[SECURITY] Fedora 39 Update: python3.13-3.13.0~rc1-2.fc39
[SECURITY] Fedora 39 Update: thunderbird-115.14.0-1.fc39
[SECURITY] Fedora 39 Update: tor-0.4.8.12-2.fc39
[SECURITY] Fedora 39 Update: python3.13-3.13.0~rc1-2.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-c452738920
2024-08-16 01:20:41.301576
--------------------------------------------------------------------------------
Name : python3.13
Product : Fedora 39
Version : 3.13.0~rc1
Release : 2.fc39
URL : https://www.python.org/
Summary : Version 3.13 of the Python interpreter
Description :
Python 3.13 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.13 package provides the "python3.13" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.13-libs package,
which should be installed automatically along with python3.13.
The remaining parts of the Python standard library are broken out into the
python3.13-tkinter and python3.13-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.13-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.13-" prefix.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2024-6923.
Fix SystemError in PyEval_GetLocals()
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 6 2024 Miro Hrončok - 3.13.0~rc1-2
- Fix SystemError in PyEval_GetLocals()
- Fixes: rhbz#2303107
- Security fix for CVE-2024-6923
- Fixes: rhbz#2303160
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2302255 - CVE-2024-6923 cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection
https://bugzilla.redhat.com/show_bug.cgi?id=2302255
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-c452738920' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 39 Update: thunderbird-115.14.0-1.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-7fe5206574
2024-08-16 01:20:41.301487
--------------------------------------------------------------------------------
Name : thunderbird
Product : Fedora 39
Version : 115.14.0
Release : 1.fc39
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
--------------------------------------------------------------------------------
Update Information:
Update to 115.14.0
https://www.thunderbird.net/en-US/thunderbird/115.14.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 6 2024 Eike Rathke [erack@redhat.com] - 115.14.0-1
- Update to 115.14.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-7fe5206574' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 39 Update: tor-0.4.8.12-2.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-c2da7f4de7
2024-08-16 01:20:41.301445
--------------------------------------------------------------------------------
Name : tor
Product : Fedora 39
Version : 0.4.8.12
Release : 2.fc39
URL : https://www.torproject.org
Summary : Anonymizing overlay network for TCP
Description :
The Tor network is a group of volunteer-operated servers that allows people to
improve their privacy and security on the Internet. Tor's users employ this
network by connecting through a series of virtual tunnels rather than making a
direct connection, thus allowing both organizations and individuals to share
information over public networks without compromising their privacy. Along the
same line, Tor is an effective censorship circumvention tool, allowing its
users to reach otherwise blocked destinations or content. Tor can also be used
as a building block for software developers to create new communication tools
with built-in privacy features.
This package contains the Tor software that can act as either a server on the
Tor network, or as a client to connect to the Tor network.
--------------------------------------------------------------------------------
Update Information:
Re-add systemd-devel as build dependency so the daemon knows how to notify
systemd that it was started - fixes bz#2302910
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 6 2024 Marcel Härry - 0.4.8.12-2
- Re-add systemd-devel as build dependency so the daemon knows how to notify systemd that it was started - fixes bz#2302910
* Sat Aug 3 2024 Marcel Härry - 0.4.8.12-1
- update to latest upstream release https://forum.torproject.org/t/stable-release-0-4-8-12/13060
- Security fixes: bz#2248564, bz#2281499, bz#2281500, bz#2281502, bz#2281503
- switch to sysusers based user provisioning approach - fixes bz#2252618
- Add legacy openssl build dependency from F41 on - fixes FTBS / bz#2301334
- since we can now drop EL7 support we can also cleanup systemd handling
* Sat Jul 20 2024 Fedora Release Engineering - 0.4.8.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2252618 - Tor.service fails to start
https://bugzilla.redhat.com/show_bug.cgi?id=2252618
[ 2 ] Bug #2281499 - CVE-2024-35312 tor: STUB circuits incorrect length [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2281499
[ 3 ] Bug #2281503 - CVE-2024-35313 tor: STUB circuits incorrect length [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2281503
[ 4 ] Bug #2302910 - tor-0.4.8.12-1.fc40 systemd unit constantly restarts due to timeout even though it successfully started
https://bugzilla.redhat.com/show_bug.cgi?id=2302910
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-c2da7f4de7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------