Category Archives: Advisories

Advisories

ZDI-24-1646: Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11872.

Read More

Advisories

python3.11-3.11.11-1.fc41

Read Time:23 Second

FEDORA-2024-01d838d947

Packages in this update:

python3.11-3.11.11-1.fc41

Update description:

Python 3.11.11 security release.

Security content in this release

gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts.

Read More

Advisories

python3.11-3.11.11-1.fc40

Read Time:23 Second

FEDORA-2024-5ea38dfb80

Packages in this update:

python3.11-3.11.11-1.fc40

Update description:

Python 3.11.11 security release.

Security content in this release

gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts.

Read More

Advisories

python3.9-3.9.21-1.fc40

Read Time:49 Second

FEDORA-2024-607a0047bc

Packages in this update:

python3.9-3.9.21-1.fc40

Update description:

Python 3.9.21 security release.

Security content in this release

gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts.
gh-103848: Added checks to ensure that [ bracketed ] hosts found by urllib.parse.urlsplit() are of IPv6 or IPvFuture format.
gh-95588: Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being “safe” for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe.

Read More

Advisories

python3.9-3.9.21-1.fc41

Read Time:49 Second

FEDORA-2024-47e4624c89

Packages in this update:

python3.9-3.9.21-1.fc41

Update description:

Python 3.9.21 security release.

Security content in this release

gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts.
gh-103848: Added checks to ensure that [ bracketed ] hosts found by urllib.parse.urlsplit() are of IPv6 or IPvFuture format.
gh-95588: Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being “safe” for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe.

Read More