Fedora Linux 8485 Published by

The following security updates are available for Fedora Linux:

Fedora 39 Update: tkimg-1.4.16-1.fc39
Fedora 39 Update: python-flask-security-too-5.1.2-3.fc39
Fedora 38 Update: tkimg-1.4.16-1.fc38




Fedora 39 Update: tkimg-1.4.16-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e812bddc51
2024-01-14 00:59:11.840818
--------------------------------------------------------------------------------

Name : tkimg
Product : Fedora 39
Version : 1.4.16
Release : 1.fc39
URL : http://sourceforge.net/projects/tkimg
Summary : Image support library for Tk
Description :
This package contains a collection of image format handlers for the Tk
photo image type, and a new image type, pixmaps.

--------------------------------------------------------------------------------
Update Information:

Update to 1.4.16. Fixes CVE-2023-6277 (in bundled libtiff).
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 5 2024 Tom Callaway [spot@fedoraproject.org] - 1.4.16-1
- update to 1.4.16
- apply upstream (libtiff) fix for CVE-2023-6277
- update license tag
* Fri Dec 8 2023 Florian Weimer [fweimer@redhat.com] - 1.4.14-5
- Backport part of an upstream patch to fix C compatibility issues
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2251311 - CVE-2023-6277 libtiff: Out-of-memory in TIFFOpen via a craft file
https://bugzilla.redhat.com/show_bug.cgi?id=2251311
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e812bddc51' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: python-flask-security-too-5.1.2-3.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f34963bef8
2024-01-14 00:59:11.840763
--------------------------------------------------------------------------------

Name : python-flask-security-too
Product : Fedora 39
Version : 5.1.2
Release : 3.fc39
URL : https://github.com/Flask-Middleware/flask-security
Summary : Simple security for Flask apps
Description :
Flask-Security quickly adds security features to your Flask application.

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2023-49438.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 5 2024 Sandro Mani [manisandro@gmail.com] - 5.1.2-3
- Backport patch for CVE CVE-2023-49438
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2255956 - CVE-2023-49438 python-flask-security-too: flask-security: open-redirect by abusing the ?next parameter on the /login and /register routes [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255956
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f34963bef8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: tkimg-1.4.16-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-43b9d9bff9
2024-01-14 00:46:47.780334
--------------------------------------------------------------------------------

Name : tkimg
Product : Fedora 38
Version : 1.4.16
Release : 1.fc38
URL : http://sourceforge.net/projects/tkimg
Summary : Image support library for Tk
Description :
This package contains a collection of image format handlers for the Tk
photo image type, and a new image type, pixmaps.

--------------------------------------------------------------------------------
Update Information:

Update to 1.4.16. Fixes CVE-2023-6277 (in bundled libtiff).
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 5 2024 Tom Callaway [spot@fedoraproject.org] - 1.4.16-1
- update to 1.4.16
- apply upstream (libtiff) fix for CVE-2023-6277
- update license tag
* Fri Dec 8 2023 Florian Weimer [fweimer@redhat.com] - 1.4.14-5
- Backport part of an upstream patch to fix C compatibility issues
* Sat Jul 22 2023 Fedora Release Engineering [releng@fedoraproject.org] - 1.4.14-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2251311 - CVE-2023-6277 libtiff: Out-of-memory in TIFFOpen via a craft file
https://bugzilla.redhat.com/show_bug.cgi?id=2251311
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-43b9d9bff9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--