Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42 chezmoi Critical Security Update Multiple Threats 2026-f6901d5918

fedora
Calendar Grey March 7, 2026
Dist Fedora Esm H88
Critical updates for chezmoi on Fedora 42 resolve multiple security issues, including memory exhaustions and CPU consumption.
Update to 2.69.4

Summary

Manage your dotfiles across multiple diverse machines, securely.

Update Information:

Update to 2.69.4

Topics%20covered

Topics Covered

security advisory fedora important cpu consumption chezmoi crossorigin

Change Log

* Wed Feb 11 2026 Packit - 2.69.4-1 - Update to 2.69.4 upstream release - Resolves: rhbz#2430279 * Mon Feb 2 2026 Maxwell G - 2.69.1-4 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Fri Jan 16 2026 Fedora Release Engineering - 2.69.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering - 2.69.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Sat Jan 10 2026 Packit - 2.69.1-1 - Update to 2.69.1 upstream release - Resolves: rhbz#2428410 * Mon Jan 5 2026 Packit - 2.69.0-1 - Update to 2.69.0 upstream release - Resolves: rhbz#2427071 * Wed Dec 17 2025 Mikel Olasagasti Uranga - 2.68.1-1 - Update to 2.68.1 - Closes rhbz#2394285 * Fri Oct 10 2025 Maxwell G - 2.63.1-2 - Rebuild for golang 1.25.2

References


[ 1 ] Bug #2398284 - CVE-2025-47910 chezmoi: CrossOriginProtection bypass in net/http [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2398284 [ 2 ] Bug #2398651 - CVE-2025-47910 chezmoi: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398651 [ 3 ] Bug #2399325 - CVE-2025-47906 chezmoi: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399325 [ 4 ] Bug #2403147 - CVE-2025-11579 chezmoi: RarDecode Out Of Memory Crash [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2403147 [ 5 ] Bug #2407853 - CVE-2025-58189 chezmoi: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2407853 [ 6 ] Bug #2408630 - CVE-2025-61725 chezmoi: Excessive CPU consumption in ParseAddress in net/mail [fedora-42] https://bugzilla.redhat.com/sho...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f6901d5918' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: chezmoi
Product: Fedora 42
Version: 2.69.4
Release: 1.fc42
URL: https://github.com/twpayne/chezmoi
Summary: Manage your dotfiles across multiple diverse machines

Topics%20covered

Topics Covered

security advisory fedora important cpu consumption chezmoi crossorigin

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here