Fedora Linux 8810 Published by

Fedora Linux has been updated with multiple security updates, including dotnet8.0-8.0.110-1.fc39, dotnet8.0-8.0.110-1.fc40, thunderbird-128.3.3-1.fc41, and NetworkManager-libreswan.-1.2.24-1.fc41, chromium-130.0.6723.58-1.fc41, mbedtls3.6-3.6.2-1.fc41, python-starlette-0.40.0-1.fc41, python-fastapi-0.115.2-1.fc41, python-openapi-core-0.19.4-4.fc41, python-platformio-6.1.14-7.fc41, yarnpkg-1.22.22-5.fc41, and rust-pyo3:

Fedora 39 Update: dotnet8.0-8.0.110-1.fc39
Fedora 40 Update: dotnet8.0-8.0.110-1.fc40
Fedora 41 Update: thunderbird-128.3.3-1.fc41
Fedora 41 Update: NetworkManager-libreswan-1.2.24-1.fc41
Fedora 41 Update: chromium-130.0.6723.58-1.fc41
Fedora 41 Update: dotnet8.0-8.0.110-1.fc41
Fedora 41 Update: mbedtls3.6-3.6.2-1.fc41
Fedora 41 Update: python-starlette-0.40.0-1.fc41
Fedora 41 Update: python-fastapi-0.115.2-1.fc41
Fedora 41 Update: python-openapi-core-0.19.4-4.fc41
Fedora 41 Update: python-platformio-6.1.14-7.fc41
Fedora 41 Update: yarnpkg-1.22.22-5.fc41
Fedora 41 Update: rust-pyo3-macros-backend-0.22.4-1.fc41
Fedora 41 Update: rust-pyo3-ffi-0.22.4-1.fc41
Fedora 41 Update: rust-pyo3-build-config-0.22.4-1.fc41
Fedora 41 Update: rust-pyo3-macros-0.22.4-1.fc41
Fedora 41 Update: rust-pyo3-0.22.4-1.fc41
Fedora 41 Update: suricata-7.0.7-1.fc41
Fedora 41 Update: python-rpyc-6.0.1-1.fc41
Fedora 41 Update: oath-toolkit-2.6.12-1.fc41
Fedora 41 Update: libdigidocpp-4.0.0-1.fc41
Fedora 41 Update: dnsdist-1.9.7-1.fc41



[SECURITY] Fedora 39 Update: dotnet8.0-8.0.110-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-180560c54b
2024-10-26 03:15:08.588482
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 39
Version : 8.0.110
Release : 1.fc39
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the October 2024 security release of .NET 8. The SDK version is 8.0.110
and the Runtime version is 8.0.10.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.10/8.0.110.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.10/8.0.10.md
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 11 2024 Omair Majid [omajid@redhat.com] - 8.0.110-1
- Update to .NET SDK 8.0.110 and Runtime 8.0.10
* Fri Sep 27 2024 Omair Majid [omajid@redhat.com] - 8.0.108-2
- Support building without ENGINE support in OpenSSL
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-180560c54b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: dotnet8.0-8.0.110-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-204d982a2e
2024-10-26 03:11:51.762760
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 40
Version : 8.0.110
Release : 1.fc40
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the October 2024 security release of .NET 8. The SDK version is 8.0.110
and the Runtime version is 8.0.10.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.10/8.0.110.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.10/8.0.10.md
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 11 2024 Omair Majid [omajid@redhat.com] - 8.0.110-1
- Update to .NET SDK 8.0.110 and Runtime 8.0.10
* Fri Sep 27 2024 Omair Majid [omajid@redhat.com] - 8.0.108-2
- Support building without ENGINE support in OpenSSL
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-204d982a2e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: thunderbird-128.3.3-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a078d86829
2024-10-26 02:51:35.422261
--------------------------------------------------------------------------------

Name : thunderbird
Product : Fedora 41
Version : 128.3.3
Release : 1.fc41
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

Update to 128.3.3
https://www.thunderbird.net/en-US/thunderbird/128.3.3esr/releasenotes/
Update to 128.3.2
https://www.thunderbird.net/en-US/thunderbird/128.3.2esr/releasenotes/
Update to 128.3.1
https://www.thunderbird.net/en-US/thunderbird/128.3.1esr/releasenotes/
Update to 128.3.0
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/
https://www.thunderbird.net/en-US/thunderbird/128.3.0esr/releasenotes/
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 22 2024 Eike Rathke [erack@redhat.com] - 128.3.3-1
- Update to 128.3.3
* Thu Oct 17 2024 Eike Rathke [erack@redhat.com] - 128.3.2-1
- Update to 128.3.2
* Thu Oct 10 2024 Eike Rathke [erack@redhat.com] - 128.3.1-1
- Update to 128.3.1
* Tue Oct 8 2024 Eike Rathke [erack@redhat.com] - 128.3.0-1
- Update to 128.3.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a078d86829' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: NetworkManager-libreswan-1.2.24-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2e8944621e
2024-10-26 02:51:35.422152
--------------------------------------------------------------------------------

Name : NetworkManager-libreswan
Product : Fedora 41
Version : 1.2.24
Release : 1.fc41
URL : https://gitlab.gnome.org/GNOME/NetworkManager-libreswan
Summary : NetworkManager VPN plug-in for IPsec VPN
Description :
This package contains software for integrating the libreswan VPN software
with NetworkManager and the GNOME desktop

--------------------------------------------------------------------------------
Update Information:

This is an update to 1.2.24 release of NetworkManager-libreswan, the IPSec VPN
plugin for NetworkManager.
It fixes a local privilege escalation bug due to improper escaping of Libreswan
configuration. (CVE-2024-9050)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 22 2024 Lubomir Rintel [lkundrak@v3.sk] - 1.2.24-1
- Update to 1.2.24 release
- Fixes a local privilege escalation bug with severity "important" (CVE-2024-9050)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2320956 - CVE-2024-9050 NetworkManager-libreswan: Local privilege escalation via leftupdown [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2320956
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2e8944621e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: chromium-130.0.6723.58-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-3a6f9ab958
2024-10-26 02:51:35.421920
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 41
Version : 130.0.6723.58
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 130.0.6723.58
* High CVE-2024-9954: Use after free in AI
* Medium CVE-2024-9955: Use after free in Web Authentication
* Medium CVE-2024-9956: Inappropriate implementation in Web Authentication
* Medium CVE-2024-9957: Use after free in UI
* Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture
* Medium CVE-2024-9959: Use after free in DevTools
* Medium CVE-2024-9960: Use after free in Dawn
* Medium CVE-2024-9961: Use after free in Parcel Tracking
* Medium CVE-2024-9962: Inappropriate implementation in Permissions
* Medium CVE-2024-9963: Insufficient data validation in Downloads
* Low CVE-2024-9964: Inappropriate implementation in Payments
* Low CVE-2024-9965: Insufficient data validation in DevTools
* Low CVE-2024-9966: Inappropriate implementation in Navigations
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 16 2024 Than Ngo [than@redhat.com] - 130.0.6723.58-1
- update to 130.0.6723.58
* High CVE-2024-9954: Use after free in AI
* Medium CVE-2024-9955: Use after free in Web Authentication
* Medium CVE-2024-9956: Inappropriate implementation in Web Authentication
* Medium CVE-2024-9957: Use after free in UI
* Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture
* Medium CVE-2024-9959: Use after free in DevTools
* Medium CVE-2024-9960: Use after free in Dawn
* Medium CVE-2024-9961: Use after free in Parcel Tracking
* Medium CVE-2024-9962: Inappropriate implementation in Permissions
* Medium CVE-2024-9963: Insufficient data validation in Downloads
* Low CVE-2024-9964: Inappropriate implementation in Payments
* Low CVE-2024-9965: Insufficient data validation in DevTools
* Low CVE-2024-9966: Inappropriate implementation in Navigations
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2318990 - CVE-2024-9957 chromium: Use after free in UI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318990
[ 2 ] Bug #2318991 - CVE-2024-9957 chromium: Use after free in UI [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318991
[ 3 ] Bug #2318992 - CVE-2024-9961 chromium: Use after free in Parcel Tracking [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318992
[ 4 ] Bug #2318993 - CVE-2024-9961 chromium: Use after free in Parcel Tracking [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318993
[ 5 ] Bug #2318996 - CVE-2024-9959 chromium: Use after free in DevTools [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318996
[ 6 ] Bug #2318998 - CVE-2024-9959 chromium: Use after free in DevTools [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318998
[ 7 ] Bug #2318999 - CVE-2024-9963 chromium: Insufficient data validation in Downloads [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318999
[ 8 ] Bug #2319000 - CVE-2024-9963 chromium: Insufficient data validation in Downloads [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319000
[ 9 ] Bug #2319001 - CVE-2024-9962 chromium: Inappropriate implementation in Permissions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319001
[ 10 ] Bug #2319002 - CVE-2024-9962 chromium: Inappropriate implementation in Permissions [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319002
[ 11 ] Bug #2319003 - CVE-2024-9964 chromium: Inappropriate implementation in Payments [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319003
[ 12 ] Bug #2319004 - CVE-2024-9964 chromium: Inappropriate implementation in Payments [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319004
[ 13 ] Bug #2319005 - CVE-2024-9960 chromium: Use after free in Dawn [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319005
[ 14 ] Bug #2319006 - CVE-2024-9960 chromium: Use after free in Dawn [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2319006
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-3a6f9ab958' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: dotnet8.0-8.0.110-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-cc3d21b83b
2024-10-26 02:51:35.421812
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 41
Version : 8.0.110
Release : 1.fc41
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the October 2024 security release of .NET 8. The SDK version is 8.0.110
and the Runtime version is 8.0.10.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.10/8.0.110.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.10/8.0.10.md
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 11 2024 Omair Majid [omajid@redhat.com] - 8.0.110-1
- Update to .NET SDK 8.0.110 and Runtime 8.0.10
* Fri Sep 27 2024 Omair Majid [omajid@redhat.com] - 8.0.108-2
- Support building without ENGINE support in OpenSSL
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-cc3d21b83b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: mbedtls3.6-3.6.2-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8f1374ecfb
2024-10-26 02:51:35.421437
--------------------------------------------------------------------------------

Name : mbedtls3.6
Product : Fedora 41
Version : 3.6.2
Release : 1.fc41
URL : https://www.trustedfirmware.org/projects/mbed-tls
Summary : Light-weight cryptographic and SSL/TLS library
Description :
Mbed TLS is a light-weight open source cryptographic and SSL/TLS
library written in C. Mbed TLS makes it easy for developers to include
cryptographic and SSL/TLS capabilities in their (embedded)
applications with as little hassle as possible.

--------------------------------------------------------------------------------
Update Information:

Update to 3.6.2
Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Morten Stevens [mstevens@fedoraproject.org] - 3.6.2-1
- Update to 3.6.2
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8f1374ecfb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: python-starlette-0.40.0-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-05dedb1a53
2024-10-26 02:51:35.421415
--------------------------------------------------------------------------------

Name : python-starlette
Product : Fedora 41
Version : 0.40.0
Release : 1.fc41
URL : https://www.starlette.io/
Summary : The little ASGI library that shines
Description :
Starlette is a lightweight ASGI framework/toolkit, which is ideal for building
async web services in Python.

It is production-ready, and gives you the following:

• A lightweight, low-complexity HTTP web framework.
• WebSocket support.
• In-process background tasks.
• Startup and shutdown events.
• Test client built on requests.
• CORS, GZip, Static Files, Streaming responses.
• Session and Cookie support.
• 100% test coverage.
• 100% type annotated codebase.
• Few hard dependencies.
• Compatible with asyncio and trio backends.
• Great overall performance against independent benchmarks.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-47874.
Starlette 0.40.0 (October 15, 2024)
This release fixes a Denial of service (DoS) via multipart/form-data requests.
You can view the full security advisory:
GHSA-f96h-pmfr-66vw
Fixed
Add max_part_size to MultiPartParser to limit the size of parts in
multipart/form-data
requests fd038f3.
FastAPI 0.115.2
https://github.com/fastapi/fastapi/releases/tag/0.115.2
https://github.com/fastapi/fastapi/releases/tag/0.115.1
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Benjamin A. Beasley - 0.40.0-1
- Update to 0.40.0 (close RHBZ#2318804)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2318804 - CVE-2024-47874 python-starlette: Starlette Denial of service (DoS) via multipart/form-data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318804
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-05dedb1a53' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 41 Update: python-fastapi-0.115.2-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-05dedb1a53
2024-10-26 02:51:35.421415
--------------------------------------------------------------------------------

Name : python-fastapi
Product : Fedora 41
Version : 0.115.2
Release : 1.fc41
URL : https://github.com/fastapi/fastapi
Summary : FastAPI framework
Description :
FastAPI is a modern, fast (high-performance), web framework for building APIs
with Python 3.8+ based on standard Python type hints.

The key features are:

• Fast: Very high performance, on par with NodeJS and Go (thanks to Starlette
and Pydantic). One of the fastest Python frameworks available.

• Fast to code: Increase the speed to develop features by about 200% to
300%.*
• Fewer bugs: Reduce about 40% of human (developer) induced errors.*
• Intuitive: Great editor support. Completion everywhere. Less time
debugging.
• Easy: Designed to be easy to use and learn. Less time reading docs.
• Short: Minimize code duplication. Multiple features from each parameter
declaration. Fewer bugs.
• Robust: Get production-ready code. With automatic interactive
documentation.
• Standards-based: Based on (and fully compatible with) the open standards
for APIs: OpenAPI (previously known as Swagger) and JSON Schema.

* estimation based on tests on an internal development team, building
production applications.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-47874.
Starlette 0.40.0 (October 15, 2024)
This release fixes a Denial of service (DoS) via multipart/form-data requests.
You can view the full security advisory:
GHSA-f96h-pmfr-66vw
Fixed
Add max_part_size to MultiPartParser to limit the size of parts in
multipart/form-data
requests fd038f3.
FastAPI 0.115.2
https://github.com/fastapi/fastapi/releases/tag/0.115.2
https://github.com/fastapi/fastapi/releases/tag/0.115.1
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 12 2024 Packit - 0.115.2-1
- Update to 0.115.2 upstream release
- Resolves: rhbz#2318327
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2318804 - CVE-2024-47874 python-starlette: Starlette Denial of service (DoS) via multipart/form-data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318804
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-05dedb1a53' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 41 Update: python-openapi-core-0.19.4-4.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-05dedb1a53
2024-10-26 02:51:35.421415
--------------------------------------------------------------------------------

Name : python-openapi-core
Product : Fedora 41
Version : 0.19.4
Release : 4.fc41
URL : https://github.com/python-openapi/openapi-core
Summary : OpenAPI client-side and server-side support
Description :
Openapi-core is a Python library that adds client-side and server-side
support for the OpenAPI v3.0 and OpenAPI v3.1 specification.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-47874.
Starlette 0.40.0 (October 15, 2024)
This release fixes a Denial of service (DoS) via multipart/form-data requests.
You can view the full security advisory:
GHSA-f96h-pmfr-66vw
Fixed
Add max_part_size to MultiPartParser to limit the size of parts in
multipart/form-data
requests fd038f3.
FastAPI 0.115.2
https://github.com/fastapi/fastapi/releases/tag/0.115.2
https://github.com/fastapi/fastapi/releases/tag/0.115.1
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0.19.4-4
- Allow Starlette 0.40.x (a security update)
* Sun Sep 29 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0.19.4-3
- Allow aioitertools 0.12.0 (fix RHBZ#2315548)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2318804 - CVE-2024-47874 python-starlette: Starlette Denial of service (DoS) via multipart/form-data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318804
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-05dedb1a53' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: python-platformio-6.1.14-7.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-05dedb1a53
2024-10-26 02:51:35.421415
--------------------------------------------------------------------------------

Name : python-platformio
Product : Fedora 41
Version : 6.1.14
Release : 7.fc41
URL : https://platformio.org
Summary : Professional collaborative platform for embedded development
Description :
PlatformIO is a cross-platform, cross-architecture, multiple framework,
professional tool for embedded systems engineers and for software developers
who write applications for embedded products.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-47874.
Starlette 0.40.0 (October 15, 2024)
This release fixes a Denial of service (DoS) via multipart/form-data requests.
You can view the full security advisory:
GHSA-f96h-pmfr-66vw
Fixed
Add max_part_size to MultiPartParser to limit the size of parts in
multipart/form-data
requests fd038f3.
FastAPI 0.115.2
https://github.com/fastapi/fastapi/releases/tag/0.115.2
https://github.com/fastapi/fastapi/releases/tag/0.115.1
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 6.1.14-7
- Allow Starlette 0.40.x (a security update)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2318804 - CVE-2024-47874 python-starlette: Starlette Denial of service (DoS) via multipart/form-data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318804
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-05dedb1a53' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: yarnpkg-1.22.22-5.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-362915851c
2024-10-26 02:51:35.421333
--------------------------------------------------------------------------------

Name : yarnpkg
Product : Fedora 41
Version : 1.22.22
Release : 5.fc41
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.

--------------------------------------------------------------------------------
Update Information:

Update bundled ws (CVE-2024-37890)
Update bundled elliptic to fix CVE-2024-48949.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Sandro Mani [manisandro@gmail.com] - 1.22.22-5
- Update bundled ws (CVE-2024-37890)
* Thu Oct 10 2024 Sandro Mani [manisandro@gmail.com] - 1.22.22-4
- Update bundled elliptic (CVE-2024-48949)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2303429 - CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303429
[ 2 ] Bug #2317790 - CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2317790
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-362915851c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: rust-pyo3-macros-backend-0.22.4-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-21666fa7f2
2024-10-26 02:51:35.421325
--------------------------------------------------------------------------------

Name : rust-pyo3-macros-backend
Product : Fedora 41
Version : 0.22.4
Release : 1.fc41
URL : https://crates.io/crates/pyo3-macros-backend
Summary : Code generation for PyO3 package
Description :
Code generation for PyO3 package.

--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini [decathorpe@gmail.com] - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318284
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-21666fa7f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: rust-pyo3-ffi-0.22.4-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-21666fa7f2
2024-10-26 02:51:35.421325
--------------------------------------------------------------------------------

Name : rust-pyo3-ffi
Product : Fedora 41
Version : 0.22.4
Release : 1.fc41
URL : https://crates.io/crates/pyo3-ffi
Summary : Python-API bindings for the PyO3 ecosystem
Description :
Python-API bindings for the PyO3 ecosystem.

--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini [decathorpe@gmail.com] - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318285
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-21666fa7f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: rust-pyo3-build-config-0.22.4-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-21666fa7f2
2024-10-26 02:51:35.421325
--------------------------------------------------------------------------------

Name : rust-pyo3-build-config
Product : Fedora 41
Version : 0.22.4
Release : 1.fc41
URL : https://crates.io/crates/pyo3-build-config
Summary : Build configuration for the PyO3 ecosystem
Description :
Build configuration for the PyO3 ecosystem.

--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini [decathorpe@gmail.com] - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318281
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-21666fa7f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: rust-pyo3-macros-0.22.4-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-21666fa7f2
2024-10-26 02:51:35.421325
--------------------------------------------------------------------------------

Name : rust-pyo3-macros
Product : Fedora 41
Version : 0.22.4
Release : 1.fc41
URL : https://crates.io/crates/pyo3-macros
Summary : Proc macros for PyO3 package
Description :
Proc macros for PyO3 package.

--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini [decathorpe@gmail.com] - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318283
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-21666fa7f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: rust-pyo3-0.22.4-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-21666fa7f2
2024-10-26 02:51:35.421325
--------------------------------------------------------------------------------

Name : rust-pyo3
Product : Fedora 41
Version : 0.22.4
Release : 1.fc41
URL : https://crates.io/crates/pyo3
Summary : Bindings to Python interpreter
Description :
Bindings to Python interpreter.

--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini [decathorpe@gmail.com] - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318282
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-21666fa7f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: suricata-7.0.7-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b5da13e80a
2024-10-26 02:51:35.421194
--------------------------------------------------------------------------------

Name : suricata
Product : Fedora 41
Version : 7.0.7
Release : 1.fc41
URL : https://suricata-ids.org/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.

--------------------------------------------------------------------------------
Update Information:

Various security, performance, accuracy, and stability issues have been fixed.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 14 2024 Steve Grubb [sgrubb@redhat.com] 7.0.7-1
- New security and bugfix release
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b5da13e80a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: python-rpyc-6.0.1-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-17a3b4d4c3
2024-10-26 02:51:35.420692
--------------------------------------------------------------------------------

Name : python-rpyc
Product : Fedora 41
Version : 6.0.1
Release : 1.fc41
URL : http://rpyc.wikidot.com/
Summary : Transparent, Symmetrical Python Library for Distributed-Computing
Description :
RPyC, or Remote Python Call, is a transparent and symmetrical python library
for remote procedure calls, clustering and distributed-computing.
RPyC makes use of object-proxies, a technique that employs python's dynamic
nature, to overcome the physical boundaries between processes and computers,
so that remote objects can be manipulated as if they were local.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2024-27758
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 26 2024 Fabian Affolter - 6.0.1-1
- Update to latest upstream release (closes rhbz#2112612)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2269242 - CVE-2024-27758 python-rpyc: Remote attacker can craft a class, resulting in remote code execution
https://bugzilla.redhat.com/show_bug.cgi?id=2269242
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-17a3b4d4c3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: oath-toolkit-2.6.12-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-fd57a07560
2024-10-26 02:51:35.420678
--------------------------------------------------------------------------------

Name : oath-toolkit
Product : Fedora 41
Version : 2.6.12
Release : 1.fc41
URL : https://www.nongnu.org/oath-toolkit/
Summary : One-time password components
Description :
The OATH Toolkit provide components for building one-time password
authentication systems. It contains shared libraries, command line tools and a
PAM module. Supported technologies include the event-based HOTP algorithm
(RFC4226) and the time-based TOTP algorithm (RFC6238). OATH stands for Open
AuTHentication, which is the organization that specify the algorithms. For
managing secret key files, the Portable Symmetric Key Container (PSKC) format
described in RFC6030 is supported.

--------------------------------------------------------------------------------
Update Information:

This is new version fixing possible local privilege escalation.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 10 2024 Jaroslav Škarvada - 2.6.12-1
- New version
Resolves: rhbz#2316447
- Dropped privileges when operating on user files
Resolves: CVE-2024-47191
* Thu Jul 25 2024 Miroslav Suchý - 2.6.11-6
- convert license to SPDX
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2316488 - CVE-2024-47191 oath-toolkit: Local root exploit in a PAM module
https://bugzilla.redhat.com/show_bug.cgi?id=2316488
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-fd57a07560' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 41 Update: libdigidocpp-4.0.0-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f474f99541
2024-10-26 02:51:35.420569
--------------------------------------------------------------------------------

Name : libdigidocpp
Product : Fedora 41
Version : 4.0.0
Release : 1.fc41
URL : https://github.com/open-eid/libdigidocpp
Summary : Library offers creating, signing and verification of digitally signed documents
Description :
Libdigidocpp library offers creating, signing and verification of digitally
signed documents, according to XAdES and XML-DSIG standards. Documentation
http://open-eid.github.io/libdigidocpp

--------------------------------------------------------------------------------
Update Information:

Upstream release of libdigidocpp
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 8 2024 Dmitri Smirnov - 4.0.0-1
- 4.0.0 upstream release
* Mon Sep 2 2024 Miroslav Suchý - 3.17.1-3
- convert license to SPDX
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f474f99541' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 41 Update: dnsdist-1.9.7-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-73b41ae8e5
2024-10-26 02:51:35.420201
--------------------------------------------------------------------------------

Name : dnsdist
Product : Fedora 41
Version : 1.9.7
Release : 1.fc41
URL : https://dnsdist.org
Summary : Highly DNS-, DoS- and abuse-aware loadbalancer
Description :
dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life
is to route traffic to the best server, delivering top performance to
legitimate users while shunting or blocking abusive traffic.

--------------------------------------------------------------------------------
Update Information:

Update to latest upstream
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 4 2024 Sander Hoentjen [shoentjen@antagonist.nl] - 1.9.7-1
- Update to 1.9.7
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2280229 - CVE-2024-25581 dnsdist: Transfer requests received over DoH can lead to a denial of service in DNSdist [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280229
[ 2 ] Bug #2293523 - dnsdist-1.9.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2293523
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-73b41ae8e5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--