[SECURITY] Fedora 42 Update: kustomize-5.8.0-1.fc42 - package-announce - Fedora mailing-lists

30 Dec 2025


      --------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a887e86abc
2025-12-31 01:09:31.157724+00:00
--------------------------------------------------------------------------------
Name        : kustomize
Product     : Fedora 42
Version     : 5.8.0
Release     : 1.fc42
URL         : https://github.com/kubernetes-sigs/kustomize
Summary     : Customization of kubernetes YAML configurations
Description :
Customization of kubernetes YAML configurations.
--------------------------------------------------------------------------------
Update Information:
Update to 5.8.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 29 2025 Mikel Olasagasti Uranga mikel@olasagasti.info - 5.8.0-1
- Update to 5.8.0 - Closes rhbz#2413654
* Fri Oct 10 2025 Maxwell G maxwell@gtmx.me - 5.7.1-3
- Rebuild for golang 1.25.2
* Fri Aug 15 2025 Maxwell G maxwell@gtmx.me - 5.7.1-2
- Rebuild for golang-1.25.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2390876 - kustomize: go-viper's mapstructure May Leak Sensitive Information in Logs [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2390876
  [ 2 ] Bug #2398851 - CVE-2025-47910 kustomize: CrossOriginProtection bypass in net/http [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2398851
  [ 3 ] Bug #2399525 - CVE-2025-47906 kustomize: Unexpected paths returned from LookPath in os/exec [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2399525
  [ 4 ] Bug #2399724 - CVE-2025-11065 kustomize: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2399724
  [ 5 ] Bug #2408061 - CVE-2025-58189 kustomize: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2408061
  [ 6 ] Bug #2408675 - CVE-2025-61725 kustomize: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2408675
  [ 7 ] Bug #2409530 - CVE-2025-61723 kustomize: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2409530
  [ 8 ] Bug #2410481 - CVE-2025-58185 kustomize: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2410481
  [ 9 ] Bug #2411379 - CVE-2025-58188 kustomize: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2411379
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a887e86abc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------