Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 34: Cobra DoS Issue - Critical Fix for CVE-2022-27191

fedora
Calendar Grey April 28, 2022
Dist Fedora Esm H88
A critical security fix for the Golang-Github-Spf13-Cobra library addresses CVE-2022-27191. Update to the latest version to enhance your application's security
Rebuild for CVE-2022-27191

Summary

Cobra is a library providing a simple interface to create powerful modern CLI

interfaces similar to git & go tools.

Cobra is also an application that will generate your application scaffolding to

rapidly develop a Cobra-based application.

Cobra provides:

- Easy subcommand-based CLIs: app server, app fetch, etc.

- Fully POSIX-compliant flags (including short & long versions)

- Nested subcommands

- Global, local and cascading flags

- Easy generation of applications & commands with cobra init appname & cobra

add cmdname

- Intelligent suggestions (app srver... did you mean app server?)

- Automatic help generation for commands and flags

- Automatic help flag recognition of -h, --help, etc.

- Automatically generated bash autocomplete for your application

- Automatically generated man pages for your application

- Command aliases so you can change things without breaking them

- The flexibility to define your own help, usage, etc.

- Optional tight integration with viper for 12-factor apps

Rebuild for CVE-2022-27191

* Sat Apr 16 2022 Fabio Alessandro Locati 1.4.0-2

- Rebuilt for CVE-2022-27191

* Wed Mar 16 2022 Mikel Olasagasti Uranga 1.4.0-1

- Update to 1.4.0 - Closes rhbz#2062987

[ 1 ] Bug #2074262 - CVE-2022-27191 golang-x-crypto: golang: crash in a golang.org/x/crypto/ssh server [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2074262

su -c 'dnf upgrade --advisory FEDORA-2022-5cbd6de569' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory critical issue fedora doS cobra

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 34
Version: 1.4.0
Release: 2.fc34
URL: https://github.com/spf13/cobra
Summary: Commander for modern Go CLI interactions

Topics%20covered

Topics Covered

security advisory critical issue fedora doS cobra

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here