QT6, Glibc, Udisks, and more updates for Fedora

Fedora Linux 9019 Published by

Fedora Linux has implemented a series of security updates, which include qt6-qtimageformats-6.8.3-2.fc41, glibc-2.40-26, udisks2-2.10.1-7, xorg-x11-server-21.1.18, xorg-x11-server-Xwayland-24.1.8, dotnet8.0-8.0.117, gotify-desktop-1.3.7-5, mirrorlist-server-3.0.7-7, keylime-agent-rust, awatcher, atuin, libtpms, and firefox-140.0-1.fc42:

Fedora 41 Update: qt6-qtimageformats-6.8.3-2.fc41
Fedora 41 Update: qt6-qtbase-6.8.3-2.fc41
Fedora 41 Update: glibc-2.40-26.fc41
Fedora 41 Update: udisks2-2.10.1-7.fc41
Fedora 41 Update: xorg-x11-server-21.1.18-1.fc41
Fedora 41 Update: xorg-x11-server-Xwayland-24.1.8-1.fc41
Fedora 41 Update: dotnet8.0-8.0.117-1.fc41
Fedora 41 Update: gotify-desktop-1.3.7-5.fc41
Fedora 41 Update: mirrorlist-server-3.0.7-7.fc41
Fedora 41 Update: keylime-agent-rust-0.2.7-5.fc41
Fedora 41 Update: awatcher-0.3.1-2.fc41
Fedora 41 Update: atuin-18.3.0-4.fc41
Fedora 41 Update: libtpms-0.9.7-1.fc41
Fedora 42 Update: firefox-140.0-1.fc42
Fedora 42 Update: dotnet8.0-8.0.117-1.fc42
Fedora 42 Update: awatcher-0.3.1-2.fc42
Fedora 42 Update: mirrorlist-server-3.0.7-7.fc42
Fedora 42 Update: gotify-desktop-1.3.7-5.fc42
Fedora 42 Update: atuin-18.3.0-4.fc42



[SECURITY] Fedora 41 Update: qt6-qtimageformats-6.8.3-2.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-526eca6b78
2025-06-25 01:42:08.365156+00:00
--------------------------------------------------------------------------------

Name : qt6-qtimageformats
Product : Fedora 41
Version : 6.8.3
Release : 2.fc41
URL : http://www.qt.io
Summary : Qt6 - QtImageFormats component
Description :
The core Qt Gui library by default supports reading and writing image
files of the most common file formats: PNG, JPEG, BMP, GIF and a few more,
ref. Reading and Writing Image Files. The Qt Image Formats add-on module
provides optional support for other image file formats, including:
MNG, TGA, TIFF, WBMP.

--------------------------------------------------------------------------------
Update Information:

Fix crash in fontconfig database. Fix some CVEs.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 23 2025 Jan Grulich [jgrulich@redhat.com] - 6.8.3-2
- Fix CVE-2025-5683 in ICNS image format handling
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2374169 - mediawriter crashes immediately
https://bugzilla.redhat.com/show_bug.cgi?id=2374169
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-526eca6b78' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: qt6-qtbase-6.8.3-2.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-526eca6b78
2025-06-25 01:42:08.365156+00:00
--------------------------------------------------------------------------------

Name : qt6-qtbase
Product : Fedora 41
Version : 6.8.3
Release : 2.fc41
URL : http://qt-project.org/
Summary : Qt6 - QtBase components
Description :
Qt is a software toolkit for developing applications.

This package contains base tools, like string, xml, and network
handling.

--------------------------------------------------------------------------------
Update Information:

Fix crash in fontconfig database. Fix some CVEs.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 23 2025 Jan Grulich [jgrulich@redhat.com] - 6.8.3-3
- Backport CVE fixes and fix for a crash in fontconfig database
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2374169 - mediawriter crashes immediately
https://bugzilla.redhat.com/show_bug.cgi?id=2374169
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-526eca6b78' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: glibc-2.40-26.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e489437b3d
2025-06-25 01:42:08.365150+00:00
--------------------------------------------------------------------------------

Name : glibc
Product : Fedora 41
Version : 2.40
Release : 26.fc41
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

--------------------------------------------------------------------------------
Update Information:

This update contains the following bug fixes and enhancements:
* String function register clobbers specific to POWER10 machines (CVE-2025-5702,
CVE-2025-5745).
* Crashes in TLS management when auditors are used (rhbz#2330213)
* Optimizations for x86-64 CPUs
* Optimizations for AArch64 CPUs
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jun 21 2025 Florian Weimer [fweimer@redhat.com] - 2.40-26
- Remove glibc-rh1889892-*.patch, now backported upstream.
- Auto-sync with upstream branch release/2.40/master,
commit dbc83657e290bdad3245259be80fb84cbe10304c:
- ppc64le: Revert "powerpc: Optimized strcmp for power10" (CVE-2025-5702)
- ppc64le: Revert "powerpc : Add optimized memchr for POWER10" (Bug 33059)
- ppc64le: Revert "powerpc: Fix performance issues of strcmp power10" (CVE-2025-5702)
- ppc64le: Revert "powerpc: Optimized strncmp for power10" (CVE-2025-5745)
- elf: Keep using minimal malloc after early DTV resize (bug 32412)
- libio: Fix a deadlock after fork in popen
- x86: Detect Intel Diamond Rapids
- x86: Handle unknown Intel processor with default tuning
- x86: Add ARL/PTL/CWF model detection support
- x86: Optimize xstate size calculation
- x86: Use `Avoid_Non_Temporal_Memset` to control non-temporal path
- x86: Use separate variable for TLSDESC XSAVE/XSAVEC state size (bug 32810)
- x86: Skip XSAVE state size reset if ISA level requires XSAVE
- x86_64: Add atanh with FMA
- x86_64: Add sinh with FMA
- x86_64: Add tanh with FMA
- nptl: clear the whole rseq area before registration
- math: Improve layout of exp/exp10 data
- AArch64: Use prefer_sve_ifuncs for SVE memset
- AArch64: Add SVE memset
- math: Improve layout of expf data
- AArch64: Remove zva_128 from memset
- AArch64: Optimize memset
- AArch64: Improve generic strlen
- AArch64: Improve codegen for SVE powf
- AArch64: Improve codegen for SVE pow
- AArch64: Improve codegen for SVE erfcf
- Aarch64: Improve codegen in SVE exp and users, and update expf_inline
- Aarch64: Improve codegen in SVE asinh
- AArch64: Improve codegen in SVE expm1f and users
- AArch64: Improve codegen for SVE log1pf users
- AArch64: Improve codegen for SVE logs
- AArch64: Improve codegen in SVE tans
- AArch64: Improve codegen in AdvSIMD asinh
- AArch64: Improve codegen of AdvSIMD expf family
- AArch64: Improve codegen of AdvSIMD atan(2)(f)
- AArch64: Improve codegen of AdvSIMD logf function family
- AArch64: Improve codegen in users of ADVSIMD log1p helper
- AArch64: Improve codegen in AdvSIMD logs
- AArch64: Improve codegen in AdvSIMD pow
- AArch64: Remove SVE erf and erfc tables
- AArch64: Small optimisation in AdvSIMD erf and erfc
- AArch64: Simplify rounding-multiply pattern in several AdvSIMD routines
- AArch64: Improve codegen in users of ADVSIMD expm1f helper
- AArch64: Improve codegen in users of AdvSIMD log1pf helper
- AArch64: Improve codegen in SVE F32 logs
- AArch64: Improve codegen in SVE expf & related routines
- aarch64: Avoid redundant MOVs in AdvSIMD F32 logs
- math: Add optimization barrier to ensure a1 + u.d is not reused [BZ #30664]
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2330213 - ld.so calls realloc on a DTV which wasn't allocated with malloc
https://bugzilla.redhat.com/show_bug.cgi?id=2330213
[ 2 ] Bug #2370506 - CVE-2025-5702 glibc: From CVEorg collector [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370506
[ 3 ] Bug #2370511 - CVE-2025-5745 glibc: From CVEorg collector [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370511
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e489437b3d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: udisks2-2.10.1-7.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-809971541d
2025-06-25 01:42:08.365139+00:00
--------------------------------------------------------------------------------

Name : udisks2
Product : Fedora 41
Version : 2.10.1
Release : 7.fc41
URL : https://github.com/storaged-project/udisks
Summary : Disk Manager
Description :
The Udisks project provides a daemon, tools and libraries to access and
manipulate disks, storage devices and technologies.

--------------------------------------------------------------------------------
Update Information:

Harden temporary private mounts (#2373301)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 19 2025 Tomas Bzatek [tbzatek@redhat.com] - 2.10.1-7
- Harden temporary private mounts (#2373301)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-809971541d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: xorg-x11-server-21.1.18-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3fa66ac98b
2025-06-25 01:42:08.365129+00:00
--------------------------------------------------------------------------------

Name : xorg-x11-server
Product : Fedora 41
Version : 21.1.18
Release : 1.fc41
URL : http://www.x.org
Summary : X.Org X11 X server
Description :
X.Org X11 X server.

--------------------------------------------------------------------------------
Update Information:

Update to xserver 21.1.18, contains an additional fix for CVE-2025-49176
Update to xserver 21.1.17,
CVE fix for CVE-2025-49175, CVE-2025-49176, CVE-2025-49177,
CVE-2025-49178, CVE-2025-49179, CVE-2025-49180
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 18 2025 Olivier Fourdan [ofourdan@redhat.com] - 21.1.18-1
- Update to xserver 21.1.18
- Contains an additional fix for CVE-2025-49176
* Tue Jun 17 2025 Olivier Fourdan [ofourdan@redhat.com] - 21.1.17-1
- Update to xserver 21.1.17
- CVE fix for: CVE-2025-49175, CVE-2025-49176, CVE-2025-49177
CVE-2025-49178, CVE-2025-49179, CVE-2025-49180
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3fa66ac98b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: xorg-x11-server-Xwayland-24.1.8-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2363836c6c
2025-06-25 01:42:08.365124+00:00
--------------------------------------------------------------------------------

Name : xorg-x11-server-Xwayland
Product : Fedora 41
Version : 24.1.8
Release : 1.fc41
URL : http://www.x.org
Summary : Xwayland
Description :
Xwayland is an X server for running X clients under Wayland.

--------------------------------------------------------------------------------
Update Information:

Update to xwayland 24.1.8, contains an additional fix for CVE-2025-49176
Update to xserver 24.1.7,
CVE fix for CVE-2025-49175, CVE-2025-49176, CVE-2025-49177,
CVE-2025-49178, CVE-2025-49179, CVE-2025-49180
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 18 2025 Olivier Fourdan [ofourdan@redhat.com] - 24.1.8-1
- Update to xserver 24.1.8
- Contains an additional fix for CVE-2025-49176
* Tue Jun 17 2025 Olivier Fourdan [ofourdan@redhat.com] - 24.1.7-1
- Update to xserver 24.1.7
- CVE fix for: CVE-2025-49175, CVE-2025-49176, CVE-2025-49177
CVE-2025-49178, CVE-2025-49179, CVE-2025-49180
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2363836c6c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: dotnet8.0-8.0.117-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-433fb98ceb
2025-06-25 01:42:08.365054+00:00
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 41
Version : 8.0.117
Release : 1.fc41
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the June 2025 monthly update for .NET 8.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.17/8.0.117.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.17/8.0.17.md
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 10 2025 Omair Majid [omajid@redhat.com] - 8.0.117-1
- Update to .NET SDK 8.0.117 and Runtime 8.0.17
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-433fb98ceb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: gotify-desktop-1.3.7-5.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-297c7ac7fe
2025-06-25 01:42:08.365038+00:00
--------------------------------------------------------------------------------

Name : gotify-desktop
Product : Fedora 41
Version : 1.3.7
Release : 5.fc41
URL : https://github.com/desbma/gotify-desktop
Summary : Small Gotify daemon to receive and forward messages
Description :
Small Gotify daemon to receive messages and forward them as desktop notifications. Read Gotify messages, and forward them as standard desktop notification. Forward message priority. Auto reconnect if server connection is lost and get missed messages. Automatically download, cache, and show app icons.

--------------------------------------------------------------------------------
Update Information:

Rebuild applications to apply two recent security updates:
build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels
that do not produce any non-ASCII when decoded)
build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double-
free on Drop)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 16 2025 Fabio Valentini [decathorpe@gmail.com] - 1.3.7-5
- Rebuild for idna crate >= v1.0.0 (CVE-2024-12224)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2366525 - CVE-2025-4574 atuin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366525
[ 2 ] Bug #2366527 - CVE-2025-4574 awatcher: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366527
[ 3 ] Bug #2370559 - CVE-2024-12224 atuin: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370559
[ 4 ] Bug #2370561 - CVE-2024-12224 awatcher: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370561
[ 5 ] Bug #2370566 - CVE-2024-12224 gotify-desktop: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370566
[ 6 ] Bug #2370568 - CVE-2024-12224 keylime-agent-rust: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370568
[ 7 ] Bug #2370570 - CVE-2024-12224 mirrorlist-server: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370570
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-297c7ac7fe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: mirrorlist-server-3.0.7-7.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-297c7ac7fe
2025-06-25 01:42:08.365038+00:00
--------------------------------------------------------------------------------

Name : mirrorlist-server
Product : Fedora 41
Version : 3.0.7
Release : 7.fc41
URL : https://github.com/adrianreber/mirrorlist-server
Summary : Mirrorlist Server
Description :
The mirrorlist-server uses the data created by MirrorManager2
( https://github.com/fedora-infra/mirrormanager2) to answer client request for
the "best" mirror.

This implementation of the mirrorlist-server is written in Rust. The original
version of the mirrorlist-server was part of the MirrorManager2 repository and
it is implemented using Python. While moving from Python2 to Python3 one of
the problems was that the data exchange format (Python Pickle) did not support
running the MirrorManager2 backend with Python2 and the mirrorlist frontend
with Python3. To have a Pickle independent data exchange format protobuf was
introduced. The first try to use protobuf in the python mirrorlist
implementation required a lot more memory than the Pickle based implementation
(3.5GB instead of 1.1GB). That is one of the reasons a new mirrorlist-server
implementation was needed.

Another reason to rewrite the mirrorlist-server is its architecture. The
Python based version requires the Apache HTTP server or something that can
run the included wsgi. The wsgi talks over a socket to the actual
mirrorlist-server. In Fedora's MirrorManager2 instance this runs in a container
which runs behind HAProxy. This implementation in Rust directly uses a HTTP
library to reduce the number of involved components.

In addition to being simpler this implementation also requires less memory
than the Python version.

--------------------------------------------------------------------------------
Update Information:

Rebuild applications to apply two recent security updates:
build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels
that do not produce any non-ASCII when decoded)
build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double-
free on Drop)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 16 2025 Fabio Valentini [decathorpe@gmail.com] - 3.0.7-7
- Rebuild for idna crate >= v1.0.0 (CVE-2024-12224)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2366525 - CVE-2025-4574 atuin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366525
[ 2 ] Bug #2366527 - CVE-2025-4574 awatcher: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366527
[ 3 ] Bug #2370559 - CVE-2024-12224 atuin: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370559
[ 4 ] Bug #2370561 - CVE-2024-12224 awatcher: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370561
[ 5 ] Bug #2370566 - CVE-2024-12224 gotify-desktop: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370566
[ 6 ] Bug #2370568 - CVE-2024-12224 keylime-agent-rust: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370568
[ 7 ] Bug #2370570 - CVE-2024-12224 mirrorlist-server: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370570
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-297c7ac7fe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: keylime-agent-rust-0.2.7-5.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-297c7ac7fe
2025-06-25 01:42:08.365038+00:00
--------------------------------------------------------------------------------

Name : keylime-agent-rust
Product : Fedora 41
Version : 0.2.7
Release : 5.fc41
URL : https://github.com/keylime/rust-keylime/
Summary : Rust agent for Keylime
Description :
Rust agent for Keylime

--------------------------------------------------------------------------------
Update Information:

Rebuild applications to apply two recent security updates:
build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels
that do not produce any non-ASCII when decoded)
build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double-
free on Drop)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 16 2025 Fabio Valentini [decathorpe@gmail.com] - 0.2.7-5
- Rebuild for idna crate >= v1.0.0 (CVE-2024-12224)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2366525 - CVE-2025-4574 atuin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366525
[ 2 ] Bug #2366527 - CVE-2025-4574 awatcher: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366527
[ 3 ] Bug #2370559 - CVE-2024-12224 atuin: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370559
[ 4 ] Bug #2370561 - CVE-2024-12224 awatcher: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370561
[ 5 ] Bug #2370566 - CVE-2024-12224 gotify-desktop: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370566
[ 6 ] Bug #2370568 - CVE-2024-12224 keylime-agent-rust: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370568
[ 7 ] Bug #2370570 - CVE-2024-12224 mirrorlist-server: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370570
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-297c7ac7fe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: awatcher-0.3.1-2.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-297c7ac7fe
2025-06-25 01:42:08.365038+00:00
--------------------------------------------------------------------------------

Name : awatcher
Product : Fedora 41
Version : 0.3.1
Release : 2.fc41
URL : https://github.com/2e3s/awatcher
Summary : A window activity and idle watcher
Description :
A window activity and idle watcher.

--------------------------------------------------------------------------------
Update Information:

Rebuild applications to apply two recent security updates:
build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels
that do not produce any non-ASCII when decoded)
build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double-
free on Drop)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 16 2025 Fabio Valentini [decathorpe@gmail.com] - 0.3.1-2
- Rebuild for idna crate >= v1.0.0 (CVE-2024-12224)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2366525 - CVE-2025-4574 atuin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366525
[ 2 ] Bug #2366527 - CVE-2025-4574 awatcher: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366527
[ 3 ] Bug #2370559 - CVE-2024-12224 atuin: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370559
[ 4 ] Bug #2370561 - CVE-2024-12224 awatcher: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370561
[ 5 ] Bug #2370566 - CVE-2024-12224 gotify-desktop: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370566
[ 6 ] Bug #2370568 - CVE-2024-12224 keylime-agent-rust: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370568
[ 7 ] Bug #2370570 - CVE-2024-12224 mirrorlist-server: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370570
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-297c7ac7fe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: atuin-18.3.0-4.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-297c7ac7fe
2025-06-25 01:42:08.365038+00:00
--------------------------------------------------------------------------------

Name : atuin
Product : Fedora 41
Version : 18.3.0
Release : 4.fc41
URL : https://atuin.sh
Summary : Magical shell history
Description :
Atuin replaces your existing shell history with a SQLite database, and records
additional context for your commands. Additionally, it provides optional and
fully encrypted synchronization of your history between machines, via an Atuin
server.

--------------------------------------------------------------------------------
Update Information:

Rebuild applications to apply two recent security updates:
build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels
that do not produce any non-ASCII when decoded)
build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double-
free on Drop)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 16 2025 Fabio Valentini [decathorpe@gmail.com] - 18.3.0-4
- Rebuild for idna crate >= v1.0.0 (CVE-2024-12224)
* Wed Apr 23 2025 Michel Lind [salimma@fedoraproject.org] - 18.3.0-3
- Disable PostgreSQL tests when building for EL9
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2366525 - CVE-2025-4574 atuin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366525
[ 2 ] Bug #2366527 - CVE-2025-4574 awatcher: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366527
[ 3 ] Bug #2370559 - CVE-2024-12224 atuin: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370559
[ 4 ] Bug #2370561 - CVE-2024-12224 awatcher: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370561
[ 5 ] Bug #2370566 - CVE-2024-12224 gotify-desktop: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370566
[ 6 ] Bug #2370568 - CVE-2024-12224 keylime-agent-rust: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370568
[ 7 ] Bug #2370570 - CVE-2024-12224 mirrorlist-server: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370570
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-297c7ac7fe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: libtpms-0.9.7-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-25aa48d158
2025-06-25 01:42:08.364991+00:00
--------------------------------------------------------------------------------

Name : libtpms
Product : Fedora 41
Version : 0.9.7
Release : 1.fc41
URL : https://github.com/stefanberger/libtpms
Summary : Library providing Trusted Platform Module (TPM) functionality
Description :
A library providing TPM functionality for VMs. Targeted for integration
into Qemu.

--------------------------------------------------------------------------------
Update Information:

Upgrade to libtpms 0.9.7 fixing CVE-2025-49133
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 10 2025 Stefan Berger [stefanb@linux.ibm.com] - 0.9.7-1
- Upgrade to libtpms 0.9.7 fixing CVE-2025-49133
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-25aa48d158' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: firefox-140.0-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6bffc34b8d
2025-06-25 01:17:21.616520+00:00
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 42
Version : 140.0
Release : 1.fc42
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

Updated to latest upstream (140.0)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 17 2025 Martin Stransky [stransky@redhat.com] - 140.0-1
- Update to latest upstream (140.0)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6bffc34b8d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: dotnet8.0-8.0.117-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-fa1fdd193f
2025-06-25 01:17:21.616366+00:00
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 42
Version : 8.0.117
Release : 1.fc42
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the June 2025 monthly update for .NET 8.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.17/8.0.117.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.17/8.0.17.md
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 10 2025 Omair Majid [omajid@redhat.com] - 8.0.117-1
- Update to .NET SDK 8.0.117 and Runtime 8.0.17
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-fa1fdd193f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: awatcher-0.3.1-2.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8a18a5a077
2025-06-25 01:17:21.616266+00:00
--------------------------------------------------------------------------------

Name : awatcher
Product : Fedora 42
Version : 0.3.1
Release : 2.fc42
URL : https://github.com/2e3s/awatcher
Summary : A window activity and idle watcher
Description :
A window activity and idle watcher.

--------------------------------------------------------------------------------
Update Information:

Rebuild applications to apply two recent security updates:
build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels
that do not produce any non-ASCII when decoded)
build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double-
free on Drop)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 16 2025 Fabio Valentini [decathorpe@gmail.com] - 0.3.1-2
- Rebuild for idna crate >= v1.0.0 (CVE-2024-12224)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2366549 - CVE-2025-4574 atuin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366549
[ 2 ] Bug #2366551 - CVE-2025-4574 awatcher: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366551
[ 3 ] Bug #2370578 - CVE-2024-12224 atuin: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370578
[ 4 ] Bug #2370580 - CVE-2024-12224 awatcher: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370580
[ 5 ] Bug #2370586 - CVE-2024-12224 gotify-desktop: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370586
[ 6 ] Bug #2370591 - CVE-2024-12224 mirrorlist-server: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370591
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8a18a5a077' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: mirrorlist-server-3.0.7-7.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8a18a5a077
2025-06-25 01:17:21.616266+00:00
--------------------------------------------------------------------------------

Name : mirrorlist-server
Product : Fedora 42
Version : 3.0.7
Release : 7.fc42
URL : https://github.com/adrianreber/mirrorlist-server
Summary : Mirrorlist Server
Description :
The mirrorlist-server uses the data created by MirrorManager2
( https://github.com/fedora-infra/mirrormanager2) to answer client request for
the "best" mirror.

This implementation of the mirrorlist-server is written in Rust. The original
version of the mirrorlist-server was part of the MirrorManager2 repository and
it is implemented using Python. While moving from Python2 to Python3 one of
the problems was that the data exchange format (Python Pickle) did not support
running the MirrorManager2 backend with Python2 and the mirrorlist frontend
with Python3. To have a Pickle independent data exchange format protobuf was
introduced. The first try to use protobuf in the python mirrorlist
implementation required a lot more memory than the Pickle based implementation
(3.5GB instead of 1.1GB). That is one of the reasons a new mirrorlist-server
implementation was needed.

Another reason to rewrite the mirrorlist-server is its architecture. The
Python based version requires the Apache HTTP server or something that can
run the included wsgi. The wsgi talks over a socket to the actual
mirrorlist-server. In Fedora's MirrorManager2 instance this runs in a container
which runs behind HAProxy. This implementation in Rust directly uses a HTTP
library to reduce the number of involved components.

In addition to being simpler this implementation also requires less memory
than the Python version.

--------------------------------------------------------------------------------
Update Information:

Rebuild applications to apply two recent security updates:
build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels
that do not produce any non-ASCII when decoded)
build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double-
free on Drop)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 16 2025 Fabio Valentini [decathorpe@gmail.com] - 3.0.7-7
- Rebuild for idna crate >= v1.0.0 (CVE-2024-12224)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2366549 - CVE-2025-4574 atuin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366549
[ 2 ] Bug #2366551 - CVE-2025-4574 awatcher: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366551
[ 3 ] Bug #2370578 - CVE-2024-12224 atuin: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370578
[ 4 ] Bug #2370580 - CVE-2024-12224 awatcher: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370580
[ 5 ] Bug #2370586 - CVE-2024-12224 gotify-desktop: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370586
[ 6 ] Bug #2370591 - CVE-2024-12224 mirrorlist-server: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370591
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8a18a5a077' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: gotify-desktop-1.3.7-5.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8a18a5a077
2025-06-25 01:17:21.616266+00:00
--------------------------------------------------------------------------------

Name : gotify-desktop
Product : Fedora 42
Version : 1.3.7
Release : 5.fc42
URL : https://github.com/desbma/gotify-desktop
Summary : Small Gotify daemon to receive and forward messages
Description :
Small Gotify daemon to receive messages and forward them as desktop notifications. Read Gotify messages, and forward them as standard desktop notification. Forward message priority. Auto reconnect if server connection is lost and get missed messages. Automatically download, cache, and show app icons.

--------------------------------------------------------------------------------
Update Information:

Rebuild applications to apply two recent security updates:
build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels
that do not produce any non-ASCII when decoded)
build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double-
free on Drop)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 16 2025 Fabio Valentini [decathorpe@gmail.com] - 1.3.7-5
- Rebuild for idna crate >= v1.0.0 (CVE-2024-12224)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2366549 - CVE-2025-4574 atuin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366549
[ 2 ] Bug #2366551 - CVE-2025-4574 awatcher: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366551
[ 3 ] Bug #2370578 - CVE-2024-12224 atuin: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370578
[ 4 ] Bug #2370580 - CVE-2024-12224 awatcher: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370580
[ 5 ] Bug #2370586 - CVE-2024-12224 gotify-desktop: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370586
[ 6 ] Bug #2370591 - CVE-2024-12224 mirrorlist-server: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370591
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8a18a5a077' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: atuin-18.3.0-4.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8a18a5a077
2025-06-25 01:17:21.616266+00:00
--------------------------------------------------------------------------------

Name : atuin
Product : Fedora 42
Version : 18.3.0
Release : 4.fc42
URL : https://atuin.sh
Summary : Magical shell history
Description :
Atuin replaces your existing shell history with a SQLite database, and records
additional context for your commands. Additionally, it provides optional and
fully encrypted synchronization of your history between machines, via an Atuin
server.

--------------------------------------------------------------------------------
Update Information:

Rebuild applications to apply two recent security updates:
build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels
that do not produce any non-ASCII when decoded)
build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double-
free on Drop)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 16 2025 Fabio Valentini [decathorpe@gmail.com] - 18.3.0-4
- Rebuild for idna crate >= v1.0.0 (CVE-2024-12224)
* Wed Apr 23 2025 Michel Lind [salimma@fedoraproject.org] - 18.3.0-3
- Disable PostgreSQL tests when building for EL9
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2366549 - CVE-2025-4574 atuin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366549
[ 2 ] Bug #2366551 - CVE-2025-4574 awatcher: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366551
[ 3 ] Bug #2370578 - CVE-2024-12224 atuin: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370578
[ 4 ] Bug #2370580 - CVE-2024-12224 awatcher: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370580
[ 5 ] Bug #2370586 - CVE-2024-12224 gotify-desktop: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370586
[ 6 ] Bug #2370591 - CVE-2024-12224 mirrorlist-server: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370591
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8a18a5a077' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--


SCHENKER KEY 18 Pro (E25) Gaming Laptop Review and more

Kernel, Iputils, KRB5, and more updates for RHEL

Windows

Linux

macOS

Community

  • Artsyl
    ONTARIO, CANADA – April 23, 2025 – Artsyl Technologies, ...
  • Artsyl
    π˜–π˜―π˜΅π˜’π˜³π˜ͺ𝘰, 𝘊𝘒𝘯𝘒π˜₯𝘒 β€” π˜‘π˜Άπ˜―π˜¦ 18, 2025 β€” π—”π—Ώπ˜π˜€π˜†π—Ή π—§π—²π—°π—΅π—»π—Όπ—Ήπ—Όπ—΄π—Άπ—²π˜€, I ...
  • Artsyl
    May 28, 2025 – Ontario, Canada β€” Artsyl Technologies, a ...