Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Fedora 42: source-to-image Update 1.5.1 Fixes CrossOriginProtection Issues

fedora
Calendar Grey December 2, 2025
Scroller Fedora Esm H88
Update to source-to-image 1.5.1 for Fedora 42 addresses security issues and improves build processes.
Update to 1.5.1, migrate to Go Vendor Tools

Summary

Source-to-Image (S2I) is a toolkit and workflow for building reproducible

container images from source code. S2I produces ready-to-run images by

injecting source code into a container image and letting the container prepare

that source code for execution. By creating self-assembling builder images,

you can version and control your build environments exactly like you use

container images to version your runtime environments.

Update Information:

Update to 1.5.1, migrate to Go Vendor Tools

Change Log

* Sun Nov 9 2025 Yaakov Selkowitz - 1.5.1-1 - Update to 1.5.1 * Sun Nov 9 2025 Yaakov Selkowitz - 1.5.0-7 - Migrate to go-vendor-tools * Sun Oct 12 2025 Maxwell G - 1.5.0-5 - Rebuild for golang 1.25.2 * Fri Oct 10 2025 Alejandro Sez - 1.5.0-4 - rebuild * Fri Aug 15 2025 Maxwell G - 1.5.0-3 - Rebuild for golang-1.25.0 * Fri Jul 25 2025 Fedora Release Engineering - 1.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Mon Jan 27 2025 Yaakov Selkowitz - 1.5.0-1 - Update to 1.5.0 (rhbz#2337561)

References


[ 1 ] Bug #2337561 - source-to-image-1.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2337561 [ 2 ] Bug #2398887 - CVE-2025-47910 source-to-image: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398887 [ 3 ] Bug #2399569 - CVE-2025-47906 source-to-image: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399569 [ 4 ] Bug #2408097 - CVE-2025-58189 source-to-image: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408097 [ 5 ] Bug #2409567 - CVE-2025-61723 source-to-image: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409567 [ 6 ] Bug #2410518 - CVE-2025-58185 source-to-image: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-96f340d7a0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: source-to-image
Product: Fedora 42
Version: 1.5.1
Release: 1.fc42
Summary: A tool for building artifacts from source and injecting into container images

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.