Fedora 42 Update: golang-github-projectdiscovery-mapcidr-1.1.97-1.fc42
Fedora 42 Update: kustomize-5.8.0-1.fc42
Fedora 42 Update: duc-1.4.6-1.fc42
Fedora 43 Update: golang-github-projectdiscovery-mapcidr-1.1.97-1.fc43
Fedora 43 Update: kustomize-5.8.0-1.fc43
[SECURITY] Fedora 42 Update: golang-github-projectdiscovery-mapcidr-1.1.97-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-73b0006102
2025-12-31 01:09:31.157727+00:00
--------------------------------------------------------------------------------
Name : golang-github-projectdiscovery-mapcidr
Product : Fedora 42
Version : 1.1.97
Release : 1.fc42
URL : https://github.com/projectdiscovery/mapcidr
Summary : Utility for operations on subnet/CIDR ranges
Description :
Utility program to perform multiple operations for a given subnet/CIDR ranges.
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.97
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 29 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.1.97-1
- Update to 1.1.97 - Closes rhbz#2397790
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1.1.94-4
- rebuild
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 1.1.94-3
- Rebuild for golang-1.25.0
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.1.94-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391661 - CVE-2025-58058 golang-github-projectdiscovery-mapcidr: github.com/ulikunitz/xz leaks memory [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391661
[ 2 ] Bug #2398775 - CVE-2025-47910 golang-github-projectdiscovery-mapcidr: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398775
[ 3 ] Bug #2399446 - CVE-2025-47906 golang-github-projectdiscovery-mapcidr: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399446
[ 4 ] Bug #2403155 - CVE-2025-11579 golang-github-projectdiscovery-mapcidr: RarDecode Out Of Memory Crash [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2403155
[ 5 ] Bug #2407976 - CVE-2025-58189 golang-github-projectdiscovery-mapcidr: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2407976
[ 6 ] Bug #2409446 - CVE-2025-61723 golang-github-projectdiscovery-mapcidr: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409446
[ 7 ] Bug #2410397 - CVE-2025-58185 golang-github-projectdiscovery-mapcidr: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410397
[ 8 ] Bug #2411297 - CVE-2025-58188 golang-github-projectdiscovery-mapcidr: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2411297
[ 9 ] Bug #2412780 - CVE-2025-58183 golang-github-projectdiscovery-mapcidr: Unbounded allocation when parsing GNU sparse map [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2412780
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-73b0006102' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: kustomize-5.8.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a887e86abc
2025-12-31 01:09:31.157724+00:00
--------------------------------------------------------------------------------
Name : kustomize
Product : Fedora 42
Version : 5.8.0
Release : 1.fc42
URL : https://github.com/kubernetes-sigs/kustomize
Summary : Customization of kubernetes YAML configurations
Description :
Customization of kubernetes YAML configurations.
--------------------------------------------------------------------------------
Update Information:
Update to 5.8.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 29 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 5.8.0-1
- Update to 5.8.0 - Closes rhbz#2413654
* Fri Oct 10 2025 Maxwell G [maxwell@gtmx.me] - 5.7.1-3
- Rebuild for golang 1.25.2
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 5.7.1-2
- Rebuild for golang-1.25.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2390876 - kustomize: go-viper's mapstructure May Leak Sensitive Information in Logs [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2390876
[ 2 ] Bug #2398851 - CVE-2025-47910 kustomize: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398851
[ 3 ] Bug #2399525 - CVE-2025-47906 kustomize: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399525
[ 4 ] Bug #2399724 - CVE-2025-11065 kustomize: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399724
[ 5 ] Bug #2408061 - CVE-2025-58189 kustomize: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2408061
[ 6 ] Bug #2408675 - CVE-2025-61725 kustomize: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2408675
[ 7 ] Bug #2409530 - CVE-2025-61723 kustomize: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409530
[ 8 ] Bug #2410481 - CVE-2025-58185 kustomize: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410481
[ 9 ] Bug #2411379 - CVE-2025-58188 kustomize: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2411379
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a887e86abc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: duc-1.4.6-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d73e0a567d
2025-12-31 01:09:31.157697+00:00
--------------------------------------------------------------------------------
Name : duc
Product : Fedora 42
Version : 1.4.6
Release : 1.fc42
URL : https://duc.zevv.nl/
Summary : Disk usage tools
Description :
Duc is a collection of tools for indexing, inspecting and visualizing
disk usage. Duc maintains a database of accumulated sizes of directories
of the file system, and allows you to query this database with some tools,
or create fancy graphs showing you where your bytes are.
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.6: fixes CVE-2025-13654
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 17 2025 Jens Petersen [petersen@redhat.com] - 1.4.6-1
- Update to 1.4.6: fixes CVE-2025-13654
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.4.5-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2423079 - CVE-2025-13654 duc: duc: Stack Buffer Overflow in buffer_get function [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423079
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d73e0a567d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: golang-github-projectdiscovery-mapcidr-1.1.97-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1ba6ab39aa
2025-12-31 00:50:28.074958+00:00
--------------------------------------------------------------------------------
Name : golang-github-projectdiscovery-mapcidr
Product : Fedora 43
Version : 1.1.97
Release : 1.fc43
URL : https://github.com/projectdiscovery/mapcidr
Summary : Utility for operations on subnet/CIDR ranges
Description :
Utility program to perform multiple operations for a given subnet/CIDR ranges.
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.97
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 29 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.1.97-1
- Update to 1.1.97 - Closes rhbz#2397790
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1.1.94-4
- rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2408244 - CVE-2025-58189 golang-github-projectdiscovery-mapcidr: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408244
[ 2 ] Bug #2409715 - CVE-2025-61723 golang-github-projectdiscovery-mapcidr: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409715
[ 3 ] Bug #2410668 - CVE-2025-58185 golang-github-projectdiscovery-mapcidr: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410668
[ 4 ] Bug #2411564 - CVE-2025-58188 golang-github-projectdiscovery-mapcidr: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411564
[ 5 ] Bug #2412699 - CVE-2025-58183 golang-github-projectdiscovery-mapcidr: Unbounded allocation when parsing GNU sparse map [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2412699
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1ba6ab39aa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: kustomize-5.8.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ecfd96d6a3
2025-12-31 00:50:28.074953+00:00
--------------------------------------------------------------------------------
Name : kustomize
Product : Fedora 43
Version : 5.8.0
Release : 1.fc43
URL : https://github.com/kubernetes-sigs/kustomize
Summary : Customization of kubernetes YAML configurations
Description :
Customization of kubernetes YAML configurations.
--------------------------------------------------------------------------------
Update Information:
Update to 5.8.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 29 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 5.8.0-1
- Update to 5.8.0 - Closes rhbz#2413654
* Fri Oct 10 2025 Maxwell G [maxwell@gtmx.me] - 5.7.1-3
- Rebuild for golang 1.25.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2408318 - CVE-2025-58189 kustomize: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408318
[ 2 ] Bug #2408733 - CVE-2025-61725 kustomize: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408733
[ 3 ] Bug #2409791 - CVE-2025-61723 kustomize: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409791
[ 4 ] Bug #2410741 - CVE-2025-58185 kustomize: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410741
[ 5 ] Bug #2411637 - CVE-2025-58188 kustomize: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411637
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ecfd96d6a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
