Fedora Linux 8731 Published by

The following security updates are available for Fedora Linux:

Fedora 38 Update: engrampa-1.26.2-1.fc38
Fedora 38 Update: xen-4.17.2-6.fc38
Fedora 38 Update: vim-9.1.076-2.fc38
Fedora 39 Update: engrampa-1.26.2-1.fc39
Fedora 39 Update: vim-9.1.076-2.fc39
Fedora 39 Update: xen-4.17.2-6.fc39




Fedora 38 Update: engrampa-1.26.2-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8dc64f8f59
2024-02-15 01:41:57.775593
--------------------------------------------------------------------------------

Name : engrampa
Product : Fedora 38
Version : 1.26.2
Release : 1.fc38
URL : http://mate-desktop.org
Summary : MATE Desktop file archiver
Description :
Mate File Archiver is an application for creating and viewing archives files,
such as zip, xv, bzip2, cab, rar and other compress formats.

--------------------------------------------------------------------------------
Update Information:

update to 1.26.2
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 6 2024 Wolfgang Ulbrich [fedora@raveit.de] - 1.26.2-1
- update to 1.26.2
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.26.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.26.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jul 19 2023 Fedora Release Engineering [releng@fedoraproject.org] - 1.26.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

>>>>>>> c3bab3b (update to 1.26.1)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2262840 - TRIAGE CVE-2023-52138 engrampa: remote command execution via path traversal vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2262840
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8dc64f8f59' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: xen-4.17.2-6.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4b2cf8c375
2024-02-15 01:41:57.775532
--------------------------------------------------------------------------------

Name : xen
Product : Fedora 38
Version : 4.17.2
Release : 6.fc38
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

arm32: The cache may not be properly cleaned/invalidated (take two)
[XSA-447, CVE-2023-46837]
pci: phantom functions assigned to incorrect contexts [XSA-449,
CVE-2023-46839]
VT-d: Failure to quarantine devices in !HVM build [XSA-450,
CVE-2023-46840]
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 30 2024 Michael Young [m.a.young@durham.ac.uk] - 4.17.2-6
- arm32: The cache may not be properly cleaned/invalidated (take two)
[XSA-447, CVE-2023-46837]
- pci: phantom functions assigned to incorrect contexts [XSA-449,
CVE-2023-46839]
- VT-d: Failure to quarantine devices in !HVM build [XSA-450,
CVE-2023-46840]
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4b2cf8c375' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: vim-9.1.076-2.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-1c85d5b179
2024-02-15 01:41:57.775549
--------------------------------------------------------------------------------

Name : vim
Product : Fedora 38
Version : 9.1.076
Release : 2.fc38
URL : http://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-22667
enable building without GPM support - build with GPM in Fedora
2262371 - gvim: symbol lookup error: gvim: undefined symbol:
g_once_init_enter_pointer
The newest upstream commit
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 5 2024 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.1.076-2
- enable building without GPM support - build with GPM in Fedora
- 2262371 - gvim: symbol lookup error: gvim: undefined symbol: g_once_init_enter_pointer
* Mon Feb 5 2024 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.1.076-1
- patchlevel 076
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2:9.1.031-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2262999 - CVE-2024-22667 vim: Stack buffer over flow in did_set_langmap function in map.c
https://bugzilla.redhat.com/show_bug.cgi?id=2262999
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-1c85d5b179' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: engrampa-1.26.2-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-23085d548c
2024-02-15 00:59:01.165491
--------------------------------------------------------------------------------

Name : engrampa
Product : Fedora 39
Version : 1.26.2
Release : 1.fc39
URL : http://mate-desktop.org
Summary : MATE Desktop file archiver
Description :
Mate File Archiver is an application for creating and viewing archives files,
such as zip, xv, bzip2, cab, rar and other compress formats.

--------------------------------------------------------------------------------
Update Information:

update to 1.26.2
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 6 2024 Wolfgang Ulbrich [fedora@raveit.de] - 1.26.2-1
- update to 1.26.2
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.26.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.26.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2262840 - TRIAGE CVE-2023-52138 engrampa: remote command execution via path traversal vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2262840
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-23085d548c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: vim-9.1.076-2.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-12513b5cee
2024-02-15 00:59:01.165431
--------------------------------------------------------------------------------

Name : vim
Product : Fedora 39
Version : 9.1.076
Release : 2.fc39
URL : http://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-22667
enable building without GPM support - build with GPM in Fedora
2262371 - gvim: symbol lookup error: gvim: undefined symbol:
g_once_init_enter_pointer
The newest upstream commit
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 5 2024 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.1.076-2
- enable building without GPM support - build with GPM in Fedora
- 2262371 - gvim: symbol lookup error: gvim: undefined symbol: g_once_init_enter_pointer
* Mon Feb 5 2024 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.1.076-1
- patchlevel 076
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2:9.1.031-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2262999 - CVE-2024-22667 vim: Stack buffer over flow in did_set_langmap function in map.c
https://bugzilla.redhat.com/show_bug.cgi?id=2262999
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-12513b5cee' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: xen-4.17.2-6.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e527e6fd08
2024-02-15 00:59:01.165416
--------------------------------------------------------------------------------

Name : xen
Product : Fedora 39
Version : 4.17.2
Release : 6.fc39
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

arm32: The cache may not be properly cleaned/invalidated (take two)
[XSA-447, CVE-2023-46837]
pci: phantom functions assigned to incorrect contexts [XSA-449,
CVE-2023-46839]
VT-d: Failure to quarantine devices in !HVM build [XSA-450,
CVE-2023-46840]
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 30 2024 Michael Young [m.a.young@durham.ac.uk] - 4.17.2-6
- arm32: The cache may not be properly cleaned/invalidated (take two)
[XSA-447, CVE-2023-46837]
- pci: phantom functions assigned to incorrect contexts [XSA-449,
CVE-2023-46839]
- VT-d: Failure to quarantine devices in !HVM build [XSA-450,
CVE-2023-46840]
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e527e6fd08' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--