update: osinfo-db-20210215-1.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-61ef58a988
2021-03-02 15:34:50.961907
--------------------------------------------------------------------------------
Name : osinfo-db
Product : Fedora 32
Version : 20210215
Release : 1.fc32
URL : http://libosinfo.org/
Summary : osinfo database files
Description :
The osinfo database provides information about operating systems and
hypervisor platforms to facilitate the automated configuration and
provisioning of new virtual machines
--------------------------------------------------------------------------------
Update Information:
Don't distribute upstream virtio-win drivers on RHEL
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 15 2021 Fabiano Fid��ncio <fidencio(a)redhat.com> - 20210215-1
- Don't distribute upstream virtio-win drivers on RHEL
- Update to new release (v20210215)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-61ef58a988' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 1 month