Fedora 41 Update: chromium-131.0.6778.108-1.fc41
Fedora 41 Update: uv-0.5.5-2.fc41
Fedora 41 Update: python3.11-3.11.11-1.fc41
Fedora 40 Update: chromium-131.0.6778.108-1.fc40
[SECURITY] Fedora 41 Update: chromium-131.0.6778.108-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-791faa660a
2024-12-07 07:36:24.986271+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 41
Version : 131.0.6778.108
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 131.0.6778.108
High CVE-2024-12053: Type Confusion in V8
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2024 Than Ngo [than@redhat.com] - 131.0.6778.108-1
- Update to 131.0.6778.108
* High CVE-2024-12053: Type Confusion in V8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2329204 - CVE-2024-9369 chromium: Insufficient data validation in Mojo [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2329204
[ 2 ] Bug #2329205 - CVE-2024-9369 chromium: Insufficient data validation in Mojo [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2329205
[ 3 ] Bug #2329208 - CVE-2024-7025 chromium: Integer overflow in Layout [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2329208
[ 4 ] Bug #2329209 - CVE-2024-7025 chromium: Integer overflow in Layout [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2329209
[ 5 ] Bug #2330232 - CVE-2024-12053 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2330232
[ 6 ] Bug #2330233 - CVE-2024-12053 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2330233
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-791faa660a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: uv-0.5.5-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8568f9cd5e
2024-12-07 07:36:24.985993+00:00
--------------------------------------------------------------------------------
Name : uv
Product : Fedora 41
Version : 0.5.5
Release : 2.fc41
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package installer and resolver, written in Rust.
Designed as a drop-in replacement for common pip and pip-tools workflows.
Highlights:
•️ Drop-in replacement for common pip, pip-tools, and virtualenv commands.
•️ 10-100x faster than pip and pip-tools (pip-compile and pip-sync).
•Disk-space efficient, with a global cache for dependency deduplication.
•Installable via curl, pip, pipx, etc. uv is a static binary that can be
installed without Rust or Python.
•Tested at-scale against the top 10,000 PyPI packages.
•️ Support for macOS, Linux, and Windows.
•Advanced features such as dependency version overrides and alternative
resolution strategies.
•️ Best-in-class error messages with a conflict-tracking resolver.
•Support for a wide range of advanced pip features, including editable
installs, Git dependencies, direct URL dependencies, local dependencies,
constraints, source distributions, HTML and JSON indexes, and more.
--------------------------------------------------------------------------------
Update Information:
Update uv from 0.4.30 to 0.5.5. This is a significant update. Please see the
following notes.
By updating to a current release of uv, this update fixes CVE-2024-53899, which
was originally reported against virtualenv but which was also reproducible on uv
0.5.2 and earlier. See upstream issue #9424 for more details.
This update adds a default system-wide configuration file /etc/uv/uv.toml with
settings specific to Fedora. The RPM-packaged uv now deviates from the default
configuration in two ways.
First, we set "python-downloads" to "manual" in order to avoid unintended Python
downloads. We suggest using RPM-packaged (system) Pythons that benefit from
distribution maintenance and integration. Use uv python install to manually
install managed Pythons.
Second, we set "python-preference" to "system" instead of "managed". Otherwise,
any managed Python would be used for uv operations where no particular Python is
specified, even if the only available managed Python were much older than the
primary system Python.
No choices can be appropriate for all users and applications. To restore the
default behavior, comment out settings in this file or override them in a
configuration file with higher precedence, such as a user-level configuration
file. See https://docs.astral.sh/uv/configuration/files/ for details on the
interaction of project-, user-, and system-level configuration files.
With 0.5.0, uv introduced several potentially breaking changes. The developers
write that these are “changes that improve correctness and user experience, but
could break some workflows. This release contains those changes; many have been
marked as breaking out of an abundance of caution. We expect most users to be
able to upgrade without making changes.”
Use base executable to set virtualenv Python path
Use XDG (i.e. ~/.local/bin) instead of the Cargo home directory in the installer
Discover and respect .python-version files in parent directories
Error when disallowed settings are defined in uv.toml
Implement PEP 440-compliant local version semantics
Treat the base Conda environment as a system environment
Do not allow pre-releases when the != operator is used
Prefer USERPROFILE over FOLDERID_Profile when selecting a home directory on
Windows
Improve interactions between color environment variables and CLI options
Make allow-insecure-host a global option
Only write .python-version files during uv init for workspace members if the
version differs
For detailed discussion of these changes, please see https://github.com/astral-
sh/uv/releases/tag/0.5.0.
For other fixes, enhancements, and changes in this update, please consult the
following:
https://github.com/astral-sh/uv/releases/tag/0.5.1
https://github.com/astral-sh/uv/releases/tag/0.5.2
https://github.com/astral-sh/uv/releases/tag/0.5.3
https://github.com/astral-sh/uv/releases/tag/0.5.4
https://github.com/astral-sh/uv/releases/tag/0.5.5
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 28 2024 Benjamin A. Beasley - 0.5.5-2
- Revert "Backport a path-escaping fix for the batch activation script"
* Wed Nov 27 2024 Benjamin A. Beasley - 0.5.5-1
- Update to 0.5.5 (close RHBZ#2329188)
* Wed Nov 27 2024 Benjamin A. Beasley - 0.5.4-2
- Backport a path-escaping fix for the batch activation script
* Thu Nov 21 2024 Benjamin A. Beasley - 0.5.4-1
- Update to 0.5.4 (close RHBZ#2327512)
* Thu Nov 21 2024 Benjamin A. Beasley - 0.5.3-1
- Update to 0.5.3
* Tue Nov 19 2024 Benjamin A. Beasley - 0.5.2-2
- Stop loosening the mailparse dependency version bound
* Mon Nov 18 2024 Benjamin A. Beasley - 0.5.2-1
- Update to 0.5.2 (close RHBZ#2323792)
* Sat Nov 16 2024 Benjamin A. Beasley - 0.5.1-1
- Update to 0.5.1
* Sat Nov 16 2024 Benjamin A. Beasley - 0.5.0-1
- Update to 0.5.0
* Thu Nov 14 2024 Benjamin A. Beasley - 0.4.30-4
- Also configure python-preference = "system"
* Thu Nov 14 2024 Benjamin A. Beasley - 0.4.30-3
- Install a default system-wide uv.toml
- Configure python-downloads = "manual"
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2327512 - uv-0.5.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2327512
[ 2 ] Bug #2328746 - CVE-2024-53899 uv: potential command injection via virtual environment activation scripts [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2328746
[ 3 ] Bug #2329188 - uv-0.5.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2329188
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8568f9cd5e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: python3.11-3.11.11-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-01d838d947
2024-12-08 02:45:08.762947+00:00
--------------------------------------------------------------------------------
Name : python3.11
Product : Fedora 41
Version : 3.11.11
Release : 1.fc41
URL : https://www.python.org/
Summary : Version 3.11 of the Python interpreter
Description :
Python 3.11 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.11 package provides the "python3.11" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.11-libs package,
which should be installed automatically along with python3.11.
The remaining parts of the Python standard library are broken out into the
python3.11-tkinter and python3.11-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.11-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.11-" prefix.
--------------------------------------------------------------------------------
Update Information:
Python 3.11.11 security release.
Security content in this release
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the
mapped IPv4 address value for deciding properties. Properties which have their
behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and
is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation
scripts.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2024 Lumír Balhar - 3.11.11-1
- Update to 3.11.11
- Fixes: rhbz#2321655
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2321655 - CVE-2024-9287 python3.11: Virtual environment (venv) activation scripts don't quote paths [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321655
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-01d838d947' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 40 Update: chromium-131.0.6778.108-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-35cc1d9ec0
2024-12-08 02:16:52.150048+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 40
Version : 131.0.6778.108
Release : 1.fc40
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 131.0.6778.108
High CVE-2024-12053: Type Confusion in V8
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2024 Than Ngo [than@redhat.com] - 131.0.6778.108-1
- Update to 131.0.6778.108
* High CVE-2024-12053: Type Confusion in V8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2329204 - CVE-2024-9369 chromium: Insufficient data validation in Mojo [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2329204
[ 2 ] Bug #2329205 - CVE-2024-9369 chromium: Insufficient data validation in Mojo [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2329205
[ 3 ] Bug #2329208 - CVE-2024-7025 chromium: Integer overflow in Layout [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2329208
[ 4 ] Bug #2329209 - CVE-2024-7025 chromium: Integer overflow in Layout [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2329209
[ 5 ] Bug #2330232 - CVE-2024-12053 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2330232
[ 6 ] Bug #2330233 - CVE-2024-12053 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2330233
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-35cc1d9ec0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
