Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 43: source-to-image 1.5.1 Update Fixing Critical Bugs and Issues

fedora
Calendar Grey December 2, 2025
Dist Fedora Esm H88
Ensure secure builds with source-to-image update in Fedora 43 addressing critical issues. Upgrade now!
Update to 1.5.1, migrate to Go Vendor Tools

Summary

Source-to-Image (S2I) is a toolkit and workflow for building reproducible

container images from source code. S2I produces ready-to-run images by

injecting source code into a container image and letting the container prepare

that source code for execution. By creating self-assembling builder images,

you can version and control your build environments exactly like you use

container images to version your runtime environments.

Update Information:

Update to 1.5.1, migrate to Go Vendor Tools

Topics%20covered

Topics Covered

security advisory fedora update attack CVE source-to-image

Change Log

* Sun Nov 9 2025 Yaakov Selkowitz - 1.5.1-1 - Update to 1.5.1 * Sun Nov 9 2025 Yaakov Selkowitz - 1.5.0-7 - Migrate to go-vendor-tools * Sun Oct 12 2025 Maxwell G - 1.5.0-5 - Rebuild for golang 1.25.2 * Fri Oct 10 2025 Alejandro Sez - 1.5.0-4 - rebuild

References


[ 1 ] Bug #2337561 - source-to-image-1.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2337561 [ 2 ] Bug #2408351 - CVE-2025-58189 source-to-image: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408351 [ 3 ] Bug #2409823 - CVE-2025-61723 source-to-image: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409823 [ 4 ] Bug #2410773 - CVE-2025-58185 source-to-image: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410773

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-dc3c993169' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: source-to-image
Product: Fedora 43
Version: 1.5.1
Release: 1.fc43
URL: https://github.com/openshift/source-to-image
Summary: A tool for building artifacts from source and injecting into container images

Topics%20covered

Topics Covered

security advisory fedora update attack CVE source-to-image

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here