Fedora Linux 8791 Published by

The following two security updates have been released for Fedora Linux 40:

[SECURITY] Fedora 40 Update: flatpak-1.15.10-1.fc40
[SECURITY] Fedora 40 Update: python3.12-3.12.5-2.fc40




[SECURITY] Fedora 40 Update: flatpak-1.15.10-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-7b8a05a5d1
2024-09-03 05:49:14.836028
--------------------------------------------------------------------------------

Name : flatpak
Product : Fedora 40
Version : 1.15.10
Release : 1.fc40
URL : https://flatpak.org/
Summary : Application deployment framework for desktop apps
Description :
flatpak is a system for building, distributing and running sandboxed desktop
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
more information.

--------------------------------------------------------------------------------
Update Information:

Update to 1.15.10 (CVE-2024-42472)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 30 2024 Kalev Lember [klember@redhat.com] - 1.15.10-1
- Update to 1.15.10 (#2299621)
* Wed Jul 17 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.15.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2299621 - flatpak-1.15.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2299621
[ 2 ] Bug #2305287 - CVE-2024-42472 flatpak: Access to files outside sandbox for apps using persistent= (--persist) [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2305287
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-7b8a05a5d1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: python3.12-3.12.5-2.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-afba3b5902
2024-09-03 05:49:14.836014
--------------------------------------------------------------------------------

Name : python3.12
Product : Fedora 40
Version : 3.12.5
Release : 2.fc40
URL : https://www.python.org/
Summary : Version 3.12 of the Python interpreter
Description :
Python 3.12 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-8088
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 23 2024 Charalampos Stratakis [cstratak@redhat.com] - 3.12.5-2
- Security fix for CVE-2024-8088
- Fixes: rhbz#2307461
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2307370 - CVE-2024-8088 python: cpython: From NVD collector
https://bugzilla.redhat.com/show_bug.cgi?id=2307370
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-afba3b5902' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--