Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: Kubernetes 1.31 Moderate DoS Cross-Origin Protection

fedora
Calendar Grey November 22, 2025
Dist Fedora Esm H88
Kubernetes v1.31.14 update addresses multiple issues and safeguards Fedora 42 against significant security risks.
Update to release v1.31.14 Resolves: rhbz#2398586, rhbz#2398847, rhbz#2399248, rhbz#2399521 Resolves: rhbz#2399702, rhbz#2399720, rhbz#2407787, rhbz#2408057 Resolves: rhbz#2408314,...

Summary

Production-Grade Container Scheduling and Management.

Installs kubelet, the kubernetes agent on each machine in a

cluster. The kubernetes-client sub-package,

containing kubectl, is recommended but not strictly required.

The kubernetes-client sub-package should be installed on

control plane machines.

Update Information:

Update to release v1.31.14 Resolves: rhbz#2398586, rhbz#2398847, rhbz#2399248, rhbz#2399521 Resolves: rhbz#2399702, rhbz#2399720, rhbz#2407787, rhbz#2408057 Resolves: rhbz#2408314, rhbz#2408608, rhbz#2408671, rhbz#2408729 Resolves: rhbz#2409236, rhbz#2409526, rhbz#2409787, rhbz#2410201 Resolves: rhbz#2410476, rhbz#2410737, rhbz#2411116, rhbz#2411375 Resolves: rhbz#2411633, rhbz#2412568, rhbz#2412587, rhbz#2412802 Upstream fixes. Likely last release of Kubernetes 1.31

Topics%20covered

Topics Covered

security advisory fedora update DoS crossoriginprotection kubernetes1.31

Change Log

* Wed Nov 12 2025 Bradley G Smith - 1.31.14-1 - Update to release v1.31.14 - Resolves: rhbz#2398586, rhbz#2398847, rhbz#2399248, rhbz#2399521 - Resolves: rhbz#2399702, rhbz#2399720, rhbz#2407787, rhbz#2408057 - Resolves: rhbz#2408314, rhbz#2408608, rhbz#2408671, rhbz#2408729 - Resolves: rhbz#2409236, rhbz#2409526, rhbz#2409787, rhbz#2410201 - Resolves: rhbz#2410476, rhbz#2410737, rhbz#2411116, rhbz#2411375 - Resolves: rhbz#2411633, rhbz#2412568, rhbz#2412587, rhbz#2412802 - Upstream fixes. - Likely last release of Kubernetes 1.31 * Fri Oct 10 2025 Alejandro Sez - 1.31.13-2 - rebuild

References


[ 1 ] Bug #2398586 - CVE-2025-47910 kubernetes1.31: CrossOriginProtection bypass in net/http [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2398586 [ 2 ] Bug #2398847 - CVE-2025-47910 kubernetes1.31: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398847 [ 3 ] Bug #2399248 - CVE-2025-47906 kubernetes1.31: Unexpected paths returned from LookPath in os/exec [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2399248 [ 4 ] Bug #2399521 - CVE-2025-47906 kubernetes1.31: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399521 [ 5 ] Bug #2399702 - CVE-2025-11065 kubernetes1.31: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2399702 [ 6 ] Bug #2399720 - CVE-2025-11065 kubernetes1.31: Go-viper's mapstructure May Le...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4a1370ea1b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: kubernetes1.31
Product: Fedora 42
Version: 1.31.14
Release: 1.fc42
URL: https://github.com/kubernetes/kubernetes
Summary: Open Source Production-Grade Container Scheduling And Management Platform

Topics%20covered

Topics Covered

security advisory fedora update DoS crossoriginprotection kubernetes1.31

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here