March 2021 - package-announce - Fedora Mailing-Lists

[SECURITY] Fedora 33 Update: wpa_supplicant-2.9-8.fc33

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-3430f96019 2021-03-02 15:54:53.504840 -------------------------------------------------------------------------------- Name : wpa_supplicant Product : Fedora 33 Version : 2.9 Release : 8.fc33 URL : http://w1.fi/wpa_supplicant/ Summary : WPA/WPA2/IEEE 802.1X Supplicant Description : wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2021-27803 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 1 2021 Davide Caratti <dcaratti(a)redhat.com> - 1:2.9-8 - Fix a corner case in peer addition based on PD Request (CVE-2021-27803) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1933361 - CVE-2021-27803 wpa_supplicant: wpa_supplicant P2P provision discovery processing vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1933361 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-3430f96019' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 1 month

1
0
0 / 0

[SECURITY] Fedora 33 Update: salt-3002.5-1.fc33

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-5756fbf8a6 2021-03-02 15:54:53.504811 -------------------------------------------------------------------------------- Name : salt Product : Fedora 33 Version : 3002.5 Release : 1.fc33 URL : http://saltstack.org/ Summary : A parallel remote execution system Description : Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads of information, and not just dozens, but hundreds or even thousands of individual servers, handle them quickly and through a simple and manageable interface. -------------------------------------------------------------------------------- Update Information: Update to CVE release 3002.5-1 for Python 3 Fixed on this release: CVE-2021-25283 Fixed in 3002.3: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3148 CVE-2021-3144 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-25284 CVE-2021-3197 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 26 2021 SaltStack Packaging Team <packaging(a)saltstack.com> - 3002.5-1 - Update to CVE release 3002.5-1 for Python 3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1933324 - CVE-2021-3197 salt: Shell injection by including ProxyCommand in an argument [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1933324 [ 2 ] Bug #1933326 - CVE-2021-25281 salt: API does not honor eAuth credentials for the wheel_async client [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1933326 [ 3 ] Bug #1933329 - CVE-2021-25282 salt: Directory traversal in wheel.pillar_roots.write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1933329 [ 4 ] Bug #1933332 - CVE-2021-25283 salt: Jinja renderer does not protect against server-side template injection attacks [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1933332 [ 5 ] Bug #1933337 - CVE-2021-3148 salt: Command injection in salt.utils.thin.gen_thin() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1933337 [ 6 ] Bug #1933340 - CVE-2021-25284 salt: webutils write passwords in cleartext to /var/log/salt/minion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1933340 [ 7 ] Bug #1933343 - CVE-2020-35662 salt: Certain modules do not always validated SSL certificates [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1933343 [ 8 ] Bug #1933345 - CVE-2021-3144 salt: eauth tokens can be used once after expiration [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1933345 [ 9 ] Bug #1933348 - CVE-2020-28972 salt: Authentication to vCenter, vSphere, and ESXi servers does not always validate the SSL/TLS certificate [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1933348 [ 10 ] Bug #1933351 - CVE-2020-28243 salt: Privilege escalation on a minion when an unprivileged user is able to create files in any non-blacklisted directory [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1933351 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-5756fbf8a6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 1 month

1
0
0 / 0

Fedora 33 Update: hplip-3.21.2-1.fc33

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-566f59fdf0 2021-03-02 15:54:53.504790 -------------------------------------------------------------------------------- Name : hplip Product : Fedora 33 Version : 3.21.2 Release : 1.fc33 URL : https://developers.hp.com/hp-linux-imaging-and-printing Summary : HP Linux Imaging and Printing Project Description : The Hewlett-Packard Linux Imaging and Printing Project provides drivers for HP printers and multi-function peripherals. -------------------------------------------------------------------------------- Update Information: 1929977 - hplip-3.21.2 is available get out of hp-setup if the device is a standalone scanner remove the old search algorithm -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 19 2021 Zdenek Dohnal <zdohnal(a)redhat.com> - 3.21.2-1 - 1929977 - hplip-3.21.2 is available * Fri Feb 19 2021 Zdenek Dohnal <zdohnal(a)redhat.com> - 3.20.11-6 - get out of hp-setup if the device is a standalone scanner * Thu Feb 18 2021 Zdenek Dohnal <zdohnal(a)redhat.com> - 3.20.11-6 - remove the old search algorithm -------------------------------------------------------------------------------- References: [ 1 ] Bug #1929977 - hplip-3.21.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1929977 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-566f59fdf0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 1 month

1
0
0 / 0

Fedora 33 Update: gnome-boxes-3.38.2-2.fc33

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-3c65e9c024 2021-03-02 15:54:53.504777 -------------------------------------------------------------------------------- Name : gnome-boxes Product : Fedora 33 Version : 3.38.2 Release : 2.fc33 URL : https://wiki.gnome.org/Apps/Boxes Summary : A simple GNOME 3 application to access remote or virtual systems Description : gnome-boxes lets you easily create, setup, access, and use: * remote machines * remote virtual machines * local virtual machines * When technology permits, set up access for applications on local virtual machines -------------------------------------------------------------------------------- Update Information: Filter rpm provides for private libraries -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 9 2021 Kalev Lember <klember(a)redhat.com> - 3.38.2-2 - Filter private library provides and requires on private libraries (#1925723) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1925723 - gnome-boxes Provides internal libraries https://bugzilla.redhat.com/show_bug.cgi?id=1925723 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-3c65e9c024' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 1 month

1
0
0 / 0

Fedora 33 Update: dnsmasq-2.84-1.fc33

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-039b93d5e4 2021-03-02 15:54:53.504686 -------------------------------------------------------------------------------- Name : dnsmasq Product : Fedora 33 Version : 2.84 Release : 1.fc33 URL : http://www.thekelleys.org.uk/dnsmasq/ Summary : A lightweight DHCP/caching DNS server Description : Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of diskless machines. -------------------------------------------------------------------------------- Update Information: Regression fix to recent security fixes. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 26 2021 Petr Men��k <pemensik(a)redhat.com> - 2.84-1 - Update to 2.84 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1920263 - dnsmasq-2.84 is available https://bugzilla.redhat.com/show_bug.cgi?id=1920263 [ 2 ] Bug #1921152 - failed to send packet: Network is unreachable when resolution is busy. https://bugzilla.redhat.com/show_bug.cgi?id=1921152 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-039b93d5e4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 1 month

1
0
0 / 0

[SECURITY] Fedora 32 Update: salt-3001.6-1.fc32

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-904a2dbc0c 2021-03-02 15:34:50.961953 -------------------------------------------------------------------------------- Name : salt Product : Fedora 32 Version : 3001.6 Release : 1.fc32 URL : http://saltstack.org/ Summary : A parallel remote execution system Description : Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads of information, and not just dozens, but hundreds or even thousands of individual servers, handle them quickly and through a simple and manageable interface. -------------------------------------------------------------------------------- Update Information: Update to CVE release 3001.6-1 for Python 3 Fixed in 3001.5: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3148 CVE-2021-3144 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3197 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 26 2021 SaltStack Packaging Team <packaging(a)saltstack.com> - 3001.6-1 - Update to CVE release 3001.6-1 for Python 3 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-904a2dbc0c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 1 month

1
0
0 / 0

Fedora 32 Update: prusa-slicer-2.2.0-8.fc32

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-13c033a187 2021-03-02 15:34:50.961943 -------------------------------------------------------------------------------- Name : prusa-slicer Product : Fedora 32 Version : 2.2.0 Release : 8.fc32 URL : https://github.com/prusa3d/PrusaSlicer/ Summary : 3D printing slicer optimized for Prusa printers Description : PrusaSlicer takes 3D models (STL, OBJ, AMF) and converts them into G-code instructions for FFF printers or PNG layers for mSLA 3D printers. It's compatible with any modern printer based on the RepRap toolchain, including all those based on the Marlin, Prusa, Sprinter and Repetier firmware. It also works with Mach3, LinuxCNC and Machinekit controllers. PrusaSlicer is based on Slic3r by Alessandro Ranelucci and the RepRap community. -------------------------------------------------------------------------------- Update Information: Rebuild with openvdb 8.0. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 4 2021 Miro Hron��ok <mhroncok(a)redhat.com> - 2.2.0-8 - Rebuilt for openvdb 8.0 - Fixes: rhbz#1912499 * Fri Jan 1 2021 Richard Shaw <hobbes1069(a)gmail.com> - 2.2.0-7 - Rebuild for OpenEXR 2.5.3. * Wed Aug 26 2020 Jan Beran <jaberan(a)redhat.com> - 2.2.0-6 - Add fixes for the flatpak build: disable perltests by default when building flatpak don't remove Perl modules when building without perltests * Mon Aug 24 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 2.2.0-5 - Rebuilt for openvdb 7.1 * Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.0-4 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jun 2 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 2.2.0-2 - Rebuilt and fix for Boost 1.73.0 (#1842011) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1933140 - prusa-slicer breaks openvdb upgrade on F32 https://bugzilla.redhat.com/show_bug.cgi?id=1933140 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-13c033a187' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 1 month

1
0
0 / 0

[SECURITY] Fedora 32 Update: webkit2gtk3-2.30.5-1.fc32

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-e03b328043 2021-03-02 15:34:50.961933 -------------------------------------------------------------------------------- Name : webkit2gtk3 Product : Fedora 32 Version : 2.30.5 Release : 1.fc32 URL : https://www.webkitgtk.org/ Summary : GTK Web content engine library Description : WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. -------------------------------------------------------------------------------- Update Information: * Bring back the WebKitPluginProcess that was removed by mistake. (It will disappear again soon.) * Fix RunLoop objects leaked in worker threads. * Use Internet Explorer quirk for Google Docs. (Yes, even this new quirk is broken already.) * Security fixes: CVE-2020-13558 -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1928887 - CVE-2020-13558 webkit2gtk3: webkitgtk: use-after-free may lead to arbitrary code execution via crafted web content [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1928887 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-e03b328043' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 1 month

1
0
0 / 0

Fedora 32 Update: elfutils-0.183-1.fc32

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-2df31e679c 2021-03-02 15:34:50.961921 -------------------------------------------------------------------------------- Name : elfutils Product : Fedora 32 Version : 0.183 Release : 1.fc32 URL : http://elfutils.org/ Summary : A collection of utilities and DSOs to handle ELF files and DWARF data Description : Elfutils is a collection of utilities, including stack (to show backtraces), nm (for listing symbols from object files), size (for listing the section sizes of an object or archive file), strip (for discarding symbols), readelf (to see the raw ELF file structures), elflint (to check for well-formed ELF files) and elfcompress (to compress or decompress ELF sections). -------------------------------------------------------------------------------- Update Information: Upgrade to upstream 0.183. debuginfod: New thread-busy metric and more detailed error metrics. New --fdcache-mintmp and tracking of filesystem freespace. -------------------------------------------------------------------------------- ChangeLog: * Mon Feb 8 2021 Mark Wielaard <mjw(a)fedoraproject.org> - 0.183-1 - Upgrade to upstream 0.183 - debuginfod: New thread-busy metric and more detailed error metrics. New --fdcache-mintmp and tracking of filesystem freespace. - debuginfod-client: DEBUGINFOD_SONAME macro added to debuginfod.h can be used to dlopen the libdebuginfod.so library. New function debuginfod_set_verbose_fd and DEBUGINFOD_VERBOSE environment variable. - config: profile.sh and profile.csh won't export DEBUGINFOD_URLS unless configured --enable-debuginfod-urls[=URLS] - elflint, readelf: Recognize SHF_GNU_RETAIN. Handle SHT_X86_64_UNWIND as valid relocation target type. * Thu Dec 17 2020 Mark Wielaard <mjw(a)fedoraproject.org> - 0.182-2 - Add elfutils-0.182-s390-pid_memory_read.patch -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-2df31e679c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 1 month

1
0
0 / 0

Fedora 32 Update: osinfo-db-20210215-1.fc32

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-61ef58a988 2021-03-02 15:34:50.961907 -------------------------------------------------------------------------------- Name : osinfo-db Product : Fedora 32 Version : 20210215 Release : 1.fc32 URL : http://libosinfo.org/ Summary : osinfo database files Description : The osinfo database provides information about operating systems and hypervisor platforms to facilitate the automated configuration and provisioning of new virtual machines -------------------------------------------------------------------------------- Update Information: Don't distribute upstream virtio-win drivers on RHEL -------------------------------------------------------------------------------- ChangeLog: * Mon Feb 15 2021 Fabiano Fid��ncio <fidencio(a)redhat.com> - 20210215-1 - Don't distribute upstream virtio-win drivers on RHEL - Update to new release (v20210215) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-61ef58a988' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 1 month

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

package-announce March 2021