Fedora Linux 8791 Published by

The following security updates have been released for Fedora Linux:

[SECURITY] Fedora 40 Update: python-django-4.2.16-1.fc40
[SECURITY] Fedora 40 Update: python-django4.2-4.2.16-1.fc40
[SECURITY] Fedora 40 Update: lua-mpack-1.0.12-1.fc40
[SECURITY] Fedora 40 Update: mingw-python3-3.11.9-2.fc40
[SECURITY] Fedora 39 Update: python-django-4.2.16-1.fc39
[SECURITY] Fedora 39 Update: python-django4.2-4.2.16-1.fc39
[SECURITY] Fedora 39 Update: lua-mpack-1.0.12-1.fc39
[SECURITY] Fedora 39 Update: python3.13-3.13.0~rc1-3.fc39
[SECURITY] Fedora 39 Update: python3.11-3.11.9-6.fc39
[SECURITY] Fedora 39 Update: python3.9-3.9.19-6.fc39
[SECURITY] Fedora 39 Update: mingw-python3-3.11.9-2.fc39



[SECURITY] Fedora 40 Update: python-django-4.2.16-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4a08381122
2024-09-06 04:02:13.346587
--------------------------------------------------------------------------------

Name : python-django
Product : Fedora 40
Version : 4.2.16
Release : 1.fc40
URL : https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
Update Information:

urlize and urlizetrunc were subject to a potential denial-of-service attack via
very large inputs with a specific sequence of characters.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 4 2024 Michel Lind [salimma@fedoraproject.org] - 4.2.16-1
- Update to version 4.2.16
- Fixes: CVE-2024-45230, RHBZ#2309746
- Sync spec improvements from python-django4.2
* Fri Jul 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 4.2.14-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2309746 - CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize()
https://bugzilla.redhat.com/show_bug.cgi?id=2309746
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4a08381122' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: python-django4.2-4.2.16-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-865828665c
2024-09-06 04:02:13.346580
--------------------------------------------------------------------------------

Name : python-django4.2
Product : Fedora 40
Version : 4.2.16
Release : 1.fc40
URL : https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
Update Information:

urlize and urlizetrunc were subject to a potential denial-of-service attack via
very large inputs with a specific sequence of characters.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 4 2024 Michel Lind [salimma@fedoraproject.org] - 4.2.16-1
- Update to version 4.2.16
- Fixes: CVE-2024-45230, RHBZ#2309747
* Fri Jul 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 4.2.14-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2309747 - CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize()
https://bugzilla.redhat.com/show_bug.cgi?id=2309747
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-865828665c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: lua-mpack-1.0.12-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-430678b035
2024-09-06 04:02:13.346505
--------------------------------------------------------------------------------

Name : lua-mpack
Product : Fedora 40
Version : 1.0.12
Release : 1.fc40
URL : https://github.com/libmpack/libmpack-lua
Summary : Implementation of MessagePack for Lua
Description :
mpack is a small binary serialization/RPC library that implements
both the msgpack and msgpack-rpc specifications.

--------------------------------------------------------------------------------
Update Information:

Fix buffer overrun when giving an offset to Session:receive
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 30 2024 Michel Lind [salimma@fedoraproject.org] - 1.0.12-1
- Update to version 1.0.12; Fixes: RHBZ#2263242
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.11-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263242 - lua-mpack-1.0.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2263242
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-430678b035' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: mingw-python3-3.11.9-2.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-3d656dafe1
2024-09-06 04:02:13.346346
--------------------------------------------------------------------------------

Name : mingw-python3
Product : Fedora 40
Version : 3.11.9
Release : 2.fc40
URL : https://www.python.org/
Summary : MinGW Windows python3
Description :
MinGW Windows python3

--------------------------------------------------------------------------------
Update Information:

Add patch for CVE-2024-8088.
Update to python-3.11.9. Backport fix for CVE-2024-6923.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 28 2024 Sandro Mani [manisandro@gmail.com] - 3.11.9-2
- Backport patch for CVE-2024-8088
* Mon Aug 26 2024 Sandro Mani [manisandro@gmail.com] - 3.11.9-1
- Update to 3.11.9
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.11.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2301903 - CVE-2024-0397 mingw-python3: Memory race condition in ssl.SSLContext certificate store methods [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2301903
[ 2 ] Bug #2303155 - CVE-2024-6923 mingw-python3: email module doesn't properly quotes newlines in email headers, allowing header injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303155
[ 3 ] Bug #2307457 - CVE-2024-8088 mingw-python3: From NVD collector [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2307457
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-3d656dafe1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: python-django-4.2.16-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e2bde0853b
2024-09-06 03:52:10.864532
--------------------------------------------------------------------------------

Name : python-django
Product : Fedora 39
Version : 4.2.16
Release : 1.fc39
URL : https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
Update Information:

urlize and urlizetrunc were subject to a potential denial-of-service attack via
very large inputs with a specific sequence of characters.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 4 2024 Michel Lind [salimma@fedoraproject.org] - 4.2.16-1
- Update to version 4.2.16
- Fixes: CVE-2024-45230, RHBZ#2309746
- Sync spec improvements from python-django4.2
* Fri Jul 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 4.2.14-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2309746 - CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize()
https://bugzilla.redhat.com/show_bug.cgi?id=2309746
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e2bde0853b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: python-django4.2-4.2.16-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-28892f7c8f
2024-09-06 03:52:10.864518
--------------------------------------------------------------------------------

Name : python-django4.2
Product : Fedora 39
Version : 4.2.16
Release : 1.fc39
URL : https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
Update Information:

urlize and urlizetrunc were subject to a potential denial-of-service attack via
very large inputs with a specific sequence of characters.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 4 2024 Michel Lind [salimma@fedoraproject.org] - 4.2.16-1
- Update to version 4.2.16
- Fixes: CVE-2024-45230, RHBZ#2309747
* Fri Jul 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 4.2.14-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2309747 - CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize()
https://bugzilla.redhat.com/show_bug.cgi?id=2309747
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-28892f7c8f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: lua-mpack-1.0.12-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a84c59eedc
2024-09-06 03:52:10.864469
--------------------------------------------------------------------------------

Name : lua-mpack
Product : Fedora 39
Version : 1.0.12
Release : 1.fc39
URL : https://github.com/libmpack/libmpack-lua
Summary : Implementation of MessagePack for Lua
Description :
mpack is a small binary serialization/RPC library that implements
both the msgpack and msgpack-rpc specifications.

--------------------------------------------------------------------------------
Update Information:

Fix buffer overrun when giving an offset to Session:receive
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 30 2024 Michel Lind [salimma@fedoraproject.org] - 1.0.12-1
- Update to version 1.0.12; Fixes: RHBZ#2263242
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.11-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263242 - lua-mpack-1.0.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2263242
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a84c59eedc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: python3.13-3.13.0~rc1-3.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-992047a33f
2024-09-06 03:52:10.864368
--------------------------------------------------------------------------------

Name : python3.13
Product : Fedora 39
Version : 3.13.0~rc1
Release : 3.fc39
URL : https://www.python.org/
Summary : Version 3.13 of the Python interpreter
Description :
Python 3.13 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

The python3.13 package provides the "python3.13" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.13-libs package,
which should be installed automatically along with python3.13.
The remaining parts of the Python standard library are broken out into the
python3.13-tkinter and python3.13-test packages, which may need to be installed
separately.

Documentation for Python is provided in the python3.13-docs package.

Packages containing additional libraries for Python are generally named with
the "python3.13-" prefix.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-8088
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 23 2024 Charalampos Stratakis [cstratak@redhat.com] - 3.13.0~rc1-3
- Security fix for CVE-2024-8088
- Fixes: rhbz#2307462
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2307370 - CVE-2024-8088 python: cpython: From NVD collector
https://bugzilla.redhat.com/show_bug.cgi?id=2307370
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-992047a33f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: python3.11-3.11.9-6.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-dab2a69be9
2024-09-06 03:52:10.864361
--------------------------------------------------------------------------------

Name : python3.11
Product : Fedora 39
Version : 3.11.9
Release : 6.fc39
URL : https://www.python.org/
Summary : Version 3.11 of the Python interpreter
Description :
Python 3.11 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

The python3.11 package provides the "python3.11" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.11-libs package,
which should be installed automatically along with python3.11.
The remaining parts of the Python standard library are broken out into the
python3.11-tkinter and python3.11-test packages, which may need to be installed
separately.

Documentation for Python is provided in the python3.11-docs package.

Packages containing additional libraries for Python are generally named with
the "python3.11-" prefix.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-8088
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 23 2024 Charalampos Stratakis [cstratak@redhat.com] - 3.11.9-6
- Security fix for CVE-2024-8088
- Fixes: rhbz#2307460
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2307370 - CVE-2024-8088 python: cpython: From NVD collector
https://bugzilla.redhat.com/show_bug.cgi?id=2307370
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-dab2a69be9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: python3.9-3.9.19-6.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-dc7f1d57e4
2024-09-06 03:52:10.864355
--------------------------------------------------------------------------------

Name : python3.9
Product : Fedora 39
Version : 3.9.19
Release : 6.fc39
URL : https://www.python.org/
Summary : Version 3.9 of the Python interpreter
Description :
Python 3.9 package for developers.

This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.9, see other distributions
that support it, such as CentOS or RHEL or older Fedora releases.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-8088
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 23 2024 Charalampos Stratakis [cstratak@redhat.com] - 3.9.19-6
- Security fix for CVE-2024-8088
- Fixes: rhbz#2307466
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2307370 - CVE-2024-8088 python: cpython: From NVD collector
https://bugzilla.redhat.com/show_bug.cgi?id=2307370
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-dc7f1d57e4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: mingw-python3-3.11.9-2.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-7008b2fedf
2024-09-06 03:52:10.864348
--------------------------------------------------------------------------------

Name : mingw-python3
Product : Fedora 39
Version : 3.11.9
Release : 2.fc39
URL : https://www.python.org/
Summary : MinGW Windows python3
Description :
MinGW Windows python3

--------------------------------------------------------------------------------
Update Information:

Add patch for CVE-2024-8088.
Update to python-3.11.9. Backport fix for CVE-2024-6923.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 28 2024 Sandro Mani [manisandro@gmail.com] - 3.11.9-2
- Backport patch for CVE-2024-8088
* Mon Aug 26 2024 Sandro Mani [manisandro@gmail.com] - 3.11.9-1
- Update to 3.11.9
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.11.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2301903 - CVE-2024-0397 mingw-python3: Memory race condition in ssl.SSLContext certificate store methods [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2301903
[ 2 ] Bug #2303155 - CVE-2024-6923 mingw-python3: email module doesn't properly quotes newlines in email headers, allowing header injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303155
[ 3 ] Bug #2307457 - CVE-2024-8088 mingw-python3: From NVD collector [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2307457
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-7008b2fedf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--