Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisoryfedoramemory exhaustionFedora 42: Latest Pack Update Resolves Security Vulnerabilities and Issues
bump to v0.38.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-387540db1f 2025-11-29 17:02:16.261388+00:00 -------------------------------------------------------------------------------- Name : pack Product : Fedora 42 Version : 0.38.2 Release : 1.fc42 URL : https://github.com/buildpacks/pack Summary : Convert code into runnable images Description : pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks. -------------------------------------------------------------------------------- Update Information: bump to v0.38.2 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2025 Lokesh Mandvekar - 0.38.2-1 - bump to v0.38.2 * Fri Oct 10 2025 Alejandro Sez - 0.32.0-9 - rebuild * Fri Aug 15 2025 Maxwell G - 0.32.0-8 - Rebuild for golang-1.25.0 * Thu Jul 24 2025 Fedora Release Engineering - 0.32.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2386310 - CVE-2025-8556 pack: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2386310 [ 2 ] Bug #2398873 - CVE-2025-47910 pack: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398873 [ 3 ] Bug #2399550 - CVE-2025-47906 pack: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399550 [ 4 ] Bug #2408083 - CVE-2025-58189 pack: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408083 [ 5 ] Bug #2409553 - CVE-2025-61723 pack: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409553 [ 6 ] Bug #2410504 - CVE-2025-58185 pack: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410504 [ 7 ] Bug #2411402 - CVE-2025-58188 pack: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411402 [ 8 ] Bug #2412812 - CVE-2025-58183 pack: Unbounded allocation when parsing GNU sparse map [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2412812 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-387540db1f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update to Fedora 42 includes important security fixes for pack affecting cloud-native build packs and functionalities.. Fedora Pack Updates, Cloud Native Buildpacks, Security Fixes, Fedora 42. . Severity: Important. LinuxSecurity.com Team
Nov 29, 2025
•Important
Fedora
89
security advisoryfedoramemory exhaustionFedora 43 Pack Critical Issues - Memory Exhaustion, CVE-2025-58185
bump to v0.38.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-20f7fd3e95 2025-11-29 16:43:28.332708+00:00 -------------------------------------------------------------------------------- Name : pack Product : Fedora 43 Version : 0.38.2 Release : 1.fc43 URL : https://github.com/buildpacks/pack Summary : Convert code into runnable images Description : pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks. -------------------------------------------------------------------------------- Update Information: bump to v0.38.2 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2025 Lokesh Mandvekar - 0.38.2-1 - bump to v0.38.2 * Fri Oct 10 2025 Alejandro Sez - 0.32.0-9 - rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2408338 - CVE-2025-58189 pack: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408338 [ 2 ] Bug #2409811 - CVE-2025-61723 pack: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409811 [ 3 ] Bug #2410761 - CVE-2025-58185 pack: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410761 [ 4 ] Bug #2411657 - CVE-2025-58188 pack: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411657 [ 5 ] Bug #2412596 - CVE-2025-58183 pack: Unbounded allocation when parsing GNU sparse map [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2412596 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su-c 'dnf upgrade --advisory FEDORA-2025-20f7fd3e95' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Addressing vulnerabilities in pack software on Fedora 43, including memory exhaustion and certificate validation.. Fedora Pack Security, Pack Memory Exhaustion, Update Pack Fedora. . Severity: Critical. LinuxSecurity.com Team
Nov 29, 2025
•Critical
Fedora
89
security advisoryFedoraDoSFedora 38 Pack Update FEDORA-2023-257f33c602 Critical: DoS Threat Fix
Fix for CVE-2023-39325. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-257f33c602 2023-11-17 01:20:09.193075 -------------------------------------------------------------------------------- Name : pack Product : Fedora 38 Version : 0.32.0 Release : 1.fc38 URL : https://github.com/buildpacks/pack Summary : Convert code into runnable images Description : pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks. -------------------------------------------------------------------------------- Update Information: Fix for CVE-2023-39325 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 8 2023 RH Container Bot - 0.32.0-1 - auto bump to v0.32.0 * Thu Jul 20 2023 Fedora Release Engineering - 0.30.0~pre2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2248399 - pack: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2248399 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-257f33c602' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 17, 2023
•Critical
Fedora
89
security advisorycriticalFedoraFedora 37: FEDORA-2023-5029b92850 Critical Pack Fix for Stream Issues
fix for CVE-2023-39325. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-5029b92850 2023-11-17 01:10:00.161797 -------------------------------------------------------------------------------- Name : pack Product : Fedora 37 Version : 0.32.0 Release : 1.fc37 URL : https://github.com/buildpacks/pack Summary : Convert code into runnable images Description : pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks. -------------------------------------------------------------------------------- Update Information: fix for CVE-2023-39325 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 8 2023 RH Container Bot - 0.32.0-1 - auto bump to v0.32.0 * Thu Jul 20 2023 Fedora Release Engineering - 0.30.0~pre2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2248399 - pack: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2248399 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-5029b92850' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 17, 2023
•Critical
Fedora
89
security advisoryFedorasecurity fixFedora 37: FEDORA-2023-2df9d60e4c Moderate: Pack Memory Growth Fix
Security fix for CVE-2022-41717 ---- Resolves: 2161300 - set _fortify_level 3. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-2df9d60e4c 2023-03-18 04:57:44.403022 --------------------------------------------------------------------------------Name : pack Product : Fedora 37 Version : 0.29.0~rc1 Release : 1.fc37 URL : https://github.com/buildpacks/pack Summary : Convert code into runnable images Description : pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2022-41717 ---- Resolves: 2161300 - set _fortify_level 3 --------------------------------------------------------------------------------ChangeLog: * Wed Mar 8 2023 Lokesh Mandvekar - 0.29.0~rc1-1 - bump to v0.29.0-rc1 * Wed Mar 8 2023 Lokesh Mandvekar - 0.28.0-3 - Revert "Resolves: #2161300 - set _fortify_level 3" * Mon Mar 6 2023 Lokesh Mandvekar - 0.28.0-2 - Resolves: #2161300 - set _fortify_level 3 * Mon Mar 6 2023 Lokesh Mandvekar - 0.28.0-1 - bump to v0.28.0 * Mon Mar 6 2023 Lokesh Mandvekar - 0.28.0~rc2-4 - fix build flags specification * Mon Mar 6 2023 Lokesh Mandvekar - 0.28.0~rc2-3 - migrated to SPDX license * Thu Jan 19 2023 Fedora Release Engineering - 0.28.0~rc2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Mon Dec 12 2022 RH Container Bot - 0.28.0~rc2-1 - auto bump to v0.28.0-rc2 * Mon Oct 10 2022 Lokesh Mandvekar - 0.27.0-7 - update autosetup * Mon Oct 10 2022 Lokesh Mandvekar - 0.27.0-6 - add macros for getting correct version and add comment about Source0 tarball * Wed Aug 17 2022 Lokesh Mandvekar - 0.27.0-5 - use built_tag_strip macro instead of built_tag for rhcontainerbot autobuilder --------------------------------------------------------------------------------References: [ 1 ] Bug #2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests https://bugzilla.redhat.com/show_bug.cgi?id=2161274 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-2df9d60e4c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 18, 2023
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!