Explore top 10 tips to secure your open-source projects now. Read More
×
xz 5.8.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-051becf4f2 2025-05-10 01:58:21.497365+00:00 -------------------------------------------------------------------------------- Name : perl-Compress-Raw-Lzma Product : Fedora 41 Version : 2.212 Release : 6.fc41 URL : https://metacpan.org/dist/Compress-Raw-Lzma Summary : Low-level interface to lzma compression library Description : This module provides a Perl interface to the lzma compression library. It is used by IO::Compress::Lzma. -------------------------------------------------------------------------------- Update Information: xz 5.8.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2025 Richard W.M. Jones - 2.212-6 - Rebuild against xz 5.8.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2357253 - CVE-2025-31115 xz: XZ has a heap-use-after-free bug in threaded .xz decoder [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2357253 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-051becf4f2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
xz 5.8.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-4871b31998 2025-05-10 01:38:46.492145+00:00 -------------------------------------------------------------------------------- Name : perl-Compress-Raw-Lzma Product : Fedora 40 Version : 2.209 Release : 9.fc40 URL : https://metacpan.org/dist/Compress-Raw-Lzma Summary : Low-level interface to lzma compression library Description : This module provides a Perl interface to the lzma compression library. It is used by IO::Compress::Lzma. -------------------------------------------------------------------------------- Update Information: xz 5.8.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2025 Richard W.M. Jones - 2.209-9 - Rebuild against xz 5.8.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2357251 - CVE-2025-31115 xz: XZ has a heap-use-after-free bug in threaded .xz decoder [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2357251 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4871b31998' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Fix CVE-2024-56406. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-8445f115f6 2025-04-30 01:59:13.913476+00:00 -------------------------------------------------------------------------------- Name : perl-Devel-Cover Product : Fedora 40 Version : 1.40 Release : 9.fc40 URL : https://metacpan.org/dist/Devel-Cover Summary : Code coverage metrics for Perl Description : This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an indirect measure of quality. -------------------------------------------------------------------------------- Update Information: Fix CVE-2024-56406 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 15 2025 Jitka Plesnikova - 1.40-9 - Rebuild for Perl 5.38.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2359474 - CVE-2024-56406 perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2359474 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8445f115f6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Fix CVE-2024-56406. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-11fcc87c66 2025-04-22 01:21:35.352714+00:00 -------------------------------------------------------------------------------- Name : perl-Devel-Cover Product : Fedora 41 Version : 1.44 Release : 4.fc41 URL : https://metacpan.org/dist/Devel-Cover Summary : Code coverage metrics for Perl Description : This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an indirect measure of quality. -------------------------------------------------------------------------------- Update Information: Fix CVE-2024-56406 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 15 2025 Jitka Plesnikova - 1.44-4 - Rebuild for Perl 5.40.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2359475 - CVE-2024-56406 perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2359475 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-11fcc87c66' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Fix CVE-2024-56406. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-11fcc87c66 2025-04-22 01:21:35.352714+00:00 -------------------------------------------------------------------------------- Name : perl-PAR-Packer Product : Fedora 41 Version : 1.063 Release : 5.fc41 URL : https://metacpan.org/dist/PAR-Packer Summary : PAR Packager Description : This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files. -------------------------------------------------------------------------------- Update Information: Fix CVE-2024-56406 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 15 2025 Jitka Plesnikova - 1.063-5 - Rebuild for Perl 5.40.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2359475 - CVE-2024-56406 perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2359475 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-11fcc87c66' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Fix CVE-2024-56406. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-26c0346398 2025-04-17 18:59:47.310510+00:00 -------------------------------------------------------------------------------- Name : perl-Devel-Cover Product : Fedora 42 Version : 1.44 Release : 5.fc42 URL : https://metacpan.org/dist/Devel-Cover Summary : Code coverage metrics for Perl Description : This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an indirect measure of quality. -------------------------------------------------------------------------------- Update Information: Fix CVE-2024-56406 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 15 2025 Jitka Plesnikova - 1.44-5 - Rebuild for Perl 5.40.2 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-26c0346398' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Fix CVE-2024-56406. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-26c0346398 2025-04-17 18:59:47.310510+00:00 -------------------------------------------------------------------------------- Name : perl-PAR-Packer Product : Fedora 42 Version : 1.063 Release : 6.fc42 URL : https://metacpan.org/dist/PAR-Packer Summary : PAR Packager Description : This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files. -------------------------------------------------------------------------------- Update Information: Fix CVE-2024-56406 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 15 2025 Jitka Plesnikova - 1.063-6 - Rebuild for Perl 5.40.2 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-26c0346398' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for perl-Data-Entropy ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0123-1 Rating: moderate References: #1240395 Cross-References: CVE-2025-1860 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-Data-Entropy fixes the following issues: Updated to 0.8.0 (0.008): see /usr/share/doc/packages/perl-Data-Entropy/Changes Version 0.008; 2025-03-27: * Use Crypt::URandom to seed the default algorithm with cryptographically secure random bytes instead of the builtin rand() function (boo#1240395, CVE-2025-1860). * This module has been marked as deprecated. * A security policy was added. * Remove use of Module::Build. * Updated maintainer information. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2025-123=1 Package List: - openSUSE Backports SLE-15-SP6 (noarch): perl-Data-Entropy-0.8.0-bp156.4.3.1 References: https://www.suse.com/security/cve/CVE-2025-1860.html https://bugzilla.suse.com/show_bug.cgi?id=1240395 . Security update released for perl-Data-Entropy on openSUSE to resolve a moderate vulnerability. Follow the provided patch instructions for remediation.. openSUSE Security Update, perl-Data-Entropy, security fix. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.