Fedora 41 Update: luajit-2.1.1748459687-2.fc41
Fedora 41 Update: rust-sequoia-octopus-librnp-1.11.1-1.fc41
Fedora 41 Update: minidlna-1.3.3-10.fc41
Fedora 42 Update: python-asteval-1.0.6-1.fc42
Fedora 42 Update: rust-sequoia-octopus-librnp-1.11.1-1.fc42
Fedora 42 Update: minidlna-1.3.3-13.fc42
[SECURITY] Fedora 41 Update: luajit-2.1.1748459687-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4430674f97
2025-07-18 01:08:52.312467+00:00
--------------------------------------------------------------------------------
Name : luajit
Product : Fedora 41
Version : 2.1.1748459687
Release : 2.fc41
URL : http://luajit.org
Summary : Just-In-Time Compiler for Lua
Description :
LuaJIT implements the full set of language features defined by Lua 5.1.
The virtual machine (VM) is API- and ABI-compatible to the standard
Lua interpreter and can be deployed as a drop-in replacement.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2024-25176
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 8 2025 Andreas Schneider [asn@redhat.com] - 2.1.1748459687-1
- Update to version 2.1.1748459687
- Fixes CVE-2024-25176
- resolves: rhbz#2376988
* Tue Jul 8 2025 Andreas Schneider [asn@redhat.com] - 2.1.1744318430-1
- Update to version 2.1.1744318430
* Tue Jul 8 2025 Andreas Schneider [asn@cryptomilk.org] - 2.1.1731485912-1
- Update to version 2.1.1731485912
- Fix bcsave assertion on s390x
- resolves: rhbz#2323980
* Tue Jul 8 2025 Andreas Schneider [asn@cryptomilk.org] - 2.1.1720049189-2
- Update to version 2.1.1724232689
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376972 - CVE-2024-25178 luajit: Out of bounds read in LuaJIT [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2376972
[ 2 ] Bug #2376988 - CVE-2024-25176 luajit: From CVEorg collector [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2376988
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4430674f97' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-sequoia-octopus-librnp-1.11.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-71b9c49854
2025-07-18 01:08:52.312469+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-octopus-librnp
Product : Fedora 41
Version : 1.11.1
Release : 1.fc41
URL : https://crates.io/crates/sequoia-octopus-librnp
Summary : Reimplementation of RNP's interface using Sequoia for use with Thunderbird
Description :
Reimplementation of RNP's interface using Sequoia for use with
Thunderbird.
--------------------------------------------------------------------------------
Update Information:
Update to version 1.11.1.
This version includes a fix for a potential DoS-via-zip-bomb issue.
Release notes: https://gitlab.com/sequoia-pgp/sequoia-octopus-
librnp/-/tags/v1.11.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 8 2025 Fabio Valentini [decathorpe@gmail.com] - 1.11.1-1
- Update to version 1.11.1; Fixes RHBZ#2377188
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-71b9c49854' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: minidlna-1.3.3-10.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0f490a9a10
2025-07-18 01:08:52.312447+00:00
--------------------------------------------------------------------------------
Name : minidlna
Product : Fedora 41
Version : 1.3.3
Release : 10.fc41
URL : http://sourceforge.net/projects/minidlna/
Summary : Lightweight DLNA/UPnP-AV server targeted at embedded systems
Description :
MiniDLNA (aka ReadyDLNA) is server software with the aim of being fully
compliant with DLNA/UPnP-AV clients.
The minidlna daemon serves media files (music, pictures, and video) to clients
on your local network. Example clients include applications such as Totem and
XBMC, and devices such as portable media players, smartphones, and televisions.
--------------------------------------------------------------------------------
Update Information:
Avoid restarting minidlna.service when rotating logs if it's not running. Fix
CVE-2023-47430 .
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 7 2025 Dominik Mierzejewski [dominik@greysector.net] - 1.3.3-10
- use systemctl try-restart in postrotate script (resolves rhbz#2372859)
- attempt to fix CVE-2023-47430 (resolves rhbz#2271621)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2271621 - CVE-2023-47430 minidlna: Stack-buffer-overflow vulnerability in ReadyMedia [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2271621
[ 2 ] Bug #2372859 - Use `systemctl try-restart` in logrotate postrotate script
https://bugzilla.redhat.com/show_bug.cgi?id=2372859
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0f490a9a10' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: python-asteval-1.0.6-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-83c141f000
2025-07-18 01:05:30.484199+00:00
--------------------------------------------------------------------------------
Name : python-asteval
Product : Fedora 42
Version : 1.0.6
Release : 1.fc42
URL : http://github.com/newville/asteval
Summary : Evaluator of Python expression using ast module
Description :
ASTEVAL is a safe(ish) evaluator of Python expressions and statements,
using Python's ast module. The idea is to provide a simple, safe, and robust
miniature mathematical language that can handle user-input. The emphasis here
is on mathematical expressions, and so many functions from numpy are imported
and used if available.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2025-24359 (closes rhbz#2341976)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 9 2025 Fabian Affolter - 1.0.6-1
- Update to latest upstream release (closes rhbz#2338907)
- Fix CVE-2025-24359 (closes rhbz#2341976)
* Tue Jun 3 2025 Python Maint - 1.0.5-3
- Rebuilt for Python 3.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2341976 - CVE-2025-24359 python-asteval: ASTEVAL Vulnerable to Maliciously Crafted Format Strings Leading to Sandbox Escape
https://bugzilla.redhat.com/show_bug.cgi?id=2341976
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-83c141f000' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-sequoia-octopus-librnp-1.11.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-51c16d6993
2025-07-18 01:05:30.484007+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-octopus-librnp
Product : Fedora 42
Version : 1.11.1
Release : 1.fc42
URL : https://crates.io/crates/sequoia-octopus-librnp
Summary : Reimplementation of RNP's interface using Sequoia for use with Thunderbird
Description :
Reimplementation of RNP's interface using Sequoia for use with
Thunderbird.
--------------------------------------------------------------------------------
Update Information:
Update to version 1.11.1.
This version includes a fix for a potential DoS-via-zip-bomb issue.
Release notes: https://gitlab.com/sequoia-pgp/sequoia-octopus-
librnp/-/tags/v1.11.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 8 2025 Fabio Valentini [decathorpe@gmail.com] - 1.11.1-1
- Update to version 1.11.1; Fixes RHBZ#2377188
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-51c16d6993' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: minidlna-1.3.3-13.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9fb8ee63fb
2025-07-18 01:05:30.483965+00:00
--------------------------------------------------------------------------------
Name : minidlna
Product : Fedora 42
Version : 1.3.3
Release : 13.fc42
URL : http://sourceforge.net/projects/minidlna/
Summary : Lightweight DLNA/UPnP-AV server targeted at embedded systems
Description :
MiniDLNA (aka ReadyDLNA) is server software with the aim of being fully
compliant with DLNA/UPnP-AV clients.
The minidlna daemon serves media files (music, pictures, and video) to clients
on your local network. Example clients include applications such as Totem and
XBMC, and devices such as portable media players, smartphones, and televisions.
--------------------------------------------------------------------------------
Update Information:
Avoid restarting minidlna.service when rotating logs if it's not running. Fix
CVE-2023-47430 .
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 7 2025 Dominik Mierzejewski [dominik@greysector.net] - 1.3.3-13
- use systemctl try-restart in postrotate script (resolves rhbz#2372859)
- attempt to fix CVE-2023-47430 (resolves rhbz#2271621)
* Tue May 27 2025 Jitka Plesnikova [jplesnik@redhat.com] - 1.3.3-12
- Rebuilt for flac 1.5.0
* Tue Feb 11 2025 Zbigniew J??drzejewski-Szmek [zbyszek@in.waw.pl] - 1.3.3-11
- Drop call to %sysusers_create_compat
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2271621 - CVE-2023-47430 minidlna: Stack-buffer-overflow vulnerability in ReadyMedia [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2271621
[ 2 ] Bug #2372859 - Use `systemctl try-restart` in logrotate postrotate script
https://bugzilla.redhat.com/show_bug.cgi?id=2372859
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9fb8ee63fb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
