Fedora 40 Update: suricata-7.0.8-1.fc40
Fedora 41 Update: xen-4.19.1-3.fc41
Fedora 41 Update: python-jinja2-3.1.5-1.fc41
Fedora 41 Update: suricata-7.0.8-1.fc41
[SECURITY] Fedora 40 Update: suricata-7.0.8-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-aa783e1cbd
2025-01-12 01:42:08.024032+00:00
--------------------------------------------------------------------------------
Name : suricata
Product : Fedora 40
Version : 7.0.8
Release : 1.fc40
URL : https://suricata-ids.org/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.
--------------------------------------------------------------------------------
Update Information:
Various security, performance, accuracy, and stability issues have been fixed.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 3 2025 Steve Grubb [sgrubb@redhat.com] 7.0.8-1
- New security and bugfix release
* Tue Oct 22 2024 Richard W.M. Jones [rjones@redhat.com] - 7.0.7-2
- Rebuild for Jansson 2.14
( https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/3PYINSQGKQ4BB25NQUI2A2UCGGLAG5ND/)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-aa783e1cbd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: xen-4.19.1-3.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-933a9a977e
2025-01-12 01:37:12.378788+00:00
--------------------------------------------------------------------------------
Name : xen
Product : Fedora 41
Version : 4.19.1
Release : 3.fc41
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor
--------------------------------------------------------------------------------
Update Information:
work around debugedit bug to fix aarch64 builds
xen-hypervisor %post doesn't load all needed grub2 modules
update to xen-4.19.1 which includes
Deadlock in x86 HVM standard VGA handling [XSA-463, CVE-2024-45818]
libxl leaks data to PVH guests via ACPI tables [XSA-464, CVE-2024-45819]
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 9 2025 Michael Young [m.a.young@durham.ac.uk] - 4.19.1-3
- work around debugedit bug to fix aarch64 builds
* Sat Jan 4 2025 Andrea Perotti [aperotti@redhat.com] - 4.19.1-2
- xen-hypervisor %post doesn't load all needed grub2 modules
(#2335558)
* Thu Dec 5 2024 Michael Young [m.a.young@durham.ac.uk] - 4.19.1-1
- update to xen-4.19.1
remove patches now included or superceded upstream
* Tue Nov 12 2024 Michael Young [m.a.young@durham.ac.uk] - 4.19.0-5
- Deadlock in x86 HVM standard VGA handling [XSA-463, CVE-2024-45818]
- libxl leaks data to PVH guests via ACPI tables [XSA-464, CVE-2024-45819]
- additional patches so above applies cleanly
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2330331 - xen-4.19.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2330331
[ 2 ] Bug #2333330 - CVE-2024-45818 xen: Deadlock in x86 HVM standard VGA handling [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2333330
[ 3 ] Bug #2333333 - CVE-2024-45819 xen: libxl leaks data to PVH guests via ACPI tables [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2333333
[ 4 ] Bug #2335558 - Failure in loading multiboot2 prevent Xen from boot
https://bugzilla.redhat.com/show_bug.cgi?id=2335558
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-933a9a977e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: python-jinja2-3.1.5-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7b6e208ef2
2025-01-12 01:37:12.378777+00:00
--------------------------------------------------------------------------------
Name : python-jinja2
Product : Fedora 41
Version : 3.1.5
Release : 1.fc41
URL : https://palletsprojects.com/p/jinja/
Summary : General purpose template engine
Description :
Jinja2 is a template engine written in pure Python. It provides a
Django inspired non-XML syntax but supports inline expressions and an
optional sandboxed environment.
If you have any exposure to other text-based template languages, such
as Smarty or Django, you should feel right at home with Jinja2. It's
both designer and developer friendly by sticking to Python's
principles and adding functionality useful for templating
environments.
--------------------------------------------------------------------------------
Update Information:
Update to 3.1.5
Security fix for CVE-2024-56201
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 8 2025 Miro HronÄok [mhroncok@redhat.com] - 3.1.5-1
- Update to 3.1.5
- Security fix for CVE-2024-56201
- Fixes: rhzb#2333688
- Fixes: rhzb#2336377
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2333854 - CVE-2024-56201 jinja2: Jinja has a sandbox breakout through malicious filenames
https://bugzilla.redhat.com/show_bug.cgi?id=2333854
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7b6e208ef2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: suricata-7.0.8-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e24171db6d
2025-01-12 01:37:12.378708+00:00
--------------------------------------------------------------------------------
Name : suricata
Product : Fedora 41
Version : 7.0.8
Release : 1.fc41
URL : https://suricata-ids.org/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.
--------------------------------------------------------------------------------
Update Information:
Various security, performance, accuracy, and stability issues have been fixed.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 3 2025 Steve Grubb [sgrubb@redhat.com] 7.0.8-1
- New security and bugfix release
* Tue Oct 22 2024 Richard W.M. Jones [rjones@redhat.com] - 7.0.7-2
- Rebuild for Jansson 2.14
( https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/3PYINSQGKQ4BB25NQUI2A2UCGGLAG5ND/)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e24171db6d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
