Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 43: Critical Advisory for Excessive CPU Usage with chezmoi

fedora
Calendar Grey December 26, 2025
Dist Fedora Esm H88
CVE-2025-58189 and CVE-2025-61725 impact chezmoi on Fedora 43. Install update 2.68.1 for security fixes.
Update to 2.68.1

Summary

Manage your dotfiles across multiple diverse machines, securely.

Update Information:

Update to 2.68.1

Topics%20covered

Topics Covered

security advisory fedora critical cpu consumption chezmoi dotfiles

Change Log

* Wed Dec 17 2025 Mikel Olasagasti Uranga - 2.68.1-1 - Update to 2.68.1 - Closes rhbz#2394285 * Fri Oct 10 2025 Maxwell G - 2.63.1-2 - Rebuild for golang 1.25.2

References


[ 1 ] Bug #2408131 - CVE-2025-58189 chezmoi: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408131 [ 2 ] Bug #2408695 - CVE-2025-61725 chezmoi: Excessive CPU consumption in ParseAddress in net/mail [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408695

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-28e625afa6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: chezmoi
Product: Fedora 43
Version: 2.68.1
Release: 1.fc43
URL: https://github.com/twpayne/chezmoi
Summary: Manage your dotfiles across multiple diverse machines

Topics%20covered

Topics Covered

security advisory fedora critical cpu consumption chezmoi dotfiles

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here