Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 37: FEDORA-2023-c9b2182a4e moderate: golang-oras DoS

fedora
Calendar Grey February 23, 2023
Dist Fedora Esm H88
Upgrade helm to version 3.11.1 to address various security vulnerabilities in Fedora, bolstering system security during content management.
Update helm to 3.11.1, resolving multiple security issues

Summary

Work with OCI registries, but for secure supply chain - managing content like

artifacts, images, SBOM.

Update helm to 3.11.1, resolving multiple security issues

* Tue Feb 21 2023 Davide Cavalca - 0.15.1-1

- Initial import; Fixes: RHBZ#2172238

[ 1 ] Bug #1971029 - Cannot build for s390x due to missing dependency

https://bugzilla.redhat.com/show_bug.cgi?id=1971029

[ 2 ] Bug #1971091 - Test failures on 32bit arches

https://bugzilla.redhat.com/show_bug.cgi?id=1971091

[ 3 ] Bug #1977738 - golang-helm-3-3.11.1 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1977738

[ 4 ] Bug #2045644 - golang-helm-3: FTBFS in Fedora rawhide/f36

https://bugzilla.redhat.com/show_bug.cgi?id=2045644

[ 5 ] Bug #2097975 - CVE-2022-1996 golang-helm-3: go-restful: Authorization Bypass Through User-Controlled Key [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2097975

[ 6 ] Bug #2138841 - F38FailsToInstall: golang-helm-3-devel

https://bugzilla.redhat.com/show_bug.cgi?id=2138841

[ 7 ] Bug #2142198 - F37FailsToInstall: golang-helm-3-devel

https://bugzilla.redhat.com/show_bug.cgi?id=2142198

[ 8 ] Bug #2142210 - F36FailsToInstall: golang-helm-3-devel

https://bugzilla.redhat.com/show_bug.cgi?id=2142210

[ 9 ] Bug #2155938 - CVE-2022-23526 golang-helm-3: helm: Denial of service through schema file [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2155938

[ 10 ] Bug #2155939 - CVE-2022-23524 golang-helm-3: helm: Denial of service through string value parsing [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2155939

[ 11 ] Bug #2163231 - CVE-2022-41717 golang-helm-3: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2163231

su -c 'dnf upgrade --advisory FEDORA-2023-c9b2182a4e' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory security update Fedora DoS supply chain golang-oras

Change Log

References

Update Instructions

Product: Fedora 37
Version: 0.15.1
Release: 1.20221105git690716b.fc37
URL: https://github.com/oras-project/oras
Summary: Work with OCI registries, but for secure supply chain

Topics%20covered

Topics Covered

security advisory security update Fedora DoS supply chain golang-oras

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here