Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Fedora 42: Buildah Command Line Tool Critical Update for CVE-2025-9566

fedora
Calendar Grey September 10, 2025
Dist Fedora Esm H88
A critical update for Podman on Fedora 42 tackling CVE-2025-9566 has been rolled out, enhancing container security.
Security update for CVE-2025-9566 Automatic update for containers-common-0.64.2-1.fc42, podman-5.6.1-1.fc42, buildah-1.41.4-1.fc42

Summary

The buildah package provides a command line tool which can be used to

* create a working container from scratch

or

* create a working container from an image as a starting point

* mount/umount a working container's root file system for manipulation

* save container's root file system layer to create a new image

* delete a working container or an image

Update Information:

Security update for CVE-2025-9566 Automatic update for containers-common-0.64.2-1.fc42, podman-5.6.1-1.fc42, buildah-1.41.4-1.fc42. Changelog for containers-common * Wed Sep 03 2025 Packit - 5:0.64.2-1 - Update to 0.64.2 upstream release Changelog for podman * Thu Sep 04 2025 Packit - 5:5.6.1-1 - Update to 5.6.1 upstream release Changelog for buildah * Thu Sep 04 2025 Packit - 2:1.41.4-1 - Update to 1.41.4 upstream release

Change Log

* Thu Sep 4 2025 Packit - 2:1.41.4-1 - Update to 1.41.4 upstream release

References


[ 1 ] Bug #2393154 - CVE-2025-9566 podman: Podman kube play command may overwrite host files [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2393154

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-19f7dd07d9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: buildah
Product: Fedora 42
Version: 1.41.4
Release: 1.fc42
Summary: A command line tool used for creating OCI Images

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here