Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: toolbox Security Updates for CVE-2025-23266 CVE-2025-23267

fedora
Calendar Grey August 11, 2025
Dist Fedora Esm H88
The recent Fedora 42 toolbox update addresses security issues related to Go and vulnerabilities in the NVIDIA toolkit.
Security fixes Bumped the minimum github.com/go-viper/mapstructure/v2 version to 2.3.0 for GHSA-fv92-fjc5-jj9h or GO-2025-3787 Bumped the minimum github.com/NVIDIA/nvidia-containe...

Summary

Toolbx is a tool for Linux, which allows the use of interactive command line

environments for software development and troubleshooting the host operating

system, without having to install software on the host. It is built on top of

Podman and other standard container technologies from OCI.

Toolbx environments have seamless access to the user's home directory, the

Wayland and X11 sockets, networking (including Avahi), removable devices (like

USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev

database, etc..

Update Information:

Security fixes Bumped the minimum github.com/go-viper/mapstructure/v2 version to 2.3.0 for GHSA-fv92-fjc5-jj9h or GO-2025-3787 Bumped the minimum github.com/NVIDIA/nvidia-container-toolkit version to 1.17.8 for CVE-2025-23266 and CVE-2025-23267 Bug fixes Improved error handling when creating symbolic links inside the container to initialize it Preserved environment variables set by a KDE session and Konsole Unbroke access to CA certificates in sshd(8) sessions (regression in 0.1.2) Unbroke overriding the HOME variable (regression in 0.0.90) Dependencies Bumped the minimum Go version to 1.22

Topics%20covered

Topics Covered

security advisory fedora privilege escalation toolbox cve-2025-23266 cve-2025-23267

Change Log

* Sat Aug 9 2025 Debarshi Ray - 0.2-1 - Update to 0.2 - Fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787

References


[ 1 ] Bug #2375632 - toolbox: mapstructure May Leak Sensitive Information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2375632 [ 2 ] Bug #2382220 - CVE-2025-23266 toolbox: Privilege Escalation via Hook Initialization in NVIDIA Container Toolkit [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2382220 [ 3 ] Bug #2387403 - toolbox-0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2387403

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e41c694c83' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: toolbox
Product: Fedora 42
Version: 0.2
Release: 1.fc42
URL: https://containertoolbx.org/
Summary: Tool for interactive command line environments on Linux

Topics%20covered

Topics Covered

security advisory fedora privilege escalation toolbox cve-2025-23266 cve-2025-23267

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here