Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
89
security advisoryfedoraDoSFedora 43: ruff 0.14.3 Important Pydantic Fix FEDORA-2025-312ac3e645
Pydantic 2.12.4 This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-312ac3e645 2025-11-10 00:46:08.034331+00:00 -------------------------------------------------------------------------------- Name : ruff Product : Fedora 43 Version : 0.14.3 Release : 1.fc43 URL : https://github.com/astral-sh/ruff Summary : Extremely fast Python linter and code formatter Description : An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle, pyupgrade, autoflake, and more, all while executing tens or hundreds of times faster than any individual tool. -------------------------------------------------------------------------------- Update Information: Pydantic 2.12.4 This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types. This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any. https://github.com/pydantic/pydantic/releases/tag/v2.12.4 uv / python-uv-build 0.9.7 https://github.com/astral-sh/uv/releases/tag/0.9.7 0.9.6 This release contains an upgrade to Astral's fork of async_zip, which addresses potential sources of ZIP parsing differentials between uv and other Python packaging tooling. See GHSA-pqhf-p39g-3x64 for additionaldetails. https://github.com/astral-sh/uv/releases/tag/0.9.6 ruff 0.14.3 https://github.com/astral-sh/ruff/releases/tag/0.14.3 Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for RefCell). Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1. Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 31 2025 Benjamin A. Beasley - 0.14.3-1 - Update to 0.14.3 (close RHBZ#2408774) * Fri Oct 31 2025 Benjamin A. Beasley - 0.14.2-2 - Allow etcetera 0.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2403244 - rust-regex-1.12.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2403244 [ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=2403245 [ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2406419 [ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2406420 [ 5 ] Bug #2411957 - python-cloudpickle-3.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411957 [ 6 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411978 [ 7 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411979 [ 8 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411980 [ 9 ] Bug #2411981 - rust-reqsign-0.18.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411981 [ 10 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411982 [ 11 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411983 [ 12 ] Bug #2412643 - python-pydantic-2.12.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2412643 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-312ac3e645' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 10, 2025
•Important
Fedora
89
security advisoryfedoraupdateFedora 43 ruff 0.14.2 Important Update Advisory 2025-4154ea83d0
uv / python-uv-build 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md Pydantic 2.12.3. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-4154ea83d0 2025-11-05 02:09:57.817569+00:00 -------------------------------------------------------------------------------- Name : ruff Product : Fedora 43 Version : 0.14.2 Release : 1.fc43 URL : https://github.com/astral-sh/ruff Summary : Extremely fast Python linter and code formatter Description : An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle, pyupgrade, autoflake, and more, all while executing tens or hundreds of times faster than any individual tool. -------------------------------------------------------------------------------- Update Information: uv / python-uv-build 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md Pydantic 2.12.3 Blog post maturin 1.9.6 https://github.com/PyO3/maturin/blob/v1.9.6/Changelog.md python-typing-inspection 0.4.2 (2025-10-01) Add typing_objects.is_noextraitems() python-jiter 0.11.0 https://github.com/pydantic/jiter/releases/tag/v0.11.0 python-pydantic-extra-types 2.10.6 https://github.com/pydantic/pydantic-extra-types/releases/tag/v2.10.6 Typer 0.20.0 Features \u2728 Enable command suggestions on typo by default. Upgrades \u2b06\ufe0f Add (official) support for Python 3.14. Internal Assorted small enhancements. FastAPI 0.120.1 Upgrades \u2b06\ufe0f Bump Starlette to
Nov 05, 2025
•Important
Fedora
89
security advisoryfedorasecurity fixFedora 41: ruff 0.14.2 Security Update for CVE-2025-62518 Released
uv 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for CVE-2025-62518. ruff 0.14.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-43a0bff5ea 2025-11-03 01:00:54.501352+00:00 -------------------------------------------------------------------------------- Name : ruff Product : Fedora 41 Version : 0.14.2 Release : 1.fc41 URL : https://github.com/astral-sh/ruff Summary : Extremely fast Python linter and code formatter Description : An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle, pyupgrade, autoflake, and more, all while executing tens or hundreds of times faster than any individual tool. -------------------------------------------------------------------------------- Update Information: uv 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for CVE-2025-62518. ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md rust-astral-tokio-tar 0.5.6 Fixed a parser desynchronization vulnerability when reading tar archives that contain mismatched size information in PAX/ustar headers. This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx and CVE-2025-62518. Initial package for python-uv-build in Fedora 42 Initial packages for a number of new dependencies for ruff and uv. Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1. Patch openapi-python-client to allow ruff 0.14 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2025 Benjamin A. Beasley - 0.14.2-1 - Update to version 0.14.2; Fixes RHBZ#2406135 * Wed Oct 22 2025Benjamin A. Beasley - 0.14.1-2 - Double _smp_tasksize_proc again - Builds for F41 were failing consistently on s390x * Mon Oct 20 2025 Benjamin A. Beasley - 0.14.1-1 - Update to 0.14.1 (close RHBZ#2360699) * Mon Oct 20 2025 Benjamin A. Beasley - 0.14.0-2 - Skip salsa\u2019s execute_cancellation tests on all architectures * Mon Oct 20 2025 Benjamin A. Beasley - 0.14.0-1 - Update to 0.14.0 * Mon Oct 20 2025 Benjamin A. Beasley - 0.13.3-1 - Update to 0.13.3 * Mon Oct 20 2025 Benjamin A. Beasley - 0.13.2-1 - Update to 0.13.2 * Thu Oct 16 2025 Gordon Messmer - 0.12.1-2 - Use rpm's native resource tunable to limit parallelism. * Wed Sep 24 2025 Benjamin A. Beasley - 0.12.1-1 - Update to 0.12.1 * Wed Sep 24 2025 Benjamin A. Beasley - 0.12.0-1 - Update to 0.12.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2360699 - ruff-0.14.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2360699 [ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402441 [ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402442 [ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402443 [ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402881 [ 6 ] Bug #2402923 - uv-0.9.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402923 [ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2405471 [ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2405472 [ 9 ] Bug #2406135 - ruff-0.14.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2406135 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fix for CVE-2025-62518 in ruff 0.14.2 on Fedora 41 addresses a harmful parser issue.. CVE-2025-62518,Rust,Python Linter. . Severity: Critical. LinuxSecurity.com Team
Nov 03, 2025
•Critical
Fedora
89
security advisoryfedoraimportantFedora 43: ruff Update for CVE-2025-58160 Important Tracing Log Pollution
Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-91981ea84d 2025-09-12 19:20:52.462083+00:00 -------------------------------------------------------------------------------- Name : ruff Product : Fedora 43 Version : 0.11.5 Release : 7.fc43 URL : https://github.com/astral-sh/ruff Summary : Extremely fast Python linter and code formatter Description : An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle, pyupgrade, autoflake, and more, all while executing tens or hundreds of times faster than any individual tool. -------------------------------------------------------------------------------- Update Information: Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 2 2025 Fabio Valentini - 0.11.5-7 - Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2391973 - CVE-2025-58160 ruff: Tracing log pollution [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2391973 [ 2 ] Bug #2392006 - CVE-2025-58160 ruff: Tracing log pollution [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2392006 [ 3 ] Bug #2392045 - CVE-2025-58160 ruff: Tracing log pollution [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2392045 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-91981ea84d' at thecommand line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 12, 2025
•Important
Fedora
89
security advisoryfedoracriticalFedora 42: Ruff Critical Update CVE-2025-58160 Tracing Log Pollution
Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-a8501d6717 2025-09-12 02:06:02.138626+00:00 -------------------------------------------------------------------------------- Name : ruff Product : Fedora 42 Version : 0.11.5 Release : 7.fc42 URL : https://github.com/astral-sh/ruff Summary : Extremely fast Python linter and code formatter Description : An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle, pyupgrade, autoflake, and more, all while executing tens or hundreds of times faster than any individual tool. -------------------------------------------------------------------------------- Update Information: Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 2 2025 Fabio Valentini - 0.11.5-7 - Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160 * Fri Aug 15 2025 Python Maint - 0.11.5-6 - Rebuilt for Python 3.14.0rc2 bytecode -------------------------------------------------------------------------------- References: [ 1 ] Bug #2391973 - CVE-2025-58160 ruff: Tracing log pollution [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2391973 [ 2 ] Bug #2392006 - CVE-2025-58160 ruff: Tracing log pollution [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2392006 [ 3 ] Bug #2392045 - CVE-2025-58160 ruff: Tracing log pollution [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2392045 -------------------------------------------------------------------------------- This update can be installed with the"dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-a8501d6717' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 12, 2025
•Critical
Fedora
89
security advisoryFedoracrossbeamFedora 41: 2025-575023fff7 critical: ruff crossbeam double free
Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library. rust-hashlink 0.10.0 API incompatible change: upgrade hashbrown to 0.15 API incompatible change: we now wrap DefaultHashBuilder and DefaultHasher. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-575023fff7 2025-05-30 01:44:07.670098+00:00 -------------------------------------------------------------------------------- Name : ruff Product : Fedora 41 Version : 0.11.5 Release : 2.fc41 URL : https://github.com/astral-sh/ruff Summary : Extremely fast Python linter and code formatter Description : An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle, pyupgrade, autoflake, and more, all while executing tens or hundreds of times faster than any individual tool. -------------------------------------------------------------------------------- Update Information: Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library. rust-hashlink 0.10.0 API incompatible change: upgrade hashbrown to 0.15 API incompatible change: we now wrap DefaultHashBuilder and DefaultHasher from hashbrown so that in the future upgrading hashbrown is not an API incompatible change -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2025 Benjamin A. Beasley - 0.11.5-2 - Stop patching for hashbrown/hashlink 0.14/0.9; use 0.15/0.10 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2331134 - rust-hashlink-0.10.0is available https://bugzilla.redhat.com/show_bug.cgi?id=2331134 [ 2 ] Bug #2366541 - CVE-2025-4574 ruff: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2366541 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-575023fff7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 30, 2025
•Critical
Fedora
89
security advisoryupdateFedoraFedora 42: Update ruff Security Advisory for CVE-2025-4574
Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library. rust-hashlink 0.10.0 API incompatible change: upgrade hashbrown to 0.15 API incompatible change: we now wrap DefaultHashBuilder and DefaultHasher. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-04894ce9bd 2025-05-30 01:14:13.237137+00:00 -------------------------------------------------------------------------------- Name : ruff Product : Fedora 42 Version : 0.11.5 Release : 2.fc42 URL : https://github.com/astral-sh/ruff Summary : Extremely fast Python linter and code formatter Description : An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle, pyupgrade, autoflake, and more, all while executing tens or hundreds of times faster than any individual tool. -------------------------------------------------------------------------------- Update Information: Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library. rust-hashlink 0.10.0 API incompatible change: upgrade hashbrown to 0.15 API incompatible change: we now wrap DefaultHashBuilder and DefaultHasher from hashbrown so that in the future upgrading hashbrown is not an API incompatible change -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2025 Benjamin A. Beasley - 0.11.5-2 - Stop patching for hashbrown/hashlink 0.14/0.9; use 0.15/0.10 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2331134 - rust-hashlink-0.10.0is available https://bugzilla.redhat.com/show_bug.cgi?id=2331134 [ 2 ] Bug #2366571 - CVE-2025-4574 ruff: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366571 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-04894ce9bd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 30, 2025
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!