Fedora 43 Alertmanager Update Addresses Multiple CVEs

Fedora 43 Alertmanager Update Addresses Multiple CVEs

First seen 16 Mar 2026, 06:30 UTC Linuxsecurity 94% similarity 70.5

Article Content

Browse articles
ThreatCluster

On March 16, 2026, Fedora released an important update for Alertmanager version 0.31.1, addressing several critical vulnerabilities. The update resolves issues including CVE-2025-58189, which involves an attacker-controlled information exposure during ALPN negotiation, and CVE-2025-61725, which leads to excessive CPU consumption. Other vulnerabilities fixed include CVE-2025-61723, CVE-2025-58185, and CVE-2025-58188, all of which pose risks of memory exhaustion and panic conditions. Users of Fedora 43 are urged to upgrade to the latest version to mitigate these risks. The vulnerabilities affect systems utilizing the Prometheus server for alert management. The update can be installed using the 'dnf' update program. The previous version, Fedora 42, had already reported critical vulnerabilities, emphasizing the importance of timely updates.

Key Points: • Fedora 43 Alertmanager update addresses multiple critical CVEs. • CVE-2025-58189 exposes attacker-controlled information during TLS negotiation. • Users are urged to upgrade to mitigate risks from known vulnerabilities.

ThreatCluster AI

Timeline

2025-09-18
CVE-2025-47906 published
2025-09-22
CVE-2025-47910 published
2025-10-29
CVE-2025-58189 published
2025-10-29
CVE-2025-61725 published
2025-10-29
CVE-2025-61723 published
2025-10-29
CVE-2025-58185 published
2025-10-29
CVE-2025-58188 published
2026-03-16
Fedora 43 Alertmanager 0.31.1 released to address vulnerabilities.

Community

Browse all →