Fedora 41 has received an update for the Kubernetes package (kubernetes1.32), which includes fixes for 24 security vulnerabilities and resolves multiple bugs. The update can be installed using the "dnf" command, and all packages are signed with the Fedora Project GPG key. Separately, Fedora 43 has also received an update for the gnutls package, which includes a fix for CVE-2025-9820 and various enhancements in version 3.8.11.

Fedora 41 Update: kubernetes1.32-1.32.10-2.fc41
Fedora 43 Update: gnutls-3.8.11-1.fc43

[SECURITY] Fedora 41 Update: kubernetes1.32-1.32.10-2.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-547f14aef4
2025-11-23 01:22:23.613172+00:00
--------------------------------------------------------------------------------

Name : kubernetes1.32
Product : Fedora 41
Version : 1.32.10
Release : 2.fc41
URL : https://github.com/kubernetes/kubernetes
Summary : Open Source Production-Grade Container Scheduling And Management Platform
Description :

Production-Grade Container Scheduling and Management.
Installs kubelet, the kubernetes agent on each machine in a
cluster. The kubernetes-client sub-package,
containing kubectl, is recommended but not strictly required.
The kubernetes-client sub-package should be installed on
control plane machines.

--------------------------------------------------------------------------------
Update Information:

Update to release v1.32.10
Resolves: rhbz#2414539
Resolves: rhbz#2398587, rhbz#2398848, rhbz#2399249, rhbz#2399522
Resolves: rhbz#2399703, rhbz#2399721, rhbz#2407788, rhbz#2408058
Resolves: rhbz#2408315, rhbz#2408609, rhbz#2408672, rhbz#2408730
Resolves: rhbz#2409237, rhbz#2409527, rhbz#2409788, rhbz#2410202
Resolves: rhbz#2410477, rhbz#2410738, rhbz#2411117, rhbz#2411376
Resolves: rhbz#2411634, rhbz#2412569, rhbz#2412588, rhbz#2412803
Upstream fixes
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 12 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 1.32.10-1
- Update to release v1.32.10
- Resolves: rhbz#2414539
- Resolves: rhbz#2398587, rhbz#2398848, rhbz#2399249, rhbz#2399522
- Resolves: rhbz#2399703, rhbz#2399721, rhbz#2407788, rhbz#2408058
- Resolves: rhbz#2408315, rhbz#2408609, rhbz#2408672, rhbz#2408730
- Resolves: rhbz#2409237, rhbz#2409527, rhbz#2409788, rhbz#2410202
- Resolves: rhbz#2410477, rhbz#2410738, rhbz#2411117, rhbz#2411376
- Resolves: rhbz#2411634, rhbz#2412569, rhbz#2412588, rhbz#2412803
- Upstream fixes
* Wed Nov 12 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 1.32.9-2
- Revise template
- Remove transition artifacts - from non-versioned kubernetes
- Remove unneeded network rpms
- Remove duplicate requires
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2398587 - CVE-2025-47910 kubernetes1.32: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398587
[ 2 ] Bug #2398848 - CVE-2025-47910 kubernetes1.32: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398848
[ 3 ] Bug #2399249 - CVE-2025-47906 kubernetes1.32: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399249
[ 4 ] Bug #2399522 - CVE-2025-47906 kubernetes1.32: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399522
[ 5 ] Bug #2399703 - CVE-2025-11065 kubernetes1.32: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399703
[ 6 ] Bug #2399721 - CVE-2025-11065 kubernetes1.32: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399721
[ 7 ] Bug #2407788 - CVE-2025-58189 kubernetes1.32: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2407788
[ 8 ] Bug #2408058 - CVE-2025-58189 kubernetes1.32: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2408058
[ 9 ] Bug #2408315 - CVE-2025-58189 kubernetes1.32: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408315
[ 10 ] Bug #2408609 - CVE-2025-61725 kubernetes1.32: Excessive CPU consumption in ParseAddress in net/mail [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2408609
[ 11 ] Bug #2408672 - CVE-2025-61725 kubernetes1.32: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2408672
[ 12 ] Bug #2408730 - CVE-2025-61725 kubernetes1.32: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408730
[ 13 ] Bug #2409237 - CVE-2025-61723 kubernetes1.32: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2409237
[ 14 ] Bug #2409527 - CVE-2025-61723 kubernetes1.32: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409527
[ 15 ] Bug #2409788 - CVE-2025-61723 kubernetes1.32: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409788
[ 16 ] Bug #2410202 - CVE-2025-58185 kubernetes1.32: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2410202
[ 17 ] Bug #2410477 - CVE-2025-58185 kubernetes1.32: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410477
[ 18 ] Bug #2410738 - CVE-2025-58185 kubernetes1.32: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410738
[ 19 ] Bug #2411117 - CVE-2025-58188 kubernetes1.32: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2411117
[ 20 ] Bug #2411376 - CVE-2025-58188 kubernetes1.32: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2411376
[ 21 ] Bug #2411634 - CVE-2025-58188 kubernetes1.32: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411634
[ 22 ] Bug #2412569 - CVE-2025-58183 kubernetes1.32: Unbounded allocation when parsing GNU sparse map [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2412569
[ 23 ] Bug #2412588 - CVE-2025-58183 kubernetes1.32: Unbounded allocation when parsing GNU sparse map [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2412588
[ 24 ] Bug #2412803 - CVE-2025-58183 kubernetes1.32: Unbounded allocation when parsing GNU sparse map [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2412803
[ 25 ] Bug #2414539 - kubernetes1.32-1.34.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2414539
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-547f14aef4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: gnutls-3.8.11-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-45b1844342
2025-11-23 00:55:54.112177+00:00
--------------------------------------------------------------------------------

Name : gnutls
Product : Fedora 43
Version : 3.8.11
Release : 1.fc43
URL : http://www.gnutls.org/
Summary : A TLS protocol implementation
Description :
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.

--------------------------------------------------------------------------------
Update Information:

Update to the 3.8.11 release with a fix for CVE-2025-9820 and several
enhancements.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2025 Daiki Ueno [dueno@redhat.com] - 3.8.11-1
- Update to 3.8.11 upstream release
- Resolves: rhbz#2416041
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2388236 - [abrt] Crash under gnutls_x509_trust_list_verify_crt2() (accessing GnuTLS internals from multiple threads at the same time)
https://bugzilla.redhat.com/show_bug.cgi?id=2388236
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-45b1844342' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--