Alerts This Week
Warning Icon 1 717
Alerts This Week
Warning Icon 1 717

Fedora 41: Security Update for OpenTofu 1.10.7 Addresses Vulnerabilities

fedora
Calendar Grey November 15, 2025
Dist Fedora Esm H88
Fedora 41 update for OpenTofu version 1.10.7 addresses information leaks and validation issues.
Update to 1.10.7

Summary

OpenTofu lets you declaratively manage your cloud infrastructure.

Update Information:

Update to 1.10.7

Topics%20covered

Topics Covered

security advisory information leak fedora arbitrary file read Opentofu missing validation

Change Log

* Thu Nov 6 2025 Mikel Olasagasti Uranga - 1.10.7-1 - Update to 1.10.7 - Closes rhbz#2413156 * Fri Oct 10 2025 Alejandro Sez - 1.10.6-2 - rebuild * Thu Sep 4 2025 Mikel Olasagasti Uranga - 1.10.6-1 - Update to 1.10.6 - Closes rhbz#2385775 * Fri Aug 15 2025 Maxwell G - 1.10.3-2 - Rebuild for golang-1.25.0 * Sat Jul 26 2025 Mikel Olasagasti Uranga - 1.10.3-1 - Update to 1.10.3 - Closes rhbz#2380221 * Thu Jul 24 2025 Fedora Release Engineering - 1.10.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Thu Jun 26 2025 Mikel Olasagasti Uranga - 1.10.1-1 - Update to 1.10.1 - Closes rhbz#2374763 * Tue Jun 24 2025 Mikel Olasagasti Uranga - 1.10.0-1 - Update to 1.10.0 - Closes rhbz#2374600

References


[ 1 ] Bug #2375615 - opentofu: mapstructure May Leak Sensitive Information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2375615 [ 2 ] Bug #2384150 - opentofu: go-viper information leak [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2384150 [ 3 ] Bug #2386297 - CVE-2025-8556 opentofu: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2386297 [ 4 ] Bug #2388884 - CVE-2025-8959 opentofu: HashiCorp go-getter Arbitrary File Read [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2388884 [ 5 ] Bug #2390857 - opentofu: go-viper's mapstructure May Leak Sensitive Information in Logs [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2390857 [ 6 ] Bug #2391634 - CVE-2025-58058 opentofu: github.com/ulikunitz/xz leaks memory [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2391634 [ 7 ] Bug #2398604 - CVE-2025-47910 open...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c555ce4089' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: opentofu
Product: Fedora 41
Version: 1.10.7
Release: 1.fc41
URL: https://github.com/opentofu/opentofu
Summary: OpenTofu lets you declaratively manage your cloud infrastructure

Topics%20covered

Topics Covered

security advisory information leak fedora arbitrary file read Opentofu missing validation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here