Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Fedora 36 Release: FEDORA-2022-ea8f4e232d Moderate: Golang Risk

fedora
Calendar Grey July 29, 2022
Dist Fedora Esm H88
Fedora 36 has released a crucial update to enhance security by fixing serious vulnerabilities in the golang-github-hashicorp-serf package, essential for users.
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more in...

Summary

Serf is a decentralized solution for service discovery and orchestration that is

lightweight, highly available, and fault tolerant.

Serf runs on Linux, Mac OS X, and Windows. An efficient and lightweight gossip

protocol is used to communicate with other nodes. Serf can detect node failures

and notify the rest of the cluster. An event system is built on top of Serf,

letting you use Serf's gossip protocol to propagate events such as deploys,

configuration changes, etc. Serf is completely masterless with no single point

of failure.

Here are some example use cases of Serf, though there are many others:

- Discovering web servers and automatically adding them to a load balancer

- Organizing many memcached or redis nodes into a cluster, perhaps with

something like twemproxy or maybe just configuring an application with the

address of all the nodes

- Triggering web deploys using the event system built on top of Serf

- Propagating changes to configuration to relevant nodes.

- Updating DNS records to reflect cluster changes as they occur.

- Much, much more.

Rebuild to mitigate

CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more

information about the specific vulnerabilities.

* Tue Jul 19 2022 Maxwell G - 0.9.5-6

- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in

golang

su -c 'dnf upgrade --advisory FEDORA-2022-ea8f4e232d' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory fedora update critical golang hashicorp serf service orchestration

Change Log

References

Update Instructions

Product: Fedora 36
Version: 0.9.5
Release: 6.fc36
URL: https://github.com/hashicorp/serf
Summary: Service orchestration and management tool

Topics%20covered

Topics Covered

security advisory fedora update critical golang hashicorp serf service orchestration

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here