Fedora Linux 8783 Published by

The following security updates have been released for Fedora Linux:

[SECURITY] Fedora 40 Update: obs-cef-5060^cr103.0.5060.134~git20231010.17f8588-6.fc40
[SECURITY] Fedora 40 Update: kernel-6.9.12-200.fc40
[SECURITY] Fedora 40 Update: xen-4.18.2-4.fc40
[SECURITY] Fedora 39 Update: xen-4.17.4-2.fc39




[SECURITY] Fedora 40 Update: obs-cef-5060^cr103.0.5060.134~git20231010.17f8588-6.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-47dbf2a4de
2024-08-01 02:52:09.189205
--------------------------------------------------------------------------------

Name : obs-cef
Product : Fedora 40
Version : 5060^cr103.0.5060.134~git20231010.17f8588
Release : 6.fc40
URL : https://github.com/obsproject/cef
Summary : OBS fork of the Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
This version is a fork by the OBS project designed to be used as
part of the OBS Browser Source plugin.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-6349 & FTBFS fixes
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 31 2024 Asahi Lina [lina@asahilina.net] - 5060^cr103.0.5060.134~git20231010.17f8588-6
- Fix CVE-2023-6349 & FTBFS on f40/rawhide
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 5060^cr103.0.5060.134~git20231010.17f8588-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 5060^cr103.0.5060.134~git20231010.17f8588-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 5060^cr103.0.5060.134~git20231010.17f8588-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2283553 - CVE-2023-6349 libvpx: Heap buffer overflow related to VP9 encoding
https://bugzilla.redhat.com/show_bug.cgi?id=2283553
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-47dbf2a4de' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: kernel-6.9.12-200.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-873e2cb5f2
2024-08-01 02:52:09.189181
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 40
Version : 6.9.12
Release : 200.fc40
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 6.9.12 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jul 27 2024 Justin M. Forbes [jforbes@fedoraproject.org] [6.9.12-0]
- Linux v6.9.12
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2300866 - CVE-2024-41015 kernel: ocfs2: add bounds checking to ocfs2_check_dir_entry() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2300866
[ 2 ] Bug #2300879 - CVE-2024-41017 kernel: jfs: don't walk off the end of ealist [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2300879
[ 3 ] Bug #2300885 - CVE-2024-41018 kernel: fs/ntfs3: Add a check for attr_names and oatbl [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2300885
[ 4 ] Bug #2300890 - CVE-2024-41019 kernel: fs/ntfs3: Validate ff offset [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2300890
[ 5 ] Bug #2300897 - CVE-2024-41021 kernel: s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2300897
[ 6 ] Bug #2300901 - CVE-2024-41020 kernel: filelock: Fix fcntl/close race recovery compat path [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2300901
[ 7 ] Bug #2300922 - CVE-2024-41022 kernel: drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2300922
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-873e2cb5f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: xen-4.18.2-4.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-169a1cc589
2024-08-01 02:52:09.188975
--------------------------------------------------------------------------------

Name : xen
Product : Fedora 40
Version : 4.18.2
Release : 4.fc40
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

double unlock in x86 guest IRQ handling [XSA-458, CVE-2024-31143]
x86: Native Branch History Injection [XSA-456 version 3, CVE-2024-2201]
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 16 2024 Michael Young [m.a.young@durham.ac.uk] - 4.18.2-4
- double unlock in x86 guest IRQ handling [XSA-458, CVE-2024-31143]
* Fri Jun 7 2024 Python Maint - 4.18.2-3
- Rebuilt for Python 3.13
* Mon Jun 3 2024 Michael Young [m.a.young@durham.ac.uk] - 4.18.2-2
- x86: Native Branch History Injection [XSA-456 version 3, CVE-2024-2201]
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-169a1cc589' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: xen-4.17.4-2.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-58c950d8d8
2024-08-01 01:24:27.004238
--------------------------------------------------------------------------------

Name : xen
Product : Fedora 39
Version : 4.17.4
Release : 2.fc39
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

x86: Native Branch History Injection [XSA-456 version 3, CVE-2024-2201]
double unlock in x86 guest IRQ handling [XSA-458, CVE-2024-31143]
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 16 2024 Michael Young [m.a.young@durham.ac.uk] - 4.17.4-2
- x86: Native Branch History Injection [XSA-456 version 3, CVE-2024-2201]
- double unlock in x86 guest IRQ handling [XSA-458, CVE-2024-31143]
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-58c950d8d8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--