Explore top 10 tips to secure your open-source projects now. Read More
×
Security fixes Bumped the minimum github.com/go-viper/mapstructure/v2 version to 2.3.0 for GHSA-fv92-fjc5-jj9h or GO-2025-3787 Bumped the minimum github.com/NVIDIA/nvidia-container-toolkit version to 1.17.8 for CVE-2025-23266 and CVE-2025-23267. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e41c694c83 2025-08-11 17:03:33.367585+00:00 -------------------------------------------------------------------------------- Name : toolbox Product : Fedora 42 Version : 0.2 Release : 1.fc42 URL : https://containertoolbx.org/ Summary : Tool for interactive command line environments on Linux Description : Toolbx is a tool for Linux, which allows the use of interactive command line environments for software development and troubleshooting the host operating system, without having to install software on the host. It is built on top of Podman and other standard container technologies from OCI. Toolbx environments have seamless access to the user's home directory, the Wayland and X11 sockets, networking (including Avahi), removable devices (like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev database, etc.. -------------------------------------------------------------------------------- Update Information: Security fixes Bumped the minimum github.com/go-viper/mapstructure/v2 version to 2.3.0 for GHSA-fv92-fjc5-jj9h or GO-2025-3787 Bumped the minimum github.com/NVIDIA/nvidia-container-toolkit version to 1.17.8 for CVE-2025-23266 and CVE-2025-23267 Bug fixes Improved error handling when creating symbolic links inside the container to initialize it Preserved environment variables set by a KDE session and Konsole Unbroke access to CA certificates in sshd(8) sessions (regression in 0.1.2) Unbroke overriding the HOME variable (regression in 0.0.90) Dependencies Bumped the minimum Go version to1.22 -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 9 2025 Debarshi Ray - 0.2-1 - Update to 0.2 - Fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2375632 - toolbox: mapstructure May Leak Sensitive Information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2375632 [ 2 ] Bug #2382220 - CVE-2025-23266 toolbox: Privilege Escalation via Hook Initialization in NVIDIA Container Toolkit [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2382220 [ 3 ] Bug #2387403 - toolbox-0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2387403 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e41c694c83' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:152-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.133 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.133 Severity : low Type : security References : 1217969 CVE-2023-39804 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:70-1 Released: Tue Jan 9 18:29:39 2024 Summary: Security update for tar Type: security Severity: low References: 1217969,CVE-2023-39804 This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). The following package changes have been done: - tar-1.34-150000.3.34.1 updated - container:sles15-image-15.0.0-36.5.71 updated . SUSE Container Security Bulletin for suse/sle-micro/5.5/toolkit resolves several low-level vulnerabilities via a tar compression update.. SUSE Container Update, Tar Patch, Toolbox Security, Low Severity Update. . Severity: Low. LinuxSecurity.com Team
The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:151-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.349 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.349 Severity : low Type : security References : 1217969 CVE-2023-39804 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:70-1 Released: Tue Jan 9 18:29:39 2024 Summary: Security update for tar Type: security Severity: low References: 1217969,CVE-2023-39804 This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). The following package changes have been done: - tar-1.34-150000.3.34.1 updated . SUSE Container Update for suse/sle-micro/5.3/toolbox addresses security issues identified in the latest patch releases.. SUSE Security Update, Container Patch, Tar Security Fix, SUSE Toolbox Update. . Severity: Low. LinuxSecurity.com Team
The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4310-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.339 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.339 Severity : important Type : security References : 1201384 1216987 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4963-1 Released: Fri Dec 22 14:37:08 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) The following package changes have been done: - libcurl4-7.66.0-150200.4.66.1 updated - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-17.20.229 updated . The latest Container Update Announcement from SUSE for suse/sle-micro/5.2 toolbox introduces essential security updates that address significant vulnerabilities.. SUSEContainer Update, Toolbox Security Update, Security Patches, CVE-2023-50495. . Severity: Important. LinuxSecurity.com Team
The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4187-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.512 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.512 Severity : moderate Type : security References : 1216862 1217212 1217573 CVE-2023-46218 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4713-1 Released: Mon Dec 11 13:23:12 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,CVE-2023-46218 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-7.66.0-150200.4.63.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated -libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-17.20.226 updated . SUSE Container Release: suse/sle-micro/5.1/toolbox introduces crucial security patches and improvements across multiple software components.. SUSE Container Update, Curl Fixes, GPG2 Update, SLE Micro Toolbox. . LinuxSecurity.com Team
The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4126-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.333 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.333 Severity : moderate Type : security References : 1216862 1217212 1217573 CVE-2023-46218 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4713-1 Released: Mon Dec 11 13:23:12 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,CVE-2023-46218 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-7.66.0-150200.4.63.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated -libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-17.20.225 updated . SUSE Container Update Notification: suse/sle-micro/5.2/toolbox features enhancements and remedial measures for multiple elements.. SUSE Container Security, Toolbox Update, Curl Fixes. . LinuxSecurity.com Team
The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4097-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.117 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.117 Severity : moderate Type : security References : 1216862 1217212 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - gpg2-2.2.27-150300.3.8.1updated - libcurl4-8.0.1-150400.5.36.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.63 updated . Important notice on critical security vulnerabilities in SUSE Container image suse/sle-micro/5.5. Review and update your deployments promptly for security. SUSE Container Update, security patches, CURL Fix, Toolbox SLE Micro. . Severity: Important. LinuxSecurity.com Team
The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4041-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.270 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.270 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - groff-1.22.4-150400.5.2.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libpipeline1-1.4.1-150000.3.2.1 updated - man-2.7.6-150100.8.5.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-man-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-27.14.125 updated . SUSE ContainerEnhancement Alert regarding toolbox involves essential security patches and rectifications for curl security loopholes.. SUSE Container Update,Curl Fix,Toolbox Security,SUSE Advisory,Moderate Severity. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.