Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Fedora 43: migrate Update FEDORA-2025-427af3b610 CVE-2025-58189 Critical

fedora
Calendar Grey November 29, 2025
Dist Fedora Esm H88
Update for Fedora 43 addresses CVEs by rebuilding migrate with Go 1.25.4 for enhanced database migrations.
Update to 4.19.0 Address CVEs by rebuilding with Go 1.25.4

Summary

Go database migrations library and program.

This package is built with the following databases backends:

* cassandra

* cockroachdb

* mongodb

* mysql

* postgres

* redshift

* sqlite3

* sqlite

This package is built with the following source backends:

* github

* gitlab

* go-bindata

* godoc-vfs

* gcs

* iofs

* pkger

* s3

Update Information:

Update to 4.19.0 Address CVEs by rebuilding with Go 1.25.4

Topics%20covered

Topics Covered

security advisory fedora update threat migration Go

Change Log

* Fri Nov 21 2025 Link Dupont - 4.19.0-1 - Update to version 4.19.0

References


[ 1 ] Bug #2408323 - CVE-2025-58189 migrate: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408323 [ 2 ] Bug #2409796 - CVE-2025-61723 migrate: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409796 [ 3 ] Bug #2410746 - CVE-2025-58185 migrate: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410746 [ 4 ] Bug #2411642 - CVE-2025-58188 migrate: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411642

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-427af3b610' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: migrate
Product: Fedora 43
Version: 4.19.0
Release: 1.fc43
URL: https://github.com/golang-migrate/migrate
Summary: Go database migrations library and program

Topics%20covered

Topics Covered

security advisory fedora update threat migration Go

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here