Fedora 40 Update: redis-7.2.7-1.fc40
Fedora 40 Update: perl-Net-OAuth-0.30-1.fc40
Fedora 41 Update: perl-Net-OAuth-0.30-1.fc41
[SECURITY] Fedora 40 Update: redis-7.2.7-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-72fd0442cc
2025-01-15 01:38:48.800272+00:00
--------------------------------------------------------------------------------
Name : redis
Product : Fedora 40
Version : 7.2.7
Release : 1.fc40
URL : https://redis.io
Summary : A persistent key-value database
Description :
Redis is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.
You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.
In order to achieve its outstanding performance, Redis works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.
Redis also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.
Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Redis behave like
a cache.
You can use Redis from most programming languages also.
--------------------------------------------------------------------------------
Update Information:
Redis 7.2.7 Released Mon 6 Jan 2025 12:30:00 IDT
Upgrade urgency SECURITY: See security fixes below.
Security fixes
(CVE-2024-46981) Lua script commands may lead to remote code execution
(CVE-2024-51741) Denial-of-service due to malformed ACL selectors
Bug fixes
13380 Possible crash due to OOM panic on invalid command
13338 Streams: XINFO lag field is wrong when tombstone is after the last_id of
the consume group
13473 Streams: XTRIM does not update the maximal tombstone, leading to an
incorrect lag
13311 Cluster: crash due to unblocking client during slot migration
13443 Cluster: crash when loading cluster config
13422 Cluster: CLUSTER SHARDS returns empty array
13465 Cluster: incompatibility with older node versions
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 6 2025 Remi Collet [remi@remirepo.net] - 7.2.7-1
- Upstream 7.2.7 release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2336072 - CVE-2024-51741 redis: Redis allows denial-of-service due to malformed ACL selectors [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2336072
[ 2 ] Bug #2336073 - CVE-2024-46981 redis: Redis' Lua library commands may lead to remote code execution [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2336073
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-72fd0442cc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: perl-Net-OAuth-0.30-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-05e642f1ef
2025-01-15 01:38:48.800216+00:00
--------------------------------------------------------------------------------
Name : perl-Net-OAuth
Product : Fedora 40
Version : 0.30
Release : 1.fc40
URL : https://metacpan.org/release/Net-OAuth
Summary : OAuth protocol support library for Perl
Description :
Perl implementation of OAuth, an open protocol to allow secure API
authentication in a simple and standard method from desktop and web
applications. In practical terms, a mechanism for a Consumer to request
protected resources from a Service Provider on behalf of a user.
--------------------------------------------------------------------------------
Update Information:
Update to 0.30, fixes CVE-2025-22376
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 3 2025 Xavier Bachelot [xacier@bachelot.org] - 0.30-1
- Update to 0.30 (RHBZ#2335403)
- fix CVE-2025-22376 (RHBZ#2335499,2335500,2335501)
- Specify all dependencies
* Tue Aug 6 2024 Miroslav Suchý [msuchy@redhat.com] - 0.28-35
- convert license to SPDX
* Fri Jul 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.28-34
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2335499 - CVE-2025-22376 perl-Net-OAuth: Default nonce for Net::OAuth package for perl is not cryptographically strong [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2335499
[ 2 ] Bug #2335500 - CVE-2025-22376 perl-Net-OAuth: Default nonce for Net::OAuth package for perl is not cryptographically strong [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2335500
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-05e642f1ef' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: perl-Net-OAuth-0.30-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f0077db20c
2025-01-15 01:07:04.371531+00:00
--------------------------------------------------------------------------------
Name : perl-Net-OAuth
Product : Fedora 41
Version : 0.30
Release : 1.fc41
URL : https://metacpan.org/release/Net-OAuth
Summary : OAuth protocol support library for Perl
Description :
Perl implementation of OAuth, an open protocol to allow secure API
authentication in a simple and standard method from desktop and web
applications. In practical terms, a mechanism for a Consumer to request
protected resources from a Service Provider on behalf of a user.
--------------------------------------------------------------------------------
Update Information:
Update to 0.30, fixes CVE-2025-22376
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 3 2025 Xavier Bachelot [xacier@bachelot.org] - 0.30-1
- Update to 0.30 (RHBZ#2335403)
- fix CVE-2025-22376 (RHBZ#2335499,2335500,2335501)
- Specify all dependencies
* Tue Aug 6 2024 Miroslav Suchý [msuchy@redhat.com] - 0.28-35
- convert license to SPDX
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2335499 - CVE-2025-22376 perl-Net-OAuth: Default nonce for Net::OAuth package for perl is not cryptographically strong [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2335499
[ 2 ] Bug #2335500 - CVE-2025-22376 perl-Net-OAuth: Default nonce for Net::OAuth package for perl is not cryptographically strong [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2335500
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f0077db20c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
