Fedora Linux 8487 Published by

The following security updates are available for Fedora Linux:

Fedora 38 Update: kernel-6.6.14-100.fc38
Fedora 38 Update: indent-2.2.13-5.fc38
Fedora 39 Update: chromium-121.0.6167.139-1.fc39
Fedora 39 Update: kernel-6.6.14-200.fc39
Fedora 39 Update: indent-2.2.13-6.fc39
Fedora 39 Update: python-notebook-7.0.7-1.fc39
Fedora 39 Update: jupyterlab-4.0.11-1.fc39



Fedora 38 Update: kernel-6.6.14-100.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0f89e13079
2024-02-02 02:22:05.328451
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 38
Version : 6.6.14
Release : 100.fc38
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 6.6.14 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 26 2024 Augusto Caringi [acaringi@redhat.com] [6.6.14-0]
- Add some CVE fixes staged for 6.6.14 (Justin M. Forbes)
- Linux v6.6.14
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2254052 - CVE-2023-6536 kernel: NULL pointer dereference in __nvmet_req_complete
https://bugzilla.redhat.com/show_bug.cgi?id=2254052
[ 2 ] Bug #2254053 - CVE-2023-6535 kernel: NULL pointer dereference in nvmet_tcp_execute_request
https://bugzilla.redhat.com/show_bug.cgi?id=2254053
[ 3 ] Bug #2254054 - CVE-2023-6356 kernel: NULL pointer dereference in nvmet_tcp_build_iovec
https://bugzilla.redhat.com/show_bug.cgi?id=2254054
[ 4 ] Bug #2259701 - CVE-2023-46838 xen: netback processing of zero-length transmit fragment
https://bugzilla.redhat.com/show_bug.cgi?id=2259701
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0f89e13079' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: indent-2.2.13-5.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-74667e499e
2024-02-02 02:22:05.328378
--------------------------------------------------------------------------------

Name : indent
Product : Fedora 38
Version : 2.2.13
Release : 5.fc38
URL : https://www.gnu.org/software/indent/
Summary : A GNU program for formatting C code
Description :
Indent is a GNU program for beautifying C code, so that it is easier to
read. Indent can also convert from one C writing style to a different
one. Indent understands correct C syntax and tries to handle incorrect
C syntax.

Install the indent package if you are developing applications in C and
you want a program to format your code.

--------------------------------------------------------------------------------
Update Information:

This release fixes a heap buffer underread in indent tool when processing a code
in which an opening parenthesis follows a comment with a text.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 24 2024 Petr Pisar [ppisar@redhat.com] - 2.2.13-5
- Fix a heap buffer underread in set_buf_break() (bug #2259883)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2260399 - CVE-2024-0911 indent: heap-based buffer overflow in set_buf_break()
https://bugzilla.redhat.com/show_bug.cgi?id=2260399
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-74667e499e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: chromium-121.0.6167.139-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-87e0baecb6
2024-02-02 01:13:11.576111
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 39
Version : 121.0.6167.139
Release : 1.fc39
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

update to 121.0.6167.139 * High CVE-2024-1060: Use after free in Canvas *
High CVE-2024-1059: Use after free in WebRTC * High CVE-2024-1077: Use after
free in Network
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 31 2024 Than Ngo [than@redhat.com] - 121.0.6167.139-1
- update to 121.0.6167.139
* High CVE-2024-1060: Use after free in Canvas
* High CVE-2024-1059: Use after free in WebRTC
* High CVE-2024-1077: Use after free in Network
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-87e0baecb6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: kernel-6.6.14-200.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-50ab089b1d
2024-02-02 01:13:11.576083
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 39
Version : 6.6.14
Release : 200.fc39
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 6.6.14 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 26 2024 Augusto Caringi [acaringi@redhat.com] [6.6.14-0]
- Add some CVE fixes staged for 6.6.14 (Justin M. Forbes)
- Linux v6.6.14
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2254052 - CVE-2023-6536 kernel: NULL pointer dereference in __nvmet_req_complete
https://bugzilla.redhat.com/show_bug.cgi?id=2254052
[ 2 ] Bug #2254053 - CVE-2023-6535 kernel: NULL pointer dereference in nvmet_tcp_execute_request
https://bugzilla.redhat.com/show_bug.cgi?id=2254053
[ 3 ] Bug #2254054 - CVE-2023-6356 kernel: NULL pointer dereference in nvmet_tcp_build_iovec
https://bugzilla.redhat.com/show_bug.cgi?id=2254054
[ 4 ] Bug #2259701 - CVE-2023-46838 xen: netback processing of zero-length transmit fragment
https://bugzilla.redhat.com/show_bug.cgi?id=2259701
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-50ab089b1d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: indent-2.2.13-6.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bfd13103eb
2024-02-02 01:13:11.575943
--------------------------------------------------------------------------------

Name : indent
Product : Fedora 39
Version : 2.2.13
Release : 6.fc39
URL : https://www.gnu.org/software/indent/
Summary : A GNU program for formatting C code
Description :
Indent is a GNU program for beautifying C code, so that it is easier to
read. Indent can also convert from one C writing style to a different
one. Indent understands correct C syntax and tries to handle incorrect
C syntax.

Install the indent package if you are developing applications in C and
you want a program to format your code.

--------------------------------------------------------------------------------
Update Information:

This release fixes a heap buffer underread in indent tool when processing a code
in which an opening parenthesis follows a comment with a text.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 24 2024 Petr Pisar [ppisar@redhat.com] - 2.2.13-6
- Fix a heap buffer underread in set_buf_break() (bug #2259883)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2260399 - CVE-2024-0911 indent: heap-based buffer overflow in set_buf_break()
https://bugzilla.redhat.com/show_bug.cgi?id=2260399
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bfd13103eb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: python-notebook-7.0.7-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-1673c2696e
2024-02-02 01:13:11.575824
--------------------------------------------------------------------------------

Name : python-notebook
Product : Fedora 39
Version : 7.0.7
Release : 1.fc39
URL : https://jupyter.org
Summary : A web-based notebook environment for interactive computing
Description :
The Jupyter Notebook is a web application that allows you to create and
share documents that contain live code, equations, visualizations, and
explanatory text. The Notebook has support for multiple programming
languages, sharing, and interactive widgets.

--------------------------------------------------------------------------------
Update Information:

Update of jupyterlab and notebook including fix for CVE-2024-22420 .
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 23 2024 Lumir Balhar [lbalhar@redhat.com] - 7.0.7-1
- Update to 7.0.7 (rhbz#2252762)
* Mon Jan 22 2024 Fedora Release Engineering [releng@fedoraproject.org] - 7.0.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2259646 - CVE-2024-22420 jupyterlab: CVE-2024-22420 CVE-2024-22421 [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2259646
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-1673c2696e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: jupyterlab-4.0.11-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-1673c2696e
2024-02-02 01:13:11.575824
--------------------------------------------------------------------------------

Name : jupyterlab
Product : Fedora 39
Version : 4.0.11
Release : 1.fc39
URL : https://jupyter.org
Summary : JupyterLab computational environment
Description :
JupyterLab is the next-generation user interface for Project Jupyter
offering all the familiar building blocks of the classic Jupyter
Notebook (notebook, terminal, text editor, file browser, rich outputs, etc.)
in a flexible and powerful user interface.

--------------------------------------------------------------------------------
Update Information:

Update of jupyterlab and notebook including fix for CVE-2024-22420 .
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 20 2024 Lumir Balhar [lbalhar@redhat.com] - 4.0.11-1
- Update to 4.0.11 (rhbz#2233853)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2259646 - CVE-2024-22420 jupyterlab: CVE-2024-22420 CVE-2024-22421 [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2259646
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-1673c2696e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--