FEDORA-EPEL-2026-aba9cbc84b — security update for apptainer

stable

apptainer-1.4.5-3.el10_1

FEDORA-EPEL-2026-aba9cbc84b created by dwd 2 months ago for Fedora EPEL 10.1

Enable FIPS support. This was built with golang-1.25.7 so it also fixes these CVE's based on older golang versions: CVE-2025-61723, CVE-2025-61725, CVE-2025-58183, CVE-2025-58185, CVE-2025-58188, and CVE-2025-58189.

This update has been submitted for testing by dwd.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

dwd edited this update.

2 months ago

This update has been pushed to testing.

2 months ago

This update has been submitted for stable by bodhi.

a month ago

This update has been pushed to stable.

a month ago

Please log in to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

2 months ago

in testing

2 months ago

in stable

a month ago

modified

2 months ago

approved

a month ago

Builds

apptainer-1.4.5-3.el10_1

BZ#2407465 CVE-2025-58189 apptainer: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10]

BZ#2408523 CVE-2025-61725 apptainer: Excessive CPU consumption in ParseAddress in net/mail [epel-10]

BZ#2408910 CVE-2025-61723 apptainer: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10]

BZ#2409855 CVE-2025-58185 apptainer: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10]

BZ#2410799 CVE-2025-58188 apptainer: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10]

BZ#2412476 CVE-2025-58183 apptainer: Unbounded allocation when parsing GNU sparse map [epel-all]

BZ#2437258 Apptainer is compiled without FIPS support

apptainer-1.4.5-3.el10_1

Automated Test Results

ignored