Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 42: python-socketio Critical RCE Fix FEDORA-2025-96c38634c7

fedora
Calendar Grey October 11, 2025
Dist Fedora Esm H88
Address critical python-socketio update for Fedora 42. Ensure security against code execution risks now.
Release 5.14.1 - 2025-10-02 Restore support for rediss:// URLs, and add support for valkeys:// as well Add support for Redis connections using unix sockets Release 5.14.0 - 2025-09...

Summary

Socket.IO is a transport protocol that enables real-time bidirectional

event-based communication between clients (typically, though not always, web

browsers) and a server. The official implementations of the client and server

components are written in JavaScript. This package provides Python

implementations of both, each with standard and asyncio variants.

Update Information:

Release 5.14.1 - 2025-10-02 Restore support for rediss:// URLs, and add support for valkeys:// as well Add support for Redis connections using unix sockets Release 5.14.0 - 2025-09-30 Replace pickle with json in message queue communications Add support for Valkey in the Redis client managers Keep track of which namespaces failed to connect Fixed transport property of the simple clients to be a string as documented SimpleClient.call does not raise TimeoutError on timeout Wait for client to end background tasks on disconnect Better error logging for the Redis managers Channel was not properly initialized in several pubsub client managers Add message queue deployment recommendations for security Add missing async on session examples for the async server Add SPDX license identifier

Topics%20covered

Topics Covered

security advisory fedora code execution update advisory RCE python-socketio

Change Log

* Thu Oct 2 2025 Packit - 5.14.1-1 - Update to 5.14.1 upstream release - Resolves: rhbz#2401144 * Tue Sep 30 2025 Packit - 5.14.0-1 - Update to 5.14.0 upstream release - Resolves: rhbz#2400545 * Fri Sep 19 2025 Python Maint - 5.13.0-7 - Rebuilt for Python 3.14.0rc3 bytecode * Fri Aug 15 2025 Python Maint - 5.13.0-6 - Rebuilt for Python 3.14.0rc2 bytecode * Fri Jul 25 2025 Fedora Release Engineering - 5.13.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Fri Jun 27 2025 Benjamin A. Beasley - 5.13.0-4 - Re-enable uvicorn test dependency * Thu Jun 12 2025 Benjamin A. Beasley - 5.13.0-3 - Omit tests that need uvicorn on Python 3.14 for now - Fixes RHBZ#2372142 * Thu May 8 2025 Benjamin A. Beasley - 5.13.0-2 - F41+: Use the provisional pyproject declarative buildsystem

References


[ 1 ] Bug #2401144 - python-socketio-5.14.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2401144 [ 2 ] Bug #2401937 - CVE-2025-61765 python-socketio: python-socketio code execution (RCE) via pickle deserialization [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2401937

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-96c38634c7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python-socketio
Product: Fedora 42
Version: 5.14.1
Release: 1.fc42
URL: https://github.com/miguelgrinberg/python-socketio
Summary: Socket.IO server

Topics%20covered

Topics Covered

security advisory fedora code execution update advisory RCE python-socketio

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here