Fedora Security Advisories

chromium-141.0.7390.65-1.fc42

Fedora Security Advisories
3 weeks 2 days ago
FEDORA-2025-10d67f6509 Packages in this update:
  • chromium-141.0.7390.65-1.fc42
Update description:

Update to 141.0.7390.65

* High CVE-2025-11458: Heap buffer overflow in Sync * High CVE-2025-11460: Use after free in Storage * Medium CVE-2025-11211: Out of bounds read in WebCodecs

moby-engine-28.5.1-1.fc44

Fedora Security Advisories
3 weeks 3 days ago
FEDORA-2025-a870881eff Packages in this update:
  • moby-engine-28.5.1-1.fc44
Update description:

Automatic update for moby-engine-28.5.1-1.fc44.

Changelog * Wed Oct 8 2025 Bradley G Smith <bradley.g.smith@gmail.com> - 28.5.1-1 - Update to release v28.5.1 - Resolves: rhbz#2401164, rhbz#2384164, rhbz#2384149 - Upstream new features and fixes

runc-1.3.2-1.fc44

Fedora Security Advisories
3 weeks 4 days ago
FEDORA-2025-0022827a20 Packages in this update:
  • runc-1.3.2-1.fc44
Update description:

Automatic update for runc-1.3.2-1.fc44.

Changelog * Tue Oct 7 2025 Bradley G Smith <bradley.g.smith@gmail.com> - 2:1.3.2-1 - Update to release v1.3.2 - Resolves: rhbz#2399284, rhbz#2399563 - Upstream fixes

valkey-8.0.6-1.el8

Fedora Security Advisories
3 weeks 5 days ago
FEDORA-EPEL-2025-2d44b874a0 Packages in this update:
  • valkey-8.0.6-1.el8
Update description:

Valkey 8.0.6 - Released Fri 03 October 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

  • CVE-2025-49844 A Lua script may lead to remote code execution
  • CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
  • CVE-2025-46818 A Lua script can be executed in the context of another user
  • CVE-2025-46819 LUA out-of-bound read

Bug fixes

  • Fix accounting for dual channel RDB bytes in replication stats (#2616)
  • Minor fix for dual rdb channel connection conn error log (#2658)
  • Fix unsigned difference expression compared to zero (#2101)

Valkey 8.0.5 - Released Thu 22 Aug 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Bug fixes

  • Fix clients remaining blocked when reprocessing commands after certain blocking operations (#2109)
  • Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
  • Fix potential memory leak by ensuring module context is freed when aux_save2 callback writes no data (#2132)
  • Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients (#2117)
  • Fix missing NULL check on SSL_new() when creating outgoing TLS connections (#2140)
  • Fix incorrect casting of ping extension lengths to prevent silent packet drops (#2144)
  • Fix replica failover stall due to outdated config epoch (#2178)
  • Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after dynamic config change (#2186)
  • Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
  • Fix client tracking memory overhead calculation (#2360)
  • Handle divergent shard-id from nodes.conf and reconcile to the primary node's shard-id (#2174)
  • Fix pre-size hashtables per slot when reading RDB files (#2466)

Behavior changes

  • Trigger election immediately during a forced manual failover (CLUSTER FAILOVER FORCE) to avoid delay (#1067)
  • Reset ongoing election state when initiating a new manual failover (#1274)

Logging and Tooling Improvements

  • Add support to drop all cluster packets (#1252)
  • Improve log clarity in failover auth denial message (#1341)

Security fixes

  • CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject paths longer than PATH_MAX (#2146)

valkey-8.0.6-1.el9

Fedora Security Advisories
3 weeks 5 days ago
FEDORA-EPEL-2025-115d3a5484 Packages in this update:
  • valkey-8.0.6-1.el9
Update description:

Valkey 8.0.6 - Released Fri 03 October 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

  • CVE-2025-49844 A Lua script may lead to remote code execution
  • CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
  • CVE-2025-46818 A Lua script can be executed in the context of another user
  • CVE-2025-46819 LUA out-of-bound read

Bug fixes

  • Fix accounting for dual channel RDB bytes in replication stats (#2616)
  • Minor fix for dual rdb channel connection conn error log (#2658)
  • Fix unsigned difference expression compared to zero (#2101)

Valkey 8.0.5 - Released Thu 22 Aug 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Bug fixes

  • Fix clients remaining blocked when reprocessing commands after certain blocking operations (#2109)
  • Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
  • Fix potential memory leak by ensuring module context is freed when aux_save2 callback writes no data (#2132)
  • Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients (#2117)
  • Fix missing NULL check on SSL_new() when creating outgoing TLS connections (#2140)
  • Fix incorrect casting of ping extension lengths to prevent silent packet drops (#2144)
  • Fix replica failover stall due to outdated config epoch (#2178)
  • Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after dynamic config change (#2186)
  • Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
  • Fix client tracking memory overhead calculation (#2360)
  • Handle divergent shard-id from nodes.conf and reconcile to the primary node's shard-id (#2174)
  • Fix pre-size hashtables per slot when reading RDB files (#2466)

Behavior changes

  • Trigger election immediately during a forced manual failover (CLUSTER FAILOVER FORCE) to avoid delay (#1067)
  • Reset ongoing election state when initiating a new manual failover (#1274)

Logging and Tooling Improvements

  • Add support to drop all cluster packets (#1252)
  • Improve log clarity in failover auth denial message (#1341)

Security fixes

  • CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject paths longer than PATH_MAX (#2146)
Checked
25 minutes 56 seconds ago
URL
https://bodhi.fedoraproject.org/rss/updates/?type=security