Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 40: Security Advisory 2024-0ba1c1a435 on yt-dlp - RCE Fixes

fedora
Calendar Grey July 7, 2024
Dist Fedora Esm H88
Yt-dlp publishes a security notice highlighting severe file cleansing vulnerabilities, with solutions provided.
Update to 2024.07.02

Summary

yt-dlp is a command-line program to download videos from many different online

video platforms, such as youtube.com. The project is a fork of youtube-dl with

additional features and fixes.

Update Information:

Update to 2024.07.02

Topics%20covered

Topics Covered

security advisory Fedora remote code execution updates software compliance file sanitization yt-dlp

Change Log

* Thu Jul 4 2024 Mikel Olasagasti Uranga - 2024.07.02-1 - Update to 2024.07.02. Fixes rhbz#2295769 * Fri Jun 7 2024 Python Maint - 2024.05.27-2 - Rebuilt for Python 3.13

References


[ 1 ] Bug #2295956 - CVE-2024-38519 yt-dlp: File system modification and RCE through improper file-extension sanitization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2295956

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-0ba1c1a435' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: yt-dlp
Product: Fedora 40
Version: 2024.07.02
Release: 1.fc40
URL: https://github.com/yt-dlp/yt-dlp
Summary: A command-line program to download videos from online video platforms

Topics%20covered

Topics Covered

security advisory Fedora remote code execution updates software compliance file sanitization yt-dlp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here