Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 40: FEDORA-2024-8f83d0ed92 urgent: golang-x-crypto security flaw

fedora
Calendar Grey December 16, 2024
Dist Fedora Esm H88
CentOS's patch for golang-x-crypto resolves the privilege escalation issue associated with CVE-2024-45338 by providing crucial security enhancement information.
Fix CVE-2024-45337

Summary

Go supplementary cryptography libraries.

Update Information:

Fix CVE-2024-45337

Topics%20covered

Topics Covered

security advisory Fedora update information attack vector authorization bypass golang

Change Log

* Thu Dec 12 2024 Mikel Olasagasti Uranga - 0.31.0-2 - Skip failing test for s390x * Thu Dec 12 2024 Packit - 0.31.0-1 - Update to 0.31.0 upstream release - Resolves: rhbz#2324919 * Thu Dec 12 2024 Mark E. Fuller - 0.30.0-1 - update to v0.30.0 * Thu Dec 12 2024 Mark E. Fuller - 0.29.0-1 - update to v0.29.0, close rhbz#2324919

References


[ 1 ] Bug #2331954 - CVE-2024-45337 golang-x-crypto: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2331954

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-8f83d0ed92' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: golang-x-crypto
Product: Fedora 40
Version: 0.31.0
Release: 2.fc40
URL: https://github.com/golang/crypto
Summary: Go supplementary cryptography libraries

Topics%20covered

Topics Covered

security advisory Fedora update information attack vector authorization bypass golang

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here