Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora 41: yq Important HTTP Proxy and Input Security Fixes 2025-d8a379a267

fedora
Calendar Grey September 7, 2025
Dist Fedora Esm H88
Significant Fedora Upgrade for yq 4.47.1 addresses vulnerabilities related to HTTP Proxy evasion and input handling. Update is advised.
Add shell-completions Update to 4.47.1 and adopt go-vendor-tools

Summary

Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties

processor.

Update Information:

Add shell-completions Update to 4.47.1 and adopt go-vendor-tools

Change Log

* Fri Aug 29 2025 Mikel Olasagasti Uranga - 4.47.1-2 - Add shell completions * Thu Aug 21 2025 Romain Geissler - 4.47.1-1 - Upgrade to upstream version 4.47.1 and use vendoring (rhbz#2282002). * Fri Aug 15 2025 Maxwell G - 4.43.1-7 - Rebuild for golang-1.25.0 * Fri Jul 25 2025 Fedora Release Engineering - 4.43.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References


[ 1 ] Bug #2352349 - CVE-2025-22870 yq: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2352349 [ 2 ] Bug #2360619 - CVE-2025-22872 yq: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2360619

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d8a379a267' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: yq
Product: Fedora 41
Version: 4.47.1
Release: 2.fc41
Summary: Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here