Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 43: buildah Security Update Fixing CVEs 2025-8f97b687c8

fedora
Calendar Grey November 7, 2025
Dist Fedora Esm H88
Security update for Fedora 43's buildah addresses several CVE fixes to enhance golang's security integrity.
Rebuild for security fixes in golang

Summary

The buildah package provides a command line tool which can be used to

* create a working container from scratch

or

* create a working container from an image as a starting point

* mount/umount a working container's root file system for manipulation

* save container's root file system layer to create a new image

* delete a working container or an image

Update Information:

Rebuild for security fixes in golang. bump to v1.42.0

Topics%20covered

Topics Covered

security advisory fedora CVE fix command line tool buildah golang security

Change Log

* Mon Nov 3 2025 Lokesh Mandvekar - 2:1.42.0-4 - Rebuild for CVE fixes * Thu Oct 23 2025 Lokesh Mandvekar - 2:1.42.0-3 - cleanup changelog * Thu Oct 23 2025 Lokesh Mandvekar - 2:1.42.0-2 - build with sequoia on f43+ * Wed Oct 22 2025 Packit - 2:1.42.0-1 - Update to 1.42.0 upstream release

References


[ 1 ] Bug #2408127 - CVE-2025-58189 buildah: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408127 [ 2 ] Bug #2408694 - CVE-2025-61725 buildah: Excessive CPU consumption in ParseAddress in net/mail [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408694 [ 3 ] Bug #2409597 - CVE-2025-61723 buildah: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409597 [ 4 ] Bug #2410548 - CVE-2025-58185 buildah: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410548 [ 5 ] Bug #2411446 - CVE-2025-58188 buildah: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411446 [ 6 ] Bug #2412667 - CVE-2025-58183 buildah: Unbound...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8f97b687c8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: buildah
Product: Fedora 43
Version: 1.42.0
Release: 4.fc43
URL: https://buildah.io
Summary: A command line tool used for creating OCI Images

Topics%20covered

Topics Covered

security advisory fedora CVE fix command line tool buildah golang security

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here