Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Fedora 42: doctl Update Advisory for Multiple Threats 2025-cfdb90b52d

fedora
Calendar Grey January 4, 2026
Dist Fedora Esm H88
Critical updates released for doctl on Fedora address several security issues including memory exhaustion and privilege escalation.
Update to 1.148.0

Summary

The official command line interface for the DigitalOcean API.

Update Information:

Update to 1.148.0

Topics%20covered

Topics Covered

security advisory fedora bug fix memory exhaustion cross-origin protection doctl

Change Log

* Mon Dec 29 2025 Mikel Olasagasti Uranga - 1.148.0-1 - Update to 1.148.0 - Closes rhbz#2397308 * Fri Oct 10 2025 Alejandro Sez - 1.142.0-2 - rebuild

References


[ 1 ] Bug #2398680 - CVE-2025-47910 doctl: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398680 [ 2 ] Bug #2399357 - CVE-2025-47906 doctl: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399357 [ 3 ] Bug #2407883 - CVE-2025-58189 doctl: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2407883 [ 4 ] Bug #2409352 - CVE-2025-61723 doctl: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409352 [ 5 ] Bug #2410302 - CVE-2025-58185 doctl: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410302 [ 6 ] Bug #2412383 - CVE-2025-58188 doctl: Panic when validating certificates with DSA public keys in cry...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-cfdb90b52d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: doctl
Product: Fedora 42
Version: 1.148.0
Release: 1.fc42
URL: https://github.com/digitalocean/doctl
Summary: The official command line interface for the DigitalOcean API

Topics%20covered

Topics Covered

security advisory fedora bug fix memory exhaustion cross-origin protection doctl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here