More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2373305 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
I don't think apptainer is vulnerable to this but I'm not sure. In any case once golang is updated to at least version 1.23.10 apptainer will only need to be compiled.
FEDORA-EPEL-2025-a9cfd9ab21 (apptainer-1.4.2-1.el9) has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-a9cfd9ab21
FEDORA-EPEL-2025-a9cfd9ab21 has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-a9cfd9ab21 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2025-a9cfd9ab21 (apptainer-1.4.2-1.el9) has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report.