Explore top 10 tips to secure your open-source projects now. Read More
×Update to latest 7.7.x release available, a security release. Includes fixes for VSV00017 aka CVE-2025-8671, aAdded patches for for VSV00018 aka CVE-2026-34475, added patches for for VSV00019.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7f36ec4c65 2026-07-01 01:21:48.846180+00:00 -------------------------------------------------------------------------------- Name : varnish Product : Fedora 43 Version : 7.7.3 Release : 2.fc43 URL : https://www.varnish-cache.org/ Summary : High-performance HTTP accelerator Description : This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don’t have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a significant speed up. Documentation wiki and additional information about Varnish Cache is available on: https://www.varnish-cache.org/ -------------------------------------------------------------------------------- Update Information: Update to latest 7.7.x release available, a security release. Includes fixes for VSV00017 aka CVE-2025-8671, aAdded patches for for VSV00018 aka CVE-2026-34475, added patches for for VSV00019. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 15 2026 Ingvar Hagelund - 7.7.3-2 - Update to latest 7.7.x release available, a security release - Includes fixes for VSV00017 aka CVE-2025-8671 - Added patches for for VSV00018 aka CVE-2026-34475 - Added patches for for VSV00019 * Fri Jul 25 2025 Luboš Uhliarik - 7.7.1-4 - bundle jemalloc in RHEL * Fri Jul 25 2025 Fedora Release Engineering - 7.7.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Thu May 22 2025 Ingvar Hagelund - 7.7.1-2 - Correct ABI and VRT versions - Pulled el7 support - Use systemd setup for users * Tue May 20 2025 Luboš Uhliarik - 7.7.1-1 -new version 7.7.1 * Thu Mar 27 2025 Ingvar Hagelund - 7.7.0-2 - Fix for eln build (merged from yselkowitz) - Fix for failing h2 switch check. Enabling full test suite again * Mon Mar 24 2025 Ingvar Hagelund - 7.7.0-1 - New upstream release - fedora now has completed the bin/sbin merge * Sun Jan 19 2025 Fedora Release Engineering - 7.6.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Mon Dec 2 2024 Ingvar Hagelund - 7.6.1-1 - New upstream release * Mon Sep 16 2024 Ingvar Hagelund - 7.6.0-1 - New upstream release - Updated checkout of pkg-varnish * Sat Jul 20 2024 Fedora Release Engineering - 7.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7f36ec4c65' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Latest Fedora 43 Varnish security release fixes critical issues revealed in multiple CVEs to enhance performance and reliability.. Varnish Cache update, Fedora 43 security release, HTTP accelerator security, CVE-2025-8671 fixes, security advisories. . Severity: Important. LinuxSecurity.com Team
New upstream release varnish-8.0.2, a security release. Includes fix for VSV00019. Dependent packages are included in this update.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-2148c0e80b 2026-06-13 01:09:32.029605+00:00 -------------------------------------------------------------------------------- Name : varnish-modules Product : Fedora 44 Version : 0.27.0 Release : 4.fc44 URL : https://github.com/varnish/varnish-modules Summary : A collection of modules ("vmods") extending Varnish VCL Description : This is a collection of modules ("vmods") extending Varnish VCL used for describing HTTP request/response policies with additional capabilities. This collection contains the following vmods: bodyaccess, header, saintmode, tcp, var, vsthrottle, xkey -------------------------------------------------------------------------------- Update Information: New upstream release varnish-8.0.2, a security release. Includes fix for VSV00019. Dependent packages are included in this update. -------------------------------------------------------------------------------- ChangeLog: * Tue May 26 2026 Ingvar Hagelund - 0.27.0-4 - Rebuilt for varnish-8.0.2 * Sun May 17 2026 Ingvar Hagelund - 0.27.0-3 - Rebuilt for varnish-8.0.1 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2148c0e80b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
New upstream release varnish-8.0.2, a security release. Includes fix for VSV00019. Dependent packages are included in this update.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-2148c0e80b 2026-06-13 01:09:32.029605+00:00 -------------------------------------------------------------------------------- Name : varnish Product : Fedora 44 Version : 8.0.2 Release : 1.fc44 URL : https://www.varnish-cache.org/ Summary : High-performance HTTP accelerator Description : This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don’t have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a significant speed up. Documentation wiki and additional information about Varnish Cache is available on: https://www.varnish-cache.org/ -------------------------------------------------------------------------------- Update Information: New upstream release varnish-8.0.2, a security release. Includes fix for VSV00019. Dependent packages are included in this update. -------------------------------------------------------------------------------- ChangeLog: * Tue May 26 2026 Ingvar Hagelund - 8.0.2-1 - New upstream release: A security release - Includes fix for VSV00019 * Sun May 17 2026 Ingvar Hagelund - 8.0.1-1 - New upstream release: A security relase - Includes fix for VSV00018, CVE-2026-34475 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2148c0e80b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Upgrade to Varnish 8.0.2 on Fedora 44 for a critical security fix addressing VSV00019 with improved performance.. Fedora 44 Varnish Update, HTTP Accelerator Security Fix, Varnish Cache Upgrade. . Severity: Important. LinuxSecurity.com Team
New upstream release varnish-8.0.2, a security release. Includes fix for VSV00019. Dependent packages are included in this update.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-2148c0e80b 2026-06-13 01:09:32.029605+00:00 -------------------------------------------------------------------------------- Name : vmod-uuid Product : Fedora 44 Version : 1.10 Release : 31.fc44 URL : https://github.com/otto-de/libvmod-uuid Summary : UUID module for Varnish Cache Description : UUID Varnish vmod used to generate a uuid, including versions 1, 3, 4 and 5 as specified in RFC 4122. See the RFC for details about the various versions. -------------------------------------------------------------------------------- Update Information: New upstream release varnish-8.0.2, a security release. Includes fix for VSV00019. Dependent packages are included in this update. -------------------------------------------------------------------------------- ChangeLog: * Tue May 26 2026 Ingvar Hagelund - 1.10-31 - Rebuilt for varnish-8.0.2-1 * Sun May 17 2026 Ingvar Hagelund - 1.10-30 - Rebuilt for varnish-8.0.1-1 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2148c0e80b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Python 3.10.16 security release. Security content in this release gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-cae0bcc133 2024-12-14 01:40:20.155894+00:00 -------------------------------------------------------------------------------- Name : python3.10 Product : Fedora 41 Version : 3.10.16 Release : 1.fc41 URL : https://www.python.org/ Summary : Version 3.10 of the Python interpreter Description : Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the "python3.10" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.10-libs package, which should be installed automatically along with python3.10. The remaining parts of the Python standard library are broken out into the python3.10-tkinter and python3.10-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.10-docs package. Packages containing additional libraries for Python are generally named with the "python3.10-" prefix. -------------------------------------------------------------------------------- Update Information: Python 3.10.16 security release. Security content in this release gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified. CVE-2024-9287: gh-124651: Properly quotetemplate strings in venv activation scripts. gh-103848: Added checks to ensure that [ bracketed ] hosts found by urllib.parse.urlsplit() are of IPv6 or IPvFuture format. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2024 Charalampos Stratakis - 3.10.16-1 - Update to 3.10.16 - Security fix for CVE-2024-9287 Resolves: rhbz#2321654 * Wed Sep 11 2024 Miro HronÄok - 3.10.15-2 - Fix ThreadedVSOCKSocketStreamTest -------------------------------------------------------------------------------- References: [ 1 ] Bug #2321654 - CVE-2024-9287 python3.10: Virtual environment (venv) activation scripts don't quote paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2321654 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-cae0bcc133' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Python 3.10.16 release improves safety features and guarantees correct string formatting in code. Upgrade securely today!. Python Security Update, Fedora Advisory, Python 3.10 Release, Security Patch, venv Activation Fix. . Severity: Critical. LinuxSecurity.com Team
Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable: the reference. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-5ea38dfb80 2024-12-12 02:29:32.892834+00:00 -------------------------------------------------------------------------------- Name : python3.11 Product : Fedora 40 Version : 3.11.11 Release : 1.fc40 URL : https://www.python.org/ Summary : Version 3.11 of the Python interpreter Description : Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.11-libs package, which should be installed automatically along with python3.11. The remaining parts of the Python standard library are broken out into the python3.11-tkinter and python3.11-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.11-docs package. Packages containing additional libraries for Python are generally named with the "python3.11-" prefix. -------------------------------------------------------------------------------- Update Information: Python 3.11.11 security release. Security content in this release gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified. CVE-2024-9287: gh-124651:Properly quote template strings in venv activation scripts. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2024 LumÃr Balhar - 3.11.11-1 - Update to 3.11.11 - Fixes: rhbz#2321655 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2321655 - CVE-2024-9287 python3.11: Virtual environment (venv) activation scripts don't quote paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2321655 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-5ea38dfb80' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . The latest Fedora update to Python 3.11 introduces significant enhancements in code readability and security, ensuring a safer coding experience for all developers. Python 3.11 Update, Fedora Security Release, Code Readability, Python Interpreter. . Severity: Critical. LinuxSecurity.com Team
Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedora releases.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-607a0047bc 2024-12-12 02:29:32.892820+00:00 -------------------------------------------------------------------------------- Name : python3.9 Product : Fedora 40 Version : 3.9.21 Release : 1.fc40 URL : https://www.python.org/ Summary : Version 3.9 of the Python interpreter Description : Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedora releases. -------------------------------------------------------------------------------- Update Information: Python 3.9.21 security release. Security content in this release gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified. CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts. gh-103848: Added checks to ensure that [ bracketed ] hosts found by urllib.parse.urlsplit() are of IPv6 or IPvFuture format. gh-95588: Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being "safe" for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claimthat literal_eval is safe. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2024 LumÃr Balhar - 3.9.21-1 - Update to 3.9.21 - Fixes: rhbz#2321662 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2321662 - CVE-2024-9287 python3.9: Virtual environment (venv) activation scripts don't quote paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2321662 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-607a0047bc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 40's latest Python 3.9 patch enhances dev testing functionalities and fortifies overall system security.. python package, Fedora update, security release, developer tools, programming. . Severity: Important. LinuxSecurity.com Team
Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable: the reference. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-01d838d947 2024-12-08 02:45:08.762947+00:00 -------------------------------------------------------------------------------- Name : python3.11 Product : Fedora 41 Version : 3.11.11 Release : 1.fc41 URL : https://www.python.org/ Summary : Version 3.11 of the Python interpreter Description : Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.11-libs package, which should be installed automatically along with python3.11. The remaining parts of the Python standard library are broken out into the python3.11-tkinter and python3.11-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.11-docs package. Packages containing additional libraries for Python are generally named with the "python3.11-" prefix. -------------------------------------------------------------------------------- Update Information: Python 3.11.11 security release. Security content in this release gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified. CVE-2024-9287: gh-124651:Properly quote template strings in venv activation scripts. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2024 LumÃr Balhar - 3.11.11-1 - Update to 3.11.11 - Fixes: rhbz#2321655 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2321655 - CVE-2024-9287 python3.11: Virtual environment (venv) activation scripts don't quote paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2321655 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-01d838d947' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 41 announces an important update for Python 3.11, which includes crucial security patches related to template strings.. Fedora Python Update, Python 3.11 Security, Python Interpreter Update. . Severity: Critical. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.