Fedora Linux 8814 Published by

The following security updates are available for Fedora Linux:

Fedora 38 Update: thunderbird-115.8.1-1.fc38
Fedora 38 Update: python-multipart-0.0.7-1.fc38
Fedora 38 Update: xen-4.17.2-7.fc38
Fedora 39 Update: chromium-122.0.6261.128-1.fc39
Fedora 39 Update: python-multipart-0.0.7-1.fc39
Fedora 39 Update: xen-4.17.2-7.fc39




Fedora 38 Update: thunderbird-115.8.1-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-325c1d1fce
2024-03-14 01:38:51.492053
--------------------------------------------------------------------------------

Name : thunderbird
Product : Fedora 38
Version : 115.8.1
Release : 1.fc38
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

Update to 115.8.1
https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/
read that if you have mails with encrypted email subjects
https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 5 2024 Eike Rathke [erack@redhat.com] - 115.8.1-1
- Update to 115.8.1
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-325c1d1fce' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: python-multipart-0.0.7-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-09c7f715c9
2024-03-14 01:38:51.491916
--------------------------------------------------------------------------------

Name : python-multipart
Product : Fedora 38
Version : 0.0.7
Release : 1.fc38
URL : https://github.com/andrew-d/python-multipart
Summary : A streaming multipart parser for Python
Description :
python-multipart is an Apache2 licensed streaming multipart parser for Python.

--------------------------------------------------------------------------------
Update Information:

python-multipart 0.0.7 (2024-02-03)
Refactor header option parser to use the standard library instead of a custom
RegEx #75.
Fixes a denial of service vulnerability, GHSA-qf9m-vfgh-m389, initially reported
in FastAPI but applicable to other libraries and applications.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 5 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.7-1
- Update to 0.0.7 (close RHBZ#2262502)
* Mon Feb 5 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.6-6
- Assert that .dist-info contains a license file
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.0.6-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.0.6-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jul 21 2023 Fedora Release Engineering [releng@fedoraproject.org] - 0.0.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Python Maint - 0.0.6-2
- Rebuilt for Python 3.12
* Mon Feb 27 2023 Carl George [carl@george.computer] - 0.0.6-1
- Update to version 0.0.6, resolves rhbz#2173719
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2262502 - python-multipart-0.0.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2262502
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-09c7f715c9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: xen-4.17.2-7.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0da80aa623
2024-03-14 01:38:51.491768
--------------------------------------------------------------------------------

Name : xen
Product : Fedora 38
Version : 4.17.2
Release : 7.fc38
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

x86: shadow stack vs exceptions from emulation stubs - [XSA-451,
CVE-2023-46841] (#2266326)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 27 2024 Michael Young [m.a.young@durham.ac.uk] - 4.17.2-7
- x86: shadow stack vs exceptions from emulation stubs - [XSA-451,
CVE-2023-46841] (#2266326)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2266325 - CVE-2023-46841 xen: x86 shadow stack vs exceptions from emulation stubs
https://bugzilla.redhat.com/show_bug.cgi?id=2266325
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0da80aa623' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: chromium-122.0.6261.128-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-99d177633f
2024-03-14 01:07:19.210431
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 39
Version : 122.0.6261.128
Release : 1.fc39
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

upstream security release 122.0.6261.128
High CVE-2024-2400: Use after free in Performance Manager
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 13 2024 Than Ngo [than@redhat.com] - 122.0.6261.128-1
- upstream security release 122.0.6261.128
* High CVE-2024-2400: Use after free in Performance Manager
* Mon Mar 11 2024 Than Ngo [than@redhat.com] - 122.0.6261.111-2
- enable ppc64le build
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2269306 - CVE-2024-2400 chromium: chromium-browser: Use after free in Performance Manager [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2269306
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-99d177633f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: python-multipart-0.0.7-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2e802cdb4b
2024-03-14 01:07:19.210255
--------------------------------------------------------------------------------

Name : python-multipart
Product : Fedora 39
Version : 0.0.7
Release : 1.fc39
URL : https://github.com/andrew-d/python-multipart
Summary : A streaming multipart parser for Python
Description :
python-multipart is an Apache2 licensed streaming multipart parser for Python.

--------------------------------------------------------------------------------
Update Information:

python-multipart 0.0.7 (2024-02-03)
Refactor header option parser to use the standard library instead of a custom
RegEx #75.
Fixes a denial of service vulnerability, GHSA-qf9m-vfgh-m389, initially reported
in FastAPI but applicable to other libraries and applications.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 5 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.7-1
- Update to 0.0.7 (close RHBZ#2262502)
* Mon Feb 5 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.6-6
- Assert that .dist-info contains a license file
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.0.6-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.0.6-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2262502 - python-multipart-0.0.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2262502
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2e802cdb4b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: xen-4.17.2-7.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-aca9ed1eb1
2024-03-14 01:07:19.210138
--------------------------------------------------------------------------------

Name : xen
Product : Fedora 39
Version : 4.17.2
Release : 7.fc39
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

x86: shadow stack vs exceptions from emulation stubs - [XSA-451,
CVE-2023-46841] (#2266326)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 27 2024 Michael Young [m.a.young@durham.ac.uk] - 4.17.2-7
- x86: shadow stack vs exceptions from emulation stubs - [XSA-451,
CVE-2023-46841] (#2266326)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2266325 - CVE-2023-46841 xen: x86 shadow stack vs exceptions from emulation stubs
https://bugzilla.redhat.com/show_bug.cgi?id=2266325
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-aca9ed1eb1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--