Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: Skopeo Critical Security Issue CVE-2025-58189, CVE-2025-61725

fedora
Calendar Grey November 13, 2025
Dist Fedora Esm H88
Update for skopeo addresses serious security issues in Fedora 42 related to CVE-2025-58189 and CVE-2025-61725.
Security fix for CVE-2025-58189 and CVE-2025-61725

Summary

Command line utility to inspect images and repositories directly on Docker

registries without the need to pull them

Update Information:

Security fix for CVE-2025-58189 and CVE-2025-61725

Topics%20covered

Topics Covered

security advisory security issue fedora critical command line Skopeo

Change Log

* Fri Oct 31 2025 Lokesh Mandvekar - 1:1.20.0-4 - Resolves: CVE-2025-58189, CVE-2025-61725

References


[ 1 ] Bug #2408094 - CVE-2025-58189 skopeo: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408094 [ 2 ] Bug #2408689 - CVE-2025-61725 skopeo: Excessive CPU consumption in ParseAddress in net/mail [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408689 [ 3 ] Bug #2409564 - CVE-2025-61723 skopeo: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409564 [ 4 ] Bug #2410515 - CVE-2025-58185 skopeo: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410515 [ 5 ] Bug #2411413 - CVE-2025-58188 skopeo: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411413 [ 6 ] Bug #2412818 - CVE-2025-58183 skopeo: Unbounded all...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-01148de25a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: skopeo
Product: Fedora 42
Version: 1.20.0
Release: 4.fc42
URL: https://github.com/containers/skopeo
Summary: Inspect container images and repositories on registries

Topics%20covered

Topics Covered

security advisory security issue fedora critical command line Skopeo

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here