Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 42 SingularityCE Critical Update for Go CVEs 2025-75b28e93c9

fedora
Calendar Grey November 8, 2025
Dist Fedora Esm H88
Upgrade to SingularityCE 4.3.4 on Fedora 42 to fix critical security issues in Go libraries affecting performance.
Upgrade to 4.3.4 upstream version

Summary

SingularityCE is the Community Edition of Singularity, an open source

container platform designed to be simple, fast, and secure.

Update Information:

Upgrade to 4.3.4 upstream version. Build with Go 1.24.9 fixes multiple Go CVEs BZ#2408093 BZ#2408688 BZ#2409563 BZ#2410514 BZ#2411412

Topics%20covered

Topics Covered

security advisory fedora critical memory exhaustion cpu consumption certificate validation

Change Log

* Thu Oct 30 2025 David Trudgian - 4.3.4-1 - Upgrade to 4.3.4 upstream version.

References


[ 1 ] Bug #2408093 - CVE-2025-58189 singularity-ce: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408093 [ 2 ] Bug #2408688 - CVE-2025-61725 singularity-ce: Excessive CPU consumption in ParseAddress in net/mail [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408688 [ 3 ] Bug #2409563 - CVE-2025-61723 singularity-ce: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409563 [ 4 ] Bug #2410514 - CVE-2025-58185 singularity-ce: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410514 [ 5 ] Bug #2411412 - CVE-2025-58188 singularity-ce: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411412

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-75b28e93c9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: singularity-ce
Product: Fedora 42
Version: 4.3.4
Release: 1.fc42
URL:
Summary: Application and environment virtualization

Topics%20covered

Topics Covered

security advisory fedora critical memory exhaustion cpu consumption certificate validation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here