Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 40: 2024-ce2936b568 Moderate: Rust-Python-Launcher DoS

fedora
Calendar Grey May 26, 2024
Dist Fedora Esm H88
Stay informed about the Fedora 40's rust-python-launcher enhancement featuring minor security updates and advancements from Rust 1.78.
This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries)

Summary

The Python Launcher for Unix.

Launch your Python interpreter the lazy/smart way!

This launcher is an implementation of the py command for Unix-based platforms.

The goal is to have py become the cross-platform command that Python users

typically use to launch an interpreter while doing development.

By having a command that is version-agnostic when it comes to Python,

it side-steps the "what should the python command point to?" debate by clearly

specifying that upfront (i.e. the newest version of Python that can be found).

This also unifies the suggested command to document for launching Python on

both Windows as Unix as py has existed as the preferred command on Windows

since 2012 with the release of Python 3.3.

Typical usage would be:

py -m venv .venv

py ... # Whatever you would normally use `python` for during development.

This creates a virtual environment in a .venv directory using the latest

version of Python installed. Subsequent uses of py will then use that virtual

environment as long as it is in the current (or higher) directory;

no environment activation required (although the Python Launcher supports

activated environments as well)!

A non-goal of this launcher is to become the way to launch the Python

interpreter all the time. If you know the exact interpreter you want to

launch then you should launch it directly; same goes for when you have

requirements on the type of interpreter you want.

The Python Launcher should be viewed as a tool of convenience, not necessity.

Update Information:

This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority security and / or safety fixes in crate dependencies that had not yet been handled via a separate (targeted) rebuild: h2 v0.3.26+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0332.html glib v0.19.4+ and backports (UB): core/pull/1343 hashbrown v0.14.5+ (UB): https://github.com/rust-lang/hashbrown/pull/511 rustls v0.22.4+, v0.21.11+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0336.html

Topics%20covered

Topics Covered

security advisory update Fedora DoS security fix Python launcher Rust applications

Change Log

* Thu May 23 2024 Fabio Valentini - 1.0.0-12 - Rebuild with Rust 1.78 to fix incomplete debuginfo and backtraces

References

Fedora Update Notification FEDORA-2024-ce2936b568 2024-05-26 01:25:15.719720 Name : rust-python-launcher Product : Fedora 40 Version : 1.0.0 Release : 12.fc40 URL : Summary : Python launcher for Unix Description : The Python Launcher for Unix. Launch your Python interpreter the lazy/smart way! This launcher is an implementation of the py command for Unix-based platforms. The goal is to have py become the cross-platform command that Python users typically use to launch an interpreter while doing development. By having a command that is version-agnostic when it comes to Python, it side-steps the "what should the python command point to?" debate by clearly specifying that upfront (i.e. the newest version of Python that can be found). This also unifies the suggested command to document for launching Python on both Windows as Unix as py has existed as the preferred command on Windows since 2012 with the release of Python 3.3. Typical usage would be: py -m venv .venv py ... # Whatever you would normally use `python` for during development. This creates a virtual environment in a .venv directory using the latest version of Python installed. Subsequent uses of py will then use that virtual environment as long as it is in the current (or higher) directory; no environment activation required (although the Python Launcher supports activated environments as well)! A non-goal of this launcher is to become the way to launch the Python interpreter all the time. If you know the exact interpreter you want to launch then you should launch it directly; same goes for when you have requirements on the type of interpreter you want. The Python Launcher should be viewed as a tool of convenience, not necessity.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-ce2936b568' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Name: rust-python-launcher
Product: Fedora 40
Version: 1.0.0
Release: 12.fc40
URL: Summary : Python launcher for Unix

Topics%20covered

Topics Covered

security advisory update Fedora DoS security fix Python launcher Rust applications

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here