Libblockdev, Spdlog, Python-Pycares, and more updates for Fedora

Fedora Linux 9015 Published by

Fedora Linux has been updated with multiple security enhancements, which include libblockdev, spdlog, python-pycares, python-setuptools, xorg-x11-server-Xwayland, clamav, pam, libblockdev, and perl-File-Find-Rule:

Fedora 41 Update: libblockdev-3.2.2-1.fc41
Fedora 41 Update: spdlog-1.14.1-4.fc41
Fedora 41 Update: python-pycares-4.9.0-1.fc41
Fedora 41 Update: python-setuptools-69.2.0-10.fc41
Fedora 41 Update: perl-File-Find-Rule-0.35-1.fc41
Fedora 42 Update: xorg-x11-server-Xwayland-24.1.8-1.fc42
Fedora 42 Update: clamav-1.4.3-1.fc42
Fedora 42 Update: pam-1.7.0-6.fc42
Fedora 42 Update: libblockdev-3.3.1-1.fc42
Fedora 42 Update: perl-File-Find-Rule-0.35-1.fc42




[SECURITY] Fedora 41 Update: libblockdev-3.2.2-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4f28b95d7e
2025-06-21 02:10:24.663271+00:00
--------------------------------------------------------------------------------

Name : libblockdev
Product : Fedora 41
Version : 3.2.2
Release : 1.fc41
URL : https://github.com/storaged-project/libblockdev
Summary : A library for low-level manipulation with block devices
Description :
The libblockdev is a C library with GObject introspection support that can be
used for doing low-level operations with block devices like setting up LVM,
BTRFS, LUKS or MD RAID. The library uses plugins (LVM, BTRFS,...) and serves as
a thin wrapper around its plugins' functionality. All the plugins, however, can
be used as standalone libraries. One of the core principles of libblockdev is
that it is stateless from the storage configuration's perspective (e.g. it has
no information about VGs when creating an LV).

--------------------------------------------------------------------------------
Update Information:

Don't allow suid and dev set on fs resize (Thomas.Blume)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 18 2025 Vojtech Trefny [vtrefny@redhat.com] - 3.2.2-1
- Don't allow suid and dev set on fs resize (Thomas.Blume)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2373307 - libblockdev allegedly exploitable via the udisks daemon included by default on most Linux distributions, and allows an ???allow_active??? user to gain full root privileges (CVE-2025-6019)
https://bugzilla.redhat.com/show_bug.cgi?id=2373307
[ 2 ] Bug #2373715 - CVE-2025-6019 libblockdev: LPE from allow_active to root in libblockdev via udisks [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2373715
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4f28b95d7e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 41 Update: spdlog-1.14.1-4.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7d5c7fe0c7
2025-06-21 02:10:24.663259+00:00
--------------------------------------------------------------------------------

Name : spdlog
Product : Fedora 41
Version : 1.14.1
Release : 4.fc41
URL : https://github.com/gabime/spdlog
Summary : Super fast C++ logging library
Description :
This is a packaged version of the gabime/spdlog C++ logging
library available at Github.

--------------------------------------------------------------------------------
Update Information:

Backported the upstream CVE-2025-6140 fix.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 17 2025 Vitaly [vitaly@easycoding.org] - 1.14.1-4
- Backported the upstream CVE-2025-6140 fix.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2373092 - CVE-2025-6140 spdlog: spdlog pattern_formatter-inl.h scoped_padder resource consumption [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2373092
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7d5c7fe0c7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: python-pycares-4.9.0-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c10725fc18
2025-06-21 02:10:24.663265+00:00
--------------------------------------------------------------------------------

Name : python-pycares
Product : Fedora 41
Version : 4.9.0
Release : 1.fc41
URL : https://github.com/saghul/pycares
Summary : Python interface for c-ares
Description :
pycares is a Python module which provides an interface to
c-ares. c-ares is a C library that performs DNS requests and name
resolutions asynchronously.

--------------------------------------------------------------------------------
Update Information:

4.9.0
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 13 2025 Gwyn Ciesla [gwync@protonmail.com] - 4.9.0-1
- 4.9.0
* Tue Jun 3 2025 Python Maint - 4.8.0-2
- Rebuilt for Python 3.14
* Mon May 5 2025 Gwyn Ciesla [gwync@protonmail.com] - 4.8.0-1
- 4.8.0
* Sat Jan 18 2025 Fedora Release Engineering [releng@fedoraproject.org] - 4.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Mon Jan 13 2025 Matthieu Saulnier [fantom@fedoraproject.org] - 4.5.0-1
- Update to 4.5.0
- Update SourcesURL tag
- Minor cleanup in %install section
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2372603 - python-pycares-4.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2372603
[ 2 ] Bug #2373112 - CVE-2025-48945 python-pycares: pycares Channel Use-After-Free [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2373112
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c10725fc18' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: python-setuptools-69.2.0-10.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1746085e78
2025-06-21 02:10:24.663234+00:00
--------------------------------------------------------------------------------

Name : python-setuptools
Product : Fedora 41
Version : 69.2.0
Release : 10.fc41
URL : https://pypi.python.org/pypi/setuptools
Summary : Easily build and distribute Python packages
Description :
Setuptools is a collection of enhancements to the Python distutils that allow
you to more easily build and distribute Python packages, especially ones that
have dependencies on other packages.

This package also contains the runtime components of setuptools, necessary to
execute the software that requires pkg_resources.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2025-47273
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 15 2025 Miro Hron??ok [miro@hroncok.cz] - 69.2.0-10
- Security fix for CVE-2025-47273
- Fixes: rhbz#2372613
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2372613 - CVE-2025-47273 python-setuptools: Path Traversal Vulnerability in setuptools PackageIndex [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2372613
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1746085e78' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 41 Update: perl-File-Find-Rule-0.35-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-047d8f57ea
2025-06-21 02:10:24.663081+00:00
--------------------------------------------------------------------------------

Name : perl-File-Find-Rule
Product : Fedora 41
Version : 0.35
Release : 1.fc41
URL : https://metacpan.org/release/File-Find-Rule
Summary : Perl module implementing an alternative interface to File::Find
Description :
File::Find::Rule is a friendlier interface to File::Find. It allows
you to build rules which specify the desired files and directories.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2011-10007
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 11 2025 Jitka Plesnikova [jplesnik@redhat.com] - 0.35-1
- 0.35 bump (rhbz#2371137) - fix CVE-2011-10007
- Updated BRs
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2370473 - CVE-2011-10007 perl-File-Find-Rule: File::Find::Rule Arbitrary Code Execution [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370473
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-047d8f57ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: xorg-x11-server-Xwayland-24.1.8-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b4d521f084
2025-06-21 01:25:36.028827+00:00
--------------------------------------------------------------------------------

Name : xorg-x11-server-Xwayland
Product : Fedora 42
Version : 24.1.8
Release : 1.fc42
URL : http://www.x.org
Summary : Xwayland
Description :
Xwayland is an X server for running X clients under Wayland.

--------------------------------------------------------------------------------
Update Information:

Update to xserver 24.1.8, contains an additional fix for CVE-2025-49176
Update to xserver 24.1.7,
CVE fix for CVE-2025-49175, CVE-2025-49176, CVE-2025-49177,
CVE-2025-49178, CVE-2025-49179, CVE-2025-49180
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 18 2025 Olivier Fourdan [ofourdan@redhat.com] - 24.1.8-1
- Update to xserver 24.1.8
- Contains an additional fix for CVE-2025-49176
* Tue Jun 17 2025 Olivier Fourdan [ofourdan@redhat.com] - 24.1.7-1
- Update to xserver 24.1.7
- CVE fix for: CVE-2025-49175, CVE-2025-49176, CVE-2025-49177
CVE-2025-49178, CVE-2025-49179, CVE-2025-49180
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b4d521f084' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: clamav-1.4.3-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2ac841fe82
2025-06-21 01:25:36.028841+00:00
--------------------------------------------------------------------------------

Name : clamav
Product : Fedora 42
Version : 1.4.3
Release : 1.fc42
URL : https://www.clamav.net/
Summary : End-user tools for the Clam Antivirus scanner
Description :
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this
software is the integration with mail servers (attachment scanning). The
package provides a flexible and scalable multi-threaded daemon, a command
line scanner, and a tool for automatic updating via Internet. The programs
are based on a shared library distributed with the Clam AntiVirus package,
which you can use with your own software. The virus database is based on
the virus database from OpenAntiVirus, but contains additional signatures
(including signatures for popular polymorphic viruses, too) and is KEPT UP
TO DATE.

--------------------------------------------------------------------------------
Update Information:

1.4.3
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 18 2025 Gwyn Ciesla [gwync@protonmail.com] - 1.4.3-1
- 1.4.3
* Sat Feb 8 2025 Zbigniew Jedrzejewski-Szmek [zbyszek@in.waw.pl] - 1.4.2-2
- Add sysusers.d config files to allow rpm to create users/groups automatically
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2373740 - CVE-2025-20234 clamav: ClamAV Information Disclosure Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2373740
[ 2 ] Bug #2373754 - CVE-2025-20260 clamav: ClamAV PDF Scanning Buffer Overflow Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2373754
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2ac841fe82' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: pam-1.7.0-6.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-432b207745
2025-06-21 01:25:36.028815+00:00
--------------------------------------------------------------------------------

Name : pam
Product : Fedora 42
Version : 1.7.0
Release : 6.fc42
URL : http://www.linux-pam.org/
Summary : An extensible library which provides authentication for applications
Description :
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policy without
having to recompile programs that handle authentication.

--------------------------------------------------------------------------------
Update Information:

pam_namespace: fix potential privilege escalation. Resolves: CVE-2025-6020
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 18 2025 Iker Pedrosa [ipedrosa@redhat.com] - 1.7.0-6
- pam_namespace: fix potential privilege escalation.
Resolves: CVE-2025-6020
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-432b207745' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: libblockdev-3.3.1-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-af7ba2696c
2025-06-21 01:25:36.028803+00:00
--------------------------------------------------------------------------------

Name : libblockdev
Product : Fedora 42
Version : 3.3.1
Release : 1.fc42
URL : https://github.com/storaged-project/libblockdev
Summary : A library for low-level manipulation with block devices
Description :
The libblockdev is a C library with GObject introspection support that can be
used for doing low-level operations with block devices like setting up LVM,
BTRFS, LUKS or MD RAID. The library uses plugins (LVM, BTRFS,...) and serves as
a thin wrapper around its plugins' functionality. All the plugins, however, can
be used as standalone libraries. One of the core principles of libblockdev is
that it is stateless from the storage configuration's perspective (e.g. it has
no information about VGs when creating an LV).

--------------------------------------------------------------------------------
Update Information:

Automatic update for libblockdev-3.3.1-1.fc42.
Changelog for libblockdev
* Wed Jun 18 2025 Packit [hello@packit.dev] - 3.3.1-1
- Update to version 3.3.1
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 18 2025 Packit [hello@packit.dev] - 3.3.1-1
- Update to version 3.3.1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2373307 - libblockdev allegedly exploitable via the udisks daemon included by default on most Linux distributions, and allows an ???allow_active??? user to gain full root privileges (CVE-2025-6019)
https://bugzilla.redhat.com/show_bug.cgi?id=2373307
[ 2 ] Bug #2373715 - CVE-2025-6019 libblockdev: LPE from allow_active to root in libblockdev via udisks [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2373715
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-af7ba2696c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: perl-File-Find-Rule-0.35-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-eef56e1ee1
2025-06-21 01:25:36.028651+00:00
--------------------------------------------------------------------------------

Name : perl-File-Find-Rule
Product : Fedora 42
Version : 0.35
Release : 1.fc42
URL : https://metacpan.org/release/File-Find-Rule
Summary : Perl module implementing an alternative interface to File::Find
Description :
File::Find::Rule is a friendlier interface to File::Find. It allows
you to build rules which specify the desired files and directories.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2011-10007
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 11 2025 Jitka Plesnikova [jplesnik@redhat.com] - 0.35-1
- 0.35 bump (rhbz#2371137) - fix CVE-2011-10007
- Updated BRs
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2370474 - CVE-2011-10007 perl-File-Find-Rule: File::Find::Rule Arbitrary Code Execution [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370474
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-eef56e1ee1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--


Fedora Linux 42-20250618 Updated ISOs released

Libblockdev and Open-VM-Tools updates for AlmaLinux

Windows

Linux

macOS

Community

  • Artsyl
    ONTARIO, CANADA – April 23, 2025 – Artsyl Technologies, ...
  • Artsyl
    π˜–π˜―π˜΅π˜’π˜³π˜ͺ𝘰, 𝘊𝘒𝘯𝘒π˜₯𝘒 β€” π˜‘π˜Άπ˜―π˜¦ 18, 2025 β€” π—”π—Ώπ˜π˜€π˜†π—Ή π—§π—²π—°π—΅π—»π—Όπ—Ήπ—Όπ—΄π—Άπ—²π˜€, I ...
  • Artsyl
    May 28, 2025 – Ontario, Canada β€” Artsyl Technologies, a ...