Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
89
security advisoryfedoraDoSFedora 42 node-exporter 1.10.2 Critical Update Fix DoS Issues
Update to 1.10.2 Update was blocked by a ppc64 issue, but a workaround has been found.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-126cd91d11 2026-02-09 01:11:14.394467+00:00 -------------------------------------------------------------------------------- Name : node-exporter Product : Fedora 42 Version : 1.10.2 Release : 3.fc42 URL : https://github.com/prometheus/node_exporter Summary : Exporter for machine metrics Description : Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written in Go with pluggable metric collectors. -------------------------------------------------------------------------------- Update Information: Update to 1.10.2 Update was blocked by a ppc64 issue, but a workaround has been found. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 30 2026 Alejandro Sez - 1.10.2-3 - Fix race condition * Fri Jan 16 2026 Fedora Release Engineering - 1.10.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Thu Dec 4 2025 Mikel Olasagasti Uranga - 1.10.2-1 - Update to 1.10.2 - Closes rhbz#2406209 rhbz#2408331 rhbz#2409804 rhbz#2410754 rhbz#2411650 * Fri Oct 10 2025 Alejandro Sez - 1.9.1-4 - rebuild * Fri Aug 15 2025 Maxwell G - 1.9.1-3 - Rebuild for golang-1.25.0 * Thu Jul 24 2025 Fedora Release Engineering - 1.9.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2398866 - CVE-2025-47910 node-exporter: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398866 [ 2 ] Bug #2399538 - CVE-2025-47906 node-exporter: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399538 [ 3 ] Bug #2408076 - CVE-2025-58189 node-exporter: go crypto/tls ALPNnegotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408076 [ 4 ] Bug #2409546 - CVE-2025-61723 node-exporter: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409546 [ 5 ] Bug #2410497 - CVE-2025-58185 node-exporter: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410497 [ 6 ] Bug #2411395 - CVE-2025-58188 node-exporter: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411395 [ 7 ] Bug #2424021 - [Minor Incident] CVE-2025-52881 node-exporter: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2424021 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-126cd91d11' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update details for Fedora's node-exporter 1.10.2, including bug fixes and workaround for ppc64 issue.. node-exporter security update Fedora 42. . Severity: Important. LinuxSecurity.com Team
Feb 09, 2026
•Important
Fedora
89
security advisorysecurity issuefedoraUbuntu 22: gdu 5.32.1 Significant CrossSiteSecurity Update 2025-4e1fa2bc27
Update to 5.32.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-3b0fa1ac26 2025-12-28 00:49:44.327921+00:00 -------------------------------------------------------------------------------- Name : gdu Product : Fedora 42 Version : 5.32.0 Release : 1.fc42 URL : https://github.com/dundee/gdu Summary : Fast disk usage analyzer with console interface written in Go Description : Fast disk usage analyzer with console interface written in Go. -------------------------------------------------------------------------------- Update Information: Update to 5.32.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 19 2025 Mikel Olasagasti Uranga - 5.32.0-1 - Update to 5.32.0 - Closes rhbz#2416550 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2398687 - CVE-2025-47910 gdu: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398687 [ 2 ] Bug #2399368 - CVE-2025-47906 gdu: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399368 [ 3 ] Bug #2407890 - CVE-2025-58189 gdu: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2407890 [ 4 ] Bug #2409359 - CVE-2025-61723 gdu: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409359 [ 5 ] Bug #2410309 - CVE-2025-58185 gdu: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410309 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2025-3b0fa1ac26' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 28, 2025
•Important
Fedora
89
security advisoryfedoraupdateFedora 42: source-to-image Update 1.5.1 Fixes CrossOriginProtection Issues
Update to 1.5.1, migrate to Go Vendor Tools. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-96f340d7a0 2025-12-02 01:30:54.608262+00:00 -------------------------------------------------------------------------------- Name : source-to-image Product : Fedora 42 Version : 1.5.1 Release : 1.fc42 URL : https://github.com/openshift/source-to-image Summary : A tool for building artifacts from source and injecting into container images Description : Source-to-Image (S2I) is a toolkit and workflow for building reproducible container images from source code. S2I produces ready-to-run images by injecting source code into a container image and letting the container prepare that source code for execution. By creating self-assembling builder images, you can version and control your build environments exactly like you use container images to version your runtime environments. -------------------------------------------------------------------------------- Update Information: Update to 1.5.1, migrate to Go Vendor Tools -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 9 2025 Yaakov Selkowitz - 1.5.1-1 - Update to 1.5.1 * Sun Nov 9 2025 Yaakov Selkowitz - 1.5.0-7 - Migrate to go-vendor-tools * Sun Oct 12 2025 Maxwell G - 1.5.0-5 - Rebuild for golang 1.25.2 * Fri Oct 10 2025 Alejandro Sez - 1.5.0-4 - rebuild * Fri Aug 15 2025 Maxwell G - 1.5.0-3 - Rebuild for golang-1.25.0 * Fri Jul 25 2025 Fedora Release Engineering - 1.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Mon Jan 27 2025 Yaakov Selkowitz - 1.5.0-1 - Update to 1.5.0 (rhbz#2337561) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2337561 - source-to-image-1.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2337561 [ 2 ] Bug #2398887 - CVE-2025-47910 source-to-image: CrossOriginProtectionbypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398887 [ 3 ] Bug #2399569 - CVE-2025-47906 source-to-image: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399569 [ 4 ] Bug #2408097 - CVE-2025-58189 source-to-image: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408097 [ 5 ] Bug #2409567 - CVE-2025-61723 source-to-image: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409567 [ 6 ] Bug #2410518 - CVE-2025-58185 source-to-image: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410518 [ 7 ] Bug #2411416 - CVE-2025-58188 source-to-image: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411416 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-96f340d7a0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update to source-to-image 1.5.1 for Fedora 42 addresses security issues and improves build processes.. source-to-image update, Fedora security, Go Vendor Tools, container images, cross-origin protection. . Severity: Important. LinuxSecurity.com Team
Dec 02, 2025
•Important
Fedora
89
security advisoryfedoracriticalUbuntu 24: Docker 2.13.5 Important Security Notice 2026-6f2b2d1a9f8
Update to release v1.32.10 Resolves: rhbz#2414539 Resolves: rhbz#2398587, rhbz#2398848, rhbz#2399249, rhbz#2399522 Resolves: rhbz#2399703, rhbz#2399721, rhbz#2407788, rhbz#2408058 Resolves: rhbz#2408315, rhbz#2408609, rhbz#2408672, rhbz#2408730. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-547f14aef4 2025-11-23 01:22:23.613172+00:00 -------------------------------------------------------------------------------- Name : kubernetes1.32 Product : Fedora 41 Version : 1.32.10 Release : 2.fc41 URL : https://github.com/kubernetes/kubernetes Summary : Open Source Production-Grade Container Scheduling And Management Platform Description : Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machines. -------------------------------------------------------------------------------- Update Information: Update to release v1.32.10 Resolves: rhbz#2414539 Resolves: rhbz#2398587, rhbz#2398848, rhbz#2399249, rhbz#2399522 Resolves: rhbz#2399703, rhbz#2399721, rhbz#2407788, rhbz#2408058 Resolves: rhbz#2408315, rhbz#2408609, rhbz#2408672, rhbz#2408730 Resolves: rhbz#2409237, rhbz#2409527, rhbz#2409788, rhbz#2410202 Resolves: rhbz#2410477, rhbz#2410738, rhbz#2411117, rhbz#2411376 Resolves: rhbz#2411634, rhbz#2412569, rhbz#2412588, rhbz#2412803 Upstream fixes -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 12 2025 Bradley G Smith - 1.32.10-1 - Update to release v1.32.10 - Resolves: rhbz#2414539 - Resolves: rhbz#2398587, rhbz#2398848, rhbz#2399249, rhbz#2399522 - Resolves: rhbz#2399703, rhbz#2399721, rhbz#2407788, rhbz#2408058 - Resolves: rhbz#2408315, rhbz#2408609, rhbz#2408672, rhbz#2408730 -Resolves: rhbz#2409237, rhbz#2409527, rhbz#2409788, rhbz#2410202 - Resolves: rhbz#2410477, rhbz#2410738, rhbz#2411117, rhbz#2411376 - Resolves: rhbz#2411634, rhbz#2412569, rhbz#2412588, rhbz#2412803 - Upstream fixes * Wed Nov 12 2025 Bradley G Smith - 1.32.9-2 - Revise template - Remove transition artifacts - from non-versioned kubernetes - Remove unneeded network rpms - Remove duplicate requires -------------------------------------------------------------------------------- References: [ 1 ] Bug #2398587 - CVE-2025-47910 kubernetes1.32: CrossOriginProtection bypass in net/http [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2398587 [ 2 ] Bug #2398848 - CVE-2025-47910 kubernetes1.32: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398848 [ 3 ] Bug #2399249 - CVE-2025-47906 kubernetes1.32: Unexpected paths returned from LookPath in os/exec [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2399249 [ 4 ] Bug #2399522 - CVE-2025-47906 kubernetes1.32: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399522 [ 5 ] Bug #2399703 - CVE-2025-11065 kubernetes1.32: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2399703 [ 6 ] Bug #2399721 - CVE-2025-11065 kubernetes1.32: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399721 [ 7 ] Bug #2407788 - CVE-2025-58189 kubernetes1.32: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2407788 [ 8 ] Bug #2408058 - CVE-2025-58189 kubernetes1.32: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408058 [ 9 ] Bug #2408315 - CVE-2025-58189 kubernetes1.32: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408315 [ 10 ] Bug #2408609 - CVE-2025-61725 kubernetes1.32: Excessive CPU consumption in ParseAddress in net/mail [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2408609 [ 11 ] Bug #2408672 - CVE-2025-61725 kubernetes1.32: Excessive CPU consumption in ParseAddress in net/mail [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408672 [ 12 ] Bug #2408730 - CVE-2025-61725 kubernetes1.32: Excessive CPU consumption in ParseAddress in net/mail [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408730 [ 13 ] Bug #2409237 - CVE-2025-61723 kubernetes1.32: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2409237 [ 14 ] Bug #2409527 - CVE-2025-61723 kubernetes1.32: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409527 [ 15 ] Bug #2409788 - CVE-2025-61723 kubernetes1.32: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409788 [ 16 ] Bug #2410202 - CVE-2025-58185 kubernetes1.32: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2410202 [ 17 ] Bug #2410477 - CVE-2025-58185 kubernetes1.32: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410477 [ 18 ] Bug #2410738 - CVE-2025-58185 kubernetes1.32: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410738 [ 19 ] Bug #2411117 - CVE-2025-58188 kubernetes1.32: Panicwhen validating certificates with DSA public keys in crypto/x509 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2411117 [ 20 ] Bug #2411376 - CVE-2025-58188 kubernetes1.32: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411376 [ 21 ] Bug #2411634 - CVE-2025-58188 kubernetes1.32: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411634 [ 22 ] Bug #2412569 - CVE-2025-58183 kubernetes1.32: Unbounded allocation when parsing GNU sparse map [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2412569 [ 23 ] Bug #2412588 - CVE-2025-58183 kubernetes1.32: Unbounded allocation when parsing GNU sparse map [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2412588 [ 24 ] Bug #2412803 - CVE-2025-58183 kubernetes1.32: Unbounded allocation when parsing GNU sparse map [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2412803 [ 25 ] Bug #2414539 - kubernetes1.32-1.34.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2414539 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-547f14aef4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 23, 2025
•Critical
Fedora
89
security advisoryfedoraimportantFedora 42: Kubernetes1.32 Important Security Update 2025-0131063534
Update to release v1.32.10 Resolves: rhbz#2414539 Resolves: rhbz#2398587, rhbz#2398848, rhbz#2399249, rhbz#2399522 Resolves: rhbz#2399703, rhbz#2399721, rhbz#2407788, rhbz#2408058 Resolves: rhbz#2408315, rhbz#2408609, rhbz#2408672, rhbz#2408730. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-0131063534 2025-11-22 01:11:37.542899+00:00 -------------------------------------------------------------------------------- Name : kubernetes1.32 Product : Fedora 42 Version : 1.32.10 Release : 2.fc42 URL : https://github.com/kubernetes/kubernetes Summary : Open Source Production-Grade Container Scheduling And Management Platform Description : Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machines. -------------------------------------------------------------------------------- Update Information: Update to release v1.32.10 Resolves: rhbz#2414539 Resolves: rhbz#2398587, rhbz#2398848, rhbz#2399249, rhbz#2399522 Resolves: rhbz#2399703, rhbz#2399721, rhbz#2407788, rhbz#2408058 Resolves: rhbz#2408315, rhbz#2408609, rhbz#2408672, rhbz#2408730 Resolves: rhbz#2409237, rhbz#2409527, rhbz#2409788, rhbz#2410202 Resolves: rhbz#2410477, rhbz#2410738, rhbz#2411117, rhbz#2411376 Resolves: rhbz#2411634, rhbz#2412569, rhbz#2412588, rhbz#2412803 Upstream fixes -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 12 2025 Bradley G Smith - 1.32.10-1 - Update to release v1.32.10 - Resolves: rhbz#2414539 - Resolves: rhbz#2398587, rhbz#2398848, rhbz#2399249, rhbz#2399522 - Resolves: rhbz#2399703, rhbz#2399721, rhbz#2407788, rhbz#2408058 - Resolves: rhbz#2408315, rhbz#2408609, rhbz#2408672, rhbz#2408730 -Resolves: rhbz#2409237, rhbz#2409527, rhbz#2409788, rhbz#2410202 - Resolves: rhbz#2410477, rhbz#2410738, rhbz#2411117, rhbz#2411376 - Resolves: rhbz#2411634, rhbz#2412569, rhbz#2412588, rhbz#2412803 - Upstream fixes * Wed Nov 12 2025 Bradley G Smith - 1.32.9-2 - Revise template - Remove transition artifacts - from non-versioned kubernetes - Remove unneeded network rpms - Remove duplicate requires -------------------------------------------------------------------------------- References: [ 1 ] Bug #2398587 - CVE-2025-47910 kubernetes1.32: CrossOriginProtection bypass in net/http [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2398587 [ 2 ] Bug #2398848 - CVE-2025-47910 kubernetes1.32: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398848 [ 3 ] Bug #2399249 - CVE-2025-47906 kubernetes1.32: Unexpected paths returned from LookPath in os/exec [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2399249 [ 4 ] Bug #2399522 - CVE-2025-47906 kubernetes1.32: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399522 [ 5 ] Bug #2399703 - CVE-2025-11065 kubernetes1.32: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2399703 [ 6 ] Bug #2399721 - CVE-2025-11065 kubernetes1.32: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399721 [ 7 ] Bug #2407788 - CVE-2025-58189 kubernetes1.32: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2407788 [ 8 ] Bug #2408058 - CVE-2025-58189 kubernetes1.32: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408058 [ 9 ] Bug #2408315 - CVE-2025-58189 kubernetes1.32: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408315 [ 10 ] Bug #2408609 - CVE-2025-61725 kubernetes1.32: Excessive CPU consumption in ParseAddress in net/mail [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2408609 [ 11 ] Bug #2408672 - CVE-2025-61725 kubernetes1.32: Excessive CPU consumption in ParseAddress in net/mail [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408672 [ 12 ] Bug #2408730 - CVE-2025-61725 kubernetes1.32: Excessive CPU consumption in ParseAddress in net/mail [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408730 [ 13 ] Bug #2409237 - CVE-2025-61723 kubernetes1.32: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2409237 [ 14 ] Bug #2409527 - CVE-2025-61723 kubernetes1.32: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409527 [ 15 ] Bug #2409788 - CVE-2025-61723 kubernetes1.32: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409788 [ 16 ] Bug #2410202 - CVE-2025-58185 kubernetes1.32: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2410202 [ 17 ] Bug #2410477 - CVE-2025-58185 kubernetes1.32: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410477 [ 18 ] Bug #2410738 - CVE-2025-58185 kubernetes1.32: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410738 [ 19 ] Bug #2411117 - CVE-2025-58188 kubernetes1.32: Panicwhen validating certificates with DSA public keys in crypto/x509 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2411117 [ 20 ] Bug #2411376 - CVE-2025-58188 kubernetes1.32: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411376 [ 21 ] Bug #2411634 - CVE-2025-58188 kubernetes1.32: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411634 [ 22 ] Bug #2412569 - CVE-2025-58183 kubernetes1.32: Unbounded allocation when parsing GNU sparse map [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2412569 [ 23 ] Bug #2412588 - CVE-2025-58183 kubernetes1.32: Unbounded allocation when parsing GNU sparse map [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2412588 [ 24 ] Bug #2412803 - CVE-2025-58183 kubernetes1.32: Unbounded allocation when parsing GNU sparse map [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2412803 [ 25 ] Bug #2414539 - kubernetes1.32-1.34.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2414539 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-0131063534' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 22, 2025
•Important
Fedora
89
security advisoryfedoraupdateFedora 42: Kubernetes 1.31 Moderate DoS Cross-Origin Protection
Update to release v1.31.14 Resolves: rhbz#2398586, rhbz#2398847, rhbz#2399248, rhbz#2399521 Resolves: rhbz#2399702, rhbz#2399720, rhbz#2407787, rhbz#2408057 Resolves: rhbz#2408314, rhbz#2408608, rhbz#2408671, rhbz#2408729 Resolves: rhbz#2409236, rhbz#2409526, rhbz#2409787, rhbz#2410201. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-4a1370ea1b 2025-11-22 01:11:37.542854+00:00 -------------------------------------------------------------------------------- Name : kubernetes1.31 Product : Fedora 42 Version : 1.31.14 Release : 1.fc42 URL : https://github.com/kubernetes/kubernetes Summary : Open Source Production-Grade Container Scheduling And Management Platform Description : Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machines. -------------------------------------------------------------------------------- Update Information: Update to release v1.31.14 Resolves: rhbz#2398586, rhbz#2398847, rhbz#2399248, rhbz#2399521 Resolves: rhbz#2399702, rhbz#2399720, rhbz#2407787, rhbz#2408057 Resolves: rhbz#2408314, rhbz#2408608, rhbz#2408671, rhbz#2408729 Resolves: rhbz#2409236, rhbz#2409526, rhbz#2409787, rhbz#2410201 Resolves: rhbz#2410476, rhbz#2410737, rhbz#2411116, rhbz#2411375 Resolves: rhbz#2411633, rhbz#2412568, rhbz#2412587, rhbz#2412802 Upstream fixes. Likely last release of Kubernetes 1.31 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 12 2025 Bradley G Smith - 1.31.14-1 - Update to release v1.31.14 - Resolves: rhbz#2398586, rhbz#2398847, rhbz#2399248, rhbz#2399521 - Resolves: rhbz#2399702, rhbz#2399720, rhbz#2407787, rhbz#2408057 - Resolves: rhbz#2408314, rhbz#2408608, rhbz#2408671, rhbz#2408729 -Resolves: rhbz#2409236, rhbz#2409526, rhbz#2409787, rhbz#2410201 - Resolves: rhbz#2410476, rhbz#2410737, rhbz#2411116, rhbz#2411375 - Resolves: rhbz#2411633, rhbz#2412568, rhbz#2412587, rhbz#2412802 - Upstream fixes. - Likely last release of Kubernetes 1.31 * Fri Oct 10 2025 Alejandro Sez - 1.31.13-2 - rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2398586 - CVE-2025-47910 kubernetes1.31: CrossOriginProtection bypass in net/http [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2398586 [ 2 ] Bug #2398847 - CVE-2025-47910 kubernetes1.31: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398847 [ 3 ] Bug #2399248 - CVE-2025-47906 kubernetes1.31: Unexpected paths returned from LookPath in os/exec [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2399248 [ 4 ] Bug #2399521 - CVE-2025-47906 kubernetes1.31: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399521 [ 5 ] Bug #2399702 - CVE-2025-11065 kubernetes1.31: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2399702 [ 6 ] Bug #2399720 - CVE-2025-11065 kubernetes1.31: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399720 [ 7 ] Bug #2407787 - CVE-2025-58189 kubernetes1.31: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2407787 [ 8 ] Bug #2408057 - CVE-2025-58189 kubernetes1.31: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408057 [ 9 ] Bug #2408314 - CVE-2025-58189 kubernetes1.31: go crypto/tls ALPN negotiation errorcontains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408314 [ 10 ] Bug #2408608 - CVE-2025-61725 kubernetes1.31: Excessive CPU consumption in ParseAddress in net/mail [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2408608 [ 11 ] Bug #2408671 - CVE-2025-61725 kubernetes1.31: Excessive CPU consumption in ParseAddress in net/mail [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408671 [ 12 ] Bug #2408729 - CVE-2025-61725 kubernetes1.31: Excessive CPU consumption in ParseAddress in net/mail [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408729 [ 13 ] Bug #2409236 - CVE-2025-61723 kubernetes1.31: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2409236 [ 14 ] Bug #2409526 - CVE-2025-61723 kubernetes1.31: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409526 [ 15 ] Bug #2409787 - CVE-2025-61723 kubernetes1.31: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409787 [ 16 ] Bug #2410201 - CVE-2025-58185 kubernetes1.31: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2410201 [ 17 ] Bug #2410476 - CVE-2025-58185 kubernetes1.31: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410476 [ 18 ] Bug #2410737 - CVE-2025-58185 kubernetes1.31: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410737 [ 19 ] Bug #2411116 - CVE-2025-58188 kubernetes1.31: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2411116 [ 20 ] Bug #2411375 -CVE-2025-58188 kubernetes1.31: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411375 [ 21 ] Bug #2411633 - CVE-2025-58188 kubernetes1.31: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411633 [ 22 ] Bug #2412568 - CVE-2025-58183 kubernetes1.31: Unbounded allocation when parsing GNU sparse map [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2412568 [ 23 ] Bug #2412587 - CVE-2025-58183 kubernetes1.31: Unbounded allocation when parsing GNU sparse map [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2412587 [ 24 ] Bug #2412802 - CVE-2025-58183 kubernetes1.31: Unbounded allocation when parsing GNU sparse map [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2412802 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4a1370ea1b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Kubernetes v1.31.14 update addresses multiple issues and safeguards Fedora 42 against significant security risks.. Kubernetes Update, Fedora Security Fix, Open Source Management, Container Scheduling, Cross-Origin Protection. . Severity: Important. LinuxSecurity.com Team
Nov 22, 2025
•Important
Fedora
89
security advisoryfedoraupdateFedora 42: podman-tui Security Advisory Update 2025-a8f5576fe3
podman-tui release v1.9.0 podman-tui release 1.8.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-a8f5576fe3 2025-10-13 00:40:04.312566+00:00 -------------------------------------------------------------------------------- Name : podman-tui Product : Fedora 42 Version : 1.9.0 Release : 1.fc42 URL : https://github.com/containers/podman-tui Summary : Podman Terminal User Interface Description : podman-tui is a terminal user interface for Podman v4 and v5. podman-tui is using podman.socket service to communicate with podman environment and SSH to connect to remote podman machines. -------------------------------------------------------------------------------- Update Information: podman-tui release v1.9.0 podman-tui release 1.8.1 -------------------------------------------------------------------------------- ChangeLog: * Sat Oct 4 2025 Navid Yaghoobi - 1.9.0-1 - Release v1.9.0 * Sun Sep 28 2025 Navid Yaghoobi - 1.8.1-1 - Release v1.8.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2398609 - CVE-2025-47910 podman-tui: CrossOriginProtection bypass in net/http [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2398609 [ 2 ] Bug #2398875 - CVE-2025-47910 podman-tui: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398875 [ 3 ] Bug #2399273 - CVE-2025-47906 podman-tui: Unexpected paths returned from LookPath in os/exec [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2399273 [ 4 ] Bug #2399552 - CVE-2025-47906 podman-tui: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399552 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade--advisory FEDORA-2025-a8f5576fe3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Oct 13, 2025
•Important
Fedora
89
security advisoryfedoraupdateCritical Update for CrossOriginProtection in Fedora 41 cri-o1.31
Update to release v1.31.13 Resolves: rhbz#2333357, rhbz#2398406, rhbz#2398661, rhbz#2399063, rhbz#2399337 Upstream fix. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-09e80a938d 2025-10-11 01:01:59.551890+00:00 -------------------------------------------------------------------------------- Name : cri-o1.31 Product : Fedora 41 Version : 1.31.13 Release : 1.fc41 URL : https://github.com/cri-o/cri-o Summary : Open Container Initiative-based implementation of Kubernetes Container Runtime Interface Description : Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. -------------------------------------------------------------------------------- Update Information: Update to release v1.31.13 Resolves: rhbz#2333357, rhbz#2398406, rhbz#2398661, rhbz#2399063, rhbz#2399337 Upstream fix -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 2 2025 Bradley G Smith - 1.31.13-1 - Update to release v1.31.13 - Resolves: rhbz#2333357, rhbz#2398406, rhbz#2398661, rhbz#2399063, rhbz#2399337 - Upstream fix -------------------------------------------------------------------------------- References: [ 1 ] Bug #2333357 - cri-o-1.34.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2333357 [ 2 ] Bug #2398406 - CVE-2025-47910 cri-o1.31: CrossOriginProtection bypass in net/http [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2398406 [ 3 ] Bug #2398661 - CVE-2025-47910 cri-o1.31: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398661 [ 4 ] Bug #2399063 - CVE-2025-47906 cri-o1.31: Unexpected paths returned from LookPath in os/exec [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2399063 [ 5 ] Bug #2399337 - CVE-2025-47906 cri-o1.31: Unexpected paths returned from LookPath in os/exec[fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399337 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-09e80a938d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Oct 11, 2025
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!