Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Fedora 42: FEDORA-2025-4518c12e2f critical: caddy DoS Fixes

fedora
Calendar Grey April 29, 2025
Dist Fedora Esm H88
Upgrade caddy to version 2.10.0 on Fedora 42, addressing vital security vulnerabilities and boosting efficiency.
Update to version 2.10.0

Summary

Caddy is an extensible server platform that uses TLS by default.

Update Information:

Update to version 2.10.0. Aside from the new upstream features, this update also refreshes many bundled dependencies, fixing a few CVEs. https://github.com/caddyserver/caddy/releases/tag/v2.10.0

Change Log

* Sat Apr 19 2025 Carl George - 2.10.0-1 - Update to version 2.10.0 rhbz#2350493 - Resolves CVE-2025-22872 - Resolves CVE-2024-45339 - Resolves CVE-2025-22869

References


[ 1 ] Bug #2350493 - caddy-2.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2350493 [ 2 ] Bug #2360622 - CVE-2025-22872 caddy: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2360622 [ 3 ] Bug #2361093 - CVE-2024-45339 caddy: Vulnerability when creating log files in github.com/golang/glog [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2361093 [ 4 ] Bug #2361094 - CVE-2025-22869 caddy: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2361094

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4518c12e2f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: caddy
Product: Fedora 42
Version: 2.10.0
Release: 1.fc42
Summary: Web server with automatic HTTPS

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here