Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 41: FEDORA-2025-297c7ac7fe critical: atuin double-free issue

fedora
Calendar Grey June 25, 2025
Dist Fedora Esm H88
Fedora 41 has released crucial security updates for Atuin, tackling vulnerabilities CVE-2024-12224 and CVE-2025-4574, vital for user environment protection
Rebuild applications to apply two recent security updates: build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels that do not produce any non-ASCII when dec...

Summary

Atuin replaces your existing shell history with a SQLite database, and records

additional context for your commands. Additionally, it provides optional and

fully encrypted synchronization of your history between machines, via an Atuin

server.

Update Information:

Rebuild applications to apply two recent security updates: build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels that do not produce any non-ASCII when decoded) build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double- free on Drop)

Topics%20covered

Topics Covered

security advisory fedora critical application update double-free CVE identification

Change Log

* Mon Jun 16 2025 Fabio Valentini - 18.3.0-4 - Rebuild for idna crate >= v1.0.0 (CVE-2024-12224) * Wed Apr 23 2025 Michel Lind - 18.3.0-3 - Disable PostgreSQL tests when building for EL9

References


[ 1 ] Bug #2366525 - CVE-2025-4574 atuin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2366525 [ 2 ] Bug #2366527 - CVE-2025-4574 awatcher: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2366527 [ 3 ] Bug #2370559 - CVE-2024-12224 atuin: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2370559 [ 4 ] Bug #2370561 - CVE-2024-12224 awatcher: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2370561 [ 5 ] Bug #2370566 - CVE-2024-12224 gotify-desktop: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2370566 [ 6 ] Bug #2370568 - CVE-2024-12224 keylime-agent-rust:...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-297c7ac7fe' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: atuin
Product: Fedora 41
Version: 18.3.0
Release: 4.fc41
URL: https://atuin.sh
Summary: Magical shell history

Topics%20covered

Topics Covered

security advisory fedora critical application update double-free CVE identification

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here