Fedora 40 Update: python3.11-3.11.11-1.fc40
Fedora 40 Update: python3.9-3.9.21-1.fc40
Fedora 40 Update: radare2-5.9.8-4.fc40
Fedora 40 Update: iaito-5.9.9-2.fc40
Fedora 41 Update: python3.9-3.9.21-1.fc41
Fedora 41 Update: radare2-5.9.8-4.fc41
Fedora 41 Update: iaito-5.9.9-2.fc41
[SECURITY] Fedora 40 Update: python3.11-3.11.11-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-5ea38dfb80
2024-12-12 02:29:32.892834+00:00
--------------------------------------------------------------------------------
Name : python3.11
Product : Fedora 40
Version : 3.11.11
Release : 1.fc40
URL : https://www.python.org/
Summary : Version 3.11 of the Python interpreter
Description :
Python 3.11 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.11 package provides the "python3.11" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.11-libs package,
which should be installed automatically along with python3.11.
The remaining parts of the Python standard library are broken out into the
python3.11-tkinter and python3.11-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.11-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.11-" prefix.
--------------------------------------------------------------------------------
Update Information:
Python 3.11.11 security release.
Security content in this release
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the
mapped IPv4 address value for deciding properties. Properties which have their
behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and
is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation
scripts.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2024 Lumír Balhar - 3.11.11-1
- Update to 3.11.11
- Fixes: rhbz#2321655
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2321655 - CVE-2024-9287 python3.11: Virtual environment (venv) activation scripts don't quote paths [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321655
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-5ea38dfb80' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 40 Update: python3.9-3.9.21-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-607a0047bc
2024-12-12 02:29:32.892820+00:00
--------------------------------------------------------------------------------
Name : python3.9
Product : Fedora 40
Version : 3.9.21
Release : 1.fc40
URL : https://www.python.org/
Summary : Version 3.9 of the Python interpreter
Description :
Python 3.9 package for developers.
This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.9, see other distributions
that support it, such as CentOS or RHEL or older Fedora releases.
--------------------------------------------------------------------------------
Update Information:
Python 3.9.21 security release.
Security content in this release
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the
mapped IPv4 address value for deciding properties. Properties which have their
behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and
is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation
scripts.
gh-103848: Added checks to ensure that [ bracketed ] hosts found by
urllib.parse.urlsplit() are of IPv6 or IPvFuture format.
gh-95588: Clarified the conflicting advice given in the ast documentation about
ast.literal_eval() being "safe" for use on untrusted input while at the same
time warning that it can crash the process. The latter statement is true and is
deemed unfixable without a large amount of work unsuitable for a bugfix. So we
keep the warning and no longer claim that literal_eval is safe.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2024 Lumír Balhar - 3.9.21-1
- Update to 3.9.21
- Fixes: rhbz#2321662
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2321662 - CVE-2024-9287 python3.9: Virtual environment (venv) activation scripts don't quote paths [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321662
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-607a0047bc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 40 Update: radare2-5.9.8-4.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d4d1e89e61
2024-12-12 02:29:32.892756+00:00
--------------------------------------------------------------------------------
Name : radare2
Product : Fedora 40
Version : 5.9.8
Release : 4.fc40
URL : https://radare.org/
Summary : The reverse engineering framework
Description :
The radare2 is a reverse-engineering framework that is multi-architecture,
multi-platform, and highly scriptable. Radare2 provides a hexadecimal
editor, wrapped I/O, file system support, debugger support, diffing
between two functions or binaries, and code analysis at opcode,
basic block, and function levels.
--------------------------------------------------------------------------------
Update Information:
Bump radare2 to 5.9.8, iaito to 5.9.9, fixes CVE-2024-11858
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 30 2024 Michal Ambroz [rebus@seznam.cz] - 5.9.8-4
- fix epel build
* Mon Nov 25 2024 Michal Ambroz [rebus@seznam.cz] - 5.9.8-2
- documentation of embedded quickjs-ng library
* Fri Nov 22 2024 Michal Ambroz [rebus@seznam.cz] - 5.9.8-1
- bump to 5.9.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2313891 - iaito: fails to install from epel9
https://bugzilla.redhat.com/show_bug.cgi?id=2313891
[ 2 ] Bug #2327286 - iaito-5.9.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2327286
[ 3 ] Bug #2327308 - radare2-5.9.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2327308
[ 4 ] Bug #2329104 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2329104
[ 5 ] Bug #2329105 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2329105
[ 6 ] Bug #2329107 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2329107
[ 7 ] Bug #2329108 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2329108
[ 8 ] Bug #2329622 - F41FailsToInstall: iaito
https://bugzilla.redhat.com/show_bug.cgi?id=2329622
[ 9 ] Bug #2329623 - F40FailsToInstall: iaito
https://bugzilla.redhat.com/show_bug.cgi?id=2329623
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d4d1e89e61' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: iaito-5.9.9-2.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d4d1e89e61
2024-12-12 02:29:32.892756+00:00
--------------------------------------------------------------------------------
Name : iaito
Product : Fedora 40
Version : 5.9.9
Release : 2.fc40
URL : https://radare.org/n/iaito.html
Summary : GUI for radare2 reverse engineering framework
Description :
iaito is a Qt and C++ GUI for radare2.
It is the continuation of Cutter before the fork to keep radare2 as backend.
Its goal is making an advanced, customizable and FOSS reverse-engineering
platform while keeping the user experience at mind.
The iaito is created by reverse engineers for reverse engineers.
Focus on supporting latest version of radare2.
Recommend the use of system installed libraries/radare2.
Closer integration between r2 and the UI.
--------------------------------------------------------------------------------
Update Information:
Bump radare2 to 5.9.8, iaito to 5.9.9, fixes CVE-2024-11858
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 30 2024 Michal Ambroz [rebus@seznam.cz] - 5.9.9-2
- iaito rebuild
* Mon Nov 25 2024 Michal Ambroz [rebus@seznam.cz] - 5.9.9-1
- bump to 5.9.9
* Thu Oct 31 2024 Michal Ambroz [rebus@seznam.cz] - 5.9.6-2
- fix epel8 build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2313891 - iaito: fails to install from epel9
https://bugzilla.redhat.com/show_bug.cgi?id=2313891
[ 2 ] Bug #2327286 - iaito-5.9.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2327286
[ 3 ] Bug #2327308 - radare2-5.9.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2327308
[ 4 ] Bug #2329104 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2329104
[ 5 ] Bug #2329105 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2329105
[ 6 ] Bug #2329107 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2329107
[ 7 ] Bug #2329108 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2329108
[ 8 ] Bug #2329622 - F41FailsToInstall: iaito
https://bugzilla.redhat.com/show_bug.cgi?id=2329622
[ 9 ] Bug #2329623 - F40FailsToInstall: iaito
https://bugzilla.redhat.com/show_bug.cgi?id=2329623
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d4d1e89e61' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: python3.9-3.9.21-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-47e4624c89
2024-12-12 01:33:19.386744+00:00
--------------------------------------------------------------------------------
Name : python3.9
Product : Fedora 41
Version : 3.9.21
Release : 1.fc41
URL : https://www.python.org/
Summary : Version 3.9 of the Python interpreter
Description :
Python 3.9 package for developers.
This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.9, see other distributions
that support it, such as CentOS or RHEL or older Fedora releases.
--------------------------------------------------------------------------------
Update Information:
Python 3.9.21 security release.
Security content in this release
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the
mapped IPv4 address value for deciding properties. Properties which have their
behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and
is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation
scripts.
gh-103848: Added checks to ensure that [ bracketed ] hosts found by
urllib.parse.urlsplit() are of IPv6 or IPvFuture format.
gh-95588: Clarified the conflicting advice given in the ast documentation about
ast.literal_eval() being "safe" for use on untrusted input while at the same
time warning that it can crash the process. The latter statement is true and is
deemed unfixable without a large amount of work unsuitable for a bugfix. So we
keep the warning and no longer claim that literal_eval is safe.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2024 Lumír Balhar - 3.9.21-1
- Update to 3.9.21
- Fixes: rhbz#2321662
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2321662 - CVE-2024-9287 python3.9: Virtual environment (venv) activation scripts don't quote paths [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321662
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-47e4624c89' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: radare2-5.9.8-4.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ac8d48e58a
2024-12-12 01:33:19.386673+00:00
--------------------------------------------------------------------------------
Name : radare2
Product : Fedora 41
Version : 5.9.8
Release : 4.fc41
URL : https://radare.org/
Summary : The reverse engineering framework
Description :
The radare2 is a reverse-engineering framework that is multi-architecture,
multi-platform, and highly scriptable. Radare2 provides a hexadecimal
editor, wrapped I/O, file system support, debugger support, diffing
between two functions or binaries, and code analysis at opcode,
basic block, and function levels.
--------------------------------------------------------------------------------
Update Information:
Bump radare2 to 5.9.8, iaito to 5.9.9, fixes CVE-2024-11858
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 30 2024 Michal Ambroz [rebus@seznam.cz] - 5.9.8-4
- fix epel build
* Mon Nov 25 2024 Michal Ambroz [rebus@seznam.cz] - 5.9.8-2
- documentation of embedded quickjs-ng library
* Fri Nov 22 2024 Michal Ambroz [rebus@seznam.cz] - 5.9.8-1
- bump to 5.9.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2313891 - iaito: fails to install from epel9
https://bugzilla.redhat.com/show_bug.cgi?id=2313891
[ 2 ] Bug #2327286 - iaito-5.9.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2327286
[ 3 ] Bug #2327308 - radare2-5.9.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2327308
[ 4 ] Bug #2329104 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2329104
[ 5 ] Bug #2329105 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2329105
[ 6 ] Bug #2329107 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2329107
[ 7 ] Bug #2329108 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2329108
[ 8 ] Bug #2329622 - F41FailsToInstall: iaito
https://bugzilla.redhat.com/show_bug.cgi?id=2329622
[ 9 ] Bug #2329623 - F40FailsToInstall: iaito
https://bugzilla.redhat.com/show_bug.cgi?id=2329623
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ac8d48e58a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: iaito-5.9.9-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ac8d48e58a
2024-12-12 01:33:19.386673+00:00
--------------------------------------------------------------------------------
Name : iaito
Product : Fedora 41
Version : 5.9.9
Release : 2.fc41
URL : https://radare.org/n/iaito.html
Summary : GUI for radare2 reverse engineering framework
Description :
iaito is a Qt and C++ GUI for radare2.
It is the continuation of Cutter before the fork to keep radare2 as backend.
Its goal is making an advanced, customizable and FOSS reverse-engineering
platform while keeping the user experience at mind.
The iaito is created by reverse engineers for reverse engineers.
Focus on supporting latest version of radare2.
Recommend the use of system installed libraries/radare2.
Closer integration between r2 and the UI.
--------------------------------------------------------------------------------
Update Information:
Bump radare2 to 5.9.8, iaito to 5.9.9, fixes CVE-2024-11858
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 30 2024 Michal Ambroz [rebus@seznam.cz] - 5.9.9-2
- iaito rebuild
* Mon Nov 25 2024 Michal Ambroz [rebus@seznam.cz] - 5.9.9-1
- bump to 5.9.9
* Thu Oct 31 2024 Michal Ambroz [rebus@seznam.cz] - 5.9.6-2
- fix epel8 build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2313891 - iaito: fails to install from epel9
https://bugzilla.redhat.com/show_bug.cgi?id=2313891
[ 2 ] Bug #2327286 - iaito-5.9.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2327286
[ 3 ] Bug #2327308 - radare2-5.9.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2327308
[ 4 ] Bug #2329104 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2329104
[ 5 ] Bug #2329105 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2329105
[ 6 ] Bug #2329107 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2329107
[ 7 ] Bug #2329108 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2329108
[ 8 ] Bug #2329622 - F41FailsToInstall: iaito
https://bugzilla.redhat.com/show_bug.cgi?id=2329622
[ 9 ] Bug #2329623 - F40FailsToInstall: iaito
https://bugzilla.redhat.com/show_bug.cgi?id=2329623
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ac8d48e58a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
