Fedora Linux 8858 Published by

Fedora Linux has been updated with several security enhancements, including redict-7.3.2-1.fc40, valkey-8.0.2-1.fc40, mingw-python-jinja2-3.1.5-1.fc40, and chromium-132.0.6834.83-1.fc41:

Fedora 40 Update: redict-7.3.2-1.fc40
Fedora 40 Update: valkey-8.0.2-1.fc40
Fedora 40 Update: mingw-python-jinja2-3.1.5-1.fc40
Fedora 41 Update: chromium-132.0.6834.83-1.fc41
Fedora 41 Update: redict-7.3.2-1.fc41
Fedora 41 Update: mingw-python-jinja2-3.1.5-1.fc41




[SECURITY] Fedora 40 Update: redict-7.3.2-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-282df7372b
2025-01-17 01:35:26.873184+00:00
--------------------------------------------------------------------------------

Name : redict
Product : Fedora 40
Version : 7.3.2
Release : 1.fc40
URL : https://redict.io
Summary : A persistent key-value database
Description :
Redict is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.

You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.

In order to achieve its outstanding performance, Redict works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.

Redict also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Redict behave like
a cache.

You can use Redict from most programming languages also.

--------------------------------------------------------------------------------
Update Information:

update to 7.3.2
fixes CVE-2024-46981
fixes CVE-2024-51741
fixes CVE-2024-31449
fixes CVE-2024-31227
fixes CVE-2024-31228
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 8 2025 Jonathan Wright [jonathan@almalinux.org] - 7.3.2-1
- update to 7.3.2 rhbz#2315906
fixes CVE-2024-46981
fixes CVE-2024-51741
fixes CVE-2024-31449
fixes CVE-2024-31227
fixes CVE-2024-31228
* Fri Jul 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 7.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-282df7372b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: valkey-8.0.2-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9eccdb2c3e
2025-01-17 01:35:26.873174+00:00
--------------------------------------------------------------------------------

Name : valkey
Product : Fedora 40
Version : 8.0.2
Release : 1.fc40
URL : https://valkey.io
Summary : A persistent key-value database
Description :
Valkey is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.

You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.

In order to achieve its outstanding performance, Valkey works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.

Valkey also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Valkey behave like
a cache.

You can use Valkey from most programming languages also.

--------------------------------------------------------------------------------
Update Information:

update to 8.0.2
fixes CVE-2024-46981 - Lua script commands may lead to remote code execution
fixes CVE-2024-51741 - Denial-of-service due to malformed ACL selectors
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 8 2025 Jonathan Wright [jonathan@almalinux.org] - 8.0.2-1
- update to 8.0.2 rhbz#2336259
fixes CVE-2024-46981
fixes CVE-2024-51741
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9eccdb2c3e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: mingw-python-jinja2-3.1.5-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5f04326f4f
2025-01-17 01:35:26.873127+00:00
--------------------------------------------------------------------------------

Name : mingw-python-jinja2
Product : Fedora 40
Version : 3.1.5
Release : 1.fc40
URL : https://palletsprojects.com/p/jinja/
Summary : MinGW Windows Python jinja2 library
Description :
MinGW Windows Python jinja2 library.

--------------------------------------------------------------------------------
Update Information:

Update to jinja2-3.1.5.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 8 2025 Sandro Mani [manisandro@gmail.com] - 3.1.5-1
- Update to 3.1.5
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2336370 - CVE-2024-56201 mingw-python-jinja2: Jinja has a sandbox breakout through malicious filenames [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2336370
[ 2 ] Bug #2336376 - CVE-2024-56201 mingw-python-jinja2: Jinja has a sandbox breakout through malicious filenames [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2336376
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5f04326f4f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: chromium-132.0.6834.83-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d9219c6a43
2025-01-17 01:25:27.857422+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 41
Version : 132.0.6834.83
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 132.0.6834.83
* High CVE-2025-0434: Out of bounds memory access in V8
* High CVE-2025-0435: Inappropriate implementation in Navigation
* High CVE-2025-0436: Integer overflow in Skia
* High CVE-2025-0437: Out of bounds read in Metrics
* High CVE-2025-0438: Stack buffer overflow in Tracing
* Medium CVE-2025-0439: Race in Frames
* Medium CVE-2025-0440: Inappropriate implementation in Fullscreen
* Medium CVE-2025-0441: Inappropriate implementation in Fenced
* Medium CVE-2025-0442: Inappropriate implementation in Payments
* Medium CVE-2025-0443: Insufficient data validation in Extensions
* Low CVE-2025-0446: Inappropriate implementation in Extensions
* Low CVE-2025-0447: Inappropriate implementation in Navigation
* Low CVE-2025-0448: Inappropriate implementation in Compositing
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 15 2025 Than Ngo [than@redhat.com] - 132.0.6834.83-1
- Update to 132.0.6834.83
* High CVE-2025-0434: Out of bounds memory access in V8
* High CVE-2025-0435: Inappropriate implementation in Navigation
* High CVE-2025-0436: Integer overflow in Skia
* High CVE-2025-0437: Out of bounds read in Metrics
* High CVE-2025-0438: Stack buffer overflow in Tracing
* Medium CVE-2025-0439: Race in Frames
* Medium CVE-2025-0440: Inappropriate implementation in Fullscreen
* Medium CVE-2025-0441: Inappropriate implementation in Fenced
* Medium CVE-2025-0442: Inappropriate implementation in Payments
* Medium CVE-2025-0443: Insufficient data validation in Extensions
* Low CVE-2025-0446: Inappropriate implementation in Extensions
* Low CVE-2025-0447: Inappropriate implementation in Navigation
* Low CVE-2025-0448: Inappropriate implementation in Compositing
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2336836 - CVE-2025-0291 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2336836
[ 2 ] Bug #2336837 - CVE-2025-0291 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2336837
[ 3 ] Bug #2338180 - CVE-2025-0437 chromium: Out of bounds read in Metrics [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2338180
[ 4 ] Bug #2338181 - CVE-2025-0437 chromium: Out of bounds read in Metrics [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2338181
[ 5 ] Bug #2338200 - CVE-2025-0438 chromium: Stack buffer overflow in Tracing [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2338200
[ 6 ] Bug #2338218 - CVE-2025-0434 chromium: Out of bounds memory access in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2338218
[ 7 ] Bug #2338230 - CVE-2025-0436 chromium: From CVEorg collector [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2338230
[ 8 ] Bug #2338231 - CVE-2025-0436 chromium: From CVEorg collector [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2338231
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d9219c6a43' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: redict-7.3.2-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d6c0319427
2025-01-17 01:25:27.857344+00:00
--------------------------------------------------------------------------------

Name : redict
Product : Fedora 41
Version : 7.3.2
Release : 1.fc41
URL : https://redict.io
Summary : A persistent key-value database
Description :
Redict is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.

You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.

In order to achieve its outstanding performance, Redict works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.

Redict also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Redict behave like
a cache.

You can use Redict from most programming languages also.

--------------------------------------------------------------------------------
Update Information:

update to 7.3.2
fixes CVE-2024-46981
fixes CVE-2024-51741
fixes CVE-2024-31449
fixes CVE-2024-31227
fixes CVE-2024-31228
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 8 2025 Jonathan Wright [jonathan@almalinux.org] - 7.3.2-1
- update to 7.3.2 rhbz#2315906
fixes CVE-2024-46981
fixes CVE-2024-51741
fixes CVE-2024-31449
fixes CVE-2024-31227
fixes CVE-2024-31228
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d6c0319427' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: mingw-python-jinja2-3.1.5-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-dbe19a2b1f
2025-01-17 01:25:27.857311+00:00
--------------------------------------------------------------------------------

Name : mingw-python-jinja2
Product : Fedora 41
Version : 3.1.5
Release : 1.fc41
URL : https://palletsprojects.com/p/jinja/
Summary : MinGW Windows Python jinja2 library
Description :
MinGW Windows Python jinja2 library.

--------------------------------------------------------------------------------
Update Information:

Update to jinja2-3.1.5.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 8 2025 Sandro Mani [manisandro@gmail.com] - 3.1.5-1
- Update to 3.1.5
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2336370 - CVE-2024-56201 mingw-python-jinja2: Jinja has a sandbox breakout through malicious filenames [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2336370
[ 2 ] Bug #2336376 - CVE-2024-56201 mingw-python-jinja2: Jinja has a sandbox breakout through malicious filenames [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2336376
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-dbe19a2b1f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--