Fedora 42 Update: chromium-136.0.7103.59-1.fc42
Fedora 42 Update: thunderbird-128.10.0-1.fc42
Fedora 42 Update: ntpd-rs-1.5.0-1.fc42
Fedora 42 Update: rust-hickory-proto-0.24.4-1.fc42
Fedora 42 Update: nodejs-pnpm-10.9.0-1.fc42
Fedora 42 Update: nodejs-bash-language-server-5.6.0-2.fc42
Fedora 42 Update: valkey-8.0.3-1.fc42
Fedora 41 Update: ntpd-rs-1.5.0-1.fc41
Fedora 41 Update: rust-hickory-proto-0.24.4-1.fc41
Fedora 41 Update: nodejs-pnpm-10.9.0-1.fc41
Fedora 41 Update: nodejs-bash-language-server-5.6.0-1.fc41
Fedora 41 Update: valkey-8.0.3-1.fc41
Fedora 40 Update: rust-hickory-proto-0.24.4-1.fc40
Fedora 40 Update: ntpd-rs-1.5.0-1.fc40
Fedora 40 Update: nodejs-bash-language-server-5.6.0-1.fc40
Fedora 40 Update: nodejs-pnpm-10.9.0-1.fc40
Fedora 40 Update: valkey-8.0.3-1.fc40
Fedora 40 Update: redis-7.2.8-1.fc40
[SECURITY] Fedora 42 Update: chromium-136.0.7103.59-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-eab322e215
2025-05-03 02:07:27.616922+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 42
Version : 136.0.7103.59
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 136.0.7103.59
* CVE-2025-4096: Heap buffer overflow in HTML
* CVE-2025-4050: Out of bounds memory access in DevTools
* CVE-2025-4051: Insufficient data validation in DevTools
* CVE-2025-4052: Inappropriate implementation in DevTools
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 29 2025 Than Ngo [than@redhat.com] - 136.0.7103.59-1
- Update to 136.0.7103.59
* CVE-2025-4096: Heap buffer overflow in HTML
* CVE-2025-4050: Out of bounds memory access in DevTools
* CVE-2025-4051: Insufficient data validation in DevTools
* CVE-2025-4052: Inappropriate implementation in DevTools
* Thu Apr 24 2025 Than Ngo [than@redhat.com] - 136.0.7103.48-1
- Update to 136.0.7103.48
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-eab322e215' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: thunderbird-128.10.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e1bb9ed986
2025-05-03 02:07:27.616902+00:00
--------------------------------------------------------------------------------
Name : thunderbird
Product : Fedora 42
Version : 128.10.0
Release : 1.fc42
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
--------------------------------------------------------------------------------
Update Information:
Update to 128.10.0
https://www.thunderbird.net/en-US/thunderbird/128.10.0esr/releasenotes/
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 29 2025 Eike Rathke [erack@redhat.com] - 128.10.0-1
- Update to 128.10.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e1bb9ed986' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: ntpd-rs-1.5.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c480cf7e5e
2025-05-03 02:07:27.616742+00:00
--------------------------------------------------------------------------------
Name : ntpd-rs
Product : Fedora 42
Version : 1.5.0
Release : 1.fc42
URL : https://github.com/pendulum-project/ntpd-rs
Summary : Full-featured implementation of NTP with NTS support
Description :
Full-featured implementation of NTP with NTS support.
--------------------------------------------------------------------------------
Update Information:
Update to version 1.5.0 (for now, without PPS feature enabled due to potential
correctness issues in the code).
Release notes: https://github.com/pendulum-project/ntpd-rs/releases/tag/v1.5.0
Also contains the fix for GHSA-v83q-83hj-rw38.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Fabio Valentini [decathorpe@gmail.com] - 1.5.0-1
- Update to version 1.5.0; Fixes RHBZ#2329317
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2349338 - ntpd-rs: ntpd NTS client denial of service via wrongly sized cookies [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2349338
[ 2 ] Bug #2349339 - ntpd-rs: ntpd NTS client denial of service via wrongly sized cookies [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2349339
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c480cf7e5e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-hickory-proto-0.24.4-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-99f0d93d68
2025-05-03 02:07:27.616748+00:00
--------------------------------------------------------------------------------
Name : rust-hickory-proto
Product : Fedora 42
Version : 0.24.4
Release : 1.fc42
URL : https://crates.io/crates/hickory-proto
Summary : Hickory DNS is a safe and secure DNS library
Description :
Hickory DNS is a safe and secure DNS library. This is the foundational
DNS protocol library for all Hickory DNS projects.
--------------------------------------------------------------------------------
Update Information:
Update to version 0.24.4.
Also contains fixes for RUSTSEC-2025-0006.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Fabio Valentini [decathorpe@gmail.com] - 0.24.4-1
- Update to version 0.24.4
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-99f0d93d68' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: nodejs-pnpm-10.9.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-69a1acbbc0
2025-05-03 02:07:27.616707+00:00
--------------------------------------------------------------------------------
Name : nodejs-pnpm
Product : Fedora 42
Version : 10.9.0
Release : 1.fc42
URL : https://pnpm.io
Summary : Fast, disk space efficient package manager
Description :
A fast, disk space efficient package manager for NodeJS.
--------------------------------------------------------------------------------
Update Information:
Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-
server to version 5.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Andreas Schneider [asn@redhat.com] - 10.9.0-1
- Update to version 10.9.0
- Fixes CVE-2024-47829
- resolves: rhbz#2361976
* Thu Apr 17 2025 ErrorNoInternet [errornointernet@envs.net] - 10.8.1-1
- Update to version 10.8.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2361976 - CVE-2024-47829 nodejs-pnpm: pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361976
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-69a1acbbc0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: nodejs-bash-language-server-5.6.0-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-69a1acbbc0
2025-05-03 02:07:27.616707+00:00
--------------------------------------------------------------------------------
Name : nodejs-bash-language-server
Product : Fedora 42
Version : 5.6.0
Release : 2.fc42
URL : https://github.com/bash-lsp/bash-language-server
Summary : A language server for Bash
Description :
Bash language server implementation based on Tree Sitter and its grammar for
Bash with explainshell integration.
--------------------------------------------------------------------------------
Update Information:
Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-
server to version 5.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Andreas Schneider [asn@redhat.com] - 5.6.0-2
- Bump release for rebuild
* Thu Apr 17 2025 Andreas Schneider [asn@redhat.com] - 5.6.0-1
- Update to version 5.6.0
- https://github.com/bash-lsp/bash-language-
server/releases/tag/server-5.6.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2361976 - CVE-2024-47829 nodejs-pnpm: pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361976
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-69a1acbbc0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: valkey-8.0.3-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2ccc1f4ed9
2025-05-03 02:07:27.616692+00:00
--------------------------------------------------------------------------------
Name : valkey
Product : Fedora 42
Version : 8.0.3
Release : 1.fc42
URL : https://valkey.io
Summary : A persistent key-value database
Description :
Valkey is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.
You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.
In order to achieve its outstanding performance, Valkey works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.
Valkey also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.
Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Valkey behave like
a cache.
You can use Valkey from most programming languages also.
--------------------------------------------------------------------------------
Update Information:
Valkey 8.0.3 - Released Wed 23 Apr 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.
Bug fixes
Optimize RDB load performance and fix cluster mode resizing on replica side
(#1199)
Fix memory leak in forgotten node ping ext code path (#1574)
Fix cluster info sent stats for message with light header (#1563)
Fix module LatencyAddSample still work when latency-monitor-threshold is 0
(#1541)
Fix potential crash in radix tree recompression of huge keys (#1722)
Fix error "SSL routines::bad length" when connTLSWrite is called second time
with smaller buffer (#1737)
Fix temp file leak druing replication error handling (#1721)
Fix ACL LOAD crash on replica since the primary client don't has a user (#1842)
Fix RANDOMKEY infinite loop during CLIENT PAUSE (#1850)
fix: add samples to stream object consumer trees (#1825)
Fix cluster slot stats assertion during promotion of replica (#1950)
Fix panic in primary when blocking shutdown after previous block with timeout
(#1948)
Ignore stale gossip packets that arrive out of order (#1777)
Fix incorrect lag reported in XINFO GROUPS (#1952)
Avoid shard id update of replica if not matching with primary shard id (#573)
Security fixes
CVE-2025-21605 Limit output buffer for unauthenticated clients (#1993)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Remi Collet [remi@fedoraproject.org] - 8.0.3-1
- update to 8.0.3
fixes CVE-2025-21605
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2ccc1f4ed9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: ntpd-rs-1.5.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e9be11b9ba
2025-05-03 01:10:19.809531+00:00
--------------------------------------------------------------------------------
Name : ntpd-rs
Product : Fedora 41
Version : 1.5.0
Release : 1.fc41
URL : https://github.com/pendulum-project/ntpd-rs
Summary : Full-featured implementation of NTP with NTS support
Description :
Full-featured implementation of NTP with NTS support.
--------------------------------------------------------------------------------
Update Information:
Update to version 1.5.0 (for now, without PPS feature enabled due to potential
correctness issues in the code).
Release notes: https://github.com/pendulum-project/ntpd-rs/releases/tag/v1.5.0
Also contains the fix for GHSA-v83q-83hj-rw38.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Fabio Valentini [decathorpe@gmail.com] - 1.5.0-1
- Update to version 1.5.0; Fixes RHBZ#2329317
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2349338 - ntpd-rs: ntpd NTS client denial of service via wrongly sized cookies [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2349338
[ 2 ] Bug #2349339 - ntpd-rs: ntpd NTS client denial of service via wrongly sized cookies [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2349339
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e9be11b9ba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-hickory-proto-0.24.4-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-def79f4594
2025-05-03 01:10:19.809537+00:00
--------------------------------------------------------------------------------
Name : rust-hickory-proto
Product : Fedora 41
Version : 0.24.4
Release : 1.fc41
URL : https://crates.io/crates/hickory-proto
Summary : Hickory DNS is a safe and secure DNS library
Description :
Hickory DNS is a safe and secure DNS library. This is the foundational
DNS protocol library for all Hickory DNS projects.
--------------------------------------------------------------------------------
Update Information:
Update to version 0.24.4.
Also contains fixes for RUSTSEC-2025-0006.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Fabio Valentini [decathorpe@gmail.com] - 0.24.4-1
- Update to version 0.24.4
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.24.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-def79f4594' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: nodejs-pnpm-10.9.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d4cc30bdfb
2025-05-03 01:10:19.809503+00:00
--------------------------------------------------------------------------------
Name : nodejs-pnpm
Product : Fedora 41
Version : 10.9.0
Release : 1.fc41
URL : https://pnpm.io
Summary : Fast, disk space efficient package manager
Description :
A fast, disk space efficient package manager for NodeJS.
--------------------------------------------------------------------------------
Update Information:
Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-
server to version 5.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Andreas Schneider [asn@redhat.com] - 10.9.0-1
- Update to version 10.9.0
- Fixes CVE-2024-47829
- resolves: rhbz#2361976
* Thu Apr 24 2025 ErrorNoInternet [errornointernet@envs.net] - 10.8.1-1
- Update to version 10.8.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2361975 - CVE-2024-47829 nodejs-pnpm: pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361975
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d4cc30bdfb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: nodejs-bash-language-server-5.6.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d4cc30bdfb
2025-05-03 01:10:19.809503+00:00
--------------------------------------------------------------------------------
Name : nodejs-bash-language-server
Product : Fedora 41
Version : 5.6.0
Release : 1.fc41
URL : https://github.com/bash-lsp/bash-language-server
Summary : A language server for Bash
Description :
Bash language server implementation based on Tree Sitter and its grammar for
Bash with explainshell integration.
--------------------------------------------------------------------------------
Update Information:
Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-
server to version 5.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Andreas Schneider [asn@redhat.com] - 5.6.0-1
- Update to version 5.6.0
- https://github.com/bash-lsp/bash-language-
server/releases/tag/server-5.6.0
* Fri Jan 3 2025 Andreas Schneider [asn@cryptomilk.org] - 5.4.3-1
- Update to version 5.4.3
- https://github.com/bash-lsp/bash-language-
server/blob/server-5.4.3/server/CHANGELOG.md
* Fri Jan 3 2025 Andreas Schneider [asn@cryptomilk.org] - 5.4.0-1
- Update to version 5.4.0
- https://github.com/bash-lsp/bash-language-
server/blob/server-5.4.0/server/CHANGELOG.md
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2361975 - CVE-2024-47829 nodejs-pnpm: pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361975
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d4cc30bdfb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: valkey-8.0.3-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d191ee2f9a
2025-05-03 01:10:19.809477+00:00
--------------------------------------------------------------------------------
Name : valkey
Product : Fedora 41
Version : 8.0.3
Release : 1.fc41
URL : https://valkey.io
Summary : A persistent key-value database
Description :
Valkey is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.
You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.
In order to achieve its outstanding performance, Valkey works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.
Valkey also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.
Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Valkey behave like
a cache.
You can use Valkey from most programming languages also.
--------------------------------------------------------------------------------
Update Information:
Valkey 8.0.3 - Released Wed 23 Apr 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.
Bug fixes
Optimize RDB load performance and fix cluster mode resizing on replica side
(#1199)
Fix memory leak in forgotten node ping ext code path (#1574)
Fix cluster info sent stats for message with light header (#1563)
Fix module LatencyAddSample still work when latency-monitor-threshold is 0
(#1541)
Fix potential crash in radix tree recompression of huge keys (#1722)
Fix error "SSL routines::bad length" when connTLSWrite is called second time
with smaller buffer (#1737)
Fix temp file leak druing replication error handling (#1721)
Fix ACL LOAD crash on replica since the primary client don't has a user (#1842)
Fix RANDOMKEY infinite loop during CLIENT PAUSE (#1850)
fix: add samples to stream object consumer trees (#1825)
Fix cluster slot stats assertion during promotion of replica (#1950)
Fix panic in primary when blocking shutdown after previous block with timeout
(#1948)
Ignore stale gossip packets that arrive out of order (#1777)
Fix incorrect lag reported in XINFO GROUPS (#1952)
Avoid shard id update of replica if not matching with primary shard id (#573)
Security fixes
CVE-2025-21605 Limit output buffer for unauthenticated clients (#1993)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Remi Collet [remi@fedoraproject.org] - 8.0.3-1
- update to 8.0.3
fixes CVE-2025-21605
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d191ee2f9a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: rust-hickory-proto-0.24.4-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5e5b0cc812
2025-05-03 01:10:16.988315+00:00
--------------------------------------------------------------------------------
Name : rust-hickory-proto
Product : Fedora 40
Version : 0.24.4
Release : 1.fc40
URL : https://crates.io/crates/hickory-proto
Summary : Hickory DNS is a safe and secure DNS library
Description :
Hickory DNS is a safe and secure DNS library. This is the foundational
DNS protocol library for all Hickory DNS projects.
--------------------------------------------------------------------------------
Update Information:
Update to version 0.24.4.
Also contains fixes for RUSTSEC-2025-0006.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Fabio Valentini [decathorpe@gmail.com] - 0.24.4-1
- Update to version 0.24.4
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.24.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5e5b0cc812' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: ntpd-rs-1.5.0-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-66b73d6c72
2025-05-03 01:10:16.988309+00:00
--------------------------------------------------------------------------------
Name : ntpd-rs
Product : Fedora 40
Version : 1.5.0
Release : 1.fc40
URL : https://github.com/pendulum-project/ntpd-rs
Summary : Full-featured implementation of NTP with NTS support
Description :
Full-featured implementation of NTP with NTS support.
--------------------------------------------------------------------------------
Update Information:
Update to version 1.5.0 (for now, without PPS feature enabled due to potential
correctness issues in the code).
Release notes: https://github.com/pendulum-project/ntpd-rs/releases/tag/v1.5.0
Also contains the fix for GHSA-v83q-83hj-rw38.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Fabio Valentini [decathorpe@gmail.com] - 1.5.0-1
- Update to version 1.5.0; Fixes RHBZ#2329317
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2349338 - ntpd-rs: ntpd NTS client denial of service via wrongly sized cookies [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2349338
[ 2 ] Bug #2349339 - ntpd-rs: ntpd NTS client denial of service via wrongly sized cookies [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2349339
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-66b73d6c72' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: nodejs-bash-language-server-5.6.0-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f68a9b835d
2025-05-03 01:10:16.988304+00:00
--------------------------------------------------------------------------------
Name : nodejs-bash-language-server
Product : Fedora 40
Version : 5.6.0
Release : 1.fc40
URL : https://github.com/bash-lsp/bash-language-server
Summary : A language server for Bash
Description :
Bash language server implementation based on Tree Sitter and its grammar for
Bash with explainshell integration.
--------------------------------------------------------------------------------
Update Information:
Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-
server to version 5.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Andreas Schneider [asn@redhat.com] - 5.6.0-1
- Update to version 5.6.0
- https://github.com/bash-lsp/bash-language-
server/releases/tag/server-5.6.0
* Thu Apr 24 2025 Andreas Schneider [asn@cryptomilk.org] - 5.4.3-1
- Update to version 5.4.3
- https://github.com/bash-lsp/bash-language-
server/blob/server-5.4.3/server/CHANGELOG.md
* Thu Apr 24 2025 Andreas Schneider [asn@cryptomilk.org] - 5.4.0-1
- Update to version 5.4.0
- https://github.com/bash-lsp/bash-language-
server/blob/server-5.4.0/server/CHANGELOG.md
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2361974 - CVE-2024-47829 nodejs-pnpm: pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361974
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f68a9b835d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: nodejs-pnpm-10.9.0-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f68a9b835d
2025-05-03 01:10:16.988304+00:00
--------------------------------------------------------------------------------
Name : nodejs-pnpm
Product : Fedora 40
Version : 10.9.0
Release : 1.fc40
URL : https://pnpm.io
Summary : Fast, disk space efficient package manager
Description :
A fast, disk space efficient package manager for NodeJS.
--------------------------------------------------------------------------------
Update Information:
Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-
server to version 5.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Andreas Schneider [asn@redhat.com] - 10.9.0-1
- Update to version 10.9.0
- Fixes CVE-2024-47829
- resolves: rhbz#2361974
* Thu Apr 24 2025 ErrorNoInternet [errornointernet@envs.net] - 10.8.1-1
- Update to version 10.8.1
* Thu Apr 24 2025 Andreas Schneider [asn@cryptomilk.org] - 9.13.0-1
- Update to version 9.13.0
* Thu Apr 24 2025 Andreas Schneider [asn@cryptomilk.org] - 9.11.0-1
- Update to version 9.11.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2361974 - CVE-2024-47829 nodejs-pnpm: pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361974
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f68a9b835d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: valkey-8.0.3-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-59ebc165fc
2025-05-03 01:10:16.988278+00:00
--------------------------------------------------------------------------------
Name : valkey
Product : Fedora 40
Version : 8.0.3
Release : 1.fc40
URL : https://valkey.io
Summary : A persistent key-value database
Description :
Valkey is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.
You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.
In order to achieve its outstanding performance, Valkey works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.
Valkey also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.
Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Valkey behave like
a cache.
You can use Valkey from most programming languages also.
--------------------------------------------------------------------------------
Update Information:
Valkey 8.0.3 - Released Wed 23 Apr 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.
Bug fixes
Optimize RDB load performance and fix cluster mode resizing on replica side
(#1199)
Fix memory leak in forgotten node ping ext code path (#1574)
Fix cluster info sent stats for message with light header (#1563)
Fix module LatencyAddSample still work when latency-monitor-threshold is 0
(#1541)
Fix potential crash in radix tree recompression of huge keys (#1722)
Fix error "SSL routines::bad length" when connTLSWrite is called second time
with smaller buffer (#1737)
Fix temp file leak druing replication error handling (#1721)
Fix ACL LOAD crash on replica since the primary client don't has a user (#1842)
Fix RANDOMKEY infinite loop during CLIENT PAUSE (#1850)
fix: add samples to stream object consumer trees (#1825)
Fix cluster slot stats assertion during promotion of replica (#1950)
Fix panic in primary when blocking shutdown after previous block with timeout
(#1948)
Ignore stale gossip packets that arrive out of order (#1777)
Fix incorrect lag reported in XINFO GROUPS (#1952)
Avoid shard id update of replica if not matching with primary shard id (#573)
Security fixes
CVE-2025-21605 Limit output buffer for unauthenticated clients (#1993)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Remi Collet [remi@fedoraproject.org] - 8.0.3-1
- update to 8.0.3
fixes CVE-2025-21605
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-59ebc165fc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: redis-7.2.8-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-290b0c6e2b
2025-05-03 01:10:16.988273+00:00
--------------------------------------------------------------------------------
Name : redis
Product : Fedora 40
Version : 7.2.8
Release : 1.fc40
URL : https://redis.io
Summary : A persistent key-value database
Description :
Redis is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.
You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.
In order to achieve its outstanding performance, Redis works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.
Redis also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.
Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Redis behave like
a cache.
You can use Redis from most programming languages also.
--------------------------------------------------------------------------------
Update Information:
Redis 7.2.8 Released Wed 23 Apr 2025 12:00:00 IST
Update urgency: SECURITY: There are security fixes in the release.
Security fixes
(CVE-2025-21605) An unauthenticated client can cause an unlimited growth of
output buffers
Bug fixes
Fix race condition issues between the main thread and module threads
RANDOMKEY - infinite loop during client pause
ShardID inconsistency when both primary and replica support it
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Remi Collet [remi@remirepo.net] - 7.2.8-1
- Upstream 7.2.8 release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2361977 - CVE-2025-21605 redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361977
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-290b0c6e2b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
