The Fedora Project has released important security updates for both Fedora 41 and Fedora 42, addressing vulnerabilities in various packages. Notably, the updates include fixes for CVE-2025-9566, which impacts the podman, buildah, and containers-common packages. Additionally, Fedora 42 receives updates to the snapshot package for CVE-2025-58160 and the python-flask package for CVE-2025-47278.
Fedora 41 Updates:
- containers-common: Version 0.64.2-1.fc41
- buildah: Version 1.41.4-1.fc41
- podman: Version 5.6.1-1.fc41
Fedora 42 Updates:
- snapshot: Version 48.0.1-2.fc42
- python-flask: Version 3.1.2-2.fc42
1. containers-common (Fedora 41)
- Description: Provides common configuration files and documentation for container tools like Podman and Buildah.
- Security Fix: CVE-2025-9566, which may allow the Podman kube play command to overwrite host files.
- Update Command: `su -c 'dnf upgrade --advisory FEDORA-2025-f9e142a4b0'`
2. buildah (Fedora 41)
- Description: A command-line tool for creating OCI images, supporting container management functionalities.
- Security Fix: CVE-2025-9566.
- Update Command: Same as above.
3. podman (Fedora 41)
- Description: A container engine that allows management of pods, containers, and images, functioning without a daemon.
- Security Fix: CVE-2025-9566.
- Update Command: Same as above.
4. snapshot (Fedora 42)
- Description: A tool for taking pictures and videos on devices.
- Security Fix: Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.
- Update Command: `su -c 'dnf upgrade --advisory FEDORA-2025-ed3d0ab54b'`
5. python-flask (Fedora 42)
- Description: A lightweight Python web framework, designed to be simple yet extensible.
- Security Fix: CVE-2025-47278 related to session signing vulnerabilities.
- Update Command: `su -c 'dnf upgrade --advisory FEDORA-2025-55e69c9cea'`
Fedora 41 Updates:
- containers-common: Version 0.64.2-1.fc41
- buildah: Version 1.41.4-1.fc41
- podman: Version 5.6.1-1.fc41
Fedora 42 Updates:
- snapshot: Version 48.0.1-2.fc42
- python-flask: Version 3.1.2-2.fc42
Details of Updates:
1. containers-common (Fedora 41)
- Description: Provides common configuration files and documentation for container tools like Podman and Buildah.
- Security Fix: CVE-2025-9566, which may allow the Podman kube play command to overwrite host files.
- Update Command: `su -c 'dnf upgrade --advisory FEDORA-2025-f9e142a4b0'`
2. buildah (Fedora 41)
- Description: A command-line tool for creating OCI images, supporting container management functionalities.
- Security Fix: CVE-2025-9566.
- Update Command: Same as above.
3. podman (Fedora 41)
- Description: A container engine that allows management of pods, containers, and images, functioning without a daemon.
- Security Fix: CVE-2025-9566.
- Update Command: Same as above.
4. snapshot (Fedora 42)
- Description: A tool for taking pictures and videos on devices.
- Security Fix: Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.
- Update Command: `su -c 'dnf upgrade --advisory FEDORA-2025-ed3d0ab54b'`
5. python-flask (Fedora 42)
- Description: A lightweight Python web framework, designed to be simple yet extensible.
- Security Fix: CVE-2025-47278 related to session signing vulnerabilities.
- Update Command: `su -c 'dnf upgrade --advisory FEDORA-2025-55e69c9cea'`
General Information:
All updates can be installed using the `dnf` package manager, and they are signed with the Fedora Project GPG key for security verification. Users are encouraged to stay updated with these patches to ensure the security and stability of their Fedora systems.Conclusion:
These updates demonstrate Fedora's commitment to maintaining security across its packages. Users should perform these updates promptly and keep an eye on future announcements for further enhancements and security fixesContainers-Common, BuildAH, Podman, Snapshot, Python-Flask updates for Fedora
The Fedora Project has released several security updates for Fedora 41 and Fedora 42, including fixes for CVE-2025-9566, which affects podman, buildah, and containers-common packages. Additionally, updates have been released to address CVE-2025-58160 in the snapshot package on Fedora 42 and CVE-2025-47278 in the python-flask package on Fedora 42.
Fedora 41 Update: containers-common-0.64.2-1.fc41
Fedora 41 Update: buildah-1.41.4-1.fc41
Fedora 41 Update: podman-5.6.1-1.fc41
Fedora 42 Update: snapshot-48.0.1-2.fc42
Fedora 42 Update: python-flask-3.1.2-2.fc42Containers-Common, BuildAH, Podman, Snapshot, Python-Flask updates for Fedora @ Linux Compatible
