Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisorysecurity issuecriticalFedora 41 libcomps Update - FEDORA-2024-3c18fe0d93 Critical: DoS
This is the first maintenance release of Python 3.13 Python 3.13 is the newest major release of the Python programming language, and it contains many new features and optimizations compared to Python 3.12. 3.13.1 is the latest maintenance release, containing almost 400 bugfixes, build improvements and documentation changes since 3.13.0.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-3c18fe0d93 2024-12-22 02:00:45.593936+00:00 -------------------------------------------------------------------------------- Name : libcomps Product : Fedora 41 Version : 0.1.21 Release : 4.fc41 URL : https://github.com/rpm-software-management/libcomps Summary : Comps XML file manipulation library Description : Libcomps is library for structure-like manipulation with content of comps XML files. Supports read/write XML file, structure(s) modification. -------------------------------------------------------------------------------- Update Information: This is the first maintenance release of Python 3.13 Python 3.13 is the newest major release of the Python programming language, and it contains many new features and optimizations compared to Python 3.12. 3.13.1 is the latest maintenance release, containing almost 400 bugfixes, build improvements and documentation changes since 3.13.0. Security content in this release gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified. CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts. gh-125140: Remove the current directory from sys.path when using PyREPL. CVE-2024-12254: Unbounded memory buffering in SelectorSocketTransport.writelines() fixed. libdnf and libcomps fixes Fix segfaults in iterators (Python 3.13.1 made this crash happen inregular usage) -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 11 2024 Miro HronÄok - 0.1.21-4 - Python: Return self from iter(iterator) to prevent a segfault - Fixes: rhbz#2331665 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2321657 - CVE-2024-9287 python3.13: Virtual environment (venv) activation scripts don't quote paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2321657 [ 2 ] Bug #2330562 - python3-libdnf segfaults when iterating over an iterator of a ConfigParser section https://bugzilla.redhat.com/show_bug.cgi?id=2330562 [ 3 ] Bug #2330927 - CVE-2024-12254 python3.13: Unbounded memory buffering in SelectorSocketTransport.writelines() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2330927 [ 4 ] Bug #2331665 - libcomps segfaults when iterating over and iterator from an iterator https://bugzilla.redhat.com/show_bug.cgi?id=2331665 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-3c18fe0d93' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . The latest enhancements to Fedora's libcomps tackle numerous vulnerabilities and deficiencies, guaranteeing users a more secure and reliable experience.. Fedora update, libcomps security, Python security, Fedora maintenance, software updates. . Severity: Critical. LinuxSecurity.com Team
Dec 22, 2024
•Critical
Fedora
98
security advisorymoderatesecurity issueRed Hat Enterprise Linux 7: RHSA-2019:3898-01 Moderate Risk for Libcomps
An update for libcomps is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which . -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libcomps security update Advisory ID: RHSA-2019:3898-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://access.redhat.com/errata/RHSA-2019:3898 Issue date: 2019-11-18 CVE Names: CVE-2019-3817 ==================================================================== 1. Summary: An update for libcomps is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux 7 Extras - noarch, ppc64le, s390x, x86_64 3. Description: Libcomps is library for structure-like manipulation with content of comps XML files. Supports read/write XML file, structure(s) modification. Security Fix(es): * libcomps: use after free when merging two objmrtrees (CVE-2019-3817) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1668005 - CVE-2019-3817 libcomps: use after free when merging two objmrtrees 6. Package List: Red Hat Enterprise Linux 7Extras: Source: libcomps-0.1.8-13.el7.src.rpm noarch: libcomps-doc-0.1.8-13.el7.noarch.rpm python-libcomps-doc-0.1.8-13.el7.noarch.rpm x86_64: libcomps-0.1.8-13.el7.x86_64.rpm libcomps-debuginfo-0.1.8-13.el7.x86_64.rpm libcomps-devel-0.1.8-13.el7.x86_64.rpm python2-libcomps-0.1.8-13.el7.x86_64.rpm Red Hat Enterprise Linux 7 Extras: Source: libcomps-0.1.8-13.el7.src.rpm noarch: libcomps-doc-0.1.8-13.el7.noarch.rpm python-libcomps-doc-0.1.8-13.el7.noarch.rpm ppc64le: libcomps-0.1.8-13.el7.ppc64le.rpm libcomps-debuginfo-0.1.8-13.el7.ppc64le.rpm libcomps-devel-0.1.8-13.el7.ppc64le.rpm python2-libcomps-0.1.8-13.el7.ppc64le.rpm s390x: libcomps-0.1.8-13.el7.s390x.rpm libcomps-debuginfo-0.1.8-13.el7.s390x.rpm libcomps-devel-0.1.8-13.el7.s390x.rpm python2-libcomps-0.1.8-13.el7.s390x.rpm x86_64: libcomps-0.1.8-13.el7.x86_64.rpm libcomps-debuginfo-0.1.8-13.el7.x86_64.rpm libcomps-devel-0.1.8-13.el7.x86_64.rpm python2-libcomps-0.1.8-13.el7.x86_64.rpm Red Hat Enterprise Linux 7 Extras: Source: libcomps-0.1.8-13.el7.src.rpm noarch: libcomps-doc-0.1.8-13.el7.noarch.rpm python-libcomps-doc-0.1.8-13.el7.noarch.rpm x86_64: libcomps-0.1.8-13.el7.x86_64.rpm libcomps-debuginfo-0.1.8-13.el7.x86_64.rpm libcomps-devel-0.1.8-13.el7.x86_64.rpm python2-libcomps-0.1.8-13.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-3817 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE-----Version: GnuPGv1 iQIVAwUBXdKWitzjgjWX9erEAQguWw/+Jr+2ZYVKxxDWv9+edp+pNa5/+qFnQe3N lqBlcT913+ZEzy+YARYb5UUvEbMFPh711DlfspsVo9WouyUJvwZ4aPAbDk3efjG1 RKDYC6H33WhQrba5ruJxnGxdWSE+nlHz7tkGB8TBe6Sodr5gb138lqZV6itojdrH IeaLfQtmeKtlNL3jtrDcUZIhJoCPAL3dgjXS4Cp8Q2KvJnbSoV/QTEdwdGgPa+68 xsrku1o3sHoKuORmqEy0peDKa3/1TtgTDL3mcg8/7jnvQoBXa4RN9+mxdkp6izqB lIhwbe4DZywWTcfyzc2FKq+FLMQqFIvwn36mMf5StXlDkZzmo2AXKFiQPccZv39B eZnab+aUoRpP5vkhPePdtp9AqI/nnhdaXN1JiKFsl4FGEmPpINa3g1RNwPCYhfwA IgIOCE8yY3mt5TESha7IpFsOJC633vgk2cN+wfb4d1WAMl9AhFss30t6gcxQbOkx 1ntMPzjW3i6Nj6jHzOKsqeldxfD1wPGBx3mlylpNOZqQD6p8skPvYRI7RdupgPtu LUFQxpxk/aBoR4BsJpzNQURT+lEGID9KgM0G7Y7c0kF3ixfi8CaUFypZg1fh+Xis +/z/ONKW7k46IiuyzkY/S3ja1krOkqIZsZVsdRZXlRp289py/kmI5AaM2Ff04KF0 JsF3dQayS44=gOP7 -----END PGP SIGNATURE-------RHSA-announce mailing list
Nov 18, 2019
Red Hat
98
security advisorymoderatebug fixRedHat: RHSA-2019-3583-01 Moderate: Yum Security Updates and Fixes
An update for yum is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: yum security, bug fix, and enhancement update Advisory ID: RHSA-2019:3583-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3583 Issue date: 2019-11-05 CVE Names: CVE-2018-20534 CVE-2019-3817 ==================================================================== 1. Summary: An update for yum is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Yum is a command-line utility that allows the user to check for updates and automatically download and install updated RPM packages. Yum automatically obtains and downloads dependencies, prompting the user for permission as necessary. The following packages have been upgraded to a later upstream version: dnf (4.2.7), dnf-plugins-core (4.0.8), libcomps (0.1.11), libdnf (0.35.1), librepo (1.10.3), libsolv (0.7.4). (BZ#1690288, BZ#1690289, BZ#1690299, BZ#1692402, BZ#1694019, BZ#1697946) Security Fix(es): * libcomps: use after free when merging two objmrtrees (CVE-2019-3817) * libsolv: illegal address access in pool_whatprovides insrc/pool.h (CVE-2018-20534) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1650266 - microdnf - sockets not supported building layer on rhel8-beta/rhel-minimal image 1655605 - yum list available --showduplicates will list not only available packages but packages installed on the system. 1656584 - Add support for modular errata 1656801 - `dnf update`: "Errors occurred during transaction" due to POSTUN scriptlet failures 1657703 - [abrt] [faf] dnf: hdrFromFdno(): /usr/lib64/python3.6/site-packages/rpm/transaction.py killed by _rpm.error 1657851 - yum displays dnf in -h 1658579 - Be explicite about the REPODIR used in the Error message. 1663533 - proxy bypass behavior incompatible with previous versions 1665538 - CVE-2018-20534 libsolv: illegal address access in pool_whatprovides in src/pool.h 1666325 - yum alias list does not work properly 1667898 - repoquery --whatrequires only accepts one pkgspec 1668005 - CVE-2019-3817 libcomps: use after free when merging two objmrtrees 1670835 - [manpage] yum2dnf incorrect and missing info 1671731 - dnf list showduplicates incorrect output 1671839 - dnf: Typo in es_US localization 1672649 - Add dnf.package.Package API for getting pkgid of package from repo in DNF plugin 1673278 - [manpage] inconsistent cmdline options docs: dnf --help/man page 1673289 - dnf enableplugin/disableplugin does not report unknown plugin 1673902 - missing yum-copr man page 1673913 - option tsflags missing in dnf.conf 1673920 - confusing yum-plugin-changelog documentation 1674562 - dnf notparsing default state of comps group correctly 1676418 - yum-utils manpage inconsistent with other yum compat manpages 1677199 - Fail to obtain the transaction lock after change of SELinux policy type 1677583 - yum-builddep tries to install content from non-active stream 1677640 - The module enable/disable works unexpectedly with slow/fast train virt module 1678593 - do not mention switching streams with module enable 1678596 - unable to install module content into nonstandard install root 1678598 - Net install caused /tmp to run out of space due to flood in dnf.librepo.log 1678689 - dnf module --help refers to module_spec while man page uses module-spec 1679008 - no auto completion with dnf 1679509 - [libdnf] Set skip_if_unavailable=false as default behavior for software management tools 1684270 - [hawkey] occasional segfault when interrupting (SIGINT) dnf process (may be caused by particular plugins in use, e.g. "leaves" ones in the past) 1686645 - Remove empty else block. 1686779 - yum-config-manager does not accept repo names 1688537 - reposync doesn't preserve timestamp from repo being synced 1688823 - dnf tracebacks on invalid modular deps 1689331 - packagekit doesn't honor skip_if_unavailable=False for local repositories 1689931 - global parameter to define skip_if_unavailable behavior for yum 1690288 - Rebase libsolv to > = 0.7.3 1690289 - Rebase dnf to > = 4.2.0 1690299 - Rebase libdnf to > = 0.28.0 1690414 - dnf continues despite an error code from test-transaction 1691315 - microdnf fails to install from repo which uses xml:base on location 1692402 - Rebase dnf-plugins-core to > = 4.0.6 1694019 - Rebase librepo to > = 1.9.5 1694709 - [dnf] docs: update description of skip_if_unavailable 1695720 - dnf logs excessively verbosely by default, cannot be configured, certain operations (e.g. reposync) lead to huge logs occupying excessive filesystem space 1697946 - Rebase libcomps to > = 0.1.10 1699348 - System upgrades, empty installroot, involving modular content require explicit--setopt=module_platform_id to work correctly 1700250 - Redundant “]” in dnf module info output 1700741 - When dnf plugin is upgraded via Obsolete, it is not run in the transaction phase 1702283 - microdnf leaks memory 1702678 - Settings are not saved with "yum config-manager --save --setopt= . = " 1702690 - implement built-in log rotation 1703609 - Inconsistency between dnf-automatic command name and man page name 1706215 - using the @ module syntax for yum4 avoids the stream switching error protection 1707453 - dnf update --allowerasing just removes a package, without installing a new package. 1709798 - DNF cannot work with installed modularity content if repo is disabled. 1712055 - Confusing Error message: Failed to synchronize cache for repo 'rhel' 1712460 - [microdnf] - UBI containers not "inherit" the subscription automatically from subscribed satellite content host 1713220 - Test object to None after use it 1714265 - libdnf ships /usr/lib64/libdnf/plugins/README but not the parent directories 1714788 - Reposync should sync the entire repository to include module information. reposync should download the packages regardless of whether a module is enabled or disabled 1716313 - libdnf context doesn't honor skip_if_unavailable=True for local repositories 1717429 - dnf install errors out when a non-existent package is provided together with existing ones 1719830 - dnf fails to do simple commands after adding epel-7 1722493 - gpgcheck=0 in a /etc/yum.repos.d/ .repo file is ignored 1724564 - dnf module install - just enable it, without installing it. 1724668 - dnf builddep fails trying to parse specfile 1725213 - dnf: Can't handle being passed 35+ file names as input for downgrade operation 1726141 - dnf-sack.cpp:727: Assertion `fp_primary' failed. 1730224 - libdnf 0.35.1 crashes with "Assertion `repoImpl-> libsolvRepo == repo' failed" 1737328 - [abrt] dnf: endTransaction(): transaction.py:758:endTransaction:RuntimeError: TransactionItem state is not set: nodejs-1:10.15.0-1.fc29.x86_64 1744979 - "microdnf--help" crashes (segfault) 1746349 - Incorrect parsing of "--setopt" with repositories with dots 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: createrepo_c-0.11.0-3.el8.src.rpm aarch64: createrepo_c-0.11.0-3.el8.aarch64.rpm createrepo_c-debuginfo-0.11.0-3.el8.aarch64.rpm createrepo_c-debugsource-0.11.0-3.el8.aarch64.rpm createrepo_c-devel-0.11.0-3.el8.aarch64.rpm createrepo_c-libs-0.11.0-3.el8.aarch64.rpm createrepo_c-libs-debuginfo-0.11.0-3.el8.aarch64.rpm python3-createrepo_c-0.11.0-3.el8.aarch64.rpm python3-createrepo_c-debuginfo-0.11.0-3.el8.aarch64.rpm ppc64le: createrepo_c-0.11.0-3.el8.ppc64le.rpm createrepo_c-debuginfo-0.11.0-3.el8.ppc64le.rpm createrepo_c-debugsource-0.11.0-3.el8.ppc64le.rpm createrepo_c-devel-0.11.0-3.el8.ppc64le.rpm createrepo_c-libs-0.11.0-3.el8.ppc64le.rpm createrepo_c-libs-debuginfo-0.11.0-3.el8.ppc64le.rpm python3-createrepo_c-0.11.0-3.el8.ppc64le.rpm python3-createrepo_c-debuginfo-0.11.0-3.el8.ppc64le.rpm s390x: createrepo_c-0.11.0-3.el8.s390x.rpm createrepo_c-debuginfo-0.11.0-3.el8.s390x.rpm createrepo_c-debugsource-0.11.0-3.el8.s390x.rpm createrepo_c-devel-0.11.0-3.el8.s390x.rpm createrepo_c-libs-0.11.0-3.el8.s390x.rpm createrepo_c-libs-debuginfo-0.11.0-3.el8.s390x.rpm python3-createrepo_c-0.11.0-3.el8.s390x.rpm python3-createrepo_c-debuginfo-0.11.0-3.el8.s390x.rpm x86_64: createrepo_c-0.11.0-3.el8.x86_64.rpm createrepo_c-debuginfo-0.11.0-3.el8.i686.rpm createrepo_c-debuginfo-0.11.0-3.el8.x86_64.rpm createrepo_c-debugsource-0.11.0-3.el8.i686.rpm createrepo_c-debugsource-0.11.0-3.el8.x86_64.rpm createrepo_c-devel-0.11.0-3.el8.i686.rpm createrepo_c-devel-0.11.0-3.el8.x86_64.rpm createrepo_c-libs-0.11.0-3.el8.i686.rpm createrepo_c-libs-0.11.0-3.el8.x86_64.rpm createrepo_c-libs-debuginfo-0.11.0-3.el8.i686.rpm createrepo_c-libs-debuginfo-0.11.0-3.el8.x86_64.rpm python3-createrepo_c-0.11.0-3.el8.x86_64.rpm python3-createrepo_c-debuginfo-0.11.0-3.el8.i686.rpm python3-createrepo_c-debuginfo-0.11.0-3.el8.x86_64.rpm Red Hat Enterprise Linux BaseOS (v.8): Source: dnf-4.2.7-6.el8.src.rpm dnf-plugins-core-4.0.8-3.el8.src.rpm libcomps-0.1.11-2.el8.src.rpm libdnf-0.35.1-8.el8.src.rpm librepo-1.10.3-3.el8.src.rpm librhsm-0.0.3-3.el8.src.rpm libsolv-0.7.4-3.el8.src.rpm microdnf-3.0.1-3.el8.src.rpm aarch64: libcomps-0.1.11-2.el8.aarch64.rpm libcomps-debuginfo-0.1.11-2.el8.aarch64.rpm libcomps-debugsource-0.1.11-2.el8.aarch64.rpm libcomps-devel-0.1.11-2.el8.aarch64.rpm libdnf-0.35.1-8.el8.aarch64.rpm libdnf-debuginfo-0.35.1-8.el8.aarch64.rpm libdnf-debugsource-0.35.1-8.el8.aarch64.rpm librepo-1.10.3-3.el8.aarch64.rpm librepo-debuginfo-1.10.3-3.el8.aarch64.rpm librepo-debugsource-1.10.3-3.el8.aarch64.rpm librhsm-0.0.3-3.el8.aarch64.rpm librhsm-debuginfo-0.0.3-3.el8.aarch64.rpm librhsm-debugsource-0.0.3-3.el8.aarch64.rpm libsolv-0.7.4-3.el8.aarch64.rpm libsolv-debuginfo-0.7.4-3.el8.aarch64.rpm libsolv-debugsource-0.7.4-3.el8.aarch64.rpm libsolv-demo-debuginfo-0.7.4-3.el8.aarch64.rpm libsolv-tools-debuginfo-0.7.4-3.el8.aarch64.rpm microdnf-3.0.1-3.el8.aarch64.rpm microdnf-debuginfo-3.0.1-3.el8.aarch64.rpm microdnf-debugsource-3.0.1-3.el8.aarch64.rpm perl-solv-debuginfo-0.7.4-3.el8.aarch64.rpm python3-hawkey-0.35.1-8.el8.aarch64.rpm python3-hawkey-debuginfo-0.35.1-8.el8.aarch64.rpm python3-libcomps-0.1.11-2.el8.aarch64.rpm python3-libcomps-debuginfo-0.1.11-2.el8.aarch64.rpm python3-libdnf-0.35.1-8.el8.aarch64.rpm python3-libdnf-debuginfo-0.35.1-8.el8.aarch64.rpm python3-librepo-1.10.3-3.el8.aarch64.rpm python3-librepo-debuginfo-1.10.3-3.el8.aarch64.rpm python3-solv-debuginfo-0.7.4-3.el8.aarch64.rpm ruby-solv-debuginfo-0.7.4-3.el8.aarch64.rpm noarch: dnf-4.2.7-6.el8.noarch.rpm dnf-automatic-4.2.7-6.el8.noarch.rpm dnf-data-4.2.7-6.el8.noarch.rpm dnf-plugins-core-4.0.8-3.el8.noarch.rpm python3-dnf-4.2.7-6.el8.noarch.rpm python3-dnf-plugin-versionlock-4.0.8-3.el8.noarch.rpm python3-dnf-plugins-core-4.0.8-3.el8.noarch.rpm yum-4.2.7-6.el8.noarch.rpm yum-utils-4.0.8-3.el8.noarch.rpm ppc64le: libcomps-0.1.11-2.el8.ppc64le.rpm libcomps-debuginfo-0.1.11-2.el8.ppc64le.rpm libcomps-debugsource-0.1.11-2.el8.ppc64le.rpm libcomps-devel-0.1.11-2.el8.ppc64le.rpm libdnf-0.35.1-8.el8.ppc64le.rpm libdnf-debuginfo-0.35.1-8.el8.ppc64le.rpm libdnf-debugsource-0.35.1-8.el8.ppc64le.rpm librepo-1.10.3-3.el8.ppc64le.rpm librepo-debuginfo-1.10.3-3.el8.ppc64le.rpm librepo-debugsource-1.10.3-3.el8.ppc64le.rpm librhsm-0.0.3-3.el8.ppc64le.rpm librhsm-debuginfo-0.0.3-3.el8.ppc64le.rpm librhsm-debugsource-0.0.3-3.el8.ppc64le.rpm libsolv-0.7.4-3.el8.ppc64le.rpm libsolv-debuginfo-0.7.4-3.el8.ppc64le.rpm libsolv-debugsource-0.7.4-3.el8.ppc64le.rpm libsolv-demo-debuginfo-0.7.4-3.el8.ppc64le.rpm libsolv-tools-debuginfo-0.7.4-3.el8.ppc64le.rpm microdnf-3.0.1-3.el8.ppc64le.rpm microdnf-debuginfo-3.0.1-3.el8.ppc64le.rpm microdnf-debugsource-3.0.1-3.el8.ppc64le.rpm perl-solv-debuginfo-0.7.4-3.el8.ppc64le.rpm python3-hawkey-0.35.1-8.el8.ppc64le.rpm python3-hawkey-debuginfo-0.35.1-8.el8.ppc64le.rpm python3-libcomps-0.1.11-2.el8.ppc64le.rpm python3-libcomps-debuginfo-0.1.11-2.el8.ppc64le.rpm python3-libdnf-0.35.1-8.el8.ppc64le.rpm python3-libdnf-debuginfo-0.35.1-8.el8.ppc64le.rpm python3-librepo-1.10.3-3.el8.ppc64le.rpm python3-librepo-debuginfo-1.10.3-3.el8.ppc64le.rpm python3-solv-debuginfo-0.7.4-3.el8.ppc64le.rpm ruby-solv-debuginfo-0.7.4-3.el8.ppc64le.rpm s390x: libcomps-0.1.11-2.el8.s390x.rpm libcomps-debuginfo-0.1.11-2.el8.s390x.rpm libcomps-debugsource-0.1.11-2.el8.s390x.rpm libcomps-devel-0.1.11-2.el8.s390x.rpm libdnf-0.35.1-8.el8.s390x.rpm libdnf-debuginfo-0.35.1-8.el8.s390x.rpm libdnf-debugsource-0.35.1-8.el8.s390x.rpm librepo-1.10.3-3.el8.s390x.rpm librepo-debuginfo-1.10.3-3.el8.s390x.rpm librepo-debugsource-1.10.3-3.el8.s390x.rpm librhsm-0.0.3-3.el8.s390x.rpm librhsm-debuginfo-0.0.3-3.el8.s390x.rpm librhsm-debugsource-0.0.3-3.el8.s390x.rpm libsolv-0.7.4-3.el8.s390x.rpm libsolv-debuginfo-0.7.4-3.el8.s390x.rpm libsolv-debugsource-0.7.4-3.el8.s390x.rpm libsolv-demo-debuginfo-0.7.4-3.el8.s390x.rpm libsolv-tools-debuginfo-0.7.4-3.el8.s390x.rpm microdnf-3.0.1-3.el8.s390x.rpm microdnf-debuginfo-3.0.1-3.el8.s390x.rpm microdnf-debugsource-3.0.1-3.el8.s390x.rpm perl-solv-debuginfo-0.7.4-3.el8.s390x.rpm python3-hawkey-0.35.1-8.el8.s390x.rpm python3-hawkey-debuginfo-0.35.1-8.el8.s390x.rpm python3-libcomps-0.1.11-2.el8.s390x.rpm python3-libcomps-debuginfo-0.1.11-2.el8.s390x.rpm python3-libdnf-0.35.1-8.el8.s390x.rpm python3-libdnf-debuginfo-0.35.1-8.el8.s390x.rpm python3-librepo-1.10.3-3.el8.s390x.rpm python3-librepo-debuginfo-1.10.3-3.el8.s390x.rpm python3-solv-debuginfo-0.7.4-3.el8.s390x.rpm ruby-solv-debuginfo-0.7.4-3.el8.s390x.rpm x86_64: libcomps-0.1.11-2.el8.i686.rpm libcomps-0.1.11-2.el8.x86_64.rpm libcomps-debuginfo-0.1.11-2.el8.i686.rpm libcomps-debuginfo-0.1.11-2.el8.x86_64.rpm libcomps-debugsource-0.1.11-2.el8.i686.rpm libcomps-debugsource-0.1.11-2.el8.x86_64.rpm libcomps-devel-0.1.11-2.el8.i686.rpm libcomps-devel-0.1.11-2.el8.x86_64.rpm libdnf-0.35.1-8.el8.i686.rpm libdnf-0.35.1-8.el8.x86_64.rpm libdnf-debuginfo-0.35.1-8.el8.i686.rpm libdnf-debuginfo-0.35.1-8.el8.x86_64.rpm libdnf-debugsource-0.35.1-8.el8.i686.rpm libdnf-debugsource-0.35.1-8.el8.x86_64.rpm librepo-1.10.3-3.el8.i686.rpm librepo-1.10.3-3.el8.x86_64.rpm librepo-debuginfo-1.10.3-3.el8.i686.rpm librepo-debuginfo-1.10.3-3.el8.x86_64.rpm librepo-debugsource-1.10.3-3.el8.i686.rpm librepo-debugsource-1.10.3-3.el8.x86_64.rpm librhsm-0.0.3-3.el8.i686.rpm librhsm-0.0.3-3.el8.x86_64.rpm librhsm-debuginfo-0.0.3-3.el8.i686.rpm librhsm-debuginfo-0.0.3-3.el8.x86_64.rpm librhsm-debugsource-0.0.3-3.el8.i686.rpm librhsm-debugsource-0.0.3-3.el8.x86_64.rpm libsolv-0.7.4-3.el8.i686.rpm libsolv-0.7.4-3.el8.x86_64.rpm libsolv-debuginfo-0.7.4-3.el8.i686.rpm libsolv-debuginfo-0.7.4-3.el8.x86_64.rpm libsolv-debugsource-0.7.4-3.el8.i686.rpm libsolv-debugsource-0.7.4-3.el8.x86_64.rpm libsolv-demo-debuginfo-0.7.4-3.el8.i686.rpm libsolv-demo-debuginfo-0.7.4-3.el8.x86_64.rpm libsolv-tools-debuginfo-0.7.4-3.el8.i686.rpm libsolv-tools-debuginfo-0.7.4-3.el8.x86_64.rpm microdnf-3.0.1-3.el8.x86_64.rpm microdnf-debuginfo-3.0.1-3.el8.x86_64.rpm microdnf-debugsource-3.0.1-3.el8.x86_64.rpm perl-solv-debuginfo-0.7.4-3.el8.i686.rpm perl-solv-debuginfo-0.7.4-3.el8.x86_64.rpm python3-hawkey-0.35.1-8.el8.x86_64.rpm python3-hawkey-debuginfo-0.35.1-8.el8.i686.rpm python3-hawkey-debuginfo-0.35.1-8.el8.x86_64.rpm python3-libcomps-0.1.11-2.el8.x86_64.rpm python3-libcomps-debuginfo-0.1.11-2.el8.i686.rpm python3-libcomps-debuginfo-0.1.11-2.el8.x86_64.rpm python3-libdnf-0.35.1-8.el8.x86_64.rpm python3-libdnf-debuginfo-0.35.1-8.el8.i686.rpm python3-libdnf-debuginfo-0.35.1-8.el8.x86_64.rpm python3-librepo-1.10.3-3.el8.x86_64.rpm python3-librepo-debuginfo-1.10.3-3.el8.i686.rpm python3-librepo-debuginfo-1.10.3-3.el8.x86_64.rpm python3-solv-debuginfo-0.7.4-3.el8.i686.rpm python3-solv-debuginfo-0.7.4-3.el8.x86_64.rpm ruby-solv-debuginfo-0.7.4-3.el8.i686.rpm ruby-solv-debuginfo-0.7.4-3.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-20534 https://access.redhat.com/security/cve/CVE-2019-3817 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXcHqGtzjgjWX9erEAQjyNQ/+KBPwjd6ETBXYeV4yjZSiMTTkDcMDR8sI GKWVV1DEavCWNJx77dUSm4S3rA+sdEYAt8MK+vyRsu6FcziOSq5LL+Xg+Oe9jn8o ucqYTboEigCuof/wsZyN1vVQyT46ayrDz8kgwIm4f0ZKJJ4GWGtFiPKidkDAfiQ0 9y7nleG4eP3GEYM7yNVlCURRAIAoefzTjYdp+WFNJtyHyXe0yF4y8Fsg1oM38S7H o2Jt67hEwugujx+NlSl9BmcpZD6Vy2VTb4nMqNT0/LSYaJOQIV5tWPpbbhSy8qbu 5O2LJ6fGB1XKT6Mk0jwk3vllG5+1SO8lLNzIKQynTejyZHdNtmDp8qQqU2bkssHh SbQ8M1Edgn6dUPAKb2ET0dWToUuNMQjxyddi+ChwH4E1x9ETZjDbKlEg8HE5zA0s KwTRHK4TKsq7FmgXwu59fgvOSsnzRy3/n4iulq3nN/vUkejsmY09C7XYAF2yy+Xg o6Dg3sSToV3tI9anM0ZJG/w5UwNWq3bOuWmuIXVCUbXlgpMvqIDxKNGe280hmEw5 7YzO8uGvBVgl+JBl1kMsWHU+Gyu5BZvDKxdU67xaWBV6gsylD7sP/ZeykSpQvrJA Qeu3+p8T0Wzg40f+sbCaKIPI7KulENc4+gcqhLV7yRs9TKl0XLHbqd8d8gZYqJIN ND1R8aMSspc=NRNR -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 05, 2019
Red Hat
202
security advisorymoderatecode executionopenSUSE: 2019:0328-1 Moderate: Libcomps Use-After-Free Issue
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for libcomps ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:0328-1 Rating: moderate References: #1122841 Cross-References: CVE-2019-3817 Affected Products: openSUSE Backports SLE-15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcomps fixes the following issue: Security issue fixed: - CVE-2019-3817: Fixed a use-after-free vulnerability in comps_objmradix.c:comps_objmrtree_unite() function where could allow to application crash or code execution (bsc#1122841). This update was imported from the openSUSE:Leap:15.0:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-328=1 Package List: - openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64): libcomps-devel-0.1.8-bp150.3.3.1 libcomps0_1_6-0.1.8-bp150.3.3.1 python2-libcomps-0.1.8-bp150.3.3.1 python3-libcomps-0.1.8-bp150.3.3.1 - openSUSE Backports SLE-15 (noarch): libcomps-doc-0.1.8-bp150.3.3.1 python-libcomps-doc-0.1.8-bp150.3.3.1 References: https://www.suse.com/security/cve/CVE-2019-3817.html https://bugzilla.suse.com/1122841 -- . openSUSE Security Update: Security update for libcomps _____________________________________________. update, security, fixes, vulnerability, opensuse. . LinuxSecurity.com Team
Mar 15, 2019
OpenSUSE
202
security advisorymoderateopenSUSEopenSUSE Leap 15.0: 2019:0323-1 Moderate: libcomps Use-After-Free
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for libcomps ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:0323-1 Rating: moderate References: #1122841 Cross-References: CVE-2019-3817 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcomps fixes the following issue: Security issue fixed: - CVE-2019-3817: Fixed a use-after-free vulnerability in comps_objmradix.c:comps_objmrtree_unite() function where could allow to application crash or code execution (bsc#1122841). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-323=1 Package List: - openSUSE Leap 15.0 (noarch): libcomps-doc-0.1.8-lp150.2.3.1 python-libcomps-doc-0.1.8-lp150.2.3.1 - openSUSE Leap 15.0 (x86_64): libcomps-debuginfo-0.1.8-lp150.2.3.1 libcomps-debugsource-0.1.8-lp150.2.3.1 libcomps-devel-0.1.8-lp150.2.3.1 libcomps0_1_6-0.1.8-lp150.2.3.1 libcomps0_1_6-debuginfo-0.1.8-lp150.2.3.1 python2-libcomps-0.1.8-lp150.2.3.1 python2-libcomps-debuginfo-0.1.8-lp150.2.3.1 python3-libcomps-0.1.8-lp150.2.3.1 python3-libcomps-debuginfo-0.1.8-lp150.2.3.1 References: https://www.suse.com/security/cve/CVE-2019-3817.html https://bugzilla.suse.com/1122841 -- . openSUSE Security Update: Security update for libcomps _____________________________________________. update, security, fixes, vulnerability, opensuse. . LinuxSecurity.com Team
Mar 11, 2019
OpenSUSE
89
security advisorycriticalsoftware updateFedora 29 libcomps Security Update FEDORA-2019-1fccede810 Critical
**createrepo_c** * Include file timestamp in repomd.xml to allow reproducing exact metadata as produced in the past * Support of zchunk **libcomps** **librepo** * Add zchunk support **libdnf** * Enhance modular solver to handle enabled and default module streams differently (RhBug:1648839) * Add support of wild cards for modules (RhBug:1644588) * Revert commit that adds best. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-1fccede810 2019-02-21 02:56:16.171936 --------------------------------------------------------------------------------Name : libcomps Product : Fedora 29 Version : 0.1.10 Release : 2.fc29 URL : https://github.com/rpm-software-management/libcomps Summary : Comps XML file manipulation library Description : Libcomps is library for structure-like manipulation with content of comps XML files. Supports read/write XML file, structure(s) modification. --------------------------------------------------------------------------------Update Information: **createrepo_c** * Include file timestamp in repomd.xml to allow reproducing exact metadata as produced in the past * Support of zchunk **libcomps** **librepo** * Add zchunk support **libdnf** * Enhance modular solver to handle enabled and default module streams differently (RhBug:1648839) * Add support of wild cards for modules (RhBug:1644588) * Revert commit that adds best as default behavior **dnf** * Updated difference YUM vs. DNF for yum-updateonboot * Added new command ``dnf alias [options] [list|add|delete] [ ...]`` to allow the user to define and manage a list of aliases * Enhanced documentation * Unifying return codes for remove operations * [transaction] Make transaction content available for commands * Triggering transaction hooks if no transaction (RhBug:1650157) * Add hotfix packages to install pool (RhBug:1654738) * Report group operation in transaction table * [sack] Change algorithm to calculaterpmdb_version * Allow to enable modules that break default modules (RhBug:1648839) * Enhance documentation - API examples * Add --nobest option * Revert commit that adds best as default behavior **dnf-plugins-core** * [download] Do not download src without ``--source`` (RhBug:1666648) **dnf-plugins-extras** --------------------------------------------------------------------------------ChangeLog: * Wed Feb 13 2019 Pavla Kratochvilova - 0.1.10-1 - Update to 0.1.10 * Fri Feb 1 2019 Fedora Release Engineering - 0.1.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Tue Nov 27 2018 Marek Blaha - 0.1.8-15 - Disable Python 2 bindings for Fedora > = 30 --------------------------------------------------------------------------------References: [ 1 ] Bug #1653623 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1653623 [ 2 ] Bug #1651701 - DNF module conflict error on dependencies https://bugzilla.redhat.com/show_bug.cgi?id=1651701 [ 3 ] Bug #1648274 - dnf fails to refresh expired metadata https://bugzilla.redhat.com/show_bug.cgi?id=1648274 [ 4 ] Bug #1643129 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1643129 [ 5 ] Bug #1590358 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1590358 [ 6 ] Bug #1569908 - decompress compressed files https://bugzilla.redhat.com/show_bug.cgi?id=1569908 [ 7 ] Bug #1539620 - The --setopt=ID.metadata_expire=1 doesn't work https://bugzilla.redhat.com/show_bug.cgi?id=1539620 [ 8 ] Bug #1672432 - Group and module operations in transaction table not marked for translation https://bugzilla.redhat.com/show_bug.cgi?id=1672432 [ 9 ] Bug #1667426 - The doc/examples/list_obsoletes_plugin.py produces traceback https://bugzilla.redhat.com/show_bug.cgi?id=1667426 [ 10 ] Bug #1667423 - The doc/examples/install_plugin.py leads to traceback https://bugzilla.redhat.com/show_bug.cgi?id=1667423 [ 11 ] Bug#1666648 - dnf download command downloads also a srpm https://bugzilla.redhat.com/show_bug.cgi?id=1666648 [ 12 ] Bug #1660863 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1660863 [ 13 ] Bug #1659390 - [RFE] print additional information about skipped packages after the transaction https://bugzilla.redhat.com/show_bug.cgi?id=1659390 [ 14 ] Bug #1657703 - [abrt] [faf] dnf: hdrFromFdno(): /usr/lib64/python3.6/site-packages/rpm/transaction.py killed by _rpm.error https://bugzilla.redhat.com/show_bug.cgi?id=1657703 [ 15 ] Bug #1656726 - Show excluded packages https://bugzilla.redhat.com/show_bug.cgi?id=1656726 [ 16 ] Bug #1656019 - dnf doesn't complain on conflict in modulemd defaults https://bugzilla.redhat.com/show_bug.cgi?id=1656019 [ 17 ] Bug #1654738 - hotfix repository content is not used when installing a module stream https://bugzilla.redhat.com/show_bug.cgi?id=1654738 [ 18 ] Bug #1654529 - dnf versionlock will accept NEVRA forms for additions which it then cannot match when deleting https://bugzilla.redhat.com/show_bug.cgi?id=1654529 [ 19 ] Bug #1651646 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1651646 [ 20 ] Bug #1651280 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1651280 [ 21 ] Bug #1650157 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1650157 [ 22 ] Bug #1649745 - system-upgrade fails with JSONDecodeError if state file corrupt https://bugzilla.redhat.com/show_bug.cgi?id=1649745 [ 23 ] Bug #1649356 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1649356 [ 24 ] Bug #1648839 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1648839 [ 25 ] Bug #1647760 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1647760 [ 26 ] Bug #1644588 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1644588 [ 27 ] Bug #1642791 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1642791 [ 28 ] Bug #1638669 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1638669 [ 29 ] Bug #1637923 - [abrt] PackageKit: repo_mirrorlist_failure_cb(): packagekitd killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1637923 [ 30 ] Bug #1609335 - CVE-2018-10897 dnf-plugins-core: yum-utils: reposync: improper path validation may lead to directory traversal [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1609335 [ 31 ] Bug #1600722 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1600722 [ 32 ] Bug #1594121 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1594121 [ 33 ] Bug #1589832 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1589832 [ 34 ] Bug #1585509 - Translation of "Size" in different contexts ought to be different. https://bugzilla.redhat.com/show_bug.cgi?id=1585509 [ 35 ] Bug #1515848 - dnf makes it hard to debug SSL related issues https://bugzilla.redhat.com/show_bug.cgi?id=1515848 [ 36 ] Bug #1509393 - Translation missing, when more than one process run https://bugzilla.redhat.com/show_bug.cgi?id=1509393 [ 37 ] Bug #1495482 - system-upgrade fails when snapper plugin installed https://bugzilla.redhat.com/show_bug.cgi?id=1495482 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1fccede810' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailinglist --
Feb 21, 2019
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!