Fedora Linux 8758 Published by

Fedora Linux has received a number of security updates, including valkey and pdns-recursor:

Fedora 41 Update: valkey-8.0.1-1.fc41
Fedora 41 Update: pdns-recursor-5.1.2-1.fc41
Fedora 39 Update: valkey-8.0.1-1.fc39
Fedora 39 Update: pdns-recursor-4.9.9-1.fc39
Fedora 40 Update: valkey-8.0.1-1.fc40
Fedora 40 Update: pdns-recursor-5.0.9-1.fc40



[SECURITY] Fedora 41 Update: valkey-8.0.1-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e717420659
2024-10-15 15:21:19.794740
--------------------------------------------------------------------------------

Name : valkey
Product : Fedora 41
Version : 8.0.1
Release : 1.fc41
URL : https://valkey.io
Summary : A persistent key-value database
Description :
Valkey is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.

You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.

In order to achieve its outstanding performance, Valkey works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.

Valkey also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Valkey behave like
a cache.

You can use Valkey from most programming languages also.

--------------------------------------------------------------------------------
Update Information:

update to 8.0.1
fixes
(CVE-2024-31449) Lua library commands may lead to stack overflow and
potential RCE.
(CVE-2024-31227) Potential Denial-of-service due to malformed ACL selectors.
(CVE-2024-31228) Potential Denial-of-service due to unbounded pattern
matching.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 7 2024 Jonathan Wright [jonathan@almalinux.org] - 8.0.1-1
- update to 8.0.1 rhbz#2316254
fixes CVE-2024-31449
fixes CVE-2024-31227
fixes CVE-2024-31228
* Fri Sep 27 2024 Yaakov Selkowitz [yselkowi@redhat.com] - 8.0.0-3
- Disable docs on RHEL
* Tue Sep 24 2024 Jonathan Wright [jonathan@almalinux.org] - 8.0.0-2
- add man pages rhbz#2276017
- add doc subpackage rhbz#2276020
* Mon Sep 16 2024 Jonathan Wright [jonathan@almalinux.org] - 8.0.0-1
- update to 8.0.0 rhbz#2312577
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e717420659' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: pdns-recursor-5.1.2-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-aebaa73b1f
2024-10-15 15:21:19.794709
--------------------------------------------------------------------------------

Name : pdns-recursor
Product : Fedora 41
Version : 5.1.2
Release : 1.fc41
URL : https://powerdns.com
Summary : Modern, advanced and high performance recursing/non authoritative name server
Description :
PowerDNS Recursor is a non authoritative/recursing DNS server. Use this
package if you need a dns cache for your network.

--------------------------------------------------------------------------------
Update Information:

Update to latest upstream
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 3 2024 Sander Hoentjen [shoentjen@antagonist.nl] - 5.1.2-1
- Update to 5.1.2
- fixes #2299449
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2295543 - pdns-recursor-5.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2295543
[ 2 ] Bug #2299449 - pdns-recursor-5.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2299449
[ 3 ] Bug #2316319 - CVE-2024-25590 pdns-recursor: Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2316319
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-aebaa73b1f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: valkey-8.0.1-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-83e96146cf
2024-10-16 01:34:07.080200
--------------------------------------------------------------------------------

Name : valkey
Product : Fedora 39
Version : 8.0.1
Release : 1.fc39
URL : https://valkey.io
Summary : A persistent key-value database
Description :
Valkey is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.

You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.

In order to achieve its outstanding performance, Valkey works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.

Valkey also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Valkey behave like
a cache.

You can use Valkey from most programming languages also.

--------------------------------------------------------------------------------
Update Information:

update to 8.0.1
fixes
(CVE-2024-31449) Lua library commands may lead to stack overflow and
potential RCE.
(CVE-2024-31227) Potential Denial-of-service due to malformed ACL selectors.
(CVE-2024-31228) Potential Denial-of-service due to unbounded pattern
matching.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 7 2024 Jonathan Wright [jonathan@almalinux.org] - 8.0.1-1
- update to 8.0.1 rhbz#2316254
fixes CVE-2024-31449
fixes CVE-2024-31227
fixes CVE-2024-31228
* Fri Sep 27 2024 Yaakov Selkowitz [yselkowi@redhat.com] - 8.0.0-3
- Disable docs on RHEL
* Tue Sep 24 2024 Jonathan Wright [jonathan@almalinux.org] - 8.0.0-2
- add man pages rhbz#2276017
- add doc subpackage rhbz#2276020
* Mon Sep 16 2024 Jonathan Wright [jonathan@almalinux.org] - 8.0.0-1
- update to 8.0.0 rhbz#2312577
* Mon Aug 12 2024 Neal Gompa [ngompa@fedoraproject.org] - 7.2.6-2
- Add compat-redis-devel subpackage for Redis API Valkey modules
Resolves: rhbz#2304083
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-83e96146cf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: pdns-recursor-4.9.9-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-08a6626c11
2024-10-16 01:34:07.080186
--------------------------------------------------------------------------------

Name : pdns-recursor
Product : Fedora 39
Version : 4.9.9
Release : 1.fc39
URL : https://powerdns.com
Summary : Modern, advanced and high performance recursing/non authoritative name server
Description :
PowerDNS Recursor is a non authoritative/recursing DNS server. Use this
package if you need a dns cache for your network.

--------------------------------------------------------------------------------
Update Information:

Update to latest upstream
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 4 2024 Sander Hoentjen [shoentjen@antagonist.nl] - 4.9.9-1
- Update to 4.9.9
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2295543 - pdns-recursor-5.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2295543
[ 2 ] Bug #2299449 - pdns-recursor-5.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2299449
[ 3 ] Bug #2316319 - CVE-2024-25590 pdns-recursor: Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2316319
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-08a6626c11' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: valkey-8.0.1-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8a9a692906
2024-10-16 01:06:42.809509
--------------------------------------------------------------------------------

Name : valkey
Product : Fedora 40
Version : 8.0.1
Release : 1.fc40
URL : https://valkey.io
Summary : A persistent key-value database
Description :
Valkey is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.

You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.

In order to achieve its outstanding performance, Valkey works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.

Valkey also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Valkey behave like
a cache.

You can use Valkey from most programming languages also.

--------------------------------------------------------------------------------
Update Information:

update to 8.0.1
fixes
(CVE-2024-31449) Lua library commands may lead to stack overflow and
potential RCE.
(CVE-2024-31227) Potential Denial-of-service due to malformed ACL selectors.
(CVE-2024-31228) Potential Denial-of-service due to unbounded pattern
matching.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 7 2024 Jonathan Wright [jonathan@almalinux.org] - 8.0.1-1
- update to 8.0.1 rhbz#2316254
fixes CVE-2024-31449
fixes CVE-2024-31227
fixes CVE-2024-31228
* Fri Sep 27 2024 Yaakov Selkowitz [yselkowi@redhat.com] - 8.0.0-3
- Disable docs on RHEL
* Tue Sep 24 2024 Jonathan Wright [jonathan@almalinux.org] - 8.0.0-2
- add man pages rhbz#2276017
- add doc subpackage rhbz#2276020
* Mon Sep 16 2024 Jonathan Wright [jonathan@almalinux.org] - 8.0.0-1
- update to 8.0.0 rhbz#2312577
* Mon Aug 12 2024 Neal Gompa [ngompa@fedoraproject.org] - 7.2.6-2
- Add compat-redis-devel subpackage for Redis API Valkey modules
Resolves: rhbz#2304083
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8a9a692906' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: pdns-recursor-5.0.9-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-af0bf62ac6
2024-10-16 01:06:42.809486
--------------------------------------------------------------------------------

Name : pdns-recursor
Product : Fedora 40
Version : 5.0.9
Release : 1.fc40
URL : https://powerdns.com
Summary : Modern, advanced and high performance recursing/non authoritative name server
Description :
PowerDNS Recursor is a non authoritative/recursing DNS server. Use this
package if you need a dns cache for your network.

--------------------------------------------------------------------------------
Update Information:

Update to latest upstream
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 4 2024 Sander Hoentjen [shoentjen@antagonist.nl] - 5.0.9-1
- Update to 5.0.9
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2295543 - pdns-recursor-5.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2295543
[ 2 ] Bug #2299449 - pdns-recursor-5.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2299449
[ 3 ] Bug #2316319 - CVE-2024-25590 pdns-recursor: Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2316319
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-af0bf62ac6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--