FEDORA-2025-3ccd4113df — security update for buildah

obsolete

buildah-1.42.0-3.fc42

FEDORA-2025-3ccd4113df created by lsm5 a week ago for Fedora 42

Rebuild for security fixes in golang

bump to v1.42.0

This update has been submitted for testing by lsm5.

a week ago

This update's test gating status has been changed to 'waiting'.

a week ago

This update's test gating status has been changed to 'waiting'.

a week ago

This update has obsoleted buildah-1.42.0-1.fc42, and has inherited its bugs and notes.

a week ago

This update's test gating status has been changed to 'passed'.

a week ago

This update has been pushed to testing.

a week ago

filiperosset commented & provided feedback 5 days ago

karma

no regressions noted

lsm5 edited this update.

5 days ago

This update has been obsoleted by buildah-1.42.1-1.fc42.

4 hours ago

Please log in to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

passed

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

14 days

Thresholds

Minimum Karma

Minimum Testing

14 days

Dates

submitted

a week ago

in testing

a week ago

modified

5 days ago

Builds

buildah-1.42.0-3.fc42

BZ#2407848 CVE-2025-58189 buildah: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]

BZ#2408629 CVE-2025-61725 buildah: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]

BZ#2409315 CVE-2025-61723 buildah: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]

BZ#2410267 CVE-2025-58185 buildah: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]

BZ#2411179 CVE-2025-58188 buildah: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]

BZ#2412746 CVE-2025-58183 buildah: Unbounded allocation when parsing GNU sparse map [fedora-42]

buildah-1.42.0-3.fc42

Automated Test Results

passed