This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11872.
python3.11-3.11.11-1.fc41
Python 3.11.11 security release.
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts.
python3.11-3.11.11-1.fc40
Python 3.11.11 security release.
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts.
python3.9-3.9.21-1.fc40
Python 3.9.21 security release.
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts.
gh-103848: Added checks to ensure that [ bracketed ] hosts found by urllib.parse.urlsplit() are of IPv6 or IPvFuture format.
gh-95588: Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being “safe” for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe.
python3.9-3.9.21-1.fc41
Python 3.9.21 security release.
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts.
gh-103848: Added checks to ensure that [ bracketed ] hosts found by urllib.parse.urlsplit() are of IPv6 or IPvFuture format.
gh-95588: Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being “safe” for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe.
python3.11-3.11.11-1.fc42
Automatic update for python3.11-3.11.11-1.fc42.
* Tue Dec 3 2024 Lumír Balhar <lbalhar@redhat.com> – 3.11.11-1
– Update to 3.11.11
– Fixes: rhbz#2321655
python3.9-3.9.21-1.fc42
Automatic update for python3.9-3.9.21-1.fc42.
* Tue Dec 3 2024 Lumír Balhar <lbalhar@redhat.com> – 3.9.21-1
– Update to 3.9.21
– Fixes: rhbz#2321662
matrix-synapse-1.111.1-2.fc40
Backport fixes from v1.120.1
matrix-synapse-1.118.0-2.fc41
Backport fixes from v1.120.1
Posted by Security Explorations on Dec 03
Hello All,
We have released a technical document pertaining to our Warbird / PMP security
research. It is available for download from this location:
https://security-explorations.com/materials/wbpmp_doc.md.txt
The document provides a more in-depth technical explanation, illustration and
verification of discovered attacks affecting PlayReady on Windows 10 / 11 x64
and pertaining to the following in particular:
– Warbird deficiencies
– content…
