Fedora has issued critical security updates for the linenoise library, which serves as a minimal alternative to the readline line-editing library. The updates address a significant vulnerability identified as CVE-2025-9810, which involves a TOCTOU (time-of-check to time-of-use) race condition that could potentially allow arbitrary file overwrites and changes to file permissions.
The updates are specifically available for Fedora versions 41 and 42, with the respective package versions being:
- Fedora 41: linenoise-1.0-9.20200312git97d2850.fc41
- Fedora 42: linenoise-1.0-12.20200312git97d2850.fc42
To install these updates, users can utilize the "dnf" update program by executing the command:
Both updates were released on September 15, 2025, with detailed change logs indicating the fixes for CVE-2025-9810. Users are reminded that all packages are signed with the Fedora Project GPG key for security. More information about the GPG keys and the dnf documentation can be found on the Fedora Project website.
In addition to addressing this specific vulnerability, the release underscores Fedora's commitment to maintaining security and stability within its software ecosystem. Users are encouraged to regularly check for updates to ensure their systems remain secure against potential threats. It is also advisable for developers and system administrators to stay informed about security advisories and apply updates promptly to mitigate risks associated with vulnerabilities
The updates are specifically available for Fedora versions 41 and 42, with the respective package versions being:
- Fedora 41: linenoise-1.0-9.20200312git97d2850.fc41
- Fedora 42: linenoise-1.0-12.20200312git97d2850.fc42
To install these updates, users can utilize the "dnf" update program by executing the command:
bashsu -c 'dnf upgrade --advisory FEDORA-2025-cbe2e6c8ce' # for Fedora 41
su -c 'dnf upgrade --advisory FEDORA-2025-b83972992e' # for Fedora 42
Both updates were released on September 15, 2025, with detailed change logs indicating the fixes for CVE-2025-9810. Users are reminded that all packages are signed with the Fedora Project GPG key for security. More information about the GPG keys and the dnf documentation can be found on the Fedora Project website.
In addition to addressing this specific vulnerability, the release underscores Fedora's commitment to maintaining security and stability within its software ecosystem. Users are encouraged to regularly check for updates to ensure their systems remain secure against potential threats. It is also advisable for developers and system administrators to stay informed about security advisories and apply updates promptly to mitigate risks associated with vulnerabilities
Linenoise update for Fedora
Fedora has released security updates for the linenoise library, which is a replacement for readline. The update addresses CVE-2025-9810, a TOCTOU (time-of-check to time-of-use) race in Linenoise that enables arbitrary file overwrite and permission changes. Updates are available for Fedora 41 and Fedora 42, with version 1.0-9.20200312git97d2850.fc41 and 1.0-12.20200312git97d2850.fc42 respectively.
Fedora 41 Update: linenoise-1.0-9.20200312git97d2850.fc41
Fedora 42 Update: linenoise-1.0-12.20200312git97d2850.fc42
