Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 38: 2024-0d4d9925a2 Moderate: golang-github-tdewolff-minify DoS

fedora
Calendar Grey March 7, 2024
Dist Fedora Esm H88
Upgrade to the newest release of golang-github-tdewolff-minify to mitigate CVE-2023-39325 vulnerabilities and improve efficiency.
Update to latest version Security fix for CVE-2023-39325

Summary

Minify is a minifier package written in Go. It provides HTML5, CSS3, JS, JSON,

SVG and XML minifiers and an interface to implement any other minifier.

Minification is the process of removing bytes from a file (such as whitespace)

without changing its output and therefore shrinking its size and speeding up

transmission over the internet and possibly parsing. The implemented minifiers

are designed for high performance.

The core functionality associates mimetypes with minification functions,

allowing embedded resources (like CSS or JS within HTML files) to be minified as

well. Users can add new implementations that are triggered based on a mimetype

(or pattern), or redirect to an external command (like ClosureCompiler,

UglifyCSS, ...).

Update Information:

Update to latest version Security fix for CVE-2023-39325

Topics%20covered

Topics Covered

security advisory fedora performance update golang minification cve-2023-39325

Change Log

* Tue Feb 27 2024 Elliott Sales de Andrade - 2.20.18-1 - Update to latest version (#2245375) * Sun Feb 11 2024 Maxwell G - 2.12.9-4 - Rebuild for golang 1.22.0 * Wed Jan 24 2024 Fedora Release Engineering - 2.12.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jan 20 2024 Fedora Release Engineering - 2.12.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

References


[ 1 ] Bug #2245375 - golang-github-tdewolff-minify-2.20.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=2245375 [ 2 ] Bug #2246794 - golang-github-tdewolff-parse-2.7.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2246794 [ 3 ] Bug #2248340 - golang-github-tdewolff-minify: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2248340

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-0d4d9925a2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: golang-github-tdewolff-minify
Product: Fedora 38
Version: 2.20.18
Release: 1.fc38
URL: https://github.com/tdewolff/minify
Summary: Go minifiers for web formats

Topics%20covered

Topics Covered

security advisory fedora performance update golang minification cve-2023-39325

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here