| Summary: | jupyter-core new security issue CVE-2022-39286 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, herman.viaene, sysadmin-bugs, yvesbrungard |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | jupyter-core-4.9.2-1.mga9.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-11-20 17:54:50 CET
David Walser
2022-11-20 17:55:08 CET
Status comment:
(none) =>
Fixed upstream in 4.11.2 Cauldron updated to 5.2.0 Import of 4.11.2 in Mageia 8 is not easy, because some modules need to be imported (hatchling) or upgraded. CC:
(none) =>
yves.brungard_mageia
papoteur
2023-02-01 13:15:29 CET
Whiteboard:
MGA8TOO =>
(none) Fedora has issued an advisory for this on January 30: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YIDN7JMLK6AOMBQI4QPSW4MBQGWQ5NIN/ Update submitted jupyter-core-4.7.0-1.1.mga8.noarch python3-jupyter-core-4.7.0-1.1.mga8 Source: jupyter-core-4.7.0-1.1.mga8.src.rpm I just applied a part of the patch referenced here: https://github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283 This part applied is only on the jupyter_core/application.py. The other part of the patch is for the test purpose, but we don't do the tests, thus it is not needed. Assignee:
python =>
qa-bugs MGA8-64 MATE on Acer Aspire 5253 No installation issues. As far as I understand this, one would need the server to do something usefull, but bug 30699 is hanging on an issue with that. So IMHO even passing this on as clean install is a futile exercise. CC:
(none) =>
herman.viaene MGA8-64 MATE on Acer Aspire 5253 Installed rpm's from bug 30699 plus these here and the dependencies. Started from CLI as in bug 30699 $ jupyter-lab [I 14:49:50.395 LabApp] Writing notebook server cookie secret to /home/tester8/.local/share/jupyter/runtime/notebook_cookie_secret [I 14:49:59.624 LabApp] JupyterLab extension loaded from /usr/lib/python3.8/site-packages/jupyterlab [I 14:49:59.625 LabApp] JupyterLab application directory is /usr/share/jupyter/lab [I 14:49:59.646 LabApp] Serving notebooks from local directory: /home/tester8/Documents [I 14:49:59.646 LabApp] Jupyter Notebook 6.4.12 is running at: [I 14:49:59.646 LabApp] http://localhost:8888/?token=f2f29f11db21bd75be2e8760d9344b85fd4685b08c427018 [I 14:49:59.647 LabApp] or http://127.0.0.1:8888/?token=f2f29f11db21bd75be2e8760d9344b85fd4685b08c427018 [I 14:49:59.647 LabApp] Use Control-C to stop this server and shut down all kernels (twice to skip confirmation). [C 14:49:59.917 LabApp] To access the notebook, open this file in a browser: file:///home/tester8/.local/share/jupyter/runtime/nbserver-5156-open.html Or copy and paste one of these URLs: http://localhost:8888/?token=f2f29f11db21bd75be2e8760d9344b85fd4685b08c427018 or http://127.0.0.1:8888/?token=f2f29f11db21bd75be2e8760d9344b85fd4685b08c427018 (firefox:5242): Gtk-WARNING **: 14:50:00.249: Theme parsing error: gtk.css:2:33: Failed to import: Error opening file /home/tester8/.config/gtk-3.0/window_decorations.css: No such file or directory Jupyterlab opened in Firefox. I created a new text file, with some rubbish, saved it in the lab. Checked the existence of the file in the pwd, opened with pluma, contents is OK. Back in the Jupyterlab site, downloaded the file, checked its existence in the ~/Downloads, and the contents is correct. So, as far as this test goes, it works. Whiteboard:
(none) =>
MGA8-64-OK Validating. Keywords:
(none) =>
validated_update
Dave Hodgins
2023-02-25 19:49:46 CET
CC:
(none) =>
davidwhodgins An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0062.html Status:
NEW =>
RESOLVED |