Fedora 41 Update: python3.12-3.12.8-2.fc41
Fedora 41 Update: rust-rbspy-0.24.0-3.fc41
Fedora 41 Update: retsnoop-0.10.1-3.fc41
Fedora 41 Update: rust-rustls-0.23.19-1.fc41
Fedora 41 Update: python-python-multipart-0.0.19-1.fc41
Fedora 40 Update: rust-rbspy-0.24.0-3.fc40
Fedora 40 Update: retsnoop-0.10.1-3.fc40
Fedora 40 Update: rust-rustls-0.23.19-1.fc40
Fedora 40 Update: python-multipart-0.0.19-1.fc40
Fedora 40 Update: zabbix-6.0.36-1.fc40
[SECURITY] Fedora 41 Update: python3.12-3.12.8-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-340a4bdc5d
2024-12-10 01:22:52.138514+00:00
--------------------------------------------------------------------------------
Name : python3.12
Product : Fedora 41
Version : 3.12.8
Release : 2.fc41
URL : https://www.python.org/
Summary : Version 3.12 of the Python interpreter
Description :
Python 3.12 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.12 package provides the "python3.12" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.12-libs package,
which should be installed automatically along with python3.12.
The remaining parts of the Python standard library are broken out into the
python3.12-tkinter and python3.12-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.12-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.12-" prefix.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2024-12254
Update to 3.12.8
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 6 2024 Charalampos Stratakis [cstratak@redhat.com] - 3.12.8-2
- Security fix for CVE-2024-12254
- Fixes: rhbz#2330926
* Tue Dec 3 2024 Charalampos Stratakis [cstratak@redhat.com] - 3.12.8-1
- Update to 3.12.8
- Security fix for CVE-2024-9287
- Fixes: rhbz#2321656
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2321656 - CVE-2024-9287 python3.12: Virtual environment (venv) activation scripts don't quote paths [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321656
[ 2 ] Bug #2330926 - CVE-2024-12254 python3.12: Unbounded memory buffering in SelectorSocketTransport.writelines() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2330926
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-340a4bdc5d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-rbspy-0.24.0-3.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-aa246ab1a3
2024-12-10 01:22:52.138429+00:00
--------------------------------------------------------------------------------
Name : rust-rbspy
Product : Fedora 41
Version : 0.24.0
Release : 3.fc41
URL : https://crates.io/crates/rbspy
Summary : Sampling CPU profiler for Ruby
Description :
Sampling CPU profiler for Ruby.
--------------------------------------------------------------------------------
Update Information:
Rebuild affected applications with ruzstd v0.7.3 to address RUSTSEC-2024-0400.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 1 2024 Fabio Valentini [decathorpe@gmail.com] - 0.24.0-3
- Rebuild for ruzstd 0.7.3 (RUSTSEC-2024-0400)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2329482 - rust-ruzstd: `ruzstd` uninit and out-of-bounds memory reads [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2329482
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-aa246ab1a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: retsnoop-0.10.1-3.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-aa246ab1a3
2024-12-10 01:22:52.138429+00:00
--------------------------------------------------------------------------------
Name : retsnoop
Product : Fedora 41
Version : 0.10.1
Release : 3.fc41
URL : https://github.com/anakryiko/retsnoop
Summary : A tool for investigating kernel error call stacks
Description :
retsnoop is BPF-based tool that is meant to help debugging kernel issues. It
allows to capture call stacks of kernel functions that return errors (NULL or
-Exxx) and emits every such detected call stack, along with the captured
results.
--------------------------------------------------------------------------------
Update Information:
Rebuild affected applications with ruzstd v0.7.3 to address RUSTSEC-2024-0400.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 1 2024 Fabio Valentini [decathorpe@gmail.com] - 0.10.1-3
- Rebuild for ruzstd 0.7.3 (RUSTSEC-2024-0400)
* Mon Oct 21 2024 Michel Lind [salimma@fedoraproject.org] - 0.10.1-2
- Port from memmap to memmap2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2329482 - rust-ruzstd: `ruzstd` uninit and out-of-bounds memory reads [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2329482
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-aa246ab1a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-rustls-0.23.19-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0d14d0d2f9
2024-12-10 01:22:52.138407+00:00
--------------------------------------------------------------------------------
Name : rust-rustls
Product : Fedora 41
Version : 0.23.19
Release : 1.fc41
URL : https://crates.io/crates/rustls
Summary : Modern TLS library written in Rust
Description :
Rustls is a modern TLS library written in Rust.
--------------------------------------------------------------------------------
Update Information:
Update to version 0.23.19.
This version includes fix for RUSTSEC-2024-0399.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 27 2024 Fabio Valentini [decathorpe@gmail.com] - 0.23.19-1
- Update to version 0.23.19; Fixes RHBZ#2328112
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0d14d0d2f9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: python-python-multipart-0.0.19-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-92de63698e
2024-12-10 01:22:52.138396+00:00
--------------------------------------------------------------------------------
Name : python-python-multipart
Product : Fedora 41
Version : 0.0.19
Release : 1.fc41
URL : https://github.com/Kludex/python-multipart
Summary : A streaming multipart parser for Python
Description :
Python-Multipart is a streaming multipart parser for Python.
--------------------------------------------------------------------------------
Update Information:
Security update for CVE-2024-53981.
0.0.19 (2024-11-30)
Don't warn when CRLF is found after last boundary on MultipartParser.
0.0.18 (2024-11-28)
Hard break if found data after last boundary on MultipartParser.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 1 2024 Packit [hello@packit.dev] - 0.0.19-1
- Update to 0.0.19 upstream release
- Resolves: rhbz#2329676
* Thu Nov 28 2024 Packit [hello@packit.dev] - 0.0.18-1
- Update to 0.0.18 upstream release
- Resolves: rhbz#2329410
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2329410 - python-python-multipart-0.0.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2329410
[ 2 ] Bug #2329676 - python-python-multipart-0.0.19 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2329676
[ 3 ] Bug #2330007 - CVE-2024-53981 python-multipart: python-multipart has a DoS via deformation `multipart/form-data` boundary [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2330007
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-92de63698e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: rust-rbspy-0.24.0-3.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ccce2763b0
2024-12-10 01:18:19.676049+00:00
--------------------------------------------------------------------------------
Name : rust-rbspy
Product : Fedora 40
Version : 0.24.0
Release : 3.fc40
URL : https://crates.io/crates/rbspy
Summary : Sampling CPU profiler for Ruby
Description :
Sampling CPU profiler for Ruby.
--------------------------------------------------------------------------------
Update Information:
Rebuild affected applications with ruzstd v0.7.3 to address RUSTSEC-2024-0400.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 1 2024 Fabio Valentini [decathorpe@gmail.com] - 0.24.0-3
- Rebuild for ruzstd 0.7.3 (RUSTSEC-2024-0400)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2329481 - rust-ruzstd: `ruzstd` uninit and out-of-bounds memory reads [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2329481
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ccce2763b0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: retsnoop-0.10.1-3.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ccce2763b0
2024-12-10 01:18:19.676049+00:00
--------------------------------------------------------------------------------
Name : retsnoop
Product : Fedora 40
Version : 0.10.1
Release : 3.fc40
URL : https://github.com/anakryiko/retsnoop
Summary : A tool for investigating kernel error call stacks
Description :
retsnoop is BPF-based tool that is meant to help debugging kernel issues. It
allows to capture call stacks of kernel functions that return errors (NULL or
-Exxx) and emits every such detected call stack, along with the captured
results.
--------------------------------------------------------------------------------
Update Information:
Rebuild affected applications with ruzstd v0.7.3 to address RUSTSEC-2024-0400.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 1 2024 Fabio Valentini [decathorpe@gmail.com] - 0.10.1-3
- Rebuild for ruzstd 0.7.3 (RUSTSEC-2024-0400)
* Mon Oct 21 2024 Michel Lind [salimma@fedoraproject.org] - 0.10.1-2
- Port from memmap to memmap2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2329481 - rust-ruzstd: `ruzstd` uninit and out-of-bounds memory reads [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2329481
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ccce2763b0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: rust-rustls-0.23.19-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-5a5f401785
2024-12-10 01:18:19.676039+00:00
--------------------------------------------------------------------------------
Name : rust-rustls
Product : Fedora 40
Version : 0.23.19
Release : 1.fc40
URL : https://crates.io/crates/rustls
Summary : Modern TLS library written in Rust
Description :
Rustls is a modern TLS library written in Rust.
--------------------------------------------------------------------------------
Update Information:
Update to version 0.23.19.
This version includes fix for RUSTSEC-2024-0399.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 27 2024 Fabio Valentini [decathorpe@gmail.com] - 0.23.19-1
- Update to version 0.23.19; Fixes RHBZ#2328112
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-5a5f401785' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: python-multipart-0.0.19-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ab8945c2bd
2024-12-10 01:18:19.676028+00:00
--------------------------------------------------------------------------------
Name : python-multipart
Product : Fedora 40
Version : 0.0.19
Release : 1.fc40
URL : https://github.com/Kludex/python-multipart
Summary : A streaming multipart parser for Python
Description :
Python-Multipart is a streaming multipart parser for Python.
--------------------------------------------------------------------------------
Update Information:
Security update for CVE-2024-53981.
0.0.19 (2024-11-30)
Don't warn when CRLF is found after last boundary on MultipartParser.
0.0.18 (2024-11-28)
Hard break if found data after last boundary on MultipartParser.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 1 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.19-1
- Update to 0.0.19 upstream release
- Resolves: rhbz#2329676
* Fri Nov 29 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.18-1
- Update to 0.0.18 upstream release
- Resolves: rhbz#2329410
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2329410 - python-python-multipart-0.0.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2329410
[ 2 ] Bug #2329676 - python-python-multipart-0.0.19 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2329676
[ 3 ] Bug #2330006 - CVE-2024-53981 python-multipart: python-multipart has a DoS via deformation `multipart/form-data` boundary [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2330006
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ab8945c2bd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: zabbix-6.0.36-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bcdea6e995
2024-12-10 01:18:19.675973+00:00
--------------------------------------------------------------------------------
Name : zabbix
Product : Fedora 40
Version : 6.0.36
Release : 1.fc40
URL : https://www.zabbix.com
Summary : Open-source monitoring solution for your IT infrastructure
Description :
Zabbix is software that monitors numerous parameters of a network and the
health and integrity of servers. Zabbix uses a flexible notification mechanism
that allows users to configure e-mail based alerts for virtually any event.
This allows a fast reaction to server problems. Zabbix offers excellent
reporting and data visualization features based on the stored data.
This makes Zabbix ideal for capacity planning.
Zabbix supports both polling and trapping. All Zabbix reports and statistics,
as well as configuration parameters are accessed through a web-based front end.
A web-based front end ensures that the status of your network and the health of
your servers can be assessed from any location. Properly configured, Zabbix can
play an important role in monitoring IT infrastructure. This is equally true
for small organizations with a few servers and for large companies with a
multitude of servers.
--------------------------------------------------------------------------------
Update Information:
Update to 6.0.36
CVE-2024-42330 rhbz#2329219, CVE-2024-42332 rhbz#2329222, CVE-2024-42333
rhbz#2329225
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 30 2024 Orion Poplawski [orion@nwra.com] - 1:6.0.36-1
- Update to 6.0.36 (CVE-2024-42330 rhbz#2329219, CVE-2024-42332 rhbz#2329222,
CVE-2024-42333 rhbz#2329225)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2329219 - CVE-2024-42330 zabbix: JS - Internal strings in HTTP headers [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2329219
[ 2 ] Bug #2329222 - CVE-2024-42332 zabbix: New line injection in Zabbix SNMP traps [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2329222
[ 3 ] Bug #2329225 - CVE-2024-42333 zabbix: Heap buffer over-read [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2329225
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bcdea6e995' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
