Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Fedora 35 FEDORA-2022-1dae017601 Moderate: python-celery Command Injection

fedora
Calendar Grey January 15, 2022
Dist Fedora Esm H88
Fedora 35 Patch for python-celery: Fixing a vulnerability linked to command injection that could lead to unauthorized access.
- kombu 5.2.3: https://github.com/celery/kombu/blob/main/Changelog.rst - celery 5.2.3: https://github.com/celery/celery/blob/main/Changelog.rst

Summary

An open source asynchronous task queue/job queue based on

distributed message passing. It is focused on real-time

operation, but supports scheduling as well.

The execution units, called tasks, are executed concurrently

on one or more worker nodes using multiprocessing, Eventlet

or gevent. Tasks can execute asynchronously (in the background)

or synchronously (wait until ready).

Celery is used in production systems to process millions of

tasks a day.

Celery is written in Python, but the protocol can be implemented

in any language. It can also operate with other languages using

web hooks.

The recommended message broker is RabbitMQ, but limited support

for Redis, Beanstalk, MongoDB, CouchDB and databases

(using SQLAlchemy or the Django ORM) is also available.

- kombu 5.2.3: https://github.com/celery/kombu/blob/main/Changelog.rst -celery 5.2.3: https://github.com/celery/celery/blob/main/Changelog.rst

* Fri Jan 7 2022 Frantisek Zatloukal - 5.2.3-2

- Lighten up some dependency ranges a bit

* Thu Jan 6 2022 Frantisek Zatloukal - 5.2.3-1

- Celery 5.2.3

[ 1 ] Bug #2035660 - python-celery-5.2.3 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2035660

[ 2 ] Bug #2035982 - python-kombu-5.2.3 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2035982

[ 3 ] Bug #2037532 - CVE-2021-23727 python-celery: celery: stored command injection vulnerability may allow privileges escalation [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2037532

su -c 'dnf upgrade --advisory FEDORA-2022-1dae017601' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory moderate update Fedora command injection python-celery task queue

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 35
Version: 5.2.3
Release: 2.fc35
URL: https://docs.celeryq.dev/en/stable/
Summary: Distributed Task Queue

Topics%20covered

Topics Covered

security advisory moderate update Fedora command injection python-celery task queue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here