Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Warning: Undefined array key "Description" in /var/www/www.linuxsecurity.com-443/html/lsadvisories/lsadvisories.php on line 220

Fedora 42: uv Security Advisory CVE-2025-54368 Updating to 0.8.8

fedora
Calendar Grey August 19, 2025
Dist Fedora Esm H88
The recent Fedora 42 update addresses critical issues related to ZIP file validation vulnerabilities and includes upgraded versions of various software packages.
Update uv to version 0.8.8

Summary

An extremely fast Python package installer and resolver, written in Rust.

Designed as a drop-in replacement for common pip and pip-tools workflows.

Highlights:

\u2022 \u2696\ufe0f Drop-in replacement for common pip, pip-tools, and virtualenv commands.

\u2022 \u26a1\ufe0f 10-100x faster than pip and pip-tools (pip-compile and pip-sync).

\u2022 \U0001f4be Disk-space efficient, with a global cache for dependency deduplication.

\u2022 \U0001f40d Installable via curl, pip, pipx, etc. uv is a static binary that can be

installed without Rust or Python.

\u2022 \U0001f9ea Tested at-scale against the top 10,000 PyPI packages.

\u2022 \U0001f5a5\ufe0f Support for macOS, Linux, and Windows.

\u2022 \U0001f9f0 Advanced features such as dependency version overrides and alternative

resolution strategies.

\u2022 \u2049\ufe0f Best-in-class error messages with a conflict-tracking resolver.

\u2022 \U0001f91d Support for a wide range of advanced pip features, including editable

installs, Git dependencies, direct URL dependencies, local dependencies,

constraints, source distributions, HTML and JSON indexes, and more.

Update Information:

Update uv to version 0.8.8. Update the h2 crate to version 0.4.12. The builds in this update also address CVE-2025-54368.

Topics%20covered

Topics Covered

security advisory fedora update uv zip validation cve-2025-54368

Change Log

* Sat Aug 9 2025 Benjamin A. Beasley - 0.8.8-1 - Update to 0.8.8 (close RHBZ#2387194) * Sat Aug 9 2025 Benjamin A. Beasley - 0.8.6-1 - Update to 0.8.6 * Wed Aug 6 2025 Benjamin A. Beasley - 0.8.5-1 - Update to 0.8.5 (close RHBZ#2386647)

References


[ 1 ] Bug #2386891 - rust-h2-0.4.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2386891 [ 2 ] Bug #2387194 - uv-0.8.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=2387194 [ 3 ] Bug #2387243 - CVE-2025-54368 uv: uv ZIP Archive Validation Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2387243

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c22dd590b8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: uv
Product: Fedora 42
Version: 0.8.8
Release: 1.fc42
URL: https://github.com/astral-sh/uv
Summary: An extremely fast Python package installer and resolver, written in Rust

Topics%20covered

Topics Covered

security advisory fedora update uv zip validation cve-2025-54368

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here