Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 40 Security Advisory: python-PyMySQL 1.1.1 Critical SQL Injection

fedora
Calendar Grey June 24, 2024
Dist Fedora Esm H88
Upgrade to 1.1.1 of python-PyMySQL in Fedora 40 to fix a severe SQL injection vulnerability.
Update to 1.1.1 to fix CVE CVE-2024-36039

Summary

This package contains a pure-Python MySQL client library. The goal of PyMySQL is

to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython

and Jython.

Update Information:

Update to 1.1.1 to fix CVE CVE-2024-36039

Topics%20covered

Topics Covered

security advisory update Fedora software patch SQL injection python-PyMySQL

Change Log

* Sat Jun 15 2024 Julien Enselme - 1.1.1-1 - Update to 1.1.1 * Sat Jun 8 2024 Python Maint - 1.1.0-7 - Rebuilt for Python 3.13

References


[ 1 ] Bug #2282821 - CVE-2024-36039 python-pymysql: SQL injection if used with untrusted JSON input https://bugzilla.redhat.com/show_bug.cgi?id=2282821

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-b26f07d27b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python-PyMySQL
Product: Fedora 40
Version: 1.1.1
Release: 1.fc40
URL: https://pypi.org/project/PyMySQL/
Summary: Pure-Python MySQL client library

Topics%20covered

Topics Covered

security advisory update Fedora software patch SQL injection python-PyMySQL

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here