Vaultwarden, PHP-PHPSeclib, Stalld, Golang-Github-Nvidia-Container-Toolkit, Rust-Routinator, Python3-Docs updates for Fedora

Fedora Linux 8947 Published by

Fedora Linux has been updated with multiple security enhancements, including vaultwarden, php-phpseclib, stalld, golang-github-nvidia-container-toolkit, rust-routinator, and python3-docs:

Fedora 40 Update: vaultwarden-1.33.0-1.fc40
Fedora 40 Update: php-phpseclib-2.0.48-1.fc40
Fedora 40 Update: stalld-1.19.8-1.fc40
Fedora 40 Update: golang-github-nvidia-container-toolkit-1.17.3-1.fc40
Fedora 40 Update: rust-routinator-0.14.1-2.fc40
Fedora 41 Update: python3-docs-3.13.2-1.fc41
Fedora 41 Update: python3.13-3.13.2-1.fc41




[SECURITY] Fedora 40 Update: vaultwarden-1.33.0-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7fd2f66440
2025-02-09 01:30:07.778658+00:00
--------------------------------------------------------------------------------

Name : vaultwarden
Product : Fedora 40
Version : 1.33.0
Release : 1.fc40
URL : https://github.com/dani-garcia/vaultwarden
Summary : Unofficial Bitwarden compatible server
Description :
Unofficial Bitwarden compatible server.

--------------------------------------------------------------------------------
Update Information:

update to 1.33.0
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 30 2025 Jonathan Wright [jonathan@almalinux.org] - 1.33.0-1
- update to 1.33.0 rhbz#2342073
Fix GHSA-f7r5-w49x-gxm3 Getting access to the Admin Panel via CSRF
Fix CVE-2025-24364 RCE in the admin panel
Fix CVE-2025-24365 escalation of privilege via variable confusion in OrgHeaders trait
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2342347 - CVE-2025-24365 vaultwarden: vaultwarden allows escalation of privilege via variable confusion in OrgHeaders trait [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2342347
[ 2 ] Bug #2342352 - CVE-2025-24364 vaultwarden: vaultwarden allows RCE in the admin panel [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2342352
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7fd2f66440' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: php-phpseclib-2.0.48-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b38cbff99d
2025-02-09 01:30:07.778621+00:00
--------------------------------------------------------------------------------

Name : php-phpseclib
Product : Fedora 40
Version : 2.0.48
Release : 1.fc40
URL : https://github.com/phpseclib/phpseclib
Summary : PHP Secure Communications Library
Description :
MIT-licensed pure-PHP implementations of an arbitrary-precision integer
arithmetic library, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4,
Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-52892, CVE-2024-27354
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 30 2025 Artur Frenszek-Iwicki [fedora@svgames.pl] - 2.0.48-1
- Update to v2.0.48
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.0.44-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.0.44-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2294674 - CVE-2023-52892 php-phpseclib: php-seclib: Incorrect allowed input via Subject Alternative Name fields [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2294674
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b38cbff99d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: stalld-1.19.8-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e717eae403
2025-02-09 01:30:07.778486+00:00
--------------------------------------------------------------------------------

Name : stalld
Product : Fedora 40
Version : 1.19.8
Release : 1.fc40
URL : https://gitlab.com/rt-linux-tools/stalld/stalld.git
Summary : Daemon that finds starving tasks and gives them a temporary boost
Description :
The stalld program monitors the set of system threads,
looking for threads that are ready-to-run but have not
been given processor time for some threshold period.
When a starving thread is found, it is given a temporary
boost using the SCHED_DEADLINE policy. The default is to
allow 10 microseconds of runtime for 1 second of clock time.

--------------------------------------------------------------------------------
Update Information:

Add code to deal with sched_setattr() not being exported in glibc 2.41
Address CVE-2024-54159 denial of services via symlink attack
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 28 2025 Clark Williams [williams@redhat.com] - 1.19.8
- Added glibc41 fix to source tree, removed patch
- stalld.h: fix prototype mis-match with cleanup_regex()
* Tue Jan 21 2025 Clark Williams [williams@redhat.com] - 1.19.7
- stalld.c: use a more reasonable size for reading /proc/stat
- systemd/Makefile: remove typo in uninstall line
- Makefile: change modes on throttled and stalld
- throttlectl: clean up throttling script due to reported CVE-2024-54159
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.19.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2329809 - CVE-2024-54159 stalld: denial of service [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2329809
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e717eae403' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: golang-github-nvidia-container-toolkit-1.17.3-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-76012a9a99
2025-02-09 01:30:07.778474+00:00
--------------------------------------------------------------------------------

Name : golang-github-nvidia-container-toolkit
Product : Fedora 40
Version : 1.17.3
Release : 1.fc40
URL : https://github.com/NVIDIA/nvidia-container-toolkit
Summary : Build and run containers leveraging NVIDIA GPUs
Description :
The NVIDIA Container Toolkit allows users to build and run NVIDIA GPU
accelerated containers. The toolkit includes a container runtime library and
utilities to automatically configure containers to leverage NVIDIA GPUs.

--------------------------------------------------------------------------------
Update Information:

Update to 1.17.3
Fixes CVE-2024-0134 or GHSA-7jm9-xpwx-v999
Fixes CVE-2024-0135 or GHSA-9v84-cc9j-pxr6, CVE-2024-0136 or GHSA-
vcfp-63cx-4h59, and CVE-2024-0137 or GHSA-frhw-w3wm-6cw4
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 29 2025 Debarshi Ray [rishi@fedoraproject.org] - 1.17.3-1
- Update to 1.17.3
* Wed Jan 29 2025 Debarshi Ray [rishi@fedoraproject.org] - 1.17.2-1
- Update to 1.17.2
* Tue Jan 28 2025 Debarshi Ray [rishi@fedoraproject.org] - 1.17.1-1
- Update to 1.17.1
* Fri Jan 24 2025 Debarshi Ray [rishi@fedoraproject.org] - 1.17.0-1
- Update to 1.17.0
* Fri Jan 24 2025 Debarshi Ray [rishi@fedoraproject.org] - 1.16.2-2
- Synchronize linker flags with upstream
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2324082 - CVE-2024-0134 golang-github-nvidia-container-toolkit: specially-crafted container image can lead to the creation of unauthorized files on the host [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2324082
[ 2 ] Bug #2342483 - CVE-2024-0135 golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2342483
[ 3 ] Bug #2342487 - CVE-2024-0137 golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2342487
[ 4 ] Bug #2342491 - CVE-2024-0136 golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2342491
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-76012a9a99' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-routinator-0.14.1-2.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-46db4ee37e
2025-02-09 01:30:07.778426+00:00
--------------------------------------------------------------------------------

Name : rust-routinator
Product : Fedora 40
Version : 0.14.1
Release : 2.fc40
URL : https://crates.io/crates/routinator
Summary : RPKI relying party software
Description :
An RPKI relying party software.

--------------------------------------------------------------------------------
Update Information:

New
ASPA support is now always compiled in and available if enable-aspa is set. The
aspa Cargo feature has been removed. (#990)
If merging mutliple ASPA objects for a single customer ASN results in more than
16,380 provider ASNs, the ASPA is dropped. (Note that ASPA objects with more
than 16,380 provider ASNs are already rejected during parsing.) (#996)
New archive-stats command that shows some statistics of an RRDP archive. (#982)
Re-enabled the use of GZIP compression in HTTP request sent by the RRDP
collector. Measures to deal with exploding data have been implemented in rpki-
rs#319. (#997)
Bug fixes
Fixed an issue with checking the file names in manifests that let to a crash
when non-ASCII characters are used. (rpki-rs#320, reported by Haya Schulmann and
Niklas Vogel of Goethe University Frankfurt/ATHENE Center and assigned
CVE-2025-0638)
The validation HTTP endpoints now accept prefixes with non-zero host bits.
(#987)
Removed duplicate rtr_client_reset_queries in HTTP metrics. (#992 by @sleinen)
Improved disk space consumption of the new RRDP archives by re-using empty space
when updating an object and padding all objects to a multiple of 256 bytes.
(#982)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 23 2025 Michel Lind [salimma@fedoraproject.org] - 0.14.1-2
- Restore license list; use shrink for easier future diffing
* Thu Jan 23 2025 Michel Lind [salimma@fedoraproject.org] - 0.14.1-1
- Update to version 0.14.1; Fixes: RHBZ#2339650
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.14.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.14.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2339700 - CVE-2025-0638 rust-routinator: Routinator crashes when illegal characters are present in manifest file names [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2339700
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-46db4ee37e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: python3-docs-3.13.2-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e911f71d99
2025-02-09 01:17:00.288850+00:00
--------------------------------------------------------------------------------

Name : python3-docs
Product : Fedora 41
Version : 3.13.2
Release : 1.fc41
URL : https://www.python.org/
Summary : Documentation for the Python 3 programming language
Description :
The python3-docs package contains documentation on the Python 3
programming language and interpreter.

--------------------------------------------------------------------------------
Update Information:

Update to 3.13.2
Statically build the _datetime module into libpython. This fixes a segfault when
importing it from Python 3.13.0 updated to 3.13.1+ while running.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 6 2025 Tomáš HrnÄiar [thrnciar@redhat.com] - 3.13.2-1
- Update to 3.13.2
* Sat Jan 18 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.13.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2333852 - python 3.13.0 segfaults when importing modules (e.g. _datetime) after update to 3.13.1
https://bugzilla.redhat.com/show_bug.cgi?id=2333852
[ 2 ] Bug #2343274 - CVE-2025-0938 python3.13: URL parser allowed square brackets in domain names [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2343274
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e911f71d99' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 41 Update: python3.13-3.13.2-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e911f71d99
2025-02-09 01:17:00.288850+00:00
--------------------------------------------------------------------------------

Name : python3.13
Product : Fedora 41
Version : 3.13.2
Release : 1.fc41
URL : https://www.python.org/
Summary : Version 3.13 of the Python interpreter
Description :
Python 3.13 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

--------------------------------------------------------------------------------
Update Information:

Update to 3.13.2
Statically build the _datetime module into libpython. This fixes a segfault when
importing it from Python 3.13.0 updated to 3.13.1+ while running.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 4 2025 Charalampos Stratakis [cstratak@redhat.com] - 3.13.2-1
- Update to 3.13.2
- Security fix for CVE-2025-0938
- Fixes: rhbz#2343274
* Wed Jan 29 2025 Miro HronÄok [mhroncok@redhat.com] - 3.13.1-4
- On Fedora 41 or older, statically build the _datetime module into libpython
- This fixes a segfault when importing it from Python 3.13.0 updated to 3.13.1+ while running
- Fixes: rhbz#2333852
* Sat Jan 18 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.13.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2333852 - python 3.13.0 segfaults when importing modules (e.g. _datetime) after update to 3.13.1
https://bugzilla.redhat.com/show_bug.cgi?id=2333852
[ 2 ] Bug #2343274 - CVE-2025-0938 python3.13: URL parser allowed square brackets in domain names [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2343274
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e911f71d99' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


HestiaCP 1.9.2 released

GNUTLS update for Slackware

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...