Stay Secure with the Latest Linux Advisories

security advisoryfedoracritical

Fedora 43: Critical Advisory for Excessive CPU Usage with chezmoi

Update to 2.68.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-28e625afa6 2025-12-26 00:43:51.117598+00:00 -------------------------------------------------------------------------------- Name : chezmoi Product : Fedora 43 Version : 2.68.1 Release : 1.fc43 URL : https://github.com/twpayne/chezmoi Summary : Manage your dotfiles across multiple diverse machines Description : Manage your dotfiles across multiple diverse machines, securely. -------------------------------------------------------------------------------- Update Information: Update to 2.68.1 -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 17 2025 Mikel Olasagasti Uranga - 2.68.1-1 - Update to 2.68.1 - Closes rhbz#2394285 * Fri Oct 10 2025 Maxwell G - 2.63.1-2 - Rebuild for golang 1.25.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2408131 - CVE-2025-58189 chezmoi: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408131 [ 2 ] Bug #2408695 - CVE-2025-61725 chezmoi: Excessive CPU consumption in ParseAddress in net/mail [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408695 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-28e625afa6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . CVE-2025-58189 and CVE-2025-61725 impact chezmoi on Fedora 43. Install update 2.68.1 for security fixes.. chezmoi update. . Severity: Critical. LinuxSecurity.com Team

Dec 26, 2025 •Critical Fedora