Hello, we have received a heads-up about a security flaw in llama-cpp upstream, the security flaw is a RCE in llama-cpp RPC mechanism which were reported on: https://retr0.blog/blog/llama-rpc-rce Looking at the project's GitHub security advisory page at: https://github.com/ggml-org/llama.cpp/security I see there's no advisory nor CVE reported for this, however there's a upstream commit mentioning the RCE and containing a fix: https://github.com/ggml-org/llama.cpp/commit/1d20e53c40c3cc848ba2b95f5bf7c075eeec8b19 The commit above was included firstly on b4657 tag: $ git tag --contains 1d20e53c40c3cc848ba2b95f5bf7c075eeec8b19 | head -10 b4657 b4658 b4659 b4660 b4661 b4662 b4663 b4666 b4667 b4671 Looking at latest llama-cpp build on Koji it seems it's on b4580 tag: https://koji.fedoraproject.org/koji/buildinfo?buildID=2675105 built on last March 9th which doesn't currently have the commit. Reproducible: Always
FEDORA-2025-b356588c06 (llama-cpp-b4094-11.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-b356588c06
FEDORA-2025-b356588c06 has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-b356588c06` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-b356588c06 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-b356588c06 (llama-cpp-b4094-11.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.