Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: podman Critical ALPN Errors CPU Fix FEDORA-2025-8a248ee4f4

fedora
Calendar Grey November 25, 2025
Dist Fedora Esm H88
Fedora 42 podman update fixes critical ALPN negotiation issues and CPU consumption vulnerabilities for enhanced security.
Automatic update for podman-5.7.0-1.fc42, buildah-1.42.1-1.fc42

Summary

podman (Pod Manager) is a fully featured container engine that is a simple

daemonless tool. podman provides a Docker-CLI comparable command line that

eases the transition from other container engines and allows the management of

pods, containers and images. Simply put: alias docker=podman.

Most podman commands can be run as a regular user, without requiring

additional privileges.

podman uses Buildah(1) internally to create container images.

Both tools share image (not container) storage, hence each can use or

manipulate images (but not containers) created by the other.

Update Information:

Automatic update for podman-5.7.0-1.fc42, buildah-1.42.1-1.fc42. Changelog for podman * Tue Nov 11 2025 Packit - 5:5.7.0-1 - Update to 5.7.0 upstream release * Thu Oct 30 2025 Packit - 5:5.7.0~rc2-1 - Update to 5.7.0-rc2 upstream release * Tue Oct 28 2025 Lokesh Mandvekar - 5:5.7.0~rc1-1 - bump to v5.7.0-rc1 Changelog for buildah * Tue Nov 11 2025 Packit - 2:1.42.1-1 - Update to 1.42.1 upstream release * Mon Nov 03 2025 Lokesh Mandvekar - 2:1.42.0-3 - Rebuild for CVE fixes * Thu Oct 23 2025 Lokesh Mandvekar - 2:1.42.0-2 - cleanup changelog * Wed Oct 22 2025 Packit - 2:1.42.0-1 - Update to 1.42.0 upstream release

Topics%20covered

Topics Covered

security advisory fedora update cpu consumption Podman alpn negotiation

Change Log

* Tue Nov 11 2025 Packit - 5:5.7.0-1 - Update to 5.7.0 upstream release * Thu Oct 30 2025 Packit - 5:5.7.0~rc2-1 - Update to 5.7.0-rc2 upstream release * Tue Oct 28 2025 Lokesh Mandvekar - 5:5.7.0~rc1-1 - bump to v5.7.0-rc1

References


[ 1 ] Bug #2407848 - CVE-2025-58189 buildah: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2407848 [ 2 ] Bug #2408084 - CVE-2025-58189 podman: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408084 [ 3 ] Bug #2408629 - CVE-2025-61725 buildah: Excessive CPU consumption in ParseAddress in net/mail [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408629 [ 4 ] Bug #2408684 - CVE-2025-61725 podman: Excessive CPU consumption in ParseAddress in net/mail [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408684 [ 5 ] Bug #2409315 - CVE-2025-61723 buildah: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409315 [ 6 ] Bug #2409554 - CVE-2025-61723 podman: Quadratic comp...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8a248ee4f4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: podman
Product: Fedora 42
Version: 5.7.0
Release: 1.fc42
URL: https://podman.io/
Summary: Manage Pods, Containers and Container Images

Topics%20covered

Topics Covered

security advisory fedora update cpu consumption Podman alpn negotiation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here