Fedora Linux 8801 Published by

The following security updates have been released for Fedora Linux:

[SECURITY] Fedora 40 Update: python-webob-1.8.8-2.fc40
[SECURITY] Fedora 40 Update: nginx-mod-modsecurity-1.0.3-13.fc40
[SECURITY] Fedora 40 Update: nginx-mod-vts-0.2.2-9.fc40
[SECURITY] Fedora 40 Update: nginx-mod-naxsi-1.6-6.fc40
[SECURITY] Fedora 40 Update: nginx-1.26.2-1.fc40
[SECURITY] Fedora 40 Update: nginx-mod-fancyindex-0.5.2-7.fc40
[SECURITY] Fedora 40 Update: python3.12-3.12.5-1.fc40
[SECURITY] Fedora 40 Update: python3-docs-3.12.5-1.fc40
[SECURITY] Fedora 39 Update: python-webob-1.8.8-2.fc39
[SECURITY] Fedora 39 Update: nginx-mod-modsecurity-1.0.3-13.fc39
[SECURITY] Fedora 39 Update: nginx-mod-fancyindex-0.5.2-5.fc39
[SECURITY] Fedora 39 Update: nginx-mod-vts-0.2.2-9.fc39
[SECURITY] Fedora 39 Update: nginx-mod-naxsi-1.6-6.fc39
[SECURITY] Fedora 39 Update: nginx-1.26.2-1.fc39
[SECURITY] Fedora 39 Update: python3.12-3.12.5-1.fc39
[SECURITY] Fedora 39 Update: python3-docs-3.12.5-1.fc39




[SECURITY] Fedora 40 Update: python-webob-1.8.8-2.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a6817a2e80
2024-08-26 02:04:05.151981
--------------------------------------------------------------------------------

Name : python-webob
Product : Fedora 40
Version : 1.8.8
Release : 2.fc40
URL : https://webob.org
Summary : WSGI request and response object
Description :
WebOb provides wrappers around the WSGI request environment, and an object to
help create WSGI responses. The objects map much of the specified behavior of
HTTP, including header parsing and accessors for other standard parts of the
environment.

--------------------------------------------------------------------------------
Update Information:

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
--------------------------------------------------------------------------------
ChangeLog:

* Sat Aug 17 2024 Ján ONDREJ (SAL) - 1.8.8-2
- Disable legacy-cgi requires for Fedora 40 and older systems
* Thu Aug 15 2024 Ján ONDREJ (SAL) - 1.8.8-1
- Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
- pypi_source constructed manually according to project/name case inconsistency
- only require legacy-cgi on on systems where it's present
- remove python3.9 patch (applied upstream)
* Fri Jul 19 2024 Fedora Release Engineering - 1.8.7-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jun 15 2024 Mattia Verga - 1.8.7-14
- Explicitly require python3-cgi at runtime (Fedora#2245641)
* Fri Jun 14 2024 Mattia Verga - 1.8.7-13
- Require legacy-cgi as build dependency
- Fix FTB with Python 3.13 (Fedora#2245641)
* Fri Jun 7 2024 Python Maint - 1.8.7-12
- Rebuilt for Python 3.13
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2305066 - CVE-2024-42353 python-webob: WebOb's location header normalization during redirect leads to open redirect [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305066
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a6817a2e80' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 40 Update: nginx-mod-modsecurity-1.0.3-13.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-6ba57fd2a3
2024-08-26 02:04:05.151864
--------------------------------------------------------------------------------

Name : nginx-mod-modsecurity
Product : Fedora 40
Version : 1.0.3
Release : 13.fc40
URL : https://github.com/SpiderLabs/ModSecurity-nginx
Summary : ModSecurity v3 nginx connector
Description :
The ModSecurity-nginx connector is the connection point between nginx and
libmodsecurity (ModSecurity v3). Said another way, this project provides a
communication channel between nginx and libmodsecurity. This connector is
required to use LibModSecurity with nginx.

The ModSecurity-nginx connector takes the form of an nginx module. The module
simply serves as a layer of communication between nginx and ModSecurity

--------------------------------------------------------------------------------
Update Information:

Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Aug 17 2024 Felix Kaechele [felix@kaechele.ca] - 1.0.3-13
- Rebuild for nginx 1.26.2
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.3-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2305156 - CVE-2024-7347 nginx: Nginx: Specially crafted file may cause Denial of Service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305156
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6ba57fd2a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: nginx-mod-vts-0.2.2-9.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-6ba57fd2a3
2024-08-26 02:04:05.151864
--------------------------------------------------------------------------------

Name : nginx-mod-vts
Product : Fedora 40
Version : 0.2.2
Release : 9.fc40
URL : https://github.com/vozlt/nginx-module-vts
Summary : Nginx virtual host traffic status module
Description :
Nginx virtual host traffic status module.

--------------------------------------------------------------------------------
Update Information:

Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Aug 17 2024 Felix Kaechele [felix@kaechele.ca] - 0.2.2-9
- Rebuild for nginx 1.26.2
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.2.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2305156 - CVE-2024-7347 nginx: Nginx: Specially crafted file may cause Denial of Service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305156
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6ba57fd2a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: nginx-mod-naxsi-1.6-6.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-6ba57fd2a3
2024-08-26 02:04:05.151864
--------------------------------------------------------------------------------

Name : nginx-mod-naxsi
Product : Fedora 40
Version : 1.6
Release : 6.fc40
URL : https://github.com/wargio/naxsi
Summary : nginx web application firewall module
Description :
naxsi is an nginx module that provides score based Web Application Firewall
(WAF) abilities in a highly granular fashion.

--------------------------------------------------------------------------------
Update Information:

Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Aug 17 2024 Felix Kaechele - 1.6-6
- Rebuild for nginx 1.26.2
* Mon Jul 29 2024 Miroslav Suchý - 1.6-5
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering - 1.6-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2305156 - CVE-2024-7347 nginx: Nginx: Specially crafted file may cause Denial of Service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305156
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6ba57fd2a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 40 Update: nginx-1.26.2-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-6ba57fd2a3
2024-08-26 02:04:05.151864
--------------------------------------------------------------------------------

Name : nginx
Product : Fedora 40
Version : 1.26.2
Release : 1.fc40
URL : https://nginx.org
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.

--------------------------------------------------------------------------------
Update Information:

Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 16 2024 Felix Kaechele - 2:1.26.2-1
- Update to 1.26.2
- fixes CVE-2024-7347
* Wed Jul 31 2024 Luboš Uhliarik - 2:1.26.1-6
- Compile perl module with -O2 optimalization
* Wed Jul 31 2024 Luboš Uhliarik - 2:1.26.1-5
- Add -O2 to nginx.so
* Thu Jul 18 2024 Fedora Release Engineering - 2:1.26.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Tue Jul 2 2024 Luboš Uhliarik - 2:1.26.1-3
- Disable ENGINE support by default for F41+, add engine bcond
* Mon Jun 10 2024 Jitka Plesnikova - 2:1.26.1-2
- Perl 5.40 rebuild
* Fri May 31 2024 Luboš Uhliarik - 2:1.26.1-1
- Increase nginx's epoch to avoid possible regression in CentOS/RHEL
(CS-2046)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2305156 - CVE-2024-7347 nginx: Nginx: Specially crafted file may cause Denial of Service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305156
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6ba57fd2a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 40 Update: nginx-mod-fancyindex-0.5.2-7.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-6ba57fd2a3
2024-08-26 02:04:05.151864
--------------------------------------------------------------------------------

Name : nginx-mod-fancyindex
Product : Fedora 40
Version : 0.5.2
Release : 7.fc40
URL : https://github.com/aperezdc/ngx-fancyindex
Summary : Nginx FancyIndex module
Description :
The Fancy Index module makes possible the generation of file listings,
like the built-in autoindex module does, but adding a touch of style.
This is possible because the module allows a certain degree of
customization of the generated content:

* Custom headers. Either local or stored remotely.
* Custom footers. Either local or stored remotely.
* Add you own CSS style rules.
* Allow choosing to sort elements by name (default),
modification time, or size; both ascending (default),
or descending.

--------------------------------------------------------------------------------
Update Information:

Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 16 2024 Felix Kaechele [felix@kaechele.ca] - 0.5.2-7
- Rebuild for nginx 1.26.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2305156 - CVE-2024-7347 nginx: Nginx: Specially crafted file may cause Denial of Service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305156
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6ba57fd2a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: python3.12-3.12.5-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-80d1fe51d0
2024-08-26 02:04:05.151747
--------------------------------------------------------------------------------

Name : python3.12
Product : Fedora 40
Version : 3.12.5
Release : 1.fc40
URL : https://www.python.org/
Summary : Version 3.12 of the Python interpreter
Description :
Python 3.12 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

--------------------------------------------------------------------------------
Update Information:

Update to 3.12.5
Fixes CVE-2024-6923 (email header injection)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 7 2024 Tomáš Hrnčiar - 3.12.5-1
- Update to 3.12.5
- Fixes: rhbz#2303159 (email header injection)
* Tue Jul 23 2024 Lumír Balhar - 3.12.4-3
- Require systemtap-sdt-devel for sys/sdt.h
* Fri Jul 19 2024 Fedora Release Engineering - 3.12.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2303159 - CVE-2024-6923 python3.12: email module doesn't properly quotes newlines in email headers, allowing header injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303159
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-80d1fe51d0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 40 Update: python3-docs-3.12.5-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-80d1fe51d0
2024-08-26 02:04:05.151747
--------------------------------------------------------------------------------

Name : python3-docs
Product : Fedora 40
Version : 3.12.5
Release : 1.fc40
URL : https://www.python.org/
Summary : Documentation for the Python 3 programming language
Description :
The python3-docs package contains documentation on the Python 3
programming language and interpreter.

--------------------------------------------------------------------------------
Update Information:

Update to 3.12.5
Fixes CVE-2024-6923 (email header injection)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 7 2024 Tomáš Hrnčiar - 3.12.5-1
- Update to 3.12.5
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2303159 - CVE-2024-6923 python3.12: email module doesn't properly quotes newlines in email headers, allowing header injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303159
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-80d1fe51d0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 39 Update: python-webob-1.8.8-2.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-40ff0d8644
2024-08-26 01:30:49.757104
--------------------------------------------------------------------------------

Name : python-webob
Product : Fedora 39
Version : 1.8.8
Release : 2.fc39
URL : https://webob.org
Summary : WSGI request and response object
Description :
WebOb provides wrappers around the WSGI request environment, and an object to
help create WSGI responses. The objects map much of the specified behavior of
HTTP, including header parsing and accessors for other standard parts of the
environment.

--------------------------------------------------------------------------------
Update Information:

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
--------------------------------------------------------------------------------
ChangeLog:

* Sat Aug 17 2024 Ján ONDREJ (SAL) - 1.8.8-2
- Disable legacy-cgi requires for Fedora 40 and older systems
* Thu Aug 15 2024 Ján ONDREJ (SAL) - 1.8.8-1
- Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
- pypi_source constructed manually according to project/name case inconsistency
- only require legacy-cgi on on systems where it's present
- remove python3.9 patch (applied upstream)
* Fri Jul 19 2024 Fedora Release Engineering - 1.8.7-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jun 15 2024 Mattia Verga - 1.8.7-14
- Explicitly require python3-cgi at runtime (Fedora#2245641)
* Fri Jun 14 2024 Mattia Verga - 1.8.7-13
- Require legacy-cgi as build dependency
- Fix FTB with Python 3.13 (Fedora#2245641)
* Fri Jun 7 2024 Python Maint - 1.8.7-12
- Rebuilt for Python 3.13
* Fri Jan 26 2024 Fedora Release Engineering - 1.8.7-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering - 1.8.7-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2305066 - CVE-2024-42353 python-webob: WebOb's location header normalization during redirect leads to open redirect [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305066
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-40ff0d8644' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 39 Update: nginx-mod-modsecurity-1.0.3-13.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba5080dfa
2024-08-26 01:30:49.757000
--------------------------------------------------------------------------------

Name : nginx-mod-modsecurity
Product : Fedora 39
Version : 1.0.3
Release : 13.fc39
URL : https://github.com/SpiderLabs/ModSecurity-nginx
Summary : ModSecurity v3 nginx connector
Description :
The ModSecurity-nginx connector is the connection point between nginx and
libmodsecurity (ModSecurity v3). Said another way, this project provides a
communication channel between nginx and libmodsecurity. This connector is
required to use LibModSecurity with nginx.

The ModSecurity-nginx connector takes the form of an nginx module. The module
simply serves as a layer of communication between nginx and ModSecurity

--------------------------------------------------------------------------------
Update Information:

Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Aug 17 2024 Felix Kaechele [felix@kaechele.ca] - 1.0.3-13
- Rebuild for nginx 1.26.2
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.3-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2305156 - CVE-2024-7347 nginx: Nginx: Specially crafted file may cause Denial of Service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305156
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba5080dfa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: nginx-mod-fancyindex-0.5.2-5.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba5080dfa
2024-08-26 01:30:49.757000
--------------------------------------------------------------------------------

Name : nginx-mod-fancyindex
Product : Fedora 39
Version : 0.5.2
Release : 5.fc39
URL : https://github.com/aperezdc/ngx-fancyindex
Summary : Nginx FancyIndex module
Description :
The Fancy Index module makes possible the generation of file listings,
like the built-in autoindex module does, but adding a touch of style.
This is possible because the module allows a certain degree of
customization of the generated content:

* Custom headers. Either local or stored remotely.
* Custom footers. Either local or stored remotely.
* Add you own CSS style rules.
* Allow choosing to sort elements by name (default),
modification time, or size; both ascending (default),
or descending.

--------------------------------------------------------------------------------
Update Information:

Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 16 2024 Felix Kaechele [felix@kaechele.ca] - 0.5.2-5
- Rebuild for nginx 1.26.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2305156 - CVE-2024-7347 nginx: Nginx: Specially crafted file may cause Denial of Service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305156
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba5080dfa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: nginx-mod-vts-0.2.2-9.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba5080dfa
2024-08-26 01:30:49.757000
--------------------------------------------------------------------------------

Name : nginx-mod-vts
Product : Fedora 39
Version : 0.2.2
Release : 9.fc39
URL : https://github.com/vozlt/nginx-module-vts
Summary : Nginx virtual host traffic status module
Description :
Nginx virtual host traffic status module.

--------------------------------------------------------------------------------
Update Information:

Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Aug 17 2024 Felix Kaechele [felix@kaechele.ca] - 0.2.2-9
- Rebuild for nginx 1.26.2
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.2.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2305156 - CVE-2024-7347 nginx: Nginx: Specially crafted file may cause Denial of Service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305156
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba5080dfa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: nginx-mod-naxsi-1.6-6.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba5080dfa
2024-08-26 01:30:49.757000
--------------------------------------------------------------------------------

Name : nginx-mod-naxsi
Product : Fedora 39
Version : 1.6
Release : 6.fc39
URL : https://github.com/wargio/naxsi
Summary : nginx web application firewall module
Description :
naxsi is an nginx module that provides score based Web Application Firewall
(WAF) abilities in a highly granular fashion.

--------------------------------------------------------------------------------
Update Information:

Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Aug 17 2024 Felix Kaechele - 1.6-6
- Rebuild for nginx 1.26.2
* Mon Jul 29 2024 Miroslav Suchý - 1.6-5
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering - 1.6-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2305156 - CVE-2024-7347 nginx: Nginx: Specially crafted file may cause Denial of Service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305156
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba5080dfa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 39 Update: nginx-1.26.2-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba5080dfa
2024-08-26 01:30:49.757000
--------------------------------------------------------------------------------

Name : nginx
Product : Fedora 39
Version : 1.26.2
Release : 1.fc39
URL : https://nginx.org
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.

--------------------------------------------------------------------------------
Update Information:

Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 16 2024 Felix Kaechele - 2:1.26.2-1
- Update to 1.26.2
- fixes CVE-2024-7347
* Wed Jul 31 2024 Luboš Uhliarik - 2:1.26.1-6
- Compile perl module with -O2 optimalization
* Wed Jul 31 2024 Luboš Uhliarik - 2:1.26.1-5
- Add -O2 to nginx.so
* Thu Jul 18 2024 Fedora Release Engineering - 2:1.26.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Tue Jul 2 2024 Luboš Uhliarik - 2:1.26.1-3
- Disable ENGINE support by default for F41+, add engine bcond
* Mon Jun 10 2024 Jitka Plesnikova - 2:1.26.1-2
- Perl 5.40 rebuild
* Fri May 31 2024 Luboš Uhliarik - 2:1.26.1-1
- Increase nginx's epoch to avoid possible regression in CentOS/RHEL
(CS-2046)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2305156 - CVE-2024-7347 nginx: Nginx: Specially crafted file may cause Denial of Service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305156
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba5080dfa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 39 Update: python3.12-3.12.5-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ce1992d46f
2024-08-26 01:30:49.756917
--------------------------------------------------------------------------------

Name : python3.12
Product : Fedora 39
Version : 3.12.5
Release : 1.fc39
URL : https://www.python.org/
Summary : Version 3.12 of the Python interpreter
Description :
Python 3.12 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

--------------------------------------------------------------------------------
Update Information:

Update to 3.12.5
Fixes CVE-2024-6923 (email header injection)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 7 2024 Tomáš Hrnčiar - 3.12.5-1
- Update to 3.12.5
- Fixes: rhbz#2303159 (email header injection)
* Tue Jul 23 2024 Lumír Balhar - 3.12.4-3
- Require systemtap-sdt-devel for sys/sdt.h
* Fri Jul 19 2024 Fedora Release Engineering - 3.12.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2303159 - CVE-2024-6923 python3.12: email module doesn't properly quotes newlines in email headers, allowing header injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303159
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ce1992d46f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 39 Update: python3-docs-3.12.5-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ce1992d46f
2024-08-26 01:30:49.756917
--------------------------------------------------------------------------------

Name : python3-docs
Product : Fedora 39
Version : 3.12.5
Release : 1.fc39
URL : https://www.python.org/
Summary : Documentation for the Python 3 programming language
Description :
The python3-docs package contains documentation on the Python 3
programming language and interpreter.

--------------------------------------------------------------------------------
Update Information:

Update to 3.12.5
Fixes CVE-2024-6923 (email header injection)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 7 2024 Tomáš Hrnčiar - 3.12.5-1
- Update to 3.12.5
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2303159 - CVE-2024-6923 python3.12: email module doesn't properly quotes newlines in email headers, allowing header injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303159
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ce1992d46f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------