[SECURITY] Fedora 39 Update: onnx-1.14.0-9.fc39

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-270e3b5e9b 2024-03-29 01:07:30.704683 -------------------------------------------------------------------------------- Name : onnx Product : Fedora 39 Version : 1.14.0 Release : 9.fc39 URL : https://github.com/onnx/onnx Summary : Open standard for machine learning interoperability Description : onnx provides an open source format for AI models, both deep learning and traditional ML. It defines an extensible computation graph model, as well as definitions of built-in operators and standard data types. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2024-27318 and CVE-2024-27319 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 20 2024 Alejandro Alvarez Ayllon <a.alvarezayllon(a)gmail.com&gt; - 1.14.0-9 - Backport of fixes for CVE-2024-27318 and CVE-2024-27319 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2265737 - CVE-2024-27318 onnx: directory traversal https://bugzilla.redhat.com/show_bug.cgi?id=2265737 [ 2 ] Bug #2265739 - CVE-2024-27319 onnx: oob read https://bugzilla.redhat.com/show_bug.cgi?id=2265739 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-270e3b5e9b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------