Fedora Linux 8615 Published by

The following security updates are available for Fedora Linux:

Fedora 39 Update: efifs-1.9-6.fc39
Fedora 39 Update: prometheus-podman-exporter-1.12.0-1.fc39
Fedora 40 Update: libvirt-10.1.0-2.fc40
Fedora 40 Update: efifs-1.9-6.fc40
Fedora 40 Update: prometheus-podman-exporter-1.12.0-1.fc40
Fedora 40 Update: podman-tui-1.1.0-1.fc40
Fedora 40 Update: strongswan-5.9.14-1.fc40




Fedora 39 Update: efifs-1.9-6.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-69933b0732
2024-06-11 01:58:11.794142
--------------------------------------------------------------------------------

Name : efifs
Product : Fedora 39
Version : 1.9
Release : 6.fc39
URL : https://efi.akeo.ie/
Summary : Free software EFI/UEFI standalone file system drivers
Description :
Free software EFI/UEFI standalone file system drivers, based on the GRUB 2.0
read-only drivers: AFFS (Amiga Fast FileSystem), BFS (BeOS FileSystem), btrfs,
exFAT, ext2/ext3/ext4, F2FS (experimental), HFS and HFS+ (Mac OS, including
the compression support), ISO9660, JFS (Journaled FileSystem), nilfs2, NTFS
(including compression support), ReiserFS, SFS (Amiga Smart FileSystem), UDF,
UFS/FFS, UFS2/FFS2, XFS, ZFS and more.

--------------------------------------------------------------------------------
Update Information:

Update bundled edk2 to 20240524 (#2284243)
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 2 2024 Robert Scheck [robert@fedoraproject.org] 1.9-6
- Update bundled edk2 to 20240524 (#2284243)
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.9-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.9-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2284243 - CVE-2024-1298 edk2: Temporary DoS vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2284243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-69933b0732' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: prometheus-podman-exporter-1.12.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-1bae1999ba
2024-06-11 01:58:11.794064
--------------------------------------------------------------------------------

Name : prometheus-podman-exporter
Product : Fedora 39
Version : 1.12.0
Release : 1.fc39
URL : https://github.com/containers/prometheus-podman-exporter
Summary : Prometheus exporter for podman environment
Description :
Prometheus exporter for podman environments exposing containers, pods, images,
volumes and networks information.

--------------------------------------------------------------------------------
Update Information:

release 1.12.0
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 2 2024 Navid Yaghoobi [navidys@fedoraproject.org] - 1.12.0-1
- release v1.12.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2284382 - TRIAGE CVE-2024-3727 prometheus-podman-exporter: containers/image: digest type does not guarantee valid type [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2284382
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-1bae1999ba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: libvirt-10.1.0-2.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ee96e0c470
2024-06-11 01:48:54.482850
--------------------------------------------------------------------------------

Name : libvirt
Product : Fedora 40
Version : 10.1.0
Release : 2.fc40
URL : https://libvirt.org/
Summary : Library providing a simple virtualization API
Description :
Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). The main package includes
the libvirtd server exporting the virtualization support.

--------------------------------------------------------------------------------
Update Information:

Fix crash in event loop (CVE-2024-4418)
Fix leak of GSource object
Fix leak of udev object reference
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2278616 - CVE-2024-4418 libvirt: stack use-after-free in virNetClientIOEventLoop()
https://bugzilla.redhat.com/show_bug.cgi?id=2278616
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ee96e0c470' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: efifs-1.9-6.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-07342adb87
2024-06-11 01:48:54.482768
--------------------------------------------------------------------------------

Name : efifs
Product : Fedora 40
Version : 1.9
Release : 6.fc40
URL : https://efi.akeo.ie/
Summary : Free software EFI/UEFI standalone file system drivers
Description :
Free software EFI/UEFI standalone file system drivers, based on the GRUB 2.0
read-only drivers: AFFS (Amiga Fast FileSystem), BFS (BeOS FileSystem), btrfs,
exFAT, ext2/ext3/ext4, F2FS (experimental), HFS and HFS+ (Mac OS, including
the compression support), ISO9660, JFS (Journaled FileSystem), nilfs2, NTFS
(including compression support), ReiserFS, SFS (Amiga Smart FileSystem), UDF,
UFS/FFS, UFS2/FFS2, XFS, ZFS and more.

--------------------------------------------------------------------------------
Update Information:

Update bundled edk2 to 20240524 (#2284243)
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 2 2024 Robert Scheck [robert@fedoraproject.org] 1.9-6
- Update bundled edk2 to 20240524 (#2284243)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2284243 - CVE-2024-1298 edk2: Temporary DoS vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2284243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-07342adb87' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: prometheus-podman-exporter-1.12.0-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2f8a62d6d6
2024-06-11 01:48:54.482676
--------------------------------------------------------------------------------

Name : prometheus-podman-exporter
Product : Fedora 40
Version : 1.12.0
Release : 1.fc40
URL : https://github.com/containers/prometheus-podman-exporter
Summary : Prometheus exporter for podman environment
Description :
Prometheus exporter for podman environments exposing containers, pods, images,
volumes and networks information.

--------------------------------------------------------------------------------
Update Information:

release 1.12.0
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 2 2024 Navid Yaghoobi [navidys@fedoraproject.org] - 1.12.0-1
- release v1.12.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2284382 - TRIAGE CVE-2024-3727 prometheus-podman-exporter: containers/image: digest type does not guarantee valid type [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2284382
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2f8a62d6d6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: podman-tui-1.1.0-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e383f723a9
2024-06-11 01:48:54.482661
--------------------------------------------------------------------------------

Name : podman-tui
Product : Fedora 40
Version : 1.1.0
Release : 1.fc40
URL : https://github.com/containers/podman-tui
Summary : Podman Terminal User Interface
Description :

podman-tui is a terminal user interface for Podman v4 and v5.
podman-tui is using podman.socket service to communicate with podman environment
and SSH to connect to remote podman machines.

--------------------------------------------------------------------------------
Update Information:

release 1.1.0
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 2 2024 Navid Yaghoobi [navidys@fedoraproject.org] - 1.1.0-1
- release v1.1.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2284381 - TRIAGE CVE-2024-3727 podman-tui: containers/image: digest type does not guarantee valid type [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2284381
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e383f723a9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: strongswan-5.9.14-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-6712c699fc
2024-06-11 01:48:54.482619
--------------------------------------------------------------------------------

Name : strongswan
Product : Fedora 40
Version : 5.9.14
Release : 1.fc40
URL : https://www.strongswan.org/
Summary : An OpenSource IPsec-based VPN and TNC solution
Description :
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key
exchange protocols in conjunction with the native NETKEY IPsec stack of the
Linux kernel.

--------------------------------------------------------------------------------
Update Information:

Fixes CVE-2023-41913 buffer overflow and possible RCE, various IKEv2
improvements
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 31 2024 Paul Wouters [paul.wouters@aiven.io] - 5.9.14-1
- Resolves: rhbz#2254560 CVE-2023-41913 buffer overflow and possible RCE
- Resolved: rhbz#2250666 Update to 5.9.14 (IKEv2 OCSP extensions, seqno/regno overflow handling
- Update to 5.9.13 (OCSP nonce set regression configuration option charon.ocsp_nonce_len)
- Update to 5.9.12 (CVE-2023-41913 fix, various IKEv2 fixes)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2254560 - CVE-2023-41913 strongswan: buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=2254560
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6712c699fc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--