Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 41: FEDORA-2025-3dfc505946 critical: rpm-ostree use after free

fedora
Calendar Grey February 27, 2025
Dist Fedora Esm H88
Keep updated with Fedora 41's rpm-ostree security advisories and essential package enhancements.
Merge branch 'f42' into f41 Merge branch 'rawhide' into f41 Fix merge conflict

Summary

rpm-ostree is a hybrid image/package system. It supports

"composing" packages on a build server into an OSTree repository,

which can then be replicated by client systems with atomic upgrades.

Additionally, unlike many "pure" image systems, with rpm-ostree

each client system can layer on additional packages, providing

a "best of both worlds" approach.

Update Information:

Merge branch 'f42' into f41 Merge branch 'rawhide' into f41 Fix merge conflict

Topics%20covered

Topics Covered

security advisory security issue critical Fedora update information software update process rpm-ostree package system hybrid package system

Change Log

* Mon Feb 10 2025 Joseph Marrero Corchado - 2025.5-1 - Release 2025.5 * Thu Jan 30 2025 Joseph Marrero Corchado - 2025.4-1 - Release 2025.4 * Tue Jan 28 2025 Joseph Marrero Corchado - 2025.3-3 - spec: use autorelease on rawhide * Tue Jan 28 2025 Joseph Marrero Corchado - 2025.3-2 - spec: remove kernel_install conditional temporarily * Mon Jan 27 2025 Colin Walters - 2025.3-1 - Update to 2025.3, add a bcond for kernel-install * Fri Jan 24 2025 Joseph Marrero Corchado - 2025.2-2 - spec: Sync with upstream * Thu Jan 23 2025 Joseph Marrero Corchado - 2025.2-1 - Release 2025.2 * Thu Jan 16 2025 Joseph Marrero Corchado - 2025.1-2 - spec: package /lib/kernel/install.d/05-rpmostree.install * Thu Jan 16 2025 Joseph Marrero Corchado - 2025.1-1 - Rebase to rpm-ostree 2025.1 * Wed Jan 15 2025 Colin Walters - 2024.9-5 - Drop unused patch * Wed Jan 15 2025 Colin Walters - 2024.9-4 - Fast track https://github.com/coreos/rpm-ostree/pull/5224 * Tue Dec 10 2024 Colin Walters - 2024.9-3 - Flip bcond for ostree_ext off * Tue Dec 10 2024 Colin Walters - 2024.9-2 - Add a bcond for ostree_ext

References


[ 1 ] Bug #2342078 - dnf errors relating to kernel-install when updating kernel, rpm-ostree-2025.2-1 is installed https://bugzilla.redhat.com/show_bug.cgi?id=2342078 [ 2 ] Bug #2344556 - rpm-ostree: openssl: CVE-2025-0977 / RUSTSEC-2025-0004: ssl::select_next_proto use after free https://bugzilla.redhat.com/show_bug.cgi?id=2344556

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3dfc505946' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rpm-ostree
Product: Fedora 41
Version: 2025.5
Release: 2.fc41
URL: https://github.com/coreos/rpm-ostree
Summary: Hybrid image/package system

Topics%20covered

Topics Covered

security advisory security issue critical Fedora update information software update process rpm-ostree package system hybrid package system

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here