FEDORA-2025-121049bbf7 — security update for opentofu

stable

opentofu-1.9.1-1.fc43

FEDORA-2025-121049bbf7 created by mikelo2 7 months ago for Fedora 43

Automatic update for opentofu-1.9.1-1.fc43.

Changelog

* Wed May 14 2025 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 1.9.1-1
- Update to 1.9.1 - Closes rhbz#2362077 rhbz#2354430 rhbz#2352319
  rhbz#2350839 rhbz#2348836 rhbz#2339349

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-121049bbf7

This update was automatically created

7 months ago

This update's test gating status has been changed to 'ignored'.

7 months ago

This update's test gating status has been changed to 'waiting'.

7 months ago

This update's test gating status has been changed to 'ignored'.

7 months ago

This update has been submitted for stable by bodhi

7 months ago

Please log in to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

disabled

Stable by Time

0 days

Dates

submitted

7 months ago

in testing

7 months ago

in stable

7 months ago

approved

7 months ago

Builds

opentofu-1.9.1-1.fc43

BZ#2339349 CVE-2025-0377 opentofu: HashiCorp go-slug Vulnerable to Zip Slip Attack [fedora-41]

BZ#2348836 CVE-2025-22868 opentofu: Unexpected memory consumption during token parsing in golang.org/x/oauth2 [fedora-41]

BZ#2350839 CVE-2025-22869 opentofu: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [fedora-41]

BZ#2352319 CVE-2025-22870 opentofu: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [fedora-41]

BZ#2354430 CVE-2025-30204 opentofu: jwt-go allows excessive memory allocation during header parsing [fedora-41]

BZ#2362077 opentofu-1.9.1 is available

opentofu-1.9.1-1.fc43

Automated Test Results

ignored