Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 43 docker-buildx Critical Security Issues Advisory 2025-b1d7d7f8db

fedora
Calendar Grey November 26, 2025
Dist Fedora Esm H88
Critical security advisory for Fedora 43: docker-buildx resolves multiple high-impact issues. Update recommended.
Update to release v0.30.1 Upstream fix Update to release v0.30.0 Resolves: rhbz#2413270 Resolves: rhbz#2407614, rhbz#2407881, rhbz#2408158, rhbz#2409066

Summary

Docker CLI plugin for extended build capabilities with BuildKit.

Update Information:

Update to release v0.30.1 Upstream fix Update to release v0.30.0 Resolves: rhbz#2413270 Resolves: rhbz#2407614, rhbz#2407881, rhbz#2408158, rhbz#2409066 Resolves: rhbz#2409350, rhbz#2409628, rhbz#2410014, rhbz#2410300 Resolves: rhbz#2410579, rhbz#2410946, rhbz#2411477, rhbz#2412381 Resolves: rhbz#2412530, rhbz#2412682, rhbz#2412762 Upstream new features and fixes

Topics%20covered

Topics Covered

security advisory fedora critical remote access attack docker-buildx

Change Log

* Mon Nov 17 2025 Bradley G Smith - 0.30.1-1 - Update to release v0.30.1 - Upstream fix * Wed Nov 12 2025 Bradley G Smith - 0.30.0-1 - Update to release v0.30.0 - Resolves: rhbz#2413270 - Resolves: rhbz#2407614, rhbz#2407881, rhbz#2408158, rhbz#2409066 - Resolves: rhbz#2409350, rhbz#2409628, rhbz#2410014, rhbz#2410300 - Resolves: rhbz#2410579, rhbz#2410946, rhbz#2411477, rhbz#2412381 - Resolves: rhbz#2412530, rhbz#2412682, rhbz#2412762 - Upstream new features and fixes * Fri Oct 10 2025 Alejandro Sez - 0.29.1-2 - rebuild

References


[ 1 ] Bug #2407614 - CVE-2025-58189 docker-buildx: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2407614 [ 2 ] Bug #2407881 - CVE-2025-58189 docker-buildx: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2407881 [ 3 ] Bug #2408158 - CVE-2025-58189 docker-buildx: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408158 [ 4 ] Bug #2409066 - CVE-2025-61723 docker-buildx: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2409066 [ 5 ] Bug #2409350 - CVE-2025-61723 docker-buildx: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=240935...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b1d7d7f8db' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: docker-buildx
Product: Fedora 43
Version: 0.30.1
Release: 1.fc43
URL: https://github.com/docker/buildx
Summary: Docker CLI plugin for extended build capabilities with BuildKit

Topics%20covered

Topics Covered

security advisory fedora critical remote access attack docker-buildx

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here