Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Fedora 42: Crucial Restic Security Advisory CVE-2025-47910 Update

fedora
Calendar Grey December 3, 2025
Dist Fedora Esm H88
Critical update for restic on Fedora 42 addressing multiple security issues, improve backup efficiency.
Update to 0.18.1

Summary

Fast, secure, efficient backup program.

restic supports the following backends for storing backups natively:

* Local directory

* sftp server (via SSH)

* HTTP REST server (protocol, rest-server)

* Amazon S3 (either from Amazon or using the Minio server)

* OpenStack Swift

* BackBlaze B2

* Microsoft Azure Blob Storage

* Google Cloud Storage

* And many other services via the rclone Backend

Update Information:

Update to 0.18.1

Topics%20covered

Topics Covered

security advisory fedora important processing error cross-origin bypass restic

Change Log

* Mon Nov 24 2025 Mikel Olasagasti Uranga - 0.18.1-1 - Update to 0.18.1 - Closes rhbz#2397204 rhbz2416773 * Fri Oct 10 2025 Alejandro Sez - 0.18.0-5 - rebuild * Fri Aug 15 2025 Maxwell G - 0.18.0-4 - Rebuild for golang-1.25.0 * Fri Jul 25 2025 Fedora Release Engineering - 0.18.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References


[ 1 ] Bug #2398882 - CVE-2025-47910 restic: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398882 [ 2 ] Bug #2399561 - CVE-2025-47906 restic: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399561 [ 3 ] Bug #2408090 - CVE-2025-58189 restic: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408090 [ 4 ] Bug #2408687 - CVE-2025-61725 restic: Excessive CPU consumption in ParseAddress in net/mail [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408687 [ 5 ] Bug #2409560 - CVE-2025-61723 restic: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409560 [ 6 ] Bug #2410511 - CVE-2025-58185 restic: Parsing DER payload can cause memory exhaustion in encoding/asn1 [f...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-65fc438cba' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: restic
Product: Fedora 42
Version: 0.18.1
Release: 1.fc42
URL: https://github.com/restic/restic
Summary: Fast, secure, efficient backup program

Topics%20covered

Topics Covered

security advisory fedora important processing error cross-origin bypass restic

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here