|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2025-ebd4913540 (runc)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 43 Update: runc-1.3.3-1.fc43


Date:
              Fri, 14 Nov 2025 01:28:54 +0000


Message-ID:
              <20251114012854.219776B6D3@bastion01.rdu3.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ebd4913540
2025-11-14 01:25:41.063350+00:00
--------------------------------------------------------------------------------

Name        : runc
Product     : Fedora 43
Version     : 1.3.3
Release     : 1.fc43
URL         : https://github.com/opencontainers/runc
Summary     : CLI for running Open Containers
Description :
The runc command can be used to start containers which are packaged
in accordance with the Open Container Initiative's specifications,
and to manage containers running under runc.

--------------------------------------------------------------------------------
Update Information:

Update to release v1.3.3
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  5 2025 Bradley G Smith <bradley.g.smith@gmail.com> - 2:1.3.3-1
- Update to release v1.3.3
- Resolves: rhbz#2411664, rhbz#2411410, rhbz#2411148
- Resolves: rbhz#2410768, rhbz#2410512, rhbz#2410233
- Resolves: rhbz#2409818, rhbz#2409561, rhbz#2409284
- Resolves: rhbz#2408345, rhbz#2408091, rhbz#2407818
- Security. Fixes CVE-2025-31133, CVE-2025-52565, CVE-2025-52881
- Upstream new feature
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2407818 - CVE-2025-58189 runc: go crypto/tls ALPN negotiation error contains attacker
controlled information [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2407818
  [ 2 ] Bug #2408091 - CVE-2025-58189 runc: go crypto/tls ALPN negotiation error contains attacker
controlled information [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2408091
  [ 3 ] Bug #2408345 - CVE-2025-58189 runc: go crypto/tls ALPN negotiation error contains attacker
controlled information [fedora-43]
        https://bugzilla.redhat.com/show_bug.cgi?id=2408345
  [ 4 ] Bug #2409284 - CVE-2025-61723 runc: Quadratic complexity when parsing some invalid inputs
in encoding/pem [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2409284
  [ 5 ] Bug #2409561 - CVE-2025-61723 runc: Quadratic complexity when parsing some invalid inputs
in encoding/pem [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2409561
  [ 6 ] Bug #2409818 - CVE-2025-61723 runc: Quadratic complexity when parsing some invalid inputs
in encoding/pem [fedora-43]
        https://bugzilla.redhat.com/show_bug.cgi?id=2409818
  [ 7 ] Bug #2411148 - CVE-2025-58188 runc: Panic when validating certificates with DSA public keys
in crypto/x509 [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2411148
  [ 8 ] Bug #2411410 - CVE-2025-58188 runc: Panic when validating certificates with DSA public keys
in crypto/x509 [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2411410
  [ 9 ] Bug #2411664 - CVE-2025-58188 runc: Panic when validating certificates with DSA public keys
in crypto/x509 [fedora-43]
        https://bugzilla.redhat.com/show_bug.cgi?id=2411664
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ebd4913540' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds