Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

Fedora 43: Important Security Advisory for grpcurl Command-Line Tool

fedora
Calendar Grey January 4, 2026
Dist Fedora Esm H88
Fix for grpcurl on Fedora 43 addresses critical security issues and improves functionality as a command-line tool.
Fix version ldflag for #2424534

Summary

Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers.

Update Information:

Fix version ldflag for #2424534

Change Log

* Mon Dec 29 2025 Mikel Olasagasti Uranga - 1.9.3-6 - Fix version ldflag - Closes rhbz#2424534 * Fri Oct 10 2025 Alejandro Sez - 1.9.3-5 - rebuild

References


[ 1 ] Bug #2408296 - CVE-2025-58189 grpcurl: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408296 [ 2 ] Bug #2408718 - CVE-2025-61725 grpcurl: Excessive CPU consumption in ParseAddress in net/mail [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408718 [ 3 ] Bug #2409769 - CVE-2025-61723 grpcurl: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409769 [ 4 ] Bug #2410719 - CVE-2025-58185 grpcurl: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410719 [ 5 ] Bug #2411615 - CVE-2025-58188 grpcurl: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411615 [ 6 ] Bug #2424534 - -version returns no version https...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-7da33c2d62' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: grpcurl
Product: Fedora 43
Version: 1.9.3
Release: 6.fc43
Summary: Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.