Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 41: 2024-c33c95804e critical: golang-x-crypto authorization bypass

fedora
Calendar Grey December 16, 2024
Dist Fedora Esm H88
Updates for Fedora regarding golang-x-crypto address a flaw in authorization, tagged as CVE-2024-45338, thereby fortifying system security.
Fix CVE-2024-45337

Summary

Go supplementary cryptography libraries.

Update Information:

Fix CVE-2024-45337

Topics%20covered

Topics Covered

security advisory security issue fedora update information cryptography authorization bypass golang

Change Log

* Thu Dec 12 2024 Mikel Olasagasti Uranga - 0.31.0-2 - Skip failing test for s390x * Thu Dec 12 2024 Packit - 0.31.0-1 - Update to 0.31.0 upstream release

References


[ 1 ] Bug #2331980 - CVE-2024-45337 golang-x-crypto: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2331980

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c33c95804e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: golang-x-crypto
Product: Fedora 41
Version: 0.31.0
Release: 2.fc41
URL: https://github.com/golang/crypto
Summary: Go supplementary cryptography libraries

Topics%20covered

Topics Covered

security advisory security issue fedora update information cryptography authorization bypass golang

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here