Fedora Linux 8770 Published by

Fedora Linux has received several security updates, including python-notebook-7.2.2-1.fc40, jupyterlab-4.2.5-1.fc40, python-jupyterlab-server-2.27.3-2.fc40, chromium-129.0.6668.58-1.fc39, less-633-4.fc39, and openjpeg-2.5.2.fc41:

[SECURITY] Fedora 40 Update: python-notebook-7.2.2-1.fc40
[SECURITY] Fedora 40 Update: jupyterlab-4.2.5-1.fc40
[SECURITY] Fedora 40 Update: python-jupyterlab-server-2.27.3-2.fc40
[SECURITY] Fedora 39 Update: chromium-129.0.6668.58-1.fc39
[SECURITY] Fedora 39 Update: less-633-4.fc39
[SECURITY] Fedora 41 Update: python-notebook-7.2.2-1.fc41
[SECURITY] Fedora 41 Update: jupyterlab-4.2.5-1.fc41
[SECURITY] Fedora 41 Update: openjpeg-2.5.2-4.fc41




[SECURITY] Fedora 40 Update: python-notebook-7.2.2-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a3a82a256d
2024-09-22 02:21:08.465764
--------------------------------------------------------------------------------

Name : python-notebook
Product : Fedora 40
Version : 7.2.2
Release : 1.fc40
URL : https://jupyter.org
Summary : A web-based notebook environment for interactive computing
Description :
The Jupyter Notebook is a web application that allows you to create and
share documents that contain live code, equations, visualizations, and
explanatory text. The Notebook has support for multiple programming
languages, sharing, and interactive widgets.

--------------------------------------------------------------------------------
Update Information:

Update jupyterlab and python-notebook to fix CVE-2024-43805.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 12 2024 Lumir Balhar [lbalhar@redhat.com] - 7.2.2-1
- Update to 7.2.2 (rhbz#2284126)
* Fri Jul 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 7.2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Jun 17 2024 Python Maint - 7.2.0-2
- Rebuilt for Python 3.13
* Sat May 25 2024 Lumir Balhar [lbalhar@redhat.com] - 7.2.0-1
- Update to 7.2.0 (rhbz#2272220)
* Fri Mar 15 2024 Lumir Balhar [lbalhar@redhat.com] - 7.1.2-1
- Update to 7.1.2 (rhbz#2266069)
* Tue Feb 13 2024 Lumir Balhar [lbalhar@redhat.com] - 7.1.0-1
- Update to 7.1.0 (rhbz#2260490)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2308441 - CVE-2024-43805 jupyterlab: JupyterLab Vulnerability Allows Data Access via Malicious Markdown [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2308441
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a3a82a256d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: jupyterlab-4.2.5-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a3a82a256d
2024-09-22 02:21:08.465764
--------------------------------------------------------------------------------

Name : jupyterlab
Product : Fedora 40
Version : 4.2.5
Release : 1.fc40
URL : https://jupyter.org
Summary : JupyterLab computational environment
Description :
JupyterLab is the next-generation user interface for Project Jupyter
offering all the familiar building blocks of the classic Jupyter
Notebook (notebook, terminal, text editor, file browser, rich outputs, etc.)
in a flexible and powerful user interface.

--------------------------------------------------------------------------------
Update Information:

Update jupyterlab and python-notebook to fix CVE-2024-43805.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 27 2024 Lumir Balhar [lbalhar@redhat.com] - 4.2.5-1
- Update to 4.2.5 (rhbz#2295514)
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 4.2.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Jun 17 2024 Python Maint - 4.2.1-2
- Rebuilt for Python 3.13
* Sat May 25 2024 Lumir Balhar [lbalhar@redhat.com] - 4.2.1-1
- Update to 4.2.1 (rhbz#2277439)
* Sat May 25 2024 Lumir Balhar [lbalhar@redhat.com] - 4.2.0-1
- Update to 4.2.0 (rhbz#2277439)
* Tue Apr 23 2024 Lumir Balhar [lbalhar@redhat.com] - 4.1.6-1
- Update to 4.1.6 (rhbz#2271395)
* Fri Mar 15 2024 Lumir Balhar [lbalhar@redhat.com] - 4.1.5-1
- Update to 4.1.5 (rhbz#2269594)
* Tue Mar 5 2024 Lumir Balhar [lbalhar@redhat.com] - 4.1.3-1
- Update to 4.1.3 (rhbz#2267833)
* Tue Feb 20 2024 Lumir Balhar [lbalhar@redhat.com] - 4.1.2-1
- Update to 4.1.2 (rhbz#2265014)
* Tue Feb 13 2024 Lumir Balhar [lbalhar@redhat.com] - 4.1.1-1
- Update to 4.1.1 (rhbz#2263963)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2308441 - CVE-2024-43805 jupyterlab: JupyterLab Vulnerability Allows Data Access via Malicious Markdown [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2308441
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a3a82a256d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: python-jupyterlab-server-2.27.3-2.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a3a82a256d
2024-09-22 02:21:08.465764
--------------------------------------------------------------------------------

Name : python-jupyterlab-server
Product : Fedora 40
Version : 2.27.3
Release : 2.fc40
URL : https://jupyterlab-server.readthedocs.io
Summary : A set of server components for JupyterLab and JupyterLab like applications
Description :
JupyterLab Server sits between JupyterLab and Jupyter Server, and provides
a set of REST API handlers and utilities that are used by JupyterLab.
It is a separate project in order to accommodate creating JupyterLab-like
applications from a more limited scope.

--------------------------------------------------------------------------------
Update Information:

Update jupyterlab and python-notebook to fix CVE-2024-43805.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 19 2024 Fedora Release Engineering - 2.27.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jul 17 2024 Lumir Balhar - 2.27.3-1
- Update to 2.27.3 (rhbz#2298236)
* Mon Jun 10 2024 Python Maint - 2.27.2-2
- Rebuilt for Python 3.13
* Wed May 22 2024 Lumir Balhar - 2.27.2-1
- Update to 2.27.2 (rhbz#2282683)
* Tue Apr 23 2024 Lumir Balhar - 2.27.1-1
- Update to 2.27.1 (rhbz#2276381)
* Fri Apr 12 2024 Benjamin A. Beasley - 2.26.0-4
- Remove hatch from the test dependencies
* Mon Apr 8 2024 Lumír Balhar - 2.26.0-1
- Update to 2.26.0 (rhbz#2273954)
* Mon Mar 11 2024 Lumír Balhar - 2.25.4-1
- Update to 2.25.4 (rhbz#2269021)
* Fri Feb 16 2024 Lumír Balhar - 2.25.3-1
- Update to 2.25.3 (rhbz#2264304)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2308441 - CVE-2024-43805 jupyterlab: JupyterLab Vulnerability Allows Data Access via Malicious Markdown [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2308441
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a3a82a256d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
---------------------------------------------------------------------------------



[SECURITY] Fedora 39 Update: chromium-129.0.6668.58-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-3d29b1647b
2024-09-22 02:03:26.291948
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 39
Version : 129.0.6668.58
Release : 1.fc39
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

update to 129.0.6668.58
* High CVE-2024-8904: Type Confusion in V8
* Medium CVE-2024-8905: Inappropriate implementation in V8
* Medium CVE-2024-8906: Incorrect security UI in Downloads
* Medium CVE-2024-8907: Insufficient data validation in Omnibox
* Low CVE-2024-8908: Inappropriate implementation in Autofill
* Low CVE-2024-8909: Inappropriate implementation in UI
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 17 2024 Than Ngo [than@redhat.com] - 129.0.6668.58-1
- update to 129.0.6668.58
* High CVE-2024-8904: Type Confusion in V8
* Medium CVE-2024-8905: Inappropriate implementation in V8
* Medium CVE-2024-8906: Incorrect security UI in Downloads
* Medium CVE-2024-8907: Insufficient data validation in Omnibox
* Low CVE-2024-8908: Inappropriate implementation in Autofill
* Low CVE-2024-8909: Inappropriate implementation in UI
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2312963 - CVE-2024-8909 chromium: Inappropriate implementation in UI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312963
[ 2 ] Bug #2312964 - CVE-2024-8909 chromium: Inappropriate implementation in UI [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312964
[ 3 ] Bug #2312965 - CVE-2024-8908 chromium: Inappropriate implementation in Autofill [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312965
[ 4 ] Bug #2312966 - CVE-2024-8908 chromium: Inappropriate implementation in Autofill [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312966
[ 5 ] Bug #2312967 - CVE-2024-8907 chromium: Insufficient data validation in Omnibox [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312967
[ 6 ] Bug #2312968 - CVE-2024-8907 chromium: Insufficient data validation in Omnibox [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312968
[ 7 ] Bug #2312971 - CVE-2024-8906 chromium: Incorrect security UI in Downloads [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312971
[ 8 ] Bug #2312972 - CVE-2024-8906 chromium: Incorrect security UI in Downloads [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312972
[ 9 ] Bug #2312973 - CVE-2024-8905 chromium: Inappropriate implementation in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312973
[ 10 ] Bug #2312974 - CVE-2024-8905 chromium: Inappropriate implementation in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312974
[ 11 ] Bug #2312975 - CVE-2024-8904 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312975
[ 12 ] Bug #2312976 - CVE-2024-8904 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2312976
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-3d29b1647b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: less-633-4.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-c94f884440
2024-09-22 02:03:26.291758
--------------------------------------------------------------------------------

Name : less
Product : Fedora 39
Version : 633
Release : 4.fc39
URL : https://www.greenwoodsoftware.com/less/
Summary : A text file browser similar to more, but better
Description :
The less utility is a text file browser that resembles more, but has
more capabilities. Less allows you to move backwards in the file as
well as forwards. Since less doesn't have to read the entire input file
before it starts, less starts up more quickly than text editors (for
example, vi).

You should install less because it is a basic utility for viewing text
files, and you'll use it frequently.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-32487 - less with LESSOPEN mishandles \n in paths
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 21 2024 Michal Hlavinka [mhlavink@redhat.com] - 643-6
- fix CVE-2024-32487 - less with LESSOPEN mishandles \n in paths (#2274981)
* Sun Jul 28 2024 Michal Hlavinka [mhlavink@redhat.com] - 633-3
- fix incorrect display when filename contains control chars
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2274980 - CVE-2024-32487 less: OS command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2274980
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-c94f884440' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: python-notebook-7.2.2-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4b5f3d51ca
2024-09-22 00:14:59.038176
--------------------------------------------------------------------------------

Name : python-notebook
Product : Fedora 41
Version : 7.2.2
Release : 1.fc41
URL : https://jupyter.org
Summary : A web-based notebook environment for interactive computing
Description :
The Jupyter Notebook is a web application that allows you to create and
share documents that contain live code, equations, visualizations, and
explanatory text. The Notebook has support for multiple programming
languages, sharing, and interactive widgets.

--------------------------------------------------------------------------------
Update Information:

Update jupyterlab and python-notebook to fix CVE-2024-43805.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 12 2024 Lumir Balhar [lbalhar@redhat.com] - 7.2.2-1
- Update to 7.2.2 (rhbz#2284126)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4b5f3d51ca' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: jupyterlab-4.2.5-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4b5f3d51ca
2024-09-22 00:14:59.038176
--------------------------------------------------------------------------------

Name : jupyterlab
Product : Fedora 41
Version : 4.2.5
Release : 1.fc41
URL : https://jupyter.org
Summary : JupyterLab computational environment
Description :
JupyterLab is the next-generation user interface for Project Jupyter
offering all the familiar building blocks of the classic Jupyter
Notebook (notebook, terminal, text editor, file browser, rich outputs, etc.)
in a flexible and powerful user interface.

--------------------------------------------------------------------------------
Update Information:

Update jupyterlab and python-notebook to fix CVE-2024-43805.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 27 2024 Lumir Balhar [lbalhar@redhat.com] - 4.2.5-1
- Update to 4.2.5 (rhbz#2295514)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4b5f3d51ca' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: openjpeg-2.5.2-4.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-3ecdf562bf
2024-09-22 00:14:59.037950
--------------------------------------------------------------------------------

Name : openjpeg
Product : Fedora 41
Version : 2.5.2
Release : 4.fc41
URL : https://github.com/uclouvain/openjpeg
Summary : C-Library for JPEG 2000
Description :
The OpenJPEG library is an open-source JPEG 2000 library developed in order to
promote the use of JPEG 2000.

This package contains
* JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profile-1
compliance).
* JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multiple
component transforms for multispectral and hyperspectral imagery)

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2023-39327.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 6 2024 Sandro Mani [manisandro@gmail.com] - 2.5.2-4
- Backport patch for CVE-2023-39327
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2295814 - CVE-2023-39327 openjpeg: Malicious files can cause the program to enter a large loop [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2295814
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-3ecdf562bf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--