Fedora Linux 8639 Published by

The following security updates have been released for Fedora Linux:

Fedora 38 Update: kernel-headers-6.7.3-100.fc38
Fedora 38 Update: kernel-6.7.3-100.fc38
Fedora 39 Update: qt5-qtwebengine-5.15.16-1.fc39
Fedora 39 Update: kernel-headers-6.7.3-200.fc39
Fedora 39 Update: kernel-6.7.3-200.fc39
Fedora 39 Update: runc-1.1.12-1.fc39




Fedora 38 Update: kernel-headers-6.7.3-100.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-cf47b35a6c
2024-02-06 03:42:03.891066
--------------------------------------------------------------------------------

Name : kernel-headers
Product : Fedora 38
Version : 6.7.3
Release : 100.fc38
URL : http://www.kernel.org/
Summary : Header files for the Linux kernel for use by glibc
Description :
Kernel-headers includes the C header files that specify the interface
between the Linux kernel and userspace libraries and programs. The
header files define structures and constants that are needed for
building most standard programs and are also needed for rebuilding the
glibc package.

--------------------------------------------------------------------------------
Update Information:

The 6.7.3 stable kernel rebase contains new features, improved hardware support,
and a number of important fixes across the tree.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 1 2024 Justin M. Forbes [jforbes@fedoraproject.org] - 6.7.3-1
- Linux v6.7.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2253986 - CVE-2023-6679 kernel: NULL pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c
https://bugzilla.redhat.com/show_bug.cgi?id=2253986
[ 2 ] Bug #2260041 - CVE-2024-23849 kernel: off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access
https://bugzilla.redhat.com/show_bug.cgi?id=2260041
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-cf47b35a6c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: kernel-6.7.3-100.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-cf47b35a6c
2024-02-06 03:42:03.891066
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 38
Version : 6.7.3
Release : 100.fc38
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 6.7.3 stable kernel rebase contains new features, improved hardware support,
and a number of important fixes across the tree.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 31 2024 Justin M. Forbes [jforbes@fedoraproject.org] [6.7.3-0]
- Config update for stable backport (Justin M. Forbes)
- Add some more bugs to BugsFixed (Justin M. Forbes)
- Linux v6.7.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2253986 - CVE-2023-6679 kernel: NULL pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c
https://bugzilla.redhat.com/show_bug.cgi?id=2253986
[ 2 ] Bug #2260041 - CVE-2024-23849 kernel: off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access
https://bugzilla.redhat.com/show_bug.cgi?id=2260041
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-cf47b35a6c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: qt5-qtwebengine-5.15.16-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bf2399e5e5
2024-02-06 01:17:01.499283
--------------------------------------------------------------------------------

Name : qt5-qtwebengine
Product : Fedora 39
Version : 5.15.16
Release : 1.fc39
URL : http://www.qt.io
Summary : Qt5 - QtWebEngine components
Description :
Qt5 - QtWebEngine components.

--------------------------------------------------------------------------------
Update Information:

QtWebEngine 5.15.16 bugfix update.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 1 2024 Jan Grulich [jgrulich@redhat.com] - 5.15.16-1
- 5.15.16
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 5.15.12-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering [releng@fedoraproject.org] - 5.15.12-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2262191 - qt5-qtwebengine is more than 1 year behind security updates
https://bugzilla.redhat.com/show_bug.cgi?id=2262191
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bf2399e5e5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: kernel-headers-6.7.3-200.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2116a8468b
2024-02-06 01:17:01.499269
--------------------------------------------------------------------------------

Name : kernel-headers
Product : Fedora 39
Version : 6.7.3
Release : 200.fc39
URL : http://www.kernel.org/
Summary : Header files for the Linux kernel for use by glibc
Description :
Kernel-headers includes the C header files that specify the interface
between the Linux kernel and userspace libraries and programs. The
header files define structures and constants that are needed for
building most standard programs and are also needed for rebuilding the
glibc package.

--------------------------------------------------------------------------------
Update Information:

The 6.7.3 stable kernel rebase contains new features, improved hardware support,
and a number of important fixes across the tree.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 1 2024 Justin M. Forbes [jforbes@fedoraproject.org] - 6.7.3-1
- Linux v6.7.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2253986 - CVE-2023-6679 kernel: NULL pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c
https://bugzilla.redhat.com/show_bug.cgi?id=2253986
[ 2 ] Bug #2260041 - CVE-2024-23849 kernel: off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access
https://bugzilla.redhat.com/show_bug.cgi?id=2260041
[ 3 ] Bug #2262126 - CVE-2024-1086 kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function
https://bugzilla.redhat.com/show_bug.cgi?id=2262126
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2116a8468b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: kernel-6.7.3-200.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2116a8468b
2024-02-06 01:17:01.499269
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 39
Version : 6.7.3
Release : 200.fc39
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 6.7.3 stable kernel rebase contains new features, improved hardware support,
and a number of important fixes across the tree.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 31 2024 Justin M. Forbes [jforbes@fedoraproject.org] [6.7.3-0]
- Config update for stable backport (Justin M. Forbes)
- Add some more bugs to BugsFixed (Justin M. Forbes)
- Linux v6.7.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2253986 - CVE-2023-6679 kernel: NULL pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c
https://bugzilla.redhat.com/show_bug.cgi?id=2253986
[ 2 ] Bug #2260041 - CVE-2024-23849 kernel: off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access
https://bugzilla.redhat.com/show_bug.cgi?id=2260041
[ 3 ] Bug #2262126 - CVE-2024-1086 kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function
https://bugzilla.redhat.com/show_bug.cgi?id=2262126
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2116a8468b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: runc-1.1.12-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-900dc7f6ff
2024-02-06 01:17:01.499262
--------------------------------------------------------------------------------

Name : runc
Product : Fedora 39
Version : 1.1.12
Release : 1.fc39
URL : https://github.com/opencontainers/runc
Summary : CLI for running Open Containers
Description :
The runc command can be used to start containers which are packaged
in accordance with the Open Container Initiative's specifications,
and to manage containers running under runc.

--------------------------------------------------------------------------------
Update Information:

security fix for CVE-2024-21626
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 1 2024 Lokesh Mandvekar [lsm5@redhat.com] - 2:1.1.12-1
- bump to v1.1.12
* Thu Feb 1 2024 Davanum Srinivas [davanum@gmail.com] - 2:1.1.9-1
- Update to runc 1.1.9 version
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2258725 - CVE-2024-21626 runc: file descriptor leak
https://bugzilla.redhat.com/show_bug.cgi?id=2258725
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-900dc7f6ff' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--