Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: migrate 4.19.0 Critical CVE Fix RHSA-2025-57302ba8ea

fedora
Calendar Grey November 29, 2025
Dist Fedora Esm H88
Upgrade to Fedora 42, migrating to kernel 4.19.0 to resolve vital security vulnerabilities related to Go and enhance overall system integrity
Update to 4.19.0 Address CVEs by rebuilding with Go 1.24.10

Summary

Go database migrations library and program.

This package is built with the following databases backends:

* cassandra

* cockroachdb

* mongodb

* mysql

* postgres

* redshift

* sqlite3

* sqlite

This package is built with the following source backends:

* github

* gitlab

* go-bindata

* godoc-vfs

* gcs

* iofs

* pkger

* s3

Update Information:

Update to 4.19.0 Address CVEs by rebuilding with Go 1.24.10

Topics%20covered

Topics Covered

security advisory fedora vulnerability migration CVE Go

Change Log

* Fri Nov 21 2025 Link Dupont - 4.19.0-1 - Update to version 4.19.0

References


[ 1 ] Bug #2360648 - CVE-2025-22872 migrate: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2360648 [ 2 ] Bug #2408067 - CVE-2025-58189 migrate: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408067 [ 3 ] Bug #2409536 - CVE-2025-61723 migrate: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409536 [ 4 ] Bug #2410487 - CVE-2025-58185 migrate: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410487 [ 5 ] Bug #2411385 - CVE-2025-58188 migrate: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411385

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-57302ba8ea' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: migrate
Product: Fedora 42
Version: 4.19.0
Release: 1.fc42
URL: https://github.com/golang-migrate/migrate
Summary: Go database migrations library and program

Topics%20covered

Topics Covered

security advisory fedora vulnerability migration CVE Go

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here