Fedora Linux 8491 Published by

The following security updates have been released for Fedora Linux:

Fedora 39 Update: python-nikola-8.3.0-1.fc39
Fedora 38 Update: chromium-121.0.6167.160-1.fc38
Fedora 38 Update: openssh-9.0p1-19.fc38
Fedora 38 Update: python-nikola-8.3.0-1.fc38




Fedora 39 Update: python-nikola-8.3.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-262ad83644
2024-02-12 02:43:04.071835
--------------------------------------------------------------------------------

Name : python-nikola
Product : Fedora 39
Version : 8.3.0
Release : 1.fc39
URL : https://getnikola.com/
Summary : A modular, fast, simple, static website and blog generator
Description :
Nikola is a static site and blog generator using Python. It generates sites
with tags, feeds, archives, comments, and more from plain text files. Source
can be unformatted, or formatted with reStructuredText or Markdown.
It also automatically builds image galleries.

--------------------------------------------------------------------------------
Update Information:

Update to the latest stable version:
Features
Implement a new plugin manager from scratch to replace Yapsy,
which does not work on Python 3.12 due to Python 3.12 carelessly
removing parts of the standard library (Issue #3719)
Support for Discourse as comment system (Issue #3689)
Bugfixes
Fix loading of templates from plugins with __init__.py files
(Issue #3725)
Fix margins of paragraphs at the end of sections (Issue #3704)
Ignore .DS_Store files in listing indexes (Issue #3698)
Fix baguetteBox.js invoking in the base theme (Issue #3687)
Fix development (preview) server nikola auto
for non-root SITE_URL, in particular when URL_TYPE is full_path.
(Issue #3715)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 8.2.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering [releng@fedoraproject.org] - 8.2.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2159961 - CVE-2023-22467 python-nikola: luxon: Inefficient regular expression complexity in luxon.js [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2159961
[ 2 ] Bug #2257774 - python-nikola-8.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2257774
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-262ad83644' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: chromium-121.0.6167.160-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-364516d49a
2024-02-12 01:51:12.424636
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 38
Version : 121.0.6167.160
Release : 1.fc38
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 121.0.6167.160
High CVE-2024-1284: Use after free in Mojo
High CVE-2024-1283: Heap buffer overflow in Skia
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 7 2024 Than Ngo [than@redhat.com] - 121.0.6167.160-1
- update to 121.0.6167.160
* High CVE-2024-1284: Use after free in Mojo
* High CVE-2024-1283: Heap buffer overflow in Skia
* Thu Feb 1 2024 Than Ngo [than@redhat.com] - 121.0.6167.139-2
- Support for 64K pages on Linux/AArch64
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-364516d49a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: openssh-9.0p1-19.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2aac54ebb7
2024-02-12 01:51:12.424629
--------------------------------------------------------------------------------

Name : openssh
Product : Fedora 38
Version : 9.0p1
Release : 19.fc38
URL : http://www.openssh.com/portable.html
Summary : An open source implementation of SSH protocol version 2
Description :
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features.

This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.

--------------------------------------------------------------------------------
Update Information:

Apply fix for CVE-2023-28531
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 8 2024 Dmitry Belyavskiy [dbelyavs@redhat.com] - 9.0p1-19
- Apply fix for CVE-2023-28531
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2aac54ebb7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: python-nikola-8.3.0-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-1eb20f8ec3
2024-02-12 01:51:12.424489
--------------------------------------------------------------------------------

Name : python-nikola
Product : Fedora 38
Version : 8.3.0
Release : 1.fc38
URL : https://getnikola.com/
Summary : A modular, fast, simple, static website and blog generator
Description :
Nikola is a static site and blog generator using Python. It generates sites
with tags, feeds, archives, comments, and more from plain text files. Source
can be unformatted, or formatted with reStructuredText or Markdown.
It also automatically builds image galleries.

--------------------------------------------------------------------------------
Update Information:

Update to the latest stable version:
Features
Implement a new plugin manager from scratch to replace Yapsy,
which does not work on Python 3.12 due to Python 3.12 carelessly
removing parts of the standard library (Issue #3719)
Support for Discourse as comment system (Issue #3689)
Bugfixes
Fix loading of templates from plugins with __init__.py files
(Issue #3725)
Fix margins of paragraphs at the end of sections (Issue #3704)
Ignore .DS_Store files in listing indexes (Issue #3698)
Fix baguetteBox.js invoking in the base theme (Issue #3687)
Fix development (preview) server nikola auto
for non-root SITE_URL, in particular when URL_TYPE is full_path.
(Issue #3715)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 8.2.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering [releng@fedoraproject.org] - 8.2.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jul 21 2023 Fedora Release Engineering [releng@fedoraproject.org] - 8.2.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jul 14 2023 Adam Williamson [awilliam@redhat.com] - 8.2.4-3
- Improve the plugin template loading patch
* Fri Jul 14 2023 Python Maint - 8.2.4-2
- Rebuilt for Python 3.12
* Mon May 1 2023 Sandro Mani [manisandro@gmail.com] - 8.2.4-1
- Update to 8.2.4
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2159961 - CVE-2023-22467 python-nikola: luxon: Inefficient regular expression complexity in luxon.js [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2159961
[ 2 ] Bug #2257774 - python-nikola-8.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2257774
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-1eb20f8ec3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--