Fedora Linux 8757 Published by

The following security updates have been released for Fedora Linux:

Fedora 40 Update: mingw-glib2-2.80.1-1.fc40
Fedora 40 Update: djvulibre-3.5.28-9.fc40
Fedora 40 Update: mingw-python-jinja2-3.1.4-1.fc40
Fedora 38 Update: djvulibre-3.5.28-6.fc38
Fedora 39 Update: mingw-glib2-2.78.5-1.fc39
Fedora 39 Update: djvulibre-3.5.28-7.fc39
Fedora 39 Update: mingw-python-jinja2-3.1.4-1.fc39




Fedora 40 Update: mingw-glib2-2.80.1-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2ce1c754f7
2024-05-16 01:50:39.118643
--------------------------------------------------------------------------------

Name : mingw-glib2
Product : Fedora 40
Version : 2.80.1
Release : 1.fc40
URL : http://www.gtk.org
Summary : MinGW Windows GLib2 library
Description :
MinGW Windows Glib2 library.

--------------------------------------------------------------------------------
Update Information:

Update glib2 to fix CVE-2024-34397.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 7 2024 Sandro Mani [manisandro@gmail.com] - 2.80.1-1
- Update to 2.80.1
* Sat Mar 23 2024 Sandro Mani [manisandro@gmail.com] - 2.80.0-1
- Update to 2.80.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2279641 - CVE-2024-34397 mingw-glib2: glib2: Signal subscription vulnerabilities [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2279641
[ 2 ] Bug #2279642 - CVE-2024-34397 mingw-glib2: glib2: Signal subscription vulnerabilities [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2279642
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2ce1c754f7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: djvulibre-3.5.28-9.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d20163632f
2024-05-16 01:50:39.118565
--------------------------------------------------------------------------------

Name : djvulibre
Product : Fedora 40
Version : 3.5.28
Release : 9.fc40
URL : http://djvu.sourceforge.net/
Summary : DjVu viewers, encoders, and utilities
Description :
DjVu is a web-centric format and software platform for distributing documents
and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for
distributing scanned documents, digital documents, or high-resolution pictures.
DjVu content downloads faster, displays and renders faster, looks nicer on a
screen, and consume less client resources than competing formats. DjVu images
display instantly and can be smoothly zoomed and panned with no lengthy
re-rendering.

DjVuLibre is a free (GPL'ed) implementation of DjVu, including viewers,
decoders, simple encoders, and utilities. The browser plugin is in its own
separate sub-package.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2021-46310 and CVE-2021-46312.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 7 2024 Marek Kasik [mkasik@redhat.com] - 3.5.28-9
- Check for zero-size image when allocating GBuffer
- Resolves: #2234738
* Tue May 7 2024 Marek Kasik [mkasik@redhat.com] - 3.5.28-8
- Improve image size fix
- Resolves: #2234741
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2234736 - CVE-2021-46312 djvulibre: divide by zero in IW44EncodeCodec.cpp
https://bugzilla.redhat.com/show_bug.cgi?id=2234736
[ 2 ] Bug #2234739 - CVE-2021-46310 djvulibre: divide by zero in IW44Image.cpp
https://bugzilla.redhat.com/show_bug.cgi?id=2234739
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d20163632f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: mingw-python-jinja2-3.1.4-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e3caf31c98
2024-05-16 01:50:39.118490
--------------------------------------------------------------------------------

Name : mingw-python-jinja2
Product : Fedora 40
Version : 3.1.4
Release : 1.fc40
URL : https://palletsprojects.com/p/jinja/
Summary : MinGW Windows Python jinja2 library
Description :
MinGW Windows Python jinja2 library.

--------------------------------------------------------------------------------
Update Information:

Update to jinja2-3.1.4, fixes CVE-2024-34064.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 7 2024 Sandro Mani [manisandro@gmail.com] - 3.1.4-1
- Update to 3.1.4
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2279486 - TRIAGE CVE-2024-34064 mingw-python-jinja2: jinja2: accepts keys containing non-attribute characters [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279486
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e3caf31c98' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: djvulibre-3.5.28-6.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e8b9bedd36
2024-05-16 01:26:50.657669
--------------------------------------------------------------------------------

Name : djvulibre
Product : Fedora 38
Version : 3.5.28
Release : 6.fc38
URL : http://djvu.sourceforge.net/
Summary : DjVu viewers, encoders, and utilities
Description :
DjVu is a web-centric format and software platform for distributing documents
and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for
distributing scanned documents, digital documents, or high-resolution pictures.
DjVu content downloads faster, displays and renders faster, looks nicer on a
screen, and consume less client resources than competing formats. DjVu images
display instantly and can be smoothly zoomed and panned with no lengthy
re-rendering.

DjVuLibre is a free (GPL'ed) implementation of DjVu, including viewers,
decoders, simple encoders, and utilities. The browser plugin is in its own
separate sub-package.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2021-46310 and CVE-2021-46312.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 7 2024 Marek Kasik [mkasik@redhat.com] - 3.5.28-6
- Check for zero-size image when allocating GBuffer
- Resolves: #2234738
* Tue May 7 2024 Marek Kasik [mkasik@redhat.com] - 3.5.28-5
- Improve image size fix
- Resolves: #2234741
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2234736 - CVE-2021-46312 djvulibre: divide by zero in IW44EncodeCodec.cpp
https://bugzilla.redhat.com/show_bug.cgi?id=2234736
[ 2 ] Bug #2234739 - CVE-2021-46310 djvulibre: divide by zero in IW44Image.cpp
https://bugzilla.redhat.com/show_bug.cgi?id=2234739
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e8b9bedd36' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: mingw-glib2-2.78.5-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-be032e564d
2024-05-16 01:08:08.062527
--------------------------------------------------------------------------------

Name : mingw-glib2
Product : Fedora 39
Version : 2.78.5
Release : 1.fc39
URL : http://www.gtk.org
Summary : MinGW Windows GLib2 library
Description :
MinGW Windows Glib2 library.

--------------------------------------------------------------------------------
Update Information:

Update glib2 to fix CVE-2024-34397.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 7 2024 Sandro Mani [manisandro@gmail.com] - 2.78.5-1
- Update to 2.78.5
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2279641 - CVE-2024-34397 mingw-glib2: glib2: Signal subscription vulnerabilities [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2279641
[ 2 ] Bug #2279642 - CVE-2024-34397 mingw-glib2: glib2: Signal subscription vulnerabilities [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2279642
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-be032e564d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: djvulibre-3.5.28-7.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-891c09df97
2024-05-16 01:08:08.062469
--------------------------------------------------------------------------------

Name : djvulibre
Product : Fedora 39
Version : 3.5.28
Release : 7.fc39
URL : http://djvu.sourceforge.net/
Summary : DjVu viewers, encoders, and utilities
Description :
DjVu is a web-centric format and software platform for distributing documents
and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for
distributing scanned documents, digital documents, or high-resolution pictures.
DjVu content downloads faster, displays and renders faster, looks nicer on a
screen, and consume less client resources than competing formats. DjVu images
display instantly and can be smoothly zoomed and panned with no lengthy
re-rendering.

DjVuLibre is a free (GPL'ed) implementation of DjVu, including viewers,
decoders, simple encoders, and utilities. The browser plugin is in its own
separate sub-package.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2021-46310 and CVE-2021-46312.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 7 2024 Marek Kasik [mkasik@redhat.com] - 3.5.28-7
- Check for zero-size image when allocating GBuffer
- Resolves: #2234738
* Tue May 7 2024 Marek Kasik [mkasik@redhat.com] - 3.5.28-6
- Improve image size fix
- Resolves: #2234741
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2234736 - CVE-2021-46312 djvulibre: divide by zero in IW44EncodeCodec.cpp
https://bugzilla.redhat.com/show_bug.cgi?id=2234736
[ 2 ] Bug #2234739 - CVE-2021-46310 djvulibre: divide by zero in IW44Image.cpp
https://bugzilla.redhat.com/show_bug.cgi?id=2234739
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-891c09df97' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: mingw-python-jinja2-3.1.4-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e609c057ad
2024-05-16 01:08:08.062410
--------------------------------------------------------------------------------

Name : mingw-python-jinja2
Product : Fedora 39
Version : 3.1.4
Release : 1.fc39
URL : https://palletsprojects.com/p/jinja/
Summary : MinGW Windows Python jinja2 library
Description :
MinGW Windows Python jinja2 library.

--------------------------------------------------------------------------------
Update Information:

Update to jinja2-3.1.4, fixes CVE-2024-34064.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 7 2024 Sandro Mani [manisandro@gmail.com] - 3.1.4-1
- Update to 3.1.4
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2279486 - TRIAGE CVE-2024-34064 mingw-python-jinja2: jinja2: accepts keys containing non-attribute characters [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279486
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e609c057ad' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--