Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 43: Critical Update for Kubernetes 1.34.2 Cross-Origin Bypass

fedora
Calendar Grey November 24, 2025
Dist Fedora Esm H88
This Fedora 43 advisory details critical updates for Kubernetes 1.34.2, addressing severe threats like Cross-Origin Protection bypass.
Update to release v1.34.2 Resolves: rhbz#2398589, rhbz#2398850, rhbz#2399251, rhbz#2399524 Resolves: rhbz#2407790, rhbz#2408060, rhbz#2408317, rhbz#2408611 Resolves: rhbz#2408674, ...

Summary

Production-Grade Container Scheduling and Management.

Installs kubelet, the kubernetes agent on each machine in a

cluster. The kubernetes-client sub-package,

containing kubectl, is recommended but not strictly required.

The kubernetes-client sub-package should be installed on

control plane machines.

Update Information:

Update to release v1.34.2 Resolves: rhbz#2398589, rhbz#2398850, rhbz#2399251, rhbz#2399524 Resolves: rhbz#2407790, rhbz#2408060, rhbz#2408317, rhbz#2408611 Resolves: rhbz#2408674, rhbz#2408732, rhbz#2409239, rhbz#2409529 Resolves: rhbz#2409790, rhbz#2410204, rhbz#2410479, rhbz#2410740 Resolves: rhbz#2411120, rhbz#2411378, rhbz#2411636 rhbz#2412590 Resolves: rhbz#2412805 Upstream fixes

Topics%20covered

Topics Covered

security advisory fedora critical DoS cross-origin kubernetes

Change Log

* Fri Nov 14 2025 Bradley G Smith - 1.34.2-1 - Update to release v1.34.2 - Resolves: rhbz#2398589, rhbz#2398850, rhbz#2399251, rhbz#2399524 - Resolves: rhbz#2407790, rhbz#2408060, rhbz#2408317, rhbz#2408611 - Resolves: rhbz#2408674, rhbz#2408732, rhbz#2409239, rhbz#2409529 - Resolves: rhbz#2409790, rhbz#2410204, rhbz#2410479, rhbz#2410740 - Resolves: rhbz#2411120, rhbz#2411378, rhbz#2411636 rhbz#2412590 - Resolves: rhbz#2412805 - Upstream fixes * Fri Nov 14 2025 Bradley G Smith - 1.34.1-4 - Reorder CRI Recommends - Update cri-o recommend with correct version information - Reorder CRI as (for example): Recommends: (cri-o1.34 or containerd) * Fri Oct 10 2025 Maxwell G - 1.34.1-3 - Rebuild for golang 1.25.2

References


[ 1 ] Bug #2398589 - CVE-2025-47910 kubernetes1.34: CrossOriginProtection bypass in net/http [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2398589 [ 2 ] Bug #2398850 - CVE-2025-47910 kubernetes1.34: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398850 [ 3 ] Bug #2399251 - CVE-2025-47906 kubernetes1.34: Unexpected paths returned from LookPath in os/exec [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2399251 [ 4 ] Bug #2399524 - CVE-2025-47906 kubernetes1.34: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399524 [ 5 ] Bug #2407790 - CVE-2025-58189 kubernetes1.34: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2407790 [ 6 ] Bug #2408060 - CVE-2025-58189 kubernetes1.34: go crypto/tls ALPN negotiation error cont...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-f32b1debd8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: kubernetes1.34
Product: Fedora 43
Version: 1.34.2
Release: 1.fc43
URL: https://github.com/kubernetes/kubernetes
Summary: Open Source Production-Grade Container Scheduling And Management Platform

Topics%20covered

Topics Covered

security advisory fedora critical DoS cross-origin kubernetes

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here