FEDORA-2025-04cf139ee2 — security update for docker-buildx

stable

docker-buildx-0.30.1-1.fc42

FEDORA-2025-04cf139ee2 created by buckaroogeek 4 months ago for Fedora 42

Update to release v0.30.1
Upstream fix

Update to release v0.30.0
Resolves: #2413270
Resolves: #2407614, #2407881, #2408158, #2409066
Resolves: #2409350, #2409628, #2410014, #2410300
Resolves: #2410579, #2410946, #2411477, #2412381
Resolves: #2412530, #2412682, #2412762
Upstream new features and fixes

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-04cf139ee2

This update has been submitted for testing by buckaroogeek.

4 months ago

This update's test gating status has been changed to 'ignored'.

4 months ago

This update has obsoleted docker-buildx-0.30.0-1.fc42, and has inherited its bugs and notes.

4 months ago

This update has been pushed to testing.

4 months ago

maketopsite provided feedback 4 months ago

karma

This update can be pushed to stable now if the maintainer wishes

4 months ago

This update has been submitted for stable by bodhi.

4 months ago

This update has been pushed to stable.

4 months ago

Please log in to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

4 months ago

in testing

4 months ago

in stable

4 months ago

approved

4 months ago

Builds

docker-buildx-0.30.1-1.fc42

BZ#2407614 CVE-2025-58189 docker-buildx: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41]

BZ#2407881 CVE-2025-58189 docker-buildx: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]

BZ#2408158 CVE-2025-58189 docker-buildx: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]

BZ#2409066 CVE-2025-61723 docker-buildx: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-41]

BZ#2409350 CVE-2025-61723 docker-buildx: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]

BZ#2409628 CVE-2025-61723 docker-buildx: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]

BZ#2410014 CVE-2025-58185 docker-buildx: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-41]

BZ#2410300 CVE-2025-58185 docker-buildx: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]

BZ#2410579 CVE-2025-58185 docker-buildx: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]

BZ#2410946 CVE-2025-58188 docker-buildx: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-41]

BZ#2411477 CVE-2025-58188 docker-buildx: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]

BZ#2412381 CVE-2025-58188 docker-buildx: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]

BZ#2412530 CVE-2025-58183 docker-buildx: Unbounded allocation when parsing GNU sparse map [fedora-41]

BZ#2412682 CVE-2025-58183 docker-buildx: Unbounded allocation when parsing GNU sparse map [fedora-43]

BZ#2412762 CVE-2025-58183 docker-buildx: Unbounded allocation when parsing GNU sparse map [fedora-42]

BZ#2413270 docker-buildx-0.30.0 is available

docker-buildx-0.30.1-1.fc42

Automated Test Results

ignored