Fedora Linux 8487 Published by

The following two security updates are available for Fedora 39:

Fedora 39 Update: selinux-policy-39.4-1.fc39
Fedora 39 Update: python-templated-dictionary-1.4-1.fc39




Fedora 39 Update: selinux-policy-39.4-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-334b3be641
2024-01-30 04:21:41.500079
--------------------------------------------------------------------------------

Name : selinux-policy
Product : Fedora 39
Version : 39.4
Release : 1.fc39
URL : https://github.com/fedora-selinux/selinux-policy
Summary : SELinux policy configuration
Description :
SELinux core policy package.
Originally based off of reference policy,
the policy has been adjusted to provide support for Fedora.

--------------------------------------------------------------------------------
Update Information:

New F39 selinux-policy build
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 25 2024 Zdenek Pytela [zpytela@redhat.com] - 39.4-1
- Allow collectd read raw fixed disk device
- Allow collectd read udev pid files
- Allow httpd work with PrivateTmp
- Allow certmonger read network sysctls
- Allow systemd-sleep set attributes of efivarfs files
- Allow spamd_update_t the sys_ptrace capability in user namespace
- Allow alsa get attributes filesystems with extended attributes
- Allow systemd-sleep send a message to syslog over a unix dgram socket
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2249960 - SELinux is preventing rm from getattr access on the filesystem /.
https://bugzilla.redhat.com/show_bug.cgi?id=2249960
[ 2 ] Bug #2252484 - avc denials policykit_auth_t policykit_t spamd_update_t Fedora 39
https://bugzilla.redhat.com/show_bug.cgi?id=2252484
[ 3 ] Bug #2255693 - SELinux is preventing systemd-sleep from setattr access on the file /sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67.
https://bugzilla.redhat.com/show_bug.cgi?id=2255693
[ 4 ] Bug #2258637 - [selinux] systemd cannot flush the privatetmp cache used by php-fpm
https://bugzilla.redhat.com/show_bug.cgi?id=2258637
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-334b3be641' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: python-templated-dictionary-1.4-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f69989e7dd
2024-01-30 04:21:41.499879
--------------------------------------------------------------------------------

Name : python-templated-dictionary
Product : Fedora 39
Version : 1.4
Release : 1.fc39
URL : https://github.com/xsuchy/templated-dictionary
Summary : Dictionary with Jinja2 expansion
Description :
Dictionary where __getitem__() is run through Jinja2 template.

--------------------------------------------------------------------------------
Update Information:

Fixing CVE-2023-6395
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 16 2024 Pavel Raiskup [praiskup@redhat.com]
- make the TemplatedDictionary objects picklable
- use a sandboxed jinja2 environment, fixes CVE-2023-6395
* Tue Jan 16 2024 Pavel Raiskup [praiskup@redhat.com]
- make the TemplatedDictionary objects picklable
- Use a sandboxed jinja2 environment, CVE-2023-6395
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2258607 - CVE-2023-6395 mock: Privilege escalation for users that can access mock configuration [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2258607
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f69989e7dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--