Fedora Linux 8771 Published by

The following updates have been released for Fedora Linux:

Fedora 38 Update: podman-tui-1.0.0-1.fc38
Fedora 38 Update: xen-4.17.2-8.fc38
Fedora 39 Update: cockpit-314-1.fc39
Fedora 39 Update: apache-commons-configuration-2.10.1-1.fc39
Fedora 39 Update: ghc-isocline-1.0.9-28.fc39
Fedora 39 Update: pandoc-3.1.3-29.fc39
Fedora 39 Update: pandoc-cli-3.1.3-29.fc39
Fedora 39 Update: ghc-toml-parser-1.3.2.0-29.fc39
Fedora 39 Update: ghc-hakyll-4.16.2.0-4.fc39
Fedora 39 Update: ghc-base64-0.4.2.4-28.fc39
Fedora 39 Update: xen-4.17.2-8.fc39



Fedora 38 Update: podman-tui-1.0.0-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-529fe8a802
2024-03-30 01:43:28.218946
--------------------------------------------------------------------------------

Name : podman-tui
Product : Fedora 38
Version : 1.0.0
Release : 1.fc38
URL : https://github.com/containers/podman-tui
Summary : Podman Terminal User Interface
Description :

podman-tui is a terminal user interface for Podman v4.
podman-tui is using podman.socket service to communicate with podman environment
and SSH to connect to remote podman machines.

--------------------------------------------------------------------------------
Update Information:

podman-tui release v1.0.0
Security fix for [CVE-2024-28180]
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 21 2024 Navid Yaghoobi [navidys@fedoraproject.org] - 1.0.0-1
- release v1.0.0
* Sat Mar 16 2024 Navid Yaghoobi [navidys@fedoraproject.org] - 0.18.0-1
- release v0.18.0
* Sun Feb 11 2024 Maxwell G [maxwell@gtmx.me] - 0.17.0-2
- Rebuild for golang 1.22.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2268848 - CVE-2024-28176 podman-tui: go-jose: resource exhaustion [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2268848
[ 2 ] Bug #2268895 - CVE-2024-28180 podman-tui: jose-go: improper handling of highly compressed data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2268895
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-529fe8a802' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: xen-4.17.2-8.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-29f57f1b4e
2024-03-30 01:43:28.218917
--------------------------------------------------------------------------------

Name : xen
Product : Fedora 38
Version : 4.17.2
Release : 8.fc38
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

x86: Register File Data Sampling [XSA-452, CVE-2023-28746]
GhostRace: Speculative Race Conditions [XSA-453, CVE-2024-2193]
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 14 2024 Michael Young [m.a.young@durham.ac.uk] - 4.17.2-8
- x86: Register File Data Sampling [XSA-452, CVE-2023-28746]
- GhostRace: Speculative Race Conditions [XSA-453, CVE-2024-2193]
- additional patches so above applies cleanly
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-29f57f1b4e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: cockpit-314-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-6065341780
2024-03-30 01:08:11.513675
--------------------------------------------------------------------------------

Name : cockpit
Product : Fedora 39
Version : 314
Release : 1.fc39
URL : https://cockpit-project.org/
Summary : Web Console for Linux servers
Description :
The Cockpit Web Console enables users to administer GNU/Linux servers using a
web browser.

It offers network configuration, log inspection, diagnostic reports, SELinux
troubleshooting, interactive command-line sessions, and more.

--------------------------------------------------------------------------------
Update Information:

Automatic update for cockpit-314-1.fc39.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 28 2024 Packit [hello@packit.dev] - 314-1
- Diagnostic reports: Fix command injection vulnerability with crafted report names
- Storage: Improvements to read-only encrypted filesystems
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2271614 - CVE-2024-2947 cockpit: command injection when deleting a sosreport with a crafted name
https://bugzilla.redhat.com/show_bug.cgi?id=2271614
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6065341780' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: apache-commons-configuration-2.10.1-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-fa7b758114
2024-03-30 01:08:11.513608
--------------------------------------------------------------------------------

Name : apache-commons-configuration
Product : Fedora 39
Version : 2.10.1
Release : 1.fc39
URL : https://commons.apache.org/proper/commons-configuration/
Summary : Read configuration data from a variety of sources
Description :
The Commons Configuration software library provides a generic
configuration interface which enables a Java application to read
configuration data from a variety of sources. Commons Configuration
provides typed access to single, and multi-valued configuration
parameters as demonstrated by the following code:

Double double = config.getDouble("number");
Integer integer = config.getInteger("number");

Configuration parameters may be loaded from the following sources:
- Properties files
- XML documents
- Windows INI files
- Property list files (plist)
- JNDI
- JDBC Datasource
- System properties
- Applet parameters
- Servlet parameters

Configuration objects are created using configuration builders.
Different configuration sources can be mixed using a
CombinedConfigurationBuilder and a CombinedConfiguration. Additional
sources of configuration parameters can be created by using custom
configuration objects. This customization can be achieved by extending
AbstractConfiguration or AbstractHierarchicalConfiguration.

%javadoc_package

--------------------------------------------------------------------------------
Update Information:

This update contains security fixes for CVE-2024-29131 and CVE-2024-29133.
See https://github.com/apache/commons-configuration/blob/master/RELEASE-
NOTES.txt for changes in versions 2.10.0 and 2.10.1.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 21 2024 Jerry James [loganjerry@gmail.com] - 2.10.1-1
- Version 2.10.1 (CVE-2024-29131, CVE-2024-29133)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2270673 - CVE-2024-29133 commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
https://bugzilla.redhat.com/show_bug.cgi?id=2270673
[ 2 ] Bug #2270674 - CVE-2024-29131 commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
https://bugzilla.redhat.com/show_bug.cgi?id=2270674
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-fa7b758114' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: ghc-isocline-1.0.9-28.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b458482d48
2024-03-30 01:08:11.513507
--------------------------------------------------------------------------------

Name : ghc-isocline
Product : Fedora 39
Version : 1.0.9
Release : 28.fc39
URL : https://hackage.haskell.org/package/isocline
Summary : A portable alternative to GNU Readline
Description :
A Haskell wrapper around the Isocline C library alternative to GNU Readline.
(The Isocline library is included whole and there are no runtime dependencies).

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-35936 and CVE-2023-38745
pandoc:
backport fixes for CVE-2023-35936 and CVE-2023-38745
pandoc-cli:
new package for pandoc binary
patat:
update to 0.11.0.0 and enable tests
base64, isocline, toml-parser: now packaged in Fedora
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 23 2024 Jens Petersen [petersen@redhat.com] - 1.0.9-28
- bump over pandoc release
- refresh to cabal-rpm-2.1.5
* Sat Mar 26 2022 Jens Petersen [petersen@redhat.com] - 1.0.9-1
- spec file generated by cabal-rpm-2.0.11
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2220871 - CVE-2023-35936 pandoc: allows attacker to create or overwrite arbitrary files on the system
https://bugzilla.redhat.com/show_bug.cgi?id=2220871
[ 2 ] Bug #2225379 - CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system (incomplete fix in upstream for CVE-2023-35936)
https://bugzilla.redhat.com/show_bug.cgi?id=2225379
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b458482d48' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: pandoc-3.1.3-29.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b458482d48
2024-03-30 01:08:11.513507
--------------------------------------------------------------------------------

Name : pandoc
Product : Fedora 39
Version : 3.1.3
Release : 29.fc39
URL : https://hackage.haskell.org/package/pandoc
Summary : Conversion between markup formats
Description :
Pandoc is a Haskell library for converting from one markup format to another.
The formats it can handle include

- light markup formats (many variants of Markdown, reStructuredText, AsciiDoc,
Org-mode, Muse, Textile, txt2tags) - HTML formats (HTML 4 and 5) - Ebook
formats (EPUB v2 and v3, FB2) - Documentation formats (GNU TexInfo, Haddock) -
Roff formats (man, ms) - TeX formats (LaTeX, ConTeXt) - Typst - XML formats
(DocBook 4 and 5, JATS, TEI Simple, OpenDocument) - Outline formats (OPML) -
Bibliography formats (BibTeX, BibLaTeX, CSL JSON, CSL YAML, RIS) - Word
processor formats (Docx, RTF, ODT) - Interactive notebook formats (Jupyter
notebook ipynb) - Page layout formats (InDesign ICML) - Wiki markup formats
(MediaWiki, DokuWiki, TikiWiki, TWiki, Vimwiki, XWiki, ZimWiki, Jira wiki,
Creole) - Slide show formats (LaTeX Beamer, PowerPoint, Slidy, reveal.js,
Slideous, S5, DZSlides) - Data formats (CSV and TSV tables) - PDF (via external
programs such as pdflatex or wkhtmltopdf)

Pandoc can convert mathematical content in documents between TeX, MathML, Word
equations, roff eqn, typst, and plain text. It includes a powerful system for
automatic citations and bibliographies, and it can be customized extensively
using templates, filters, and custom readers and writers written in Lua.

For the pandoc command-line program, see the 'pandoc-cli' package.

For pdf output please also install pandoc-pdf or weasyprint.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-35936 and CVE-2023-38745
pandoc:
backport fixes for CVE-2023-35936 and CVE-2023-38745
pandoc-cli:
new package for pandoc binary
patat:
update to 0.11.0.0 and enable tests
base64, isocline, toml-parser: now packaged in Fedora
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 5 2024 Jens Petersen [petersen@redhat.com] - 3.1.3-29
- toml-parser is now packaged in Fedora
* Tue Feb 27 2024 Jens Petersen [petersen@redhat.com] - 3.1.3-28
- pandoc-cli is now packaged in Fedora
- move hslua subpackages to pandoc-cli
- backport fixes for CVE-2023-35936 and CVE-2023-38745
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.3-27
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.3-26
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2220871 - CVE-2023-35936 pandoc: allows attacker to create or overwrite arbitrary files on the system
https://bugzilla.redhat.com/show_bug.cgi?id=2220871
[ 2 ] Bug #2225379 - CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system (incomplete fix in upstream for CVE-2023-35936)
https://bugzilla.redhat.com/show_bug.cgi?id=2225379
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b458482d48' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: pandoc-cli-3.1.3-29.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b458482d48
2024-03-30 01:08:11.513507
--------------------------------------------------------------------------------

Name : pandoc-cli
Product : Fedora 39
Version : 3.1.3
Release : 29.fc39
URL : https://hackage.haskell.org/package/pandoc-cli
Summary : Conversion between documentation formats
Description :
Pandoc-cli provides a command-line executable that uses the pandoc library to
convert between markup formats.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-35936 and CVE-2023-38745
pandoc:
backport fixes for CVE-2023-35936 and CVE-2023-38745
pandoc-cli:
new package for pandoc binary
patat:
update to 0.11.0.0 and enable tests
base64, isocline, toml-parser: now packaged in Fedora
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 28 2024 Jens Petersen [petersen@redhat.com] - 3.1.3-29
- provide a pandoc binary package instead of pandoc-cli
* Wed Feb 28 2024 Jens Petersen [petersen@redhat.com] - 0.1.1.1-28
- hslua subpackages moved here from pandoc
* Thu Feb 22 2024 Jens Petersen [petersen@redhat.com] - 0.1.1.1-1
- spec file generated by cabal-rpm-2.1.5
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2220871 - CVE-2023-35936 pandoc: allows attacker to create or overwrite arbitrary files on the system
https://bugzilla.redhat.com/show_bug.cgi?id=2220871
[ 2 ] Bug #2225379 - CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system (incomplete fix in upstream for CVE-2023-35936)
https://bugzilla.redhat.com/show_bug.cgi?id=2225379
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b458482d48' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: ghc-toml-parser-1.3.2.0-29.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b458482d48
2024-03-30 01:08:11.513507
--------------------------------------------------------------------------------

Name : ghc-toml-parser
Product : Fedora 39
Version : 1.3.2.0
Release : 29.fc39
URL : https://hackage.haskell.org/package/toml-parser
Summary : TOML 1.0.0 parser
Description :
TOML parser using generated lexers and parsers with careful attention to the
TOML 1.0.0 semantics for defining tables.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-35936 and CVE-2023-38745
pandoc:
backport fixes for CVE-2023-35936 and CVE-2023-38745
pandoc-cli:
new package for pandoc binary
patat:
update to 0.11.0.0 and enable tests
base64, isocline, toml-parser: now packaged in Fedora
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 5 2024 Jens Petersen [petersen@redhat.com] - 1.3.2.0-29
- bump over pandoc
* Mon Feb 26 2024 Jens Petersen [petersen@redhat.com] - 1.3.2.0-1
- spec file generated by cabal-rpm-2.1.5
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2220871 - CVE-2023-35936 pandoc: allows attacker to create or overwrite arbitrary files on the system
https://bugzilla.redhat.com/show_bug.cgi?id=2220871
[ 2 ] Bug #2225379 - CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system (incomplete fix in upstream for CVE-2023-35936)
https://bugzilla.redhat.com/show_bug.cgi?id=2225379
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b458482d48' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: ghc-hakyll-4.16.2.0-4.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b458482d48
2024-03-30 01:08:11.513507
--------------------------------------------------------------------------------

Name : ghc-hakyll
Product : Fedora 39
Version : 4.16.2.0
Release : 4.fc39
URL : https://hackage.haskell.org/package/hakyll
Summary : A static website compiler library
Description :
Hakyll is a static website compiler library. It provides you with the tools to
create a simple or advanced static website using a Haskell DSL and formats such
as markdown or RST. You can find more information, including a tutorial, on the
website: ( http://jaspervdj.be/hakyll) .

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-35936 and CVE-2023-38745
pandoc:
backport fixes for CVE-2023-35936 and CVE-2023-38745
pandoc-cli:
new package for pandoc binary
patat:
update to 0.11.0.0 and enable tests
base64, isocline, toml-parser: now packaged in Fedora
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 27 2024 Jens Petersen [petersen@redhat.com] - 4.16.2.0-4
- rebuild
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 4.16.2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 4.16.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2220871 - CVE-2023-35936 pandoc: allows attacker to create or overwrite arbitrary files on the system
https://bugzilla.redhat.com/show_bug.cgi?id=2220871
[ 2 ] Bug #2225379 - CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system (incomplete fix in upstream for CVE-2023-35936)
https://bugzilla.redhat.com/show_bug.cgi?id=2225379
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b458482d48' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: ghc-base64-0.4.2.4-28.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b458482d48
2024-03-30 01:08:11.513507
--------------------------------------------------------------------------------

Name : ghc-base64
Product : Fedora 39
Version : 0.4.2.4
Release : 28.fc39
URL : https://hackage.haskell.org/package/base64
Summary : A modern RFC 4648-compliant Base64 library
Description :
RFC 4648-compliant Base64 with an eye towards performance and modernity
(additional support for RFC 7049 standards).

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-35936 and CVE-2023-38745
pandoc:
backport fixes for CVE-2023-35936 and CVE-2023-38745
pandoc-cli:
new package for pandoc binary
patat:
update to 0.11.0.0 and enable tests
base64, isocline, toml-parser: now packaged in Fedora
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 28 2024 Jens Petersen [petersen@redhat.com] - 0.4.2.4-28
- bump over pandoc
* Fri May 12 2023 Jens Petersen [petersen@redhat.com] - 0.4.2.4-2
- add doc files to devel
* Mon Jan 23 2023 Jens Petersen [petersen@redhat.com] - 0.4.2.4-1
- spec file generated by cabal-rpm-2.1.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2220871 - CVE-2023-35936 pandoc: allows attacker to create or overwrite arbitrary files on the system
https://bugzilla.redhat.com/show_bug.cgi?id=2220871
[ 2 ] Bug #2225379 - CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system (incomplete fix in upstream for CVE-2023-35936)
https://bugzilla.redhat.com/show_bug.cgi?id=2225379
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b458482d48' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: xen-4.17.2-8.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-9e9f53d01d
2024-03-30 01:08:11.513425
--------------------------------------------------------------------------------

Name : xen
Product : Fedora 39
Version : 4.17.2
Release : 8.fc39
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

x86: Register File Data Sampling [XSA-452, CVE-2023-28746]
GhostRace: Speculative Race Conditions [XSA-453, CVE-2024-2193]
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 14 2024 Michael Young [m.a.young@durham.ac.uk] - 4.17.2-8
- x86: Register File Data Sampling [XSA-452, CVE-2023-28746]
- GhostRace: Speculative Race Conditions [XSA-453, CVE-2024-2193]
- additional patches so above applies cleanly
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-9e9f53d01d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--