Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: Buildah Critical Security Update FEDORA-2025-8a248ee4f4

fedora
Calendar Grey November 25, 2025
Dist Fedora Esm H88
Automatic update for Fedora 42 buildah includes critical security fixes related to multiple CVEs.
Automatic update for podman-5.7.0-1.fc42, buildah-1.42.1-1.fc42

Summary

The buildah package provides a command line tool which can be used to

* create a working container from scratch

or

* create a working container from an image as a starting point

* mount/umount a working container's root file system for manipulation

* save container's root file system layer to create a new image

* delete a working container or an image

Update Information:

Automatic update for podman-5.7.0-1.fc42, buildah-1.42.1-1.fc42. Changelog for podman * Tue Nov 11 2025 Packit - 5:5.7.0-1 - Update to 5.7.0 upstream release * Thu Oct 30 2025 Packit - 5:5.7.0~rc2-1 - Update to 5.7.0-rc2 upstream release * Tue Oct 28 2025 Lokesh Mandvekar - 5:5.7.0~rc1-1 - bump to v5.7.0-rc1 Changelog for buildah * Tue Nov 11 2025 Packit - 2:1.42.1-1 - Update to 1.42.1 upstream release * Mon Nov 03 2025 Lokesh Mandvekar - 2:1.42.0-3 - Rebuild for CVE fixes * Thu Oct 23 2025 Lokesh Mandvekar - 2:1.42.0-2 - cleanup changelog * Wed Oct 22 2025 Packit - 2:1.42.0-1 - Update to 1.42.0 upstream release

Topics%20covered

Topics Covered

security advisory fedora critical DoS CVE buildah

Change Log

* Tue Nov 11 2025 Packit - 2:1.42.1-1 - Update to 1.42.1 upstream release * Mon Nov 3 2025 Lokesh Mandvekar - 2:1.42.0-3 - Rebuild for CVE fixes * Thu Oct 23 2025 Lokesh Mandvekar - 2:1.42.0-2 - cleanup changelog * Wed Oct 22 2025 Packit - 2:1.42.0-1 - Update to 1.42.0 upstream release

References


[ 1 ] Bug #2407848 - CVE-2025-58189 buildah: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2407848 [ 2 ] Bug #2408084 - CVE-2025-58189 podman: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408084 [ 3 ] Bug #2408629 - CVE-2025-61725 buildah: Excessive CPU consumption in ParseAddress in net/mail [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408629 [ 4 ] Bug #2408684 - CVE-2025-61725 podman: Excessive CPU consumption in ParseAddress in net/mail [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408684 [ 5 ] Bug #2409315 - CVE-2025-61723 buildah: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409315 [ 6 ] Bug #2409554 - CVE-2025-61723 podman: Quadratic comp...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8a248ee4f4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: buildah
Product: Fedora 42
Version: 1.42.1
Release: 1.fc42
URL: https://buildah.io
Summary: A command line tool used for creating OCI Images

Topics%20covered

Topics Covered

security advisory fedora critical DoS CVE buildah

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here