Three updates have been released for Fedora, including one security update for the log4cxx package. The log4cxx update fixes two vulnerabilities (CVE-2025-54813 and CVE-2025-22838) and brings the package to version 1.5.0. Additionally, there are two separate updates for the docker-buildx package, which bring it to version 0.29.1 and fix various security issues.

Fedora 42 Update: docker-buildx-0.29.1-1.fc42
Fedora 41 Update: docker-buildx-0.29.1-1.fc41
Fedora 41 Update: log4cxx-1.5.0-1.fc41

[SECURITY] Fedora 42 Update: docker-buildx-0.29.1-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0aaef4df82
2025-10-12 01:23:11.460136+00:00
--------------------------------------------------------------------------------

Name : docker-buildx
Product : Fedora 42
Version : 0.29.1
Release : 1.fc42
URL : https://github.com/docker/buildx
Summary : Docker CLI plugin for extended build capabilities with BuildKit
Description :
Docker CLI plugin for extended build capabilities with BuildKit.

--------------------------------------------------------------------------------
Update Information:

Update to release v0.29.1
Upstream fixes
Update to release v0.29.0
Resolves: rhbz#2397747, rhbz#2398425, rhbz#2398679, rhbz#2399082,
rhbz#2399355
Upstream new features and fixes
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 3 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 0.29.1-1
- Update to release v0.29.1
- Upstream fixes
* Tue Sep 30 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 0.29.0-1
- Update to release v0.29.0
- Resolves: rhbz#2397747, rhbz#2398425, rhbz#2398679, rhbz#2399082,
rhbz#2399355
- Upstream new features and fixes
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2397747 - docker-buildx-0.29.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2397747
[ 2 ] Bug #2398425 - CVE-2025-47910 docker-buildx: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398425
[ 3 ] Bug #2398679 - CVE-2025-47910 docker-buildx: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398679
[ 4 ] Bug #2399082 - CVE-2025-47906 docker-buildx: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399082
[ 5 ] Bug #2399355 - CVE-2025-47906 docker-buildx: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399355
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0aaef4df82' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: docker-buildx-0.29.1-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-455aa01b65
2025-10-12 01:09:51.211561+00:00
--------------------------------------------------------------------------------

Name : docker-buildx
Product : Fedora 41
Version : 0.29.1
Release : 1.fc41
URL : https://github.com/docker/buildx
Summary : Docker CLI plugin for extended build capabilities with BuildKit
Description :
Docker CLI plugin for extended build capabilities with BuildKit.

--------------------------------------------------------------------------------
Update Information:

Update to release v0.29.1
Upstream fixes
Update to release v0.29.0
Resolves: rhbz#2397747, rhbz#2398425, rhbz#2398679, rhbz#2399082,
rhbz#2399355
Upstream new features and fixes
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 3 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 0.29.1-1
- Update to release v0.29.1
- Upstream fixes
* Tue Sep 30 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 0.29.0-1
- Update to release v0.29.0
- Resolves: rhbz#2397747, rhbz#2398425, rhbz#2398679, rhbz#2399082,
rhbz#2399355
- Upstream new features and fixes
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2397747 - docker-buildx-0.29.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2397747
[ 2 ] Bug #2398425 - CVE-2025-47910 docker-buildx: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398425
[ 3 ] Bug #2398679 - CVE-2025-47910 docker-buildx: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398679
[ 4 ] Bug #2399082 - CVE-2025-47906 docker-buildx: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399082
[ 5 ] Bug #2399355 - CVE-2025-47906 docker-buildx: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399355
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-455aa01b65' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: log4cxx-1.5.0-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1b48c1a920
2025-10-12 01:09:51.211551+00:00
--------------------------------------------------------------------------------

Name : log4cxx
Product : Fedora 41
Version : 1.5.0
Release : 1.fc41
URL : http://logging.apache.org/log4cxx/index.html
Summary : A port to C++ of the Log4j project
Description :
Log4cxx is a popular logging package written in C++. One of its distinctive
features is the notion of inheritance in loggers. Using a logger hierarchy it
is possible to control which log statements are output at arbitrary
granularity. This helps reduce the volume of logged output and minimize the
cost of logging.

--------------------------------------------------------------------------------
Update Information:

Update to 1.5.0, fix CVE-2025-54813, CVE-2025-22838
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 3 2025 Till Hofmann [thofmann@fedoraproject.org] - 1.5.0-1
- Update to 1.5.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2393061 - CVE-2025-54812 log4cxx: Log4cxx HTMLLayout XSS Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2393061
[ 2 ] Bug #2393132 - CVE-2025-54813 log4cxx: Log4cxx: Improper JSON Output Neutralization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2393132
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1b48c1a920' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--