Stay Secure with the Latest Linux Advisories

security advisorymoderateupdate

Fedora 35 FEDORA-2022-1dae017601 Moderate: python-celery Command Injection

- kombu 5.2.3: https://github.com/celery/kombu/blob/main/Changelog.rst - celery 5.2.3: https://github.com/celery/celery/blob/main/Changelog.rst. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-1dae017601 2022-01-16 01:17:23.607899 --------------------------------------------------------------------------------Name : python-celery Product : Fedora 35 Version : 5.2.3 Release : 2.fc35 URL : https://docs.celeryq.dev/en/stable/ Summary : Distributed Task Queue Description : An open source asynchronous task queue/job queue based on distributed message passing. It is focused on real-time operation, but supports scheduling as well. The execution units, called tasks, are executed concurrently on one or more worker nodes using multiprocessing, Eventlet or gevent. Tasks can execute asynchronously (in the background) or synchronously (wait until ready). Celery is used in production systems to process millions of tasks a day. Celery is written in Python, but the protocol can be implemented in any language. It can also operate with other languages using web hooks. The recommended message broker is RabbitMQ, but limited support for Redis, Beanstalk, MongoDB, CouchDB and databases (using SQLAlchemy or the Django ORM) is also available. --------------------------------------------------------------------------------Update Information: - kombu 5.2.3: https://github.com/celery/kombu/blob/main/Changelog.rst -celery 5.2.3: https://github.com/celery/celery/blob/main/Changelog.rst --------------------------------------------------------------------------------ChangeLog: * Fri Jan 7 2022 Frantisek Zatloukal - 5.2.3-2 - Lighten up some dependency ranges a bit * Thu Jan 6 2022 Frantisek Zatloukal - 5.2.3-1 - Celery 5.2.3 --------------------------------------------------------------------------------References: [ 1 ] Bug #2035660 - python-celery-5.2.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2035660 [ 2 ] Bug #2035982 - python-kombu-5.2.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2035982 [ 3 ] Bug #2037532 - CVE-2021-23727 python-celery: celery: stored command injection vulnerability may allow privileges escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2037532 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-1dae017601' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Fedora 35 Patch for python-celery: Fixing a vulnerability linked to command injection that could lead to unauthorized access.. Python Celery Update,Fedora Task Queue,Privilege Escalation Risk. . Severity: Important. LinuxSecurity.com Team

Jan 15, 2022 •Important Fedora