The toolbox package for Fedora Linux 41 has been updated to address security vulnerabilities:

Fedora 41 Update: toolbox-0.2-1.fc41

[SECURITY] Fedora 41 Update: toolbox-0.2-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ab370b9ac9
2025-08-24 02:47:46.745268+00:00
--------------------------------------------------------------------------------

Name : toolbox
Product : Fedora 41
Version : 0.2
Release : 1.fc41
URL : https://containertoolbx.org/
Summary : Tool for interactive command line environments on Linux
Description :
Toolbx is a tool for Linux, which allows the use of interactive command line
environments for software development and troubleshooting the host operating
system, without having to install software on the host. It is built on top of
Podman and other standard container technologies from OCI.

Toolbx environments have seamless access to the user's home directory, the
Wayland and X11 sockets, networking (including Avahi), removable devices (like
USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev
database, etc..

--------------------------------------------------------------------------------
Update Information:

Security fixes
Bumped the minimum github.com/go-viper/mapstructure/v2 version to 2.3.0 for
GHSA-fv92-fjc5-jj9h or GO-2025-3787
Bumped the minimum github.com/NVIDIA/nvidia-container-toolkit version to
1.17.8 for CVE-2025-23266 and CVE-2025-23267
Bug fixes
Improved error handling when creating symbolic links inside the container
to initialize it
Preserved environment variables set by a KDE session and Konsole
Unbroke access to CA certificates in sshd(8) sessions (regression in 0.1.2)
Unbroke overriding the HOME variable (regression in 0.0.90)
Dependencies
Bumped the minimum Go version to 1.22
--------------------------------------------------------------------------------
ChangeLog:

* Sat Aug 9 2025 Debarshi Ray [rishi@fedoraproject.org] - 0.2-1
- Update to 0.2
- Fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2375617 - toolbox: mapstructure May Leak Sensitive Information [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2375617
[ 2 ] Bug #2382219 - CVE-2025-23266 toolbox: Privilege Escalation via Hook Initialization in NVIDIA Container Toolkit [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2382219
[ 3 ] Bug #2387403 - toolbox-0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2387403
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ab370b9ac9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--