Fedora Linux 8797 Published by

The following security updates have been released for Fedora Linux:

[SECURITY] Fedora 40 Update: python3.11-3.11.10-1.fc40
[SECURITY] Fedora 40 Update: haproxy-2.9.10-1.fc40
[SECURITY] Fedora 40 Update: osc-1.9.1-420.1.1.fc40
[SECURITY] Fedora 39 Update: osc-1.9.1-420.1.1.fc39




[SECURITY] Fedora 40 Update: python3.11-3.11.10-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f7f36c20a2
2024-09-13 01:51:46.331472
--------------------------------------------------------------------------------

Name : python3.11
Product : Fedora 40
Version : 3.11.10
Release : 1.fc40
URL : https://www.python.org/
Summary : Version 3.11 of the Python interpreter
Description :
Python 3.11 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

The python3.11 package provides the "python3.11" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.11-libs package,
which should be installed automatically along with python3.11.
The remaining parts of the Python standard library are broken out into the
python3.11-tkinter and python3.11-test packages, which may need to be installed
separately.

Documentation for Python is provided in the python3.11-docs package.

Packages containing additional libraries for Python are generally named with
the "python3.11-" prefix.

--------------------------------------------------------------------------------
Update Information:

This is a security release of Python 3.11
Note: The release you're looking at is Python 3.11.10, a security bugfix release
for the legacy 3.11 series. Python 3.12 is now the latest feature release series
of Python 3.
Security content in this release
gh-123067: Fix quadratic complexity in parsing "-quoted cookie values with
backslashes by http.cookies. Fixes CVE-2024-7592.
gh-113171: Fixed various false positives and false negatives in
IPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,
IPv6Address.is_global. Fixes CVE-2024-4032.
gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIs
with path starting with multiple slashes and no authority. Fixes CVE-2015-2104.
gh-121957: Fixed missing audit events around interactive use of Python, now also
properly firing for python -i, as well as for python -m asyncio. The event in
question is cpython.run_stdin.
gh-122133: Authenticate the socket connection for the socket.socketpair()
fallback on platforms where AF_UNIX is not available like Windows.
gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,
and GNU sparse headers. That's CVE-2024-6232.
gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()
now correctly lock access to the certificate store, when the ssl.SSLContext is
shared across multiple threads.
gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return
('', '') 2-tuples in more situations where invalid email addresses are
encountered instead of potentially inaccurate values. Add optional strict
parameter to these two functions: use strict=False to get the old behavior,
accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)
can be use to check if the strict paramater is available. This improves the
CVE-2023-27043 fix.
gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)
without breaking contents using legitimate characters. That's CVE-2024-8088.
gh-121650: email headers with embedded newlines are now quoted on output. The
generator will now refuse to serialize (write) headers that are unsafely folded
or delimited; see verify_generated_headers. That's CVE-2024-6923.
gh-119690: Fixes data type confusion in audit events raised by
_winapi.CreateFile and _winapi.CreateNamedPipe.
gh-116773: Fix instances of still has
pending operation at deallocation, the process may crash.
gh-112275: A deadlock involving pystate.c's HEAD_LOCK in posixmodule.c at fork
is now fixed.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 9 2024 Tomáš Hrnčiar - 3.11.10-1
- Update to 3.11.10
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2310089 - CVE-2024-6232 python3.11: tarfile: ReDos via excessive backtracking while parsing header values [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2310089
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f7f36c20a2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 40 Update: haproxy-2.9.10-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-39913e097a
2024-09-13 01:51:46.331437
--------------------------------------------------------------------------------

Name : haproxy
Product : Fedora 40
Version : 2.9.10
Release : 1.fc40
URL : http://www.haproxy.org/
Summary : HAProxy reverse proxy for high availability environments
Description :
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
availability environments. Indeed, it can:
- route HTTP requests depending on statically assigned cookies
- spread load among several servers while assuring server persistence
through the use of HTTP cookies
- switch to backup servers in the event a main one fails
- accept connections to special ports dedicated to service monitoring
- stop accepting connections without breaking existing ones
- add, modify, and delete HTTP headers in both directions
- block requests matching particular patterns
- report detailed status to authenticated users from a URI
intercepted from the application

--------------------------------------------------------------------------------
Update Information:

Update to 2.9.10 (CVE-2024-45506)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 4 2024 Ryan O'Hara [rohara@redhat.com] - 2.9.10-1
- Update to 2.9.10 (CVE-2024-45506)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2309744 - CVE-2024-45506 haproxy: potential infinite loop condition in the h2_send() may trigger a DoS [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2309744
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-39913e097a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: osc-1.9.1-420.1.1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b11026f492
2024-09-13 01:51:46.331239
--------------------------------------------------------------------------------

Name : osc
Product : Fedora 40
Version : 1.9.1
Release : 420.1.1.fc40
URL : https://github.com/openSUSE/osc
Summary : Open Build Service Commander
Description :
Commandline client for the Open Build Service.

See http://en.opensuse.org/openSUSE:OSC , as well as
http://en.opensuse.org/openSUSE:Build_Service_Tutorial for a general
introduction.

--------------------------------------------------------------------------------
Update Information:

New upstream release 1.9.1, fixes CVE-2024-22034
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 4 2024 Dan Čermák - 1.9.1-415.1.1
- New upstream release 1.9.1, fixes CVE-2024-22034 and rhbz#2309529
* Thu Jul 18 2024 Fedora Release Engineering - 1.8.3-415.1.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2309529 - osc-1.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2309529
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b11026f492' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 39 Update: osc-1.9.1-420.1.1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-18d9a6ba14
2024-09-13 01:36:03.252192
--------------------------------------------------------------------------------

Name : osc
Product : Fedora 39
Version : 1.9.1
Release : 420.1.1.fc39
URL : https://github.com/openSUSE/osc
Summary : Open Build Service Commander
Description :
Commandline client for the Open Build Service.

See http://en.opensuse.org/openSUSE:OSC , as well as
http://en.opensuse.org/openSUSE:Build_Service_Tutorial for a general
introduction.

--------------------------------------------------------------------------------
Update Information:

New upstream release 1.9.1, fixes CVE-2024-22034
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 4 2024 Dan Čermák - 1.9.1-415.1.1
- New upstream release 1.9.1, fixes CVE-2024-22034 and rhbz#2309529
* Thu Jul 18 2024 Fedora Release Engineering - 1.8.3-415.1.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2309529 - osc-1.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2309529
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-18d9a6ba14' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------