Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 39: FEDORA-2024-07c811c7b3 urgent: golang date management library

fedora
Calendar Grey January 19, 2024
Dist Fedora Esm H88
An essential update for Fedora 39 resolves CVE-2023-39325 affecting the golang time library, offering comprehensive details on the enhancements made.
Security fix for CVE-2023-39325

Summary

Meta's Time libraries.

Update Information:

Security fix for CVE-2023-39325

Topics%20covered

Topics Covered

security advisory critical Fedora security fix CVE-2023-39325 time library

Change Log

* Wed Jan 10 2024 Michel Lind - 0^20240110git1649917-1 - Allow setting custom API timeouts (PR#318) - Enforce we are building against golang.org/x/net >= 0.17.0 for CVE-2023-39325 - Use SPDX license identifier - Backfill correct release tags in the changelog * Wed Jan 10 2024 Oleg Obleukhov - 0-0.16.20240110gitd1456d1 - Rebuild latest to include Calnex changes such as sptp and --save * Fri Oct 6 2023 Oleg Obleukhov - 0-0.15.20231006git599359b - Rebuild latest * Wed Oct 4 2023 Oleg Obleukhov - 0-0.14.20231004gite5c45cf - Add sptp package build and rebase on new commit

References


[ 1 ] Bug #2248209 - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) https://bugzilla.redhat.com/show_bug.cgi?id=2248209

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-07c811c7a5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: golang-github-facebook-time
Product: Fedora 39
Version: 0^20240110git1649917
Release: 1.fc39
URL: https://github.com/facebook/time
Summary: Meta's Time libraries

Topics%20covered

Topics Covered

security advisory critical Fedora security fix CVE-2023-39325 time library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here