Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 41 libcomps Update - FEDORA-2024-3c18fe0d93 Critical: DoS

fedora
Calendar Grey December 22, 2024
Dist Fedora Esm H88
The latest enhancements to Fedora's libcomps tackle numerous vulnerabilities and deficiencies, guaranteeing users a more secure and reliable experience.
This is the first maintenance release of Python 3.13 Python 3.13 is the newest major release of the Python programming language, and it contains many new features and optimizations...

Summary

Libcomps is library for structure-like manipulation with content of

comps XML files. Supports read/write XML file, structure(s) modification.

Update Information:

This is the first maintenance release of Python 3.13 Python 3.13 is the newest major release of the Python programming language, and it contains many new features and optimizations compared to Python 3.12. 3.13.1 is the latest maintenance release, containing almost 400 bugfixes, build improvements and documentation changes since 3.13.0. Security content in this release gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified. CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts. gh-125140: Remove the current directory from sys.path when using PyREPL. CVE-2024-12254: Unbounded memory buffering in SelectorSocketTransport.writelines() fixed. libdnf and libcomps fixes Fix segfaults in iterators (Python 3.13.1 made this crash happen in regular usage)

Topics%20covered

Topics Covered

security advisory security issue critical Fedora DoS Python libcomps

Change Log

* Wed Dec 11 2024 Miro Hrončok - 0.1.21-4 - Python: Return self from iter(iterator) to prevent a segfault - Fixes: rhbz#2331665

References


[ 1 ] Bug #2321657 - CVE-2024-9287 python3.13: Virtual environment (venv) activation scripts don't quote paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2321657 [ 2 ] Bug #2330562 - python3-libdnf segfaults when iterating over an iterator of a ConfigParser section https://bugzilla.redhat.com/show_bug.cgi?id=2330562 [ 3 ] Bug #2330927 - CVE-2024-12254 python3.13: Unbounded memory buffering in SelectorSocketTransport.writelines() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2330927 [ 4 ] Bug #2331665 - libcomps segfaults when iterating over and iterator from an iterator https://bugzilla.redhat.com/show_bug.cgi?id=2331665

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-3c18fe0d93' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libcomps
Product: Fedora 41
Version: 0.1.21
Release: 4.fc41
URL: https://github.com/rpm-software-management/libcomps
Summary: Comps XML file manipulation library

Topics%20covered

Topics Covered

security advisory security issue critical Fedora DoS Python libcomps

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here