The following Fedora EPEL 8 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-25f4776e14
civetweb-1.16-10.el8
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-c991443c0c
apptainer-1.4.3-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
python-colcon-core-0.20.1-1.el8
python-specfile-0.37.1-1.el8
valkey-8.0.6-1.el8
Details about builds:
================================================================================
python-colcon-core-0.20.1-1.el8 (FEDORA-EPEL-2025-de5972edac)
Command line tool to build sets of software packages
--------------------------------------------------------------------------------
Update Information:
Update to colcon-core 0.20.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 6 2025 Scott K Logan <[email protected]> - 0.20.1-1
- Update to 0.20.1 (rhbz#2384195)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2384195 - python-colcon-core-0.20.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2384195
--------------------------------------------------------------------------------
================================================================================
python-specfile-0.37.1-1.el8 (FEDORA-EPEL-2025-6327951b1b)
A library for parsing and manipulating RPM spec files
--------------------------------------------------------------------------------
Update Information:
Automatic update for python-specfile-0.37.1-1.el8.
Changelog for python-specfile
* Fri Oct 03 2025 Packit <[email protected]> - 0.37.1-1
- We have solved a FutureWarning in our codebase. (#485)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 3 2025 Packit <[email protected]> - 0.37.1-1
- We have solved a FutureWarning in our codebase. (#485)
--------------------------------------------------------------------------------
================================================================================
valkey-8.0.6-1.el8 (FEDORA-EPEL-2025-2d44b874a0)
A persistent key-value database
--------------------------------------------------------------------------------
Update Information:
Valkey 8.0.6 - Released Fri 03 October 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.
Security fixes
CVE-2025-49844 A Lua script may lead to remote code execution
CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
CVE-2025-46818 A Lua script can be executed in the context of another user
CVE-2025-46819 LUA out-of-bound read
Bug fixes
Fix accounting for dual channel RDB bytes in replication stats (#2616)
Minor fix for dual rdb channel connection conn error log (#2658)
Fix unsigned difference expression compared to zero (#2101)
Valkey 8.0.5 - Released Thu 22 Aug 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.
Bug fixes
Fix clients remaining blocked when reprocessing commands after certain
blocking operations (#2109)
Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
Fix potential memory leak by ensuring module context is freed when aux_save2
callback writes no data (#2132)
Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients
(#2117)
Fix missing NULL check on SSL_new() when creating outgoing TLS connections
(#2140)
Fix incorrect casting of ping extension lengths to prevent silent packet drops
(#2144)
Fix replica failover stall due to outdated config epoch (#2178)
Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after
dynamic config change (#2186)
Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
Fix client tracking memory overhead calculation (#2360)
Handle divergent shard-id from nodes.conf and reconcile to the primary node's
shard-id (#2174)
Fix pre-size hashtables per slot when reading RDB files (#2466)
Behavior changes
Trigger election immediately during a forced manual failover (CLUSTER
FAILOVER FORCE) to avoid delay (#1067)
Reset ongoing election state when initiating a new manual failover (#1274)
Logging and Tooling Improvements
Add support to drop all cluster packets (#1252)
Improve log clarity in failover auth denial message (#1341)
Security fixes
CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject
paths longer than PATH_MAX (#2146)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Remi Collet <[email protected]> - 8.0.6-1
- update to 8.0.6
fixes CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 and CVE-2025-46819
- update documentation to 8.0.5
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
