Fedora 36: FEDORA-2022-37aef44d1e Critical: LZ4 Golang Rebuild

Package lz4 implements reading and writing lz4 compressed data (a frame), as

specified in

http://fastcompression.blogspot.com/2013/04/lz4-streaming-format-final.html.

This package is compatible with the LZ4 frame format although the block level

compression and decompression functions are exposed and are fully compatible

with the LZ4 block format definition, they are low level and should not be

used directly.

Rebuild to mitigate

CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more

information about the specific vulnerabilities. ---- enable s390x build

(rhbz#1971028)

* Tue Jul 19 2022 Maxwell G - 4.1.3-6

- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in

golang

su -c 'dnf upgrade --advisory FEDORA-2022-37aef44d1e' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure