Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 42: Advisory for Atuin 2025-8a18a5a077 - Important Security Fixes

fedora
Calendar Grey June 25, 2025
Dist Fedora Esm H88
Important revisions for Fedora 42 on Atuin, addressing double-release problems and Punycode security flaws. Discover additional details.
Rebuild applications to apply two recent security updates: build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels that do not produce any non-ASCII when dec...

Summary

Atuin replaces your existing shell history with a SQLite database, and records

additional context for your commands. Additionally, it provides optional and

fully encrypted synchronization of your history between machines, via an Atuin

server.

Update Information:

Rebuild applications to apply two recent security updates: build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels that do not produce any non-ASCII when decoded) build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double- free on Drop)

Topics%20covered

Topics Covered

security advisory fedora important double-free CVE-2024-12224 atuin

Change Log

* Mon Jun 16 2025 Fabio Valentini - 18.3.0-4 - Rebuild for idna crate >= v1.0.0 (CVE-2024-12224) * Wed Apr 23 2025 Michel Lind - 18.3.0-3 - Disable PostgreSQL tests when building for EL9

References


[ 1 ] Bug #2366549 - CVE-2025-4574 atuin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366549 [ 2 ] Bug #2366551 - CVE-2025-4574 awatcher: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366551 [ 3 ] Bug #2370578 - CVE-2024-12224 atuin: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2370578 [ 4 ] Bug #2370580 - CVE-2024-12224 awatcher: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2370580 [ 5 ] Bug #2370586 - CVE-2024-12224 gotify-desktop: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2370586 [ 6 ] Bug #2370591 - CVE-2024-12224 mirrorlist-server: ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8a18a5a077' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: atuin
Product: Fedora 42
Version: 18.3.0
Release: 4.fc42
URL: https://atuin.sh
Summary: Magical shell history

Topics%20covered

Topics Covered

security advisory fedora important double-free CVE-2024-12224 atuin

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here