Stay Secure with the Latest Linux Advisories

security advisoryfedoraupdate

Fedora 42: uv Security Advisory CVE-2025-54368 Updating to 0.8.8

Update uv to version 0.8.8. Update the h2 crate to version 0.4.12. The builds in this update also address CVE-2025-54368.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c22dd590b8 2025-08-19 04:14:40.703643+00:00 -------------------------------------------------------------------------------- Name : uv Product : Fedora 42 Version : 0.8.8 Release : 1.fc42 URL : https://github.com/astral-sh/uv Summary : An extremely fast Python package installer and resolver, written in Rust Description : An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: \u2022 \u2696\ufe0f Drop-in replacement for common pip, pip-tools, and virtualenv commands. \u2022 \u26a1\ufe0f 10-100x faster than pip and pip-tools (pip-compile and pip-sync). \u2022 \U0001f4be Disk-space efficient, with a global cache for dependency deduplication. \u2022 \U0001f40d Installable via curl, pip, pipx, etc. uv is a static binary that can be installed without Rust or Python. \u2022 \U0001f9ea Tested at-scale against the top 10,000 PyPI packages. \u2022 \U0001f5a5\ufe0f Support for macOS, Linux, and Windows. \u2022 \U0001f9f0 Advanced features such as dependency version overrides and alternative resolution strategies. \u2022 \u2049\ufe0f Best-in-class error messages with a conflict-tracking resolver. \u2022 \U0001f91d Support for a wide range of advanced pip features, including editable installs, Git dependencies, direct URL dependencies, local dependencies, constraints, source distributions, HTML and JSON indexes, and more. -------------------------------------------------------------------------------- Update Information: Update uv to version 0.8.8. Update the h2 crate to version 0.4.12. The builds in this update also addressCVE-2025-54368. -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 9 2025 Benjamin A. Beasley - 0.8.8-1 - Update to 0.8.8 (close RHBZ#2387194) * Sat Aug 9 2025 Benjamin A. Beasley - 0.8.6-1 - Update to 0.8.6 * Wed Aug 6 2025 Benjamin A. Beasley - 0.8.5-1 - Update to 0.8.5 (close RHBZ#2386647) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2386891 - rust-h2-0.4.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2386891 [ 2 ] Bug #2387194 - uv-0.8.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=2387194 [ 3 ] Bug #2387243 - CVE-2025-54368 uv: uv ZIP Archive Validation Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2387243 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c22dd590b8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . The recent Fedora 42 update addresses critical issues related to ZIP file validation vulnerabilities and includes upgraded versions of various software packages.. Fedora 42, uv, software update, ZIP validation, Python package installer. . Severity: Critical. LinuxSecurity.com Team

Aug 19, 2025 •Critical Fedora