Fedora Linux 8797 Published by

The following updates have been released for Fedora Linux:

[SECURITY] Fedora 40 Update: zabbix-6.0.33-1.fc40
[SECURITY] Fedora 40 Update: python3.9-3.9.19-5.fc40
[SECURITY] Fedora 39 Update: zabbix-6.0.33-1.fc39
[SECURITY] Fedora 39 Update: python3.9-3.9.19-5.fc39




[SECURITY] Fedora 40 Update: zabbix-6.0.33-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8382d1b267
2024-08-24 01:52:24.934452
--------------------------------------------------------------------------------

Name : zabbix
Product : Fedora 40
Version : 6.0.33
Release : 1.fc40
URL : https://www.zabbix.com
Summary : Open-source monitoring solution for your IT infrastructure
Description :
Zabbix is software that monitors numerous parameters of a network and the
health and integrity of servers. Zabbix uses a flexible notification mechanism
that allows users to configure e-mail based alerts for virtually any event.
This allows a fast reaction to server problems. Zabbix offers excellent
reporting and data visualization features based on the stored data.
This makes Zabbix ideal for capacity planning.

Zabbix supports both polling and trapping. All Zabbix reports and statistics,
as well as configuration parameters are accessed through a web-based front end.
A web-based front end ensures that the status of your network and the health of
your servers can be assessed from any location. Properly configured, Zabbix can
play an important role in monitoring IT infrastructure. This is equally true
for small organizations with a few servers and for large companies with a
multitude of servers.

--------------------------------------------------------------------------------
Update Information:

Fix for multiple CVEs
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 15 2024 Gwyn Ciesla - 1:6.0.33-1
- 6.0.33
* Mon Jul 29 2024 Miroslav Suchý - 1:6.0.30-3
- convert license to SPDX
* Sat Jul 20 2024 Fedora Release Engineering - 1:6.0.30-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2305135 - CVE-2024-36461 zabbix: irect access to memory pointers within the JS engine for modification [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305135
[ 2 ] Bug #2305139 - CVE-2024-36460 zabbix: Front-end auditlog shows passwords in plaintext [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305139
[ 3 ] Bug #2305143 - CVE-2024-22123 zabbix: Zabbix Arbitrary File Read [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305143
[ 4 ] Bug #2305147 - CVE-2024-22122 zabbix: AT(GSM) Command Injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305147
[ 5 ] Bug #2305155 - CVE-2024-22114 zabbix: System Information Widget in Global View Dashboard exposes information about Hosts to Users without Permission [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305155
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8382d1b267' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------




[SECURITY] Fedora 40 Update: python3.9-3.9.19-5.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d434721ef8
2024-08-24 01:52:24.934349
--------------------------------------------------------------------------------

Name : python3.9
Product : Fedora 40
Version : 3.9.19
Release : 5.fc40
URL : https://www.python.org/
Summary : Version 3.9 of the Python interpreter
Description :
Python 3.9 package for developers.

This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.9, see other distributions
that support it, such as CentOS or RHEL or older Fedora releases.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-4032 and CVE-2024-6923
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 13 2024 Lumír Balhar - 3.9.19-5
- Security fix for CVE-2024-4032 (rhbz#2293397)
- Security fix for CVE-2024-6923 (rhbz#2303164)
* Tue Jul 23 2024 Lumír Balhar - 3.9.19-4
- Require systemtap-sdt-devel for sys/sdt.h
* Fri Jul 19 2024 Fedora Release Engineering - 3.9.19-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2293397 - CVE-2024-4032 python3.9: python: incorrect IPv4 and IPv6 private ranges [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2293397
[ 2 ] Bug #2303164 - CVE-2024-6923 python3.9: email module doesn't properly quotes newlines in email headers, allowing header injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303164
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d434721ef8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 39 Update: zabbix-6.0.33-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-c89d2ecdea
2024-08-24 01:30:07.029767
--------------------------------------------------------------------------------

Name : zabbix
Product : Fedora 39
Version : 6.0.33
Release : 1.fc39
URL : https://www.zabbix.com
Summary : Open-source monitoring solution for your IT infrastructure
Description :
Zabbix is software that monitors numerous parameters of a network and the
health and integrity of servers. Zabbix uses a flexible notification mechanism
that allows users to configure e-mail based alerts for virtually any event.
This allows a fast reaction to server problems. Zabbix offers excellent
reporting and data visualization features based on the stored data.
This makes Zabbix ideal for capacity planning.

Zabbix supports both polling and trapping. All Zabbix reports and statistics,
as well as configuration parameters are accessed through a web-based front end.
A web-based front end ensures that the status of your network and the health of
your servers can be assessed from any location. Properly configured, Zabbix can
play an important role in monitoring IT infrastructure. This is equally true
for small organizations with a few servers and for large companies with a
multitude of servers.

--------------------------------------------------------------------------------
Update Information:

Fix for multiple CVEs
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 15 2024 Gwyn Ciesla - 1:6.0.33-1
- 6.0.33
* Mon Jul 29 2024 Miroslav Suchý - 1:6.0.30-3
- convert license to SPDX
* Sat Jul 20 2024 Fedora Release Engineering - 1:6.0.30-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2305135 - CVE-2024-36461 zabbix: irect access to memory pointers within the JS engine for modification [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305135
[ 2 ] Bug #2305139 - CVE-2024-36460 zabbix: Front-end auditlog shows passwords in plaintext [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305139
[ 3 ] Bug #2305143 - CVE-2024-22123 zabbix: Zabbix Arbitrary File Read [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305143
[ 4 ] Bug #2305147 - CVE-2024-22122 zabbix: AT(GSM) Command Injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305147
[ 5 ] Bug #2305155 - CVE-2024-22114 zabbix: System Information Widget in Global View Dashboard exposes information about Hosts to Users without Permission [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2305155
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-c89d2ecdea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
---------------------------------------------------------------------------------



[SECURITY] Fedora 39 Update: python3.9-3.9.19-5.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b7de0faa8b
2024-08-24 01:30:07.029712
--------------------------------------------------------------------------------

Name : python3.9
Product : Fedora 39
Version : 3.9.19
Release : 5.fc39
URL : https://www.python.org/
Summary : Version 3.9 of the Python interpreter
Description :
Python 3.9 package for developers.

This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.9, see other distributions
that support it, such as CentOS or RHEL or older Fedora releases.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-4032 and CVE-2024-6923
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 13 2024 Lumír Balhar - 3.9.19-5
- Security fix for CVE-2024-4032 (rhbz#2293397)
- Security fix for CVE-2024-6923 (rhbz#2303164)
* Tue Jul 23 2024 Lumír Balhar - 3.9.19-4
- Require systemtap-sdt-devel for sys/sdt.h
* Fri Jul 19 2024 Fedora Release Engineering - 3.9.19-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2293397 - CVE-2024-4032 python3.9: python: incorrect IPv4 and IPv6 private ranges [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2293397
[ 2 ] Bug #2303164 - CVE-2024-6923 python3.9: email module doesn't properly quotes newlines in email headers, allowing header injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303164
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b7de0faa8b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------