The following Fedora EPEL 7 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-fd5dac4a76 apptainer-1.3.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
chromium-125.0.6422.141-1.el7 stb-0-0.48.20240531git013ac3b.el7
Details about builds:
================================================================================ chromium-125.0.6422.141-1.el7 (FEDORA-EPEL-2024-f1162cb3bf) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information:
update to 125.0.6422.141 High CVE-2024-5493: Heap buffer overflow in WebRTC High CVE-2024-5494: Use after free in Dawn High CVE-2024-5495: Use after free in Dawn High CVE-2024-5496: Use after free in Media Session High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs High CVE-2024-5498: Use after free in Presentation API High CVE-2024-5499: Out of bounds write in Streams API -------------------------------------------------------------------------------- ChangeLog:
* Fri May 31 2024 Than Ngo than@redhat.com - 125.0.6422.141-1 - update to 125.0.6422.141 * High CVE-2024-5493: Heap buffer overflow in WebRTC * High CVE-2024-5494: Use after free in Dawn * High CVE-2024-5495: Use after free in Dawn * High CVE-2024-5496: Use after free in Media Session * High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs * High CVE-2024-5498: Use after free in Presentation API * High CVE-2024-5499: Out of bounds write in Streams API - fixed rhbz#2264332 - Chromium is unable to send/receive video on MS Teams - cleanup chromium.conf * Wed May 29 2024 Than Ngo than@redhat.com - 125.0.6422.112-3 - build against noopenh264 * Tue May 28 2024 Than Ngo than@redhat.com - 125.0.6422.112-2 - Workaround for build error on pp64le * Sun May 26 2024 Than Ngo than@redhat.com - 125.0.6422.112-1 - update to 125.0.6422.112 * High CVE-2024-5274: Type Confusion in V8 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2283084 - CVE-2024-5274 chromium: chromium-browser: Type Confusion in V8 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2283084 --------------------------------------------------------------------------------
================================================================================ stb-0-0.48.20240531git013ac3b.el7 (FEDORA-EPEL-2024-07d513b487) Single-file public domain libraries for C/C++ -------------------------------------------------------------------------------- Update Information:
stb_image 2.30: fix gcc bounds-check warning (believed erroneous) stb_image_resize2 2.07 fix for slow final split during threaded conversions of very wide scanlines when downsampling (caused by extra input converting), fix for wide scanline resamples with many splits (int overflow), fix GCC warning. -------------------------------------------------------------------------------- ChangeLog:
* Sat Jun 1 2024 Benjamin A. Beasley code@musicinmybrain.net - 0-0.48.20240531git013ac3b - stb_image 2.30 * Sun May 26 2024 Benjamin A. Beasley code@musicinmybrain.net - 0-0.47.20240525git449758b - stb_image_resize2 2.07 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org