[SECURITY] Fedora EPEL 9 Update: restic-0.18.1-1.el9

updates--- via epel-package-announce Tue, 02 Dec 2025 16:30:47 -0800

--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2025-6495526449
2025-12-03 00:26:41.875099+00:00
--------------------------------------------------------------------------------


Name        : restic
Product     : Fedora EPEL 9
Version     : 0.18.1
Release     : 1.el9
URL         : https://github.com/restic/restic
Summary     : Fast, secure, efficient backup program
Description :
Fast, secure, efficient backup program.

restic supports the following backends for storing backups natively:

* Local directory
* sftp server (via SSH)
* HTTP REST server (protocol, rest-server)
* Amazon S3 (either from Amazon or using the Minio server)
* OpenStack Swift
* BackBlaze B2
* Microsoft Azure Blob Storage
* Google Cloud Storage
* And many other services via the rclone Backend

--------------------------------------------------------------------------------
Update Information:

Update to 0.18.1
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 24 2025 Mikel Olasagasti Uranga <[email protected]> - 0.18.1-1
- Update to 0.18.1 - Closes rhbz#2397204 rhbz2416773
* Mon Jul 28 2025 Mikel Olasagasti Uranga <[email protected]> - 0.18.0-5
- Clean up: Remove files not present in rawhide
* Mon Jul 28 2025 Mikel Olasagasti Uranga <[email protected]> - 0.18.0-4
- RPMAUTOSPEC: unresolvable merge
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2214190 - Please update restic to newest version
        https://bugzilla.redhat.com/show_bug.cgi?id=2214190
  [ 2 ] Bug #2272498 - restic package is out of date
        https://bugzilla.redhat.com/show_bug.cgi?id=2272498
  [ 3 ] Bug #2331936 - CVE-2024-45337 restic: Misuse of 
ServerConfig.PublicKeyCallback may cause authorization bypass in 
golang.org/x/crypto [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2331936
  [ 4 ] Bug #2348791 - CVE-2025-22868 restic: Unexpected memory consumption 
during token parsing in golang.org/x/oauth2 [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2348791
  [ 5 ] Bug #2350765 - CVE-2025-22869 restic: Denial of Service in the Key 
Exchange of golang.org/x/crypto/ssh [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2350765
  [ 6 ] Bug #2351908 - CVE-2025-22870 restic: HTTP Proxy bypass using IPv6 Zone 
IDs in golang.org/x/net [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2351908
  [ 7 ] Bug #2398374 - CVE-2025-47910 restic: CrossOriginProtection bypass in 
net/http [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2398374
  [ 8 ] Bug #2399024 - CVE-2025-47906 restic: Unexpected paths returned from 
LookPath in os/exec [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2399024
  [ 9 ] Bug #2407561 - CVE-2025-58189 restic: go crypto/tls ALPN negotiation 
error contains attacker controlled information [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2407561
  [ 10 ] Bug #2409015 - CVE-2025-61723 restic: Quadratic complexity when 
parsing some invalid inputs in encoding/pem [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2409015
  [ 11 ] Bug #2409962 - CVE-2025-58185 restic: Parsing DER payload can cause 
memory exhaustion in encoding/asn1 [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2409962
  [ 12 ] Bug #2410895 - CVE-2025-58188 restic: Panic when validating 
certificates with DSA public keys in crypto/x509 [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2410895
  [ 13 ] Bug #2412495 - CVE-2025-58183 restic: Unbounded allocation when 
parsing GNU sparse map [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2412495
--------------------------------------------------------------------------------

This update can be installed with the "yum" update programs.  Use
su -c 'yum update restic' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html

All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
epel-package-announce mailing list -- 
[email protected]
To unsubscribe send an email to 
[email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[SECURITY] Fedora EPEL 9 Update: restic-0.18.1-1.el9

Reply via email to