Fedora Linux 8546 Published by

The following security updates have been released for Fedora Linux:

Fedora 38 Update: libxls-1.6.2-14.fc38
Fedora 38 Update: perl-Spreadsheet-ParseXLSX-0.31-1.fc38
Fedora 39 Update: wpa_supplicant-2.10-9.fc39
Fedora 39 Update: libxls-1.6.2-14.fc39
Fedora 39 Update: perl-Spreadsheet-ParseXLSX-0.31-1.fc39




Fedora 38 Update: libxls-1.6.2-14.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8b67e47e43
2024-02-27 01:44:25.903558
--------------------------------------------------------------------------------

Name : libxls
Product : Fedora 38
Version : 1.6.2
Release : 14.fc38
URL : https://github.com/libxls/libxls
Summary : Read binary Excel files from C/C++
Description :
This is libxls, a C library for reading Excel files in the old binary OLE
format, plus a command-line tool for converting XLS to CSV (named,
appropriately enough, libxls2csv).

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-38852
--------------------------------------------------------------------------------
ChangeLog:

* Sun Feb 18 2024 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 1.6.2-13
- Backport fix for CVE-2023-38852 (#2232511)
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.6.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.6.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering [releng@fedoraproject.org] - 1.6.2-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2232479 - CVE-2023-38852 libxls: heap buffer overflow in xls_parseWorkBook() in xls.c
https://bugzilla.redhat.com/show_bug.cgi?id=2232479
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8b67e47e43' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: perl-Spreadsheet-ParseXLSX-0.31-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-fa14bfd3b5
2024-02-27 01:44:25.903503
--------------------------------------------------------------------------------

Name : perl-Spreadsheet-ParseXLSX
Product : Fedora 38
Version : 0.31
Release : 1.fc38
URL : https://github.com/doy/spreadsheet-parsexlsx
Summary : Parse XLSX files
Description :
This module is an adaptor for that reads XLSX files.
For documentation about the various data that you can retrieve from these
classes, please see ,
, , and
.

--------------------------------------------------------------------------------
Update Information:

Update to latest version
Security fix for CVE-2024-22368
--------------------------------------------------------------------------------
ChangeLog:

* Sun Feb 18 2024 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 0.31-1
- Update to latest version (#2256482)
- Fixes CVE-2024-22368 (#2257626)
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.27-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.27-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jul 21 2023 Fedora Release Engineering [releng@fedoraproject.org] - 0.27-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2257625 - CVE-2024-22368 perl-Spreadsheet-ParseXLSX: out-of-memory condition during parsing of a crafted XLSX document
https://bugzilla.redhat.com/show_bug.cgi?id=2257625
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-fa14bfd3b5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: wpa_supplicant-2.10-9.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a95bdde55b
2024-02-27 01:07:18.072526
--------------------------------------------------------------------------------

Name : wpa_supplicant
Product : Fedora 39
Version : 2.10
Release : 9.fc39
URL : http://w1.fi/wpa_supplicant/
Summary : WPA/WPA2/IEEE 802.1X Supplicant
Description :
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support
for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA
component that is used in the client stations. It implements key negotiation
with a WPA Authenticator and it controls the roaming and IEEE 802.11
authentication/association of the wlan driver.

--------------------------------------------------------------------------------
Update Information:

backport fix for PEAP client (CVE-2023-52160)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 22 2024 Davide Caratti [dcaratti@redhat.com] - 1:2.10-9
- Backport fix for PEAP client (CVE-2023-52160)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2264594 - TRIAGE CVE-2023-52160 wpa_supplicant: potential authorization bypass [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2264594
[ 2 ] Bug #2265479 - unpatched CVE-2023-52160 in Fedora 38 & 39
https://bugzilla.redhat.com/show_bug.cgi?id=2265479
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a95bdde55b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: libxls-1.6.2-14.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e74783429c
2024-02-27 01:07:18.072495
--------------------------------------------------------------------------------

Name : libxls
Product : Fedora 39
Version : 1.6.2
Release : 14.fc39
URL : https://github.com/libxls/libxls
Summary : Read binary Excel files from C/C++
Description :
This is libxls, a C library for reading Excel files in the old binary OLE
format, plus a command-line tool for converting XLS to CSV (named,
appropriately enough, libxls2csv).

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-38852
--------------------------------------------------------------------------------
ChangeLog:

* Sun Feb 18 2024 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 1.6.2-13
- Backport fix for CVE-2023-38852 (#2232511)
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.6.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.6.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2232479 - CVE-2023-38852 libxls: heap buffer overflow in xls_parseWorkBook() in xls.c
https://bugzilla.redhat.com/show_bug.cgi?id=2232479
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e74783429c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: perl-Spreadsheet-ParseXLSX-0.31-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-5f136f5d10
2024-02-27 01:07:18.072481
--------------------------------------------------------------------------------

Name : perl-Spreadsheet-ParseXLSX
Product : Fedora 39
Version : 0.31
Release : 1.fc39
URL : https://github.com/doy/spreadsheet-parsexlsx
Summary : Parse XLSX files
Description :
This module is an adaptor for that reads XLSX files.
For documentation about the various data that you can retrieve from these
classes, please see ,
, , and
.

--------------------------------------------------------------------------------
Update Information:

Update to latest version
Security fix for CVE-2024-22368
--------------------------------------------------------------------------------
ChangeLog:

* Sun Feb 18 2024 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 0.31-1
- Update to latest version (#2256482)
- Fixes CVE-2024-22368 (#2257626)
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.27-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.27-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2257625 - CVE-2024-22368 perl-Spreadsheet-ParseXLSX: out-of-memory condition during parsing of a crafted XLSX document
https://bugzilla.redhat.com/show_bug.cgi?id=2257625
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-5f136f5d10' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--