The following Fedora EPEL 8 Security updates need testing:
Age URL
35
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1e00c3d01e
cutter-re-2.2.0-1.el8 rizin-0.5.1-1.el8
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-78b54db021
rnp-0.16.3-1.el8
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-7f77917637
dr_libs-0-0.20.20230412git4b3d078.el8
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e5c5d6dbdb
suricata-6.0.11-1.el8
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9631f50abc
chromium-112.0.5615.121-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
gnome-shell-extension-system-monitor-applet-38-23.20230420git21d7b4e.el8
libsignal-protocol-c-2.3.3-8.el8
remmina-1.4.30-2.el8
Details about builds:
================================================================================
gnome-shell-extension-system-monitor-applet-38-23.20230420git21d7b4e.el8
(FEDORA-EPEL-2023-0925a27b2d)
A Gnome shell system monitor extension
--------------------------------------------------------------------------------
Update Information:
Migrated to SPDX license
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 20 2023 Nicolas Vi��ville <nicolas.vieville(a)uphf.fr> -
1:38-23.20230420git21d7b4e
- Migrated to SPDX license
- Add patch for gnome-shell < 3.34 (rhel 8) - RHBZ#2184351
- Add patch for compatibility with gnome-shell 44 - RHBZ#2188339
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2184351 - Regression / Update breaks ext in RHEL8 / TypeError:
GObject.registerClass() used with invalid base class
https://bugzilla.redhat.com/show_bug.cgi?id=2184351
[ 2 ] Bug #2188339 - system-monitor-applet not compatible with GNOME 44
https://bugzilla.redhat.com/show_bug.cgi?id=2188339
--------------------------------------------------------------------------------
================================================================================
libsignal-protocol-c-2.3.3-8.el8 (FEDORA-EPEL-2023-4f43a624e1)
Signal Protocol C library
--------------------------------------------------------------------------------
Update Information:
Backport a fix for [
CVE-2022-48468](https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2022-48468) for
[
protobuf-c](https://github.com/protobuf-c/protobuf-c), which is bundled in
`libsignal-protocol-c`.
https://github.com/protobuf-c/protobuf-
c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217
https://github.com/protobuf-c/protobuf-c/issues/499
https://github.com/protobuf-c/protobuf-c/pull/513
https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 19 2023 Randy Barlow <bowlofeggs(a)fedoraproject.org> - 2.3.3-8
- Fix CVE-2022-48468: unsigned integer overflow (#2186673).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2186674 - CVE-2022-48468 libsignal-protocol-c: protobuf-c: an unsigned
integer overflow in parse_required_member [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2186674
[ 2 ] Bug #2186675 - CVE-2022-48468 libsignal-protocol-c: protobuf-c: an unsigned
integer overflow in parse_required_member [fedora-36]
https://bugzilla.redhat.com/show_bug.cgi?id=2186675
--------------------------------------------------------------------------------
================================================================================
remmina-1.4.30-2.el8 (FEDORA-EPEL-2023-d2f1b8755e)
Remote Desktop Client
--------------------------------------------------------------------------------
Update Information:
Add patch: 0010_remmina_fix_vnc_crash_domain_socket_c6adb35b.patch
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 20 2023 Phil Wyett <philip.wyett(a)kathenas.org> - 1.4.30-2
- Add patch: 0001_remmina_fix_vnc_crash_domain_socket.patch
--------------------------------------------------------------------------------