.NET, Python, RapidJSON, and more updates for Fedora

Fedora Linux 8695 Published 2024-07-19 07:11 by Philipp Esselbach

News

The following security updates have been released for Fedora Linux:

Fedora 39 Update: dotnet6.0-6.0.132-1.fc39
Fedora 39 Update: python-django4.2-4.2.14-1.fc39
Fedora 39 Update: python-django-4.2.14-2.fc39
Fedora 39 Update: rapidjson-1.1.0-41.fc39
Fedora 39 Update: qt6-qtbase-6.6.2-2.fc39
Fedora 39 Update: httpd-2.4.61-1.fc39
Fedora 40 Update: dotnet6.0-6.0.132-1.fc40
Fedora 40 Update: rapidjson-1.1.0-41.fc40
Fedora 40 Update: python-django4.2-4.2.14-1.fc40
Fedora 40 Update: python-django-4.2.14-2.fc40
Fedora 40 Update: ruby-3.3.4-11.fc40

Fedora 39 Update: dotnet6.0-6.0.132-1.fc39

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-523badd730
2024-07-19 02:21:03.764693
--------------------------------------------------------------------------------

Name : dotnet6.0
Product : Fedora 39
Version : 6.0.132
Release : 1.fc39
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the July 2024 security update for .NET 6.
Release Notes
SDK: https://github.com/dotnet/core/blob/main/release-
notes/6.0/6.0.32/6.0.132.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/6.0/6.0.32/6.0.32.md
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 9 2024 Omair Majid [omajid@redhat.com] - 6.0.132-1
- Update to .NET SDK 6.0.132 and Runtime 6.0.32
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-523badd730' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

Fedora 39 Update: python-django4.2-4.2.14-1.fc39

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a7eef0ca7b
2024-07-19 02:21:03.764686
--------------------------------------------------------------------------------

Name : python-django4.2
Product : Fedora 39
Version : 4.2.14
Release : 1.fc39
URL : https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
Update Information:

Security fixes for
https://nvd.nist.gov/vuln/detail/CVE-2024-38875
https://nvd.nist.gov/vuln/detail/CVE-2024-39329
https://nvd.nist.gov/vuln/detail/CVE-2024-3930
https://nvd.nist.gov/vuln/detail/CVE-2024-39614
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 10 2024 Michel Lind [salimma@fedoraproject.org] - 4.2.14-1
- Update to 4.2.14 to address multiple CVEs
- resolves CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, CVE-2024-39614
* Fri Jun 28 2024 Python Maint - 4.2.11-3
- Rebuilt for Python 3.13
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a7eef0ca7b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

Fedora 39 Update: python-django-4.2.14-2.fc39

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-82547e3e16
2024-07-19 02:21:03.764672
--------------------------------------------------------------------------------

Name : python-django
Product : Fedora 39
Version : 4.2.14
Release : 2.fc39
URL : https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
Update Information:

Security fixes for
https://nvd.nist.gov/vuln/detail/CVE-2024-38875
https://nvd.nist.gov/vuln/detail/CVE-2024-39329
https://nvd.nist.gov/vuln/detail/CVE-2024-3930
https://nvd.nist.gov/vuln/detail/CVE-2024-39614
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 10 2024 Neil Hanlon [neil@shrug.pw] - 4.2.14-2
- bring in patches from upstream to address python 3.13 issues
(fedora#2294769)
* Wed Jul 10 2024 Neil Hanlon [neil@shrug.pw] - 4.2.14-1
- update to 4.2.14 to address multiple CVEs
- resolves CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, CVE-2024-39614
* Sat Jun 29 2024 Python Maint - 4.2.11-4
- Rebuilt for Python 3.13
* Fri Jun 7 2024 Python Maint - 4.2.11-3
- Bootstrap for Python 3.13
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-82547e3e16' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

Fedora 39 Update: rapidjson-1.1.0-41.fc39

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a3c1b2629e
2024-07-19 02:21:03.764679
--------------------------------------------------------------------------------

Name : rapidjson
Product : Fedora 39
Version : 1.1.0
Release : 41.fc39
URL : http://rapidjson.org/
Summary : Fast JSON parser and generator for C++
Description :
RapidJSON is a fast JSON parser and generator for C++. It was
inspired by RapidXml.

RapidJSON is small but complete. It supports both SAX and DOM style
API. The SAX parser is only a half thousand lines of code.

RapidJSON is fast. Its performance can be comparable to strlen().
It also optionally supports SSE2/SSE4.1 for acceleration.

RapidJSON is self-contained. It does not depend on external
libraries such as BOOST. It even does not depend on STL.

RapidJSON is memory friendly. Each JSON value occupies exactly
16/20 bytes for most 32/64-bit machines (excluding text string). By
default it uses a fast memory allocator, and the parser allocates
memory compactly during parsing.

RapidJSON is Unicode friendly. It supports UTF-8, UTF-16, UTF-32
(LE & BE), and their detection, validation and transcoding
internally. For example, you can read a UTF-8 file and let RapidJSON
transcode the JSON strings into UTF-16 in the DOM. It also supports
surrogates and "\u0000" (null character).

JSON(JavaScript Object Notation) is a light-weight data exchange
format. RapidJSON should be in fully compliance with RFC4627/ECMA-404.

--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2024-38517.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 10 2024 Tom Hughes [tom@compton.nu] - 1.1.0-41
- Add patch for CVE-2024-38517 aka RHBZ#2296979
* Sun Feb 25 2024 Richard W.M. Jones [rjones@redhat.com] - 1.1.0-28
- Bump and rebuild package (for riscv64)
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.1.0-27
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.1.0-26
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jan 18 2024 Tom Hughes [tom@compton.nu] - 1.1.0-25
- Add upstream patches for improved gcc 14 and C++20 support
* Fri Jan 5 2024 Honza Horak [hhorak@redhat.com] - 1.1.0-24
- SPDX migration
- Add BSD license that is used by stdint.h and inttypes.h
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2296979 - CVE-2024-38517 rapidjson: privilege escalation via integer underflow in GenericReader::ParseNumber() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2296979
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a3c1b2629e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

Fedora 39 Update: qt6-qtbase-6.6.2-2.fc39

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-903b88b49e
2024-07-19 02:21:03.764635
--------------------------------------------------------------------------------

Name : qt6-qtbase
Product : Fedora 39
Version : 6.6.2
Release : 2.fc39
URL : http://qt-project.org/
Summary : Qt6 - QtBase components
Description :
Qt is a software toolkit for developing applications.

This package contains base tools, like string, xml, and network
handling.

--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2024-39936.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 8 2024 Jan Grulich [jgrulich@redhat.com] - 6.6.2-1
- HTTP2: Delay any communication until encrypted() can be responded to
Resolves: CVE-2024-39936
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2295882 - CVE-2024-39936 qt6-qtbase: Delay any communication until encrypted() can be responded to [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2295882
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-903b88b49e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

Fedora 39 Update: httpd-2.4.61-1.fc39

--

Fedora 40 Update: dotnet6.0-6.0.132-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-93b1d814a0
2024-07-19 01:45:23.518897
--------------------------------------------------------------------------------

Name : dotnet6.0
Product : Fedora 40
Version : 6.0.132
Release : 1.fc40
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the July 2024 security update for .NET 6.
Release Notes
SDK: https://github.com/dotnet/core/blob/main/release-
notes/6.0/6.0.32/6.0.132.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/6.0/6.0.32/6.0.32.md
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 9 2024 Omair Majid [omajid@redhat.com] - 6.0.132-1
- Update to .NET SDK 6.0.132 and Runtime 6.0.32
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-93b1d814a0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

Fedora 40 Update: rapidjson-1.1.0-41.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-fb1e912d0e
2024-07-19 01:45:23.518882
--------------------------------------------------------------------------------

Name : rapidjson
Product : Fedora 40
Version : 1.1.0
Release : 41.fc40
URL : http://rapidjson.org/
Summary : Fast JSON parser and generator for C++
Description :
RapidJSON is a fast JSON parser and generator for C++. It was
inspired by RapidXml.

RapidJSON is small but complete. It supports both SAX and DOM style
API. The SAX parser is only a half thousand lines of code.

RapidJSON is fast. Its performance can be comparable to strlen().
It also optionally supports SSE2/SSE4.1 for acceleration.

RapidJSON is self-contained. It does not depend on external
libraries such as BOOST. It even does not depend on STL.

RapidJSON is memory friendly. Each JSON value occupies exactly
16/20 bytes for most 32/64-bit machines (excluding text string). By
default it uses a fast memory allocator, and the parser allocates
memory compactly during parsing.

RapidJSON is Unicode friendly. It supports UTF-8, UTF-16, UTF-32
(LE & BE), and their detection, validation and transcoding
internally. For example, you can read a UTF-8 file and let RapidJSON
transcode the JSON strings into UTF-16 in the DOM. It also supports
surrogates and "\u0000" (null character).

JSON(JavaScript Object Notation) is a light-weight data exchange
format. RapidJSON should be in fully compliance with RFC4627/ECMA-404.

--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2024-38517.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 10 2024 Tom Hughes [tom@compton.nu] - 1.1.0-41
- Add patch for CVE-2024-38517 aka RHBZ#2296979
* Sun Feb 25 2024 Richard W.M. Jones [rjones@redhat.com] - 1.1.0-28
- Bump and rebuild package (for riscv64)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2296979 - CVE-2024-38517 rapidjson: privilege escalation via integer underflow in GenericReader::ParseNumber() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2296979
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-fb1e912d0e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

Fedora 40 Update: python-django4.2-4.2.14-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d05d37ead7
2024-07-19 01:45:23.518889
--------------------------------------------------------------------------------

Name : python-django4.2
Product : Fedora 40
Version : 4.2.14
Release : 1.fc40
URL : https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
Update Information:

Security fixes for
https://nvd.nist.gov/vuln/detail/CVE-2024-38875
https://nvd.nist.gov/vuln/detail/CVE-2024-39329
https://nvd.nist.gov/vuln/detail/CVE-2024-3930
https://nvd.nist.gov/vuln/detail/CVE-2024-39614
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 10 2024 Michel Lind [salimma@fedoraproject.org] - 4.2.14-1
- Update to 4.2.14 to address multiple CVEs
- resolves CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, CVE-2024-39614
* Fri Jun 28 2024 Python Maint - 4.2.11-3
- Rebuilt for Python 3.13
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d05d37ead7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

Fedora 40 Update: python-django-4.2.14-2.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-7dac82a14e
2024-07-19 01:45:23.518875
--------------------------------------------------------------------------------

Name : python-django
Product : Fedora 40
Version : 4.2.14
Release : 2.fc40
URL : https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
Update Information:

Security fixes for
https://nvd.nist.gov/vuln/detail/CVE-2024-38875
https://nvd.nist.gov/vuln/detail/CVE-2024-39329
https://nvd.nist.gov/vuln/detail/CVE-2024-3930
https://nvd.nist.gov/vuln/detail/CVE-2024-39614
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 10 2024 Neil Hanlon [neil@shrug.pw] - 4.2.14-2
- bring in patches from upstream to address python 3.13 issues
(fedora#2294769)
* Wed Jul 10 2024 Neil Hanlon [neil@shrug.pw] - 4.2.14-1
- update to 4.2.14 to address multiple CVEs
- resolves CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, CVE-2024-39614
* Sat Jun 29 2024 Python Maint - 4.2.11-4
- Rebuilt for Python 3.13
* Fri Jun 7 2024 Python Maint - 4.2.11-3
- Bootstrap for Python 3.13
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-7dac82a14e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

Fedora 40 Update: ruby-3.3.4-11.fc40

--

Java, OpenSSH, Firefox, Skopeo Updates for AlmaLinux 9

OpenShift, Qt5-qtbase, Libndp, and more updates for RHEL

Fedora 39 Update: dotnet6.0-6.0.132-1.fc39

Fedora 39 Update: python-django4.2-4.2.14-1.fc39

Fedora 39 Update: python-django-4.2.14-2.fc39

Fedora 39 Update: rapidjson-1.1.0-41.fc39

Fedora 39 Update: qt6-qtbase-6.6.2-2.fc39

Fedora 39 Update: httpd-2.4.61-1.fc39

Fedora 40 Update: dotnet6.0-6.0.132-1.fc40

Fedora 40 Update: rapidjson-1.1.0-41.fc40

Fedora 40 Update: python-django4.2-4.2.14-1.fc40

Fedora 40 Update: python-django-4.2.14-2.fc40

Fedora 40 Update: ruby-3.3.4-11.fc40

Windows

Linux

macOS

Community