Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 41: FEDORA-2024-3c18fe0d93 critical: libdnf memory issue

fedora
Calendar Grey December 22, 2024
Dist Fedora Esm H88
Uncover key updates in Fedora 41 for Python 3.13 and enhancements in libdnf targeting severe security vulnerabilities.
This is the first maintenance release of Python 3.13 Python 3.13 is the newest major release of the Python programming language, and it contains many new features and optimizations...

Summary

A Library providing simplified C and Python API to libsolv.

Update Information:

This is the first maintenance release of Python 3.13 Python 3.13 is the newest major release of the Python programming language, and it contains many new features and optimizations compared to Python 3.12. 3.13.1 is the latest maintenance release, containing almost 400 bugfixes, build improvements and documentation changes since 3.13.0. Security content in this release gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified. CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts. gh-125140: Remove the current directory from sys.path when using PyREPL. CVE-2024-12254: Unbounded memory buffering in SelectorSocketTransport.writelines() fixed. libdnf and libcomps fixes Fix segfaults in iterators (Python 3.13.1 made this crash happen in regular usage)

Topics%20covered

Topics Covered

security advisory update Fedora memory issue segfault python libdnf

Change Log

* Tue Dec 10 2024 Miro Hrončok - 0.73.4-2 - Fix a segfault in iterator of a ConfigParser section - Fixes: rhbz#2330562

References


[ 1 ] Bug #2321657 - CVE-2024-9287 python3.13: Virtual environment (venv) activation scripts don't quote paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2321657 [ 2 ] Bug #2330562 - python3-libdnf segfaults when iterating over an iterator of a ConfigParser section https://bugzilla.redhat.com/show_bug.cgi?id=2330562 [ 3 ] Bug #2330927 - CVE-2024-12254 python3.13: Unbounded memory buffering in SelectorSocketTransport.writelines() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2330927 [ 4 ] Bug #2331665 - libcomps segfaults when iterating over and iterator from an iterator https://bugzilla.redhat.com/show_bug.cgi?id=2331665

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-3c18fe0d93' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libdnf
Product: Fedora 41
Version: 0.73.4
Release: 2.fc41
URL: https://github.com/rpm-software-management/libdnf
Summary: Library providing simplified C and Python API to libsolv

Topics%20covered

Topics Covered

security advisory update Fedora memory issue segfault python libdnf

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here