Fedora 42: opentofu Advisory 2025-6ab111452f CVE Issues Severity

fedora

November 15, 2025

Update to 1.10.7

Summary

OpenTofu lets you declaratively manage your cloud infrastructure.

Update Information:

Update to 1.10.7

Topics Covered

security advisory information leak fedora arbitrary file read Opentofu circl-fourq

Change Log

* Thu Nov 6 2025 Mikel Olasagasti Uranga - 1.10.7-1 - Update to 1.10.7 - Closes rhbz#2413156 * Fri Oct 10 2025 Alejandro Sez - 1.10.6-2 - rebuild * Thu Sep 4 2025 Mikel Olasagasti Uranga - 1.10.6-1 - Update to 1.10.6 - Closes rhbz#2385775 * Fri Aug 15 2025 Maxwell G - 1.10.3-2 - Rebuild for golang-1.25.0

References

[ 1 ] Bug #2375630 - opentofu: mapstructure May Leak Sensitive Information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2375630 [ 2 ] Bug #2386309 - CVE-2025-8556 opentofu: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2386309 [ 3 ] Bug #2388887 - CVE-2025-8959 opentofu: HashiCorp go-getter Arbitrary File Read [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2388887 [ 4 ] Bug #2390878 - opentofu: go-viper's mapstructure May Leak Sensitive Information in Logs [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2390878 [ 5 ] Bug #2391666 - CVE-2025-58058 opentofu: github.com/ulikunitz/xz leaks memory [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2391666 [ 6 ] Bug #2398870 - CVE-2025-47910 opentofu: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398870

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6ab111452f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity

important

Lowest

Low

Medium

High

Critical

Name: opentofu

Product: Fedora 42

Version: 1.10.7

Release: 1.fc42

URL: https://github.com/opentofu/opentofu

Summary: OpenTofu lets you declaratively manage your cloud infrastructure

Topics Covered

security advisory information leak fedora arbitrary file read Opentofu circl-fourq

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 42: opentofu Advisory 2025-6ab111452f CVE Issues Severity

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 42: opentofu Advisory 2025-6ab111452f CVE Issues Severity

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!