Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 40: 2024-a455bea9ca Critical: Calibre Remote Code Execution

fedora
Calendar Grey August 27, 2024
Dist Fedora Esm H88
Elevate Calibre on Fedora 40 by applying the most recent patches that rectify four CVEs, ensuring bolstered security measures and improved performance.
Fix fonts for < f41 releases

Summary

Calibre is meant to be a complete e-library solution. It includes library

management, format conversion, news feeds to ebook conversion as well as

e-book reader sync features.

Calibre is primarily a ebook cataloging program. It manages your ebook

collection for you. It is designed around the concept of the logical book,

i.e. a single entry in the database that may correspond to ebooks in several

formats. It also supports conversion to and from a dozen different ebook

formats.

Supported input formats are: MOBI, LIT, PRC, EPUB, CHM, ODT, HTML, CBR, CBZ,

RTF, TXT, PDF and LRS.

Update Information:

Fix fonts for < f41 releases. Upgrade to latest upstream release to fix 4 CVE's and enable new hardware

Topics%20covered

Topics Covered

security advisory fedora critical software update remote execution calibre font fix

Change Log

* Sun Aug 25 2024 Kevin Fenzi - 7.17.0-2 - Fix font conditionals to handle f40 and older correctly * Sat Aug 24 2024 Kevin Fenzi - 7.17.0-1 - Update to 7.17.0. Fixes rhbz#2307557 * Wed Aug 21 2024 Parag Nemade - 7.16.0-3 - Update to use new Liberation fonts installation path for F41+ releases. * Thu Aug 15 2024 Kevin Fenzi - 7.16.0-2 - Remove pycryptdome as a BuildRequires * Sun Aug 4 2024 Kevin Fenzi - 7.16.0-1 - Update to calibre 7.16.0. Fixes rhbz#2302040 * Sat Jul 20 2024 Kevin Fenzi - 7.15.0-1 - Update to 7.15.0. Fixes rhbz#2298824 * Wed Jul 17 2024 Fedora Release Engineering - 7.14.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Sat Jul 13 2024 Kevin Fenzi - 7.14.0-1 - Update to 7.14.0. Fixes rhbz#2297462 * Sun Jul 7 2024 Kevin Fenzi - 7.13.0-2 - correct path for liberation fonts

References


[ 1 ] Bug #2303060 - CVE-2024-7009 calibre: From NVD collector [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2303060 [ 2 ] Bug #2303063 - CVE-2024-7008 calibre: Unsanitized user-input in Calibre allow attackers to perform reflected cross-site scripting [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2303063 [ 3 ] Bug #2303065 - CVE-2024-6782 calibre: Improper access control in Calibre allow unauthenticated attackers to achieve remote code execution. [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2303065 [ 4 ] Bug #2303067 - CVE-2024-6781 calibre: Path traversal in Calibre allow unauthenticated attackers to achieve arbitrary file read. [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2303067 [ 5 ] Bug #2307794 - Crash at start of "calibre" https://bugzilla.redhat.com/show_bug.cgi?id=2307794

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-a455bea9ca' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: calibre
Product: Fedora 40
Version: 7.17.0
Release: 3.fc40
URL: https://calibre-ebook.com/
Summary: E-book converter and library manager

Topics%20covered

Topics Covered

security advisory fedora critical software update remote execution calibre font fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here