Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Fedora 41: uv Important Tracing Log Pollution Fix FEDORA-2025-c71f0af9b2

fedora
Calendar Grey September 13, 2025
Dist Fedora Esm H88
Update for Fedora 41 uv package resolving data logging contamination problem stemming from CVE-2025-58160.
Security fix for CVE-2025-58160: rebuilt uv and python-uv-build with rust- tracing-subscriber 0.3.20

Summary

An extremely fast Python package installer and resolver, written in Rust.

Designed as a drop-in replacement for common pip and pip-tools workflows.

Highlights:

\u2022 \u2696\ufe0f Drop-in replacement for common pip, pip-tools, and virtualenv commands.

\u2022 \u26a1\ufe0f 10-100x faster than pip and pip-tools (pip-compile and pip-sync).

\u2022 \U0001f4be Disk-space efficient, with a global cache for dependency deduplication.

\u2022 \U0001f40d Installable via curl, pip, pipx, etc. uv is a static binary that can be

installed without Rust or Python.

\u2022 \U0001f9ea Tested at-scale against the top 10,000 PyPI packages.

\u2022 \U0001f5a5\ufe0f Support for macOS, Linux, and Windows.

\u2022 \U0001f9f0 Advanced features such as dependency version overrides and alternative

resolution strategies.

\u2022 \u2049\ufe0f Best-in-class error messages with a conflict-tracking resolver.

\u2022 \U0001f91d Support for a wide range of advanced pip features, including editable

installs, Git dependencies, direct URL dependencies, local dependencies,

constraints, source distributions, HTML and JSON indexes, and more.

Update Information:

Security fix for CVE-2025-58160: rebuilt uv and python-uv-build with rust- tracing-subscriber 0.3.20. Initial package for rust-secret-service in Fedora 43 (previously a retired package).

Topics%20covered

Topics Covered

security advisory fedora important python uv tracing log pollution

Change Log

* Tue Sep 2 2025 Benjamin A. Beasley - 0.8.11-2 - Rebuilt with rust-tracing-subscriber-0.3.20 - Fixes CVE-2025-58160: fixes RHBZ#2392055, fixes RHBZ#2392012, fixes RHBZ#2391975 * Sat Aug 16 2025 Benjamin A. Beasley - 0.8.11-1 - Update to 0.8.11 (close RHBZ#2388413) * Sat Aug 16 2025 Benjamin A. Beasley - 0.8.10-1 - Update to 0.8.10 * Fri Aug 15 2025 Python Maint - 0.8.9-2 - Rebuilt for Python 3.14.0rc2 bytecode * Wed Aug 13 2025 Benjamin A. Beasley - 0.8.9-1 - Update to 0.8.9 (close RHBZ#2387762)

References


[ 1 ] Bug #2389401 - Review Request: rust-secret-service - Library to interface with Secret Service API https://bugzilla.redhat.com/show_bug.cgi?id=2389401 [ 2 ] Bug #2392012 - CVE-2025-58160 uv: Tracing log pollution [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2392012 [ 3 ] Bug #2392998 - rust-secret-service-5.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2392998

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c71f0af9b2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: uv
Product: Fedora 41
Version: 0.8.11
Release: 2.fc41
URL: https://github.com/astral-sh/uv
Summary: An extremely fast Python package installer and resolver, written in Rust

Topics%20covered

Topics Covered

security advisory fedora important python uv tracing log pollution

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here