Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 41: 2025-575023fff7 critical: ruff crossbeam double free

fedora
Calendar Grey May 30, 2025
Dist Fedora Esm H88
Ruff in Fedora 41 has been updated significantly to address the CVE-2025-4574 security vulnerability, enhancing code integrity with the latest improvements and updates
Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library

Summary

An extremely fast Python linter and code formatter, written in Rust.

Ruff aims to be orders of magnitude faster than alternative tools while

integrating more functionality behind a single, common interface.

Ruff can be used to replace Flake8 (plus dozens of plugins), Black,

isort, pydocstyle, pyupgrade, autoflake, and more, all while executing

tens or hundreds of times faster than any individual tool.

Update Information:

Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library. rust-hashlink 0.10.0 API incompatible change: upgrade hashbrown to 0.15 API incompatible change: we now wrap DefaultHashBuilder and DefaultHasher from hashbrown so that in the future upgrading hashbrown is not an API incompatible change

Topics%20covered

Topics Covered

security advisory Fedora crossbeam API change ruff hashbrown

Change Log

* Fri May 2 2025 Benjamin A. Beasley - 0.11.5-2 - Stop patching for hashbrown/hashlink 0.14/0.9; use 0.15/0.10

References


[ 1 ] Bug #2331134 - rust-hashlink-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2331134 [ 2 ] Bug #2366541 - CVE-2025-4574 ruff: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2366541

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-575023fff7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: ruff
Product: Fedora 41
Version: 0.11.5
Release: 2.fc41
URL: https://github.com/astral-sh/ruff
Summary: Extremely fast Python linter and code formatter

Topics%20covered

Topics Covered

security advisory Fedora crossbeam API change ruff hashbrown

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here