Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 41: toolbox Critical Fixes for CVE-2025-23266, GHSA-fv92-fjc5-jj9h

fedora
Calendar Grey August 24, 2025
Dist Fedora Esm H88
Essential security patches for Fedora 41 toolbox, addressing vulnerabilities related to privilege elevation and access control flaws.
Security fixes Bumped the minimum github.com/go-viper/mapstructure/v2 version to 2.3.0 for GHSA-fv92-fjc5-jj9h or GO-2025-3787 Bumped the minimum github.com/NVIDIA/nvidia-containe...

Summary

Toolbx is a tool for Linux, which allows the use of interactive command line

environments for software development and troubleshooting the host operating

system, without having to install software on the host. It is built on top of

Podman and other standard container technologies from OCI.

Toolbx environments have seamless access to the user's home directory, the

Wayland and X11 sockets, networking (including Avahi), removable devices (like

USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev

database, etc..

Update Information:

Security fixes Bumped the minimum github.com/go-viper/mapstructure/v2 version to 2.3.0 for GHSA-fv92-fjc5-jj9h or GO-2025-3787 Bumped the minimum github.com/NVIDIA/nvidia-container-toolkit version to 1.17.8 for CVE-2025-23266 and CVE-2025-23267 Bug fixes Improved error handling when creating symbolic links inside the container to initialize it Preserved environment variables set by a KDE session and Konsole Unbroke access to CA certificates in sshd(8) sessions (regression in 0.1.2) Unbroke overriding the HOME variable (regression in 0.0.90) Dependencies Bumped the minimum Go version to 1.22

Topics%20covered

Topics Covered

security advisory fedora privilege escalation command line Nvidia Container Toolkit go-viper

Change Log

* Sat Aug 9 2025 Debarshi Ray - 0.2-1 - Update to 0.2 - Fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787

References


[ 1 ] Bug #2375617 - toolbox: mapstructure May Leak Sensitive Information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2375617 [ 2 ] Bug #2382219 - CVE-2025-23266 toolbox: Privilege Escalation via Hook Initialization in NVIDIA Container Toolkit [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2382219 [ 3 ] Bug #2387403 - toolbox-0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2387403

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-ab370b9ac9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: toolbox
Product: Fedora 41
Version: 0.2
Release: 1.fc41
URL: https://containertoolbx.org/
Summary: Tool for interactive command line environments on Linux

Topics%20covered

Topics Covered

security advisory fedora privilege escalation command line Nvidia Container Toolkit go-viper

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here