Fedora 36: 2022-ea8f4e232d Critical: golang-memdb Threat Mitigation

The Memdb package implements a simple in-memory database built on immutable

radix trees. The database provides Atomicity, Consistency and Isolation from

ACID. Being that it is in-memory, it does not provide durability. The database

is instantiated with a schema that specifies the tables and indices that exist

and allows transactions to be executed.

The database provides the following:

- Multi-Version Concurrency Control (MVCC) - By leveraging immutable radix

trees the database is able to support any number of concurrent readers

without locking, and allows a writer to make progress.

- Transaction Support - The database allows for rich transactions, in which

multiple objects are inserted, updated or deleted. The transactions can span

multiple tables, and are applied atomically. The database provides atomicity

and isolation in ACID terminology, such that until commit the updates are not

visible.

- Rich Indexing - Tables can support any number of indexes, which can be simple

like a single field index, or more advanced compound field indexes. Certain

types like UUID can be efficiently compressed from strings into byte indexes

for reduced storage requirements.

- Watches - Callers can populate a watch set as part of a query, which can be

used to detect when a modification has been made to the database which

affects the query results. This lets callers easily watch for changes in the

database in a very general way.

Rebuild to mitigate

CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more

information about the specific vulnerabilities.

* Tue Jul 19 2022 Maxwell G - 1.3.0-6

- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in

golang

su -c 'dnf upgrade --advisory FEDORA-2022-ea8f4e232d' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure