-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e41c694c83 2025-08-11 17:03:33.367585+00:00 -------------------------------------------------------------------------------- Name : toolbox Product : Fedora 42 Version : 0.2 Release : 1.fc42 URL : https://containertoolbx.org/ Summary : Tool for interactive command line environments on Linux Description : Toolbx is a tool for Linux, which allows the use of interactive command line environments for software development and troubleshooting the host operating system, without having to install software on the host. It is built on top of Podman and other standard container technologies from OCI. Toolbx environments have seamless access to the user's home directory, the Wayland and X11 sockets, networking (including Avahi), removable devices (like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev database, etc.. -------------------------------------------------------------------------------- Update Information: Security fixes Bumped the minimum github.com/go-viper/mapstructure/v2 version to 2.3.0 for GHSA-fv92-fjc5-jj9h or GO-2025-3787 Bumped the minimum github.com/NVIDIA/nvidia-container-toolkit version to 1.17.8 for CVE-2025-23266 and CVE-2025-23267 Bug fixes Improved error handling when creating symbolic links inside the container to initialize it Preserved environment variables set by a KDE session and Konsole Unbroke access to CA certificates in sshd(8) sessions (regression in 0.1.2) Unbroke overriding the HOME variable (regression in 0.0.90) Dependencies Bumped the minimum Go version to 1.22 -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 9 2025 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 0.2-1 - Update to 0.2 - Fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2375632 - toolbox: mapstructure May Leak Sensitive Information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2375632 [ 2 ] Bug #2382220 - CVE-2025-23266 toolbox: Privilege Escalation via Hook Initialization in NVIDIA Container Toolkit [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2382220 [ 3 ] Bug #2387403 - toolbox-0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2387403 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e41c694c83' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
