Important: buildah security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29195", "synopsis": "Important: buildah security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for buildah.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. \n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}, {"ticket": "2456339", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "description": ""}, {"ticket": "2456333", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333", "description": ""}, {"ticket": "2456338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "description": ""}],"cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}, {"name": "CVE-2026-32280", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}, {"name": "CVE-2026-32281", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-1050"}, {"name": "CVE-2026-32283", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-764"}], "references": [], "publishedAt": "2026-06-26T12:05:00.179765Z", "rpms": {"Rocky Linux 10": {"nvras": ["buildah-2:1.43.1-2.el10_2.src.rpm", "buildah-2:1.43.1-2.el10_2.ppc64le.rpm", "buildah-debuginfo-2:1.43.1-2.el10_2.aarch64.rpm", "buildah-tests-2:1.43.1-2.el10_2.x86_64.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le.rpm", "buildah-debugsource-2:1.43.1-2.el10_2.s390x.rpm", "buildah-debuginfo-2:1.43.1-2.el10_2.x86_64.rpm", "buildah-tests-2:1.43.1-2.el10_2.s390x.rpm", "buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le.rpm", "buildah-2:1.43.1-2.el10_2.s390x.rpm", "buildah-2:1.43.1-2.el10_2.x86_64.rpm", "buildah-debuginfo-2:1.43.1-2.el10_2.s390x.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64.rpm", "buildah-debugsource-2:1.43.1-2.el10_2.x86_64.rpm", "buildah-tests-2:1.43.1-2.el10_2.aarch64.rpm", "buildah-2:1.43.1-2.el10_2.aarch64.rpm", "buildah-debugsource-2:1.43.1-2.el10_2.ppc64le.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x.rpm","buildah-debugsource-2:1.43.1-2.el10_2.aarch64.rpm", "buildah-tests-2:1.43.1-2.el10_2.ppc64le.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Buildah security update for Rocky Linux 10 addresses important vulnerabilities affecting container image management tools.. Rocky Linux, buildah security, container image vulnerabilities, Denial of Service, security advisories. . LinuxSecurity.com Team
Important: podman security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:26447", "synopsis": "Important: podman security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for podman.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2456333", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333", "description": ""}, {"ticket": "2456338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "description": ""}, {"ticket": "2456339", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "description": ""}], "cves": [{"name": "CVE-2026-32280", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}, {"name": "CVE-2026-32281", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-1050"}, {"name": "CVE-2026-32283", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-764"}], "references": [], "publishedAt": "2026-06-17T12:03:08.073041Z", "rpms": {"Rocky Linux 9": {"nvras": ["podman-6:5.8.2-3.el9_8.aarch64.rpm", "podman-6:5.8.2-3.el9_8.ppc64le.rpm", "podman-6:5.8.2-3.el9_8.s390x.rpm", "podman-6:5.8.2-3.el9_8.src.rpm", "podman-6:5.8.2-3.el9_8.x86_64.rpm", "podman-debuginfo-6:5.8.2-3.el9_8.aarch64.rpm", "podman-debuginfo-6:5.8.2-3.el9_8.ppc64le.rpm", "podman-debuginfo-6:5.8.2-3.el9_8.s390x.rpm", "podman-debuginfo-6:5.8.2-3.el9_8.x86_64.rpm", "podman-debugsource-6:5.8.2-3.el9_8.aarch64.rpm", "podman-debugsource-6:5.8.2-3.el9_8.ppc64le.rpm", "podman-debugsource-6:5.8.2-3.el9_8.s390x.rpm", "podman-debugsource-6:5.8.2-3.el9_8.x86_64.rpm", "podman-docker-6:5.8.2-3.el9_8.noarch.rpm", "podman-plugins-6:5.8.2-3.el9_8.aarch64.rpm", "podman-plugins-6:5.8.2-3.el9_8.ppc64le.rpm", "podman-plugins-6:5.8.2-3.el9_8.s390x.rpm", "podman-plugins-6:5.8.2-3.el9_8.x86_64.rpm", "podman-plugins-debuginfo-6:5.8.2-3.el9_8.aarch64.rpm", "podman-plugins-debuginfo-6:5.8.2-3.el9_8.ppc64le.rpm", "podman-plugins-debuginfo-6:5.8.2-3.el9_8.s390x.rpm", "podman-plugins-debuginfo-6:5.8.2-3.el9_8.x86_64.rpm", "podman-remote-6:5.8.2-3.el9_8.aarch64.rpm", "podman-remote-6:5.8.2-3.el9_8.ppc64le.rpm", "podman-remote-6:5.8.2-3.el9_8.s390x.rpm", "podman-remote-6:5.8.2-3.el9_8.x86_64.rpm", "podman-remote-debuginfo-6:5.8.2-3.el9_8.aarch64.rpm", "podman-remote-debuginfo-6:5.8.2-3.el9_8.ppc64le.rpm", "podman-remote-debuginfo-6:5.8.2-3.el9_8.s390x.rpm", "podman-remote-debuginfo-6:5.8.2-3.el9_8.x86_64.rpm", "podman-tests-6:5.8.2-3.el9_8.aarch64.rpm", "podman-tests-6:5.8.2-3.el9_8.ppc64le.rpm","podman-tests-6:5.8.2-3.el9_8.s390x.rpm", "podman-tests-6:5.8.2-3.el9_8.x86_64.rpm", "podman-tests-debuginfo-6:5.8.2-3.el9_8.aarch64.rpm", "podman-tests-debuginfo-6:5.8.2-3.el9_8.ppc64le.rpm", "podman-tests-debuginfo-6:5.8.2-3.el9_8.s390x.rpm", "podman-tests-debuginfo-6:5.8.2-3.el9_8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important podman security updates for Rocky Linux 9 address denial of service issues from several CVEs.. Rocky Linux podman update Denial of Service vulnerabilities. . LinuxSecurity.com Team
Update to release v29.1.3 Resolves: rhbz#2417969 Resolves CVE-2024-25621: rhbz#2419019, rhbz#2419046, rhbz#2419442 Upstream new features and fixes. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d39f46567c 2025-12-22 00:51:48.774296+00:00 -------------------------------------------------------------------------------- Name : moby-engine Product : Fedora 43 Version : 29.1.3 Release : 1.fc43 URL : https://github.com/moby/moby Summary : The open-source application container engine Description : Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between \u2014 and they do not require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. -------------------------------------------------------------------------------- Update Information: Update to release v29.1.3 Resolves: rhbz#2417969 Resolves CVE-2024-25621: rhbz#2419019, rhbz#2419046, rhbz#2419442 Upstream new features and fixes -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 12 2025 Bradley G Smith - 29.1.3-1 - Update to release v29.1.3 - Resolves: rhbz#2417969 - Resolves CVE-2024-25621: rhbz#2419019, rhbz#2419046, rhbz#2419442 - Upstream new features and fixes * Tue Dec 2 2025 Bradley G Smith - 29.1.2-1 - Update to release v29.1.2 - Resolves: rhbz#2417969 - Upstream new features and fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #2417969 - moby-engine-29.1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2417969 [ 2 ] Bug#2419019 - CVE-2024-25621 moby-engine: containerd local privilege escalation [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2419019 [ 3 ] Bug #2419046 - CVE-2024-25621 moby-engine: containerd local privilege escalation [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2419046 [ 4 ] Bug #2419442 - CVE-2024-25621 moby-engine: containerd local privilege escalation [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2419442 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d39f46567c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Stay informed with the latest Fedora update for moby-engine, addressing critical security issues and new features.. Fedora Update, Moby Engine Security, Container Privilege Escalation, Open Source Application. . LinuxSecurity.com Team
Update to release v1.34.2 Resolves: rhbz#2398589, rhbz#2398850, rhbz#2399251, rhbz#2399524 Resolves: rhbz#2407790, rhbz#2408060, rhbz#2408317, rhbz#2408611 Resolves: rhbz#2408674, rhbz#2408732, rhbz#2409239, rhbz#2409529 Resolves: rhbz#2409790, rhbz#2410204, rhbz#2410479, rhbz#2410740. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-4c576d1bd9 2025-11-25 01:34:32.166692+00:00 -------------------------------------------------------------------------------- Name : kubernetes1.34 Product : Fedora 42 Version : 1.34.2 Release : 1.fc42 URL : https://github.com/kubernetes/kubernetes Summary : Open Source Production-Grade Container Scheduling And Management Platform Description : Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machines. -------------------------------------------------------------------------------- Update Information: Update to release v1.34.2 Resolves: rhbz#2398589, rhbz#2398850, rhbz#2399251, rhbz#2399524 Resolves: rhbz#2407790, rhbz#2408060, rhbz#2408317, rhbz#2408611 Resolves: rhbz#2408674, rhbz#2408732, rhbz#2409239, rhbz#2409529 Resolves: rhbz#2409790, rhbz#2410204, rhbz#2410479, rhbz#2410740 Resolves: rhbz#2411120, rhbz#2411378, rhbz#2411636 rhbz#2412590 Resolves: rhbz#2412805 Upstream fixes -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2025 Bradley G Smith - 1.34.2-1 - Update to release v1.34.2 - Resolves: rhbz#2398589, rhbz#2398850, rhbz#2399251, rhbz#2399524 - Resolves: rhbz#2407790, rhbz#2408060, rhbz#2408317, rhbz#2408611 - Resolves: rhbz#2408674, rhbz#2408732, rhbz#2409239, rhbz#2409529 - Resolves: rhbz#2409790, rhbz#2410204, rhbz#2410479,rhbz#2410740 - Resolves: rhbz#2411120, rhbz#2411378, rhbz#2411636 rhbz#2412590 - Resolves: rhbz#2412805 - Upstream fixes * Fri Nov 14 2025 Bradley G Smith - 1.34.1-4 - Reorder CRI Recommends - Update cri-o recommend with correct version information - Reorder CRI as (for example): Recommends: (cri-o1.34 or containerd) * Fri Oct 10 2025 Maxwell G - 1.34.1-3 - Rebuild for golang 1.25.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2398589 - CVE-2025-47910 kubernetes1.34: CrossOriginProtection bypass in net/http [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2398589 [ 2 ] Bug #2398850 - CVE-2025-47910 kubernetes1.34: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398850 [ 3 ] Bug #2399251 - CVE-2025-47906 kubernetes1.34: Unexpected paths returned from LookPath in os/exec [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2399251 [ 4 ] Bug #2399524 - CVE-2025-47906 kubernetes1.34: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399524 [ 5 ] Bug #2407790 - CVE-2025-58189 kubernetes1.34: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2407790 [ 6 ] Bug #2408060 - CVE-2025-58189 kubernetes1.34: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408060 [ 7 ] Bug #2408317 - CVE-2025-58189 kubernetes1.34: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408317 [ 8 ] Bug #2408611 - CVE-2025-61725 kubernetes1.34: Excessive CPU consumption in ParseAddress in net/mail [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2408611 [ 9 ] Bug #2408674 - CVE-2025-61725 kubernetes1.34:Excessive CPU consumption in ParseAddress in net/mail [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408674 [ 10 ] Bug #2408732 - CVE-2025-61725 kubernetes1.34: Excessive CPU consumption in ParseAddress in net/mail [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408732 [ 11 ] Bug #2409239 - CVE-2025-61723 kubernetes1.34: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2409239 [ 12 ] Bug #2409529 - CVE-2025-61723 kubernetes1.34: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409529 [ 13 ] Bug #2409790 - CVE-2025-61723 kubernetes1.34: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409790 [ 14 ] Bug #2410204 - CVE-2025-58185 kubernetes1.34: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2410204 [ 15 ] Bug #2410479 - CVE-2025-58185 kubernetes1.34: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410479 [ 16 ] Bug #2410740 - CVE-2025-58185 kubernetes1.34: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410740 [ 17 ] Bug #2411120 - CVE-2025-58188 kubernetes1.34: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2411120 [ 18 ] Bug #2411378 - CVE-2025-58188 kubernetes1.34: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411378 [ 19 ] Bug #2411636 - CVE-2025-58188 kubernetes1.34: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411636 [ 20 ] Bug #2412590 - CVE-2025-58183 kubernetes1.34: Unbounded allocation when parsing GNU sparse map [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2412590 [ 21 ] Bug #2412805 - CVE-2025-58183 kubernetes1.34: Unbounded allocation when parsing GNU sparse map [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2412805 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4c576d1bd9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to release v1.3.3. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-ebd4913540 2025-11-14 01:25:41.063350+00:00 -------------------------------------------------------------------------------- Name : runc Product : Fedora 43 Version : 1.3.3 Release : 1.fc43 URL : https://github.com/opencontainers/runc Summary : CLI for running Open Containers Description : The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. -------------------------------------------------------------------------------- Update Information: Update to release v1.3.3 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 5 2025 Bradley G Smith - 2:1.3.3-1 - Update to release v1.3.3 - Resolves: rhbz#2411664, rhbz#2411410, rhbz#2411148 - Resolves: rbhz#2410768, rhbz#2410512, rhbz#2410233 - Resolves: rhbz#2409818, rhbz#2409561, rhbz#2409284 - Resolves: rhbz#2408345, rhbz#2408091, rhbz#2407818 - Security. Fixes CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 - Upstream new feature -------------------------------------------------------------------------------- References: [ 1 ] Bug #2407818 - CVE-2025-58189 runc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2407818 [ 2 ] Bug #2408091 - CVE-2025-58189 runc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408091 [ 3 ] Bug #2408345 - CVE-2025-58189 runc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408345 [ 4 ] Bug #2409284 - CVE-2025-61723 runc: Quadratic complexity when parsing someinvalid inputs in encoding/pem [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2409284 [ 5 ] Bug #2409561 - CVE-2025-61723 runc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409561 [ 6 ] Bug #2409818 - CVE-2025-61723 runc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409818 [ 7 ] Bug #2411148 - CVE-2025-58188 runc: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2411148 [ 8 ] Bug #2411410 - CVE-2025-58188 runc: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411410 [ 9 ] Bug #2411664 - CVE-2025-58188 runc: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411664 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-ebd4913540' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to release v1.3.3. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-6924245627 2025-11-14 01:07:42.820576+00:00 -------------------------------------------------------------------------------- Name : runc Product : Fedora 41 Version : 1.3.3 Release : 1.fc41 URL : https://github.com/opencontainers/runc Summary : CLI for running Open Containers Description : The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. -------------------------------------------------------------------------------- Update Information: Update to release v1.3.3 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 5 2025 Bradley G Smith - 2:1.3.3-1 - Update to release v1.3.3 - Resolves: rhbz#2411664, rhbz#2411410, rhbz#2411148 - Resolves: rbhz#2410768, rhbz#2410512, rhbz#2410233 - Resolves: rhbz#2409818, rhbz#2409561, rhbz#2409284 - Resolves: rhbz#2408345, rhbz#2408091, rhbz#2407818 - Security. Fixes CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 - Upstream new feature -------------------------------------------------------------------------------- References: [ 1 ] Bug #2407818 - CVE-2025-58189 runc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2407818 [ 2 ] Bug #2408091 - CVE-2025-58189 runc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408091 [ 3 ] Bug #2408345 - CVE-2025-58189 runc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408345 [ 4 ] Bug #2409284 - CVE-2025-61723 runc: Quadratic complexity when parsing someinvalid inputs in encoding/pem [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2409284 [ 5 ] Bug #2409561 - CVE-2025-61723 runc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409561 [ 6 ] Bug #2409818 - CVE-2025-61723 runc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409818 [ 7 ] Bug #2411148 - CVE-2025-58188 runc: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2411148 [ 8 ] Bug #2411410 - CVE-2025-58188 runc: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411410 [ 9 ] Bug #2411664 - CVE-2025-58188 runc: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411664 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6924245627' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
* bsc#1234537 * bsc#1235303 * bsc#1241772 Cross-References: . # Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t Announcement ID: SUSE-SU-2025:03278-1 Release Date: 2025-09-19T13:42:11Z Rating: important References: * bsc#1234537 * bsc#1235303 * bsc#1241772 Cross-References: * CVE-2024-45337 * CVE-2024-45338 * CVE-2025-22872 CVSS scores: * CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45337 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-45338 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45338 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45338 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-22872 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-22872 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L Affected Products: * Containers Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for kubevirt, virt-api-container, virt-controller-container, virt- exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator- container, virt-pr-helper-container fixes the following issues: This update for kubevirt updates golang.org/x/net to 0.38.0, fixing security issues (CVE-2025-22872, CVE-2024-45337, CVE-2024-45338, bsc#1234537, bsc#1235303, bsc#1241772) and also rebuilds it against current GO. ## Patch Instructions: Toinstall this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3278=1 openSUSE-SLE-15.6-2025-3278=1 * Containers Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-3278=1 ## Package List: * openSUSE Leap 15.6 (aarch64 x86_64) * kubevirt-virt-api-debuginfo-1.4.1-150600.5.24.1 * kubevirt-virt-exportserver-debuginfo-1.4.1-150600.5.24.1 * kubevirt-virt-exportproxy-debuginfo-1.4.1-150600.5.24.1 * kubevirt-virtctl-1.4.1-150600.5.24.1 * kubevirt-virt-launcher-debuginfo-1.4.1-150600.5.24.1 * kubevirt-container-disk-1.4.1-150600.5.24.1 * kubevirt-virtctl-debuginfo-1.4.1-150600.5.24.1 * kubevirt-virt-api-1.4.1-150600.5.24.1 * kubevirt-virt-controller-1.4.1-150600.5.24.1 * kubevirt-virt-exportserver-1.4.1-150600.5.24.1 * kubevirt-container-disk-debuginfo-1.4.1-150600.5.24.1 * kubevirt-virt-launcher-1.4.1-150600.5.24.1 * kubevirt-virt-operator-1.4.1-150600.5.24.1 * kubevirt-tests-debuginfo-1.4.1-150600.5.24.1 * kubevirt-virt-exportproxy-1.4.1-150600.5.24.1 * kubevirt-virt-controller-debuginfo-1.4.1-150600.5.24.1 * kubevirt-pr-helper-conf-1.4.1-150600.5.24.1 * kubevirt-tests-1.4.1-150600.5.24.1 * kubevirt-virt-handler-1.4.1-150600.5.24.1 * kubevirt-manifests-1.4.1-150600.5.24.1 * kubevirt-virt-handler-debuginfo-1.4.1-150600.5.24.1 * kubevirt-virt-operator-debuginfo-1.4.1-150600.5.24.1 * obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1 * Containers Module 15-SP6 (aarch64 x86_64) * kubevirt-virtctl-debuginfo-1.4.1-150600.5.24.1 * kubevirt-virtctl-1.4.1-150600.5.24.1 * kubevirt-manifests-1.4.1-150600.5.24.1 ## References: * https://www.suse.com/security/cve/CVE-2024-45337.html * https://www.suse.com/security/cve/CVE-2024-45338.html * https://www.suse.com/security/cve/CVE-2025-22872.html *https://bugzilla.suse.com/show_bug.cgi?id=1234537 * https://bugzilla.suse.com/show_bug.cgi?id=1235303 * https://bugzilla.suse.com/show_bug.cgi?id=1241772 . Important security update for SUSE's KubeVirt images. Upgrade immediately to resolve critical vulnerabilities before consequences arise.. KubeVirt Update. . LinuxSecurity.com Team
Update to release v1.32.7 Resolves: rhbz#2388412 Resolves: CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference Upstream fixes. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-8f9b0ca4c7 2025-08-23 01:31:19.590141+00:00 -------------------------------------------------------------------------------- Name : kubernetes1.32 Product : Fedora 41 Version : 1.32.8 Release : 1.fc41 URL : https://github.com/kubernetes/kubernetes Summary : Open Source Production-Grade Container Scheduling And Management Platform Description : Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machines. -------------------------------------------------------------------------------- Update Information: Update to release v1.32.7 Resolves: rhbz#2388412 Resolves: CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference Upstream fixes -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 13 2025 Bradley G Smith - 1.32.8-1 - Update to release v1.32.7 - Resolves: rhbz#2388412 - Resolves: CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference - Upstream fixes * Thu Jul 24 2025 Fedora Release Engineering - 1.32.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2388412 - kubernetes1.32-1.33.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2388412 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade--advisory FEDORA-2025-8f9b0ca4c7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.