Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisoryupdateFedoraFedora 36: 2022-ea8f4e232d Moderate: Golang Password Generator Mitigation
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-ea8f4e232d 2022-07-30 01:52:05.591840 --------------------------------------------------------------------------------Name : golang-github-martinhoefling-goxkcdpwgen Product : Fedora 36 Version : 0.1.0 Release : 3.fc36 URL : https://github.com/martinhoefling/goxkcdpwgen Summary : xkcd style password generator library and cli tool Description : xkcd style password generator library and cli tool. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G 0.1.0-3 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-ea8f4e232d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list
Jul 29, 2022
Fedora
89
security advisorydenial of servicefedoraFedora 35 Critical: FEDORA-2022-3969b64d4b Denial of Service Fix
Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-3969b64d4b 2022-07-17 00:57:11.020145 --------------------------------------------------------------------------------Name : vultr Product : Fedora 35 Version : 1.15.0 Release : 9.fc35 URL : https://github.com/JamesClonk/vultr Summary : Vultr CLI Description : Vultr CLI is a command line tool for using the Vultr API. It allows you to create and manage your virtual machines, SSH public keys, snapshots, and startup scripts on your Vultr account. You can also use it to directly SSH into a Vultr virtual machine through the vultr ssh command. --------------------------------------------------------------------------------Update Information: Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode -CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go CVEs that are a little bit older that will also be mitigated by the rebuild for packages that haven't been updated recently) CVEs in other golang libraries that affect a subset of Go packages: - CVE-2022-21698 golang-github-prometheus-client: prometheus/client_golang: Denial of service using InstrumentHandlerCounter - CVE-2022-1996 go-restful:Authorization Bypass Through User-Controlled Key ---- Initial import for golang-github-a8m-envsubst Resolves: rhbz#2074406 ---- Initial package Resolves: rhbz#2074438 ----Update to v3.14.0 (close rhbz#2105612) ---- Fix merge ---- Update to 1.22.1 - Close: rhbz#2077577 --------------------------------------------------------------------------------ChangeLog: * Sat Jul 9 2022 Maxwell G - 1.15.0-9 - Rebuild for CVE-2022-{24675,28327,29526} in golang --------------------------------------------------------------------------------References: [ 1 ] Bug #2074406 - Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go https://bugzilla.redhat.com/show_bug.cgi?id=2074406 [ 2 ] Bug #2074438 - Review Request: golang-github-goccy-yaml - YAML support for the Go language https://bugzilla.redhat.com/show_bug.cgi?id=2074438 [ 3 ] Bug #2077577 - powerline-go-1.22.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2077577 [ 4 ] Bug #2105612 - golang-github-task-3.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2105612 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3969b64d4b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 16, 2022
•Critical
Fedora
98
security advisorymoderatered hatRHEL 8: RHSA-2022-0432 Moderate: OpenShift Serverless Client 1.20.0
Release of OpenShift Serverless Client kn 1.20.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Release of OpenShift Serverless Client kn 1.20.0 Advisory ID: RHSA-2022:0432-01 Product: Red Hat OpenShift Serverless Advisory URL: https://access.redhat.com/errata/RHSA-2022:0432 Issue date: 2022-02-03 CVE Names: CVE-2021-29923 CVE-2021-38297 CVE-2021-39293 ==================================================================== 1. Summary: Release of OpenShift Serverless Client kn 1.20.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Openshift Serverless 1 on RHEL 8Base - ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Serverless Client kn 1.20.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.20.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Security Fix(es): * golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) * golang: Command-line arguments may overwrite global data (CVE-2021-38297) * golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the Referencessection. 4. Solution: See the Red Hat OpenShift Container Platform 4.6 documentation at: https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 See the Red Hat OpenShift Container Platform 4.7 documentation at: https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 See the Red Hat OpenShift Container Platform 4.8 documentation at: https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 See the Red Hat OpenShift Container Platform 4.9 documentation at: https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 5. Bugs fixed (https://bugzilla.redhat.com/): 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) 2012887 - CVE-2021-38297 golang: Command-line arguments may overwrite global data 2024823 - Release of Openshift Serverless Client 1.20.0 6. Package List: Openshift Serverless 1 on RHEL 8Base: Source: openshift-serverless-clients-0.26.0-2.el8.src.rpm ppc64le: openshift-serverless-clients-0.26.0-2.el8.ppc64le.rpm s390x: openshift-serverless-clients-0.26.0-2.el8.s390x.rpm x86_64: openshift-serverless-clients-0.26.0-2.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-38297 https://access.redhat.com/security/cve/CVE-2021-39293 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfwPLdzjgjWX9erEAQg3fA//YAUCLuEhkNvVhRsiUYfYlad1CO2cyjh7 rb2sUnpPPr8yubpoRC0CTcvPDXOQa2Rp2yzub//WpZfjSEm666MSH4+LltAAzHB+ WaONgmOQxm+em0n3sYbh7eU9fcn+sYlG6Krzc2inL1wNFJ4ZBLzlBn94uN0NVo+A zIXJJWPtiVX2uDJ1Sm5c3XzEwheWAWmA30nypW6zox9ScrjOWZ/oHrO3bAs8Uqhs 7fWemusPnhs512r+ZOWWf0hpC7cbGsaHQlEbsBR68u9laiDZg8dJXpCPPWqCXSG+ pIm9j/sdTOb7CHAOl49NNYtKfB4vinRt8UD1n/ave0PuuFA0IfAyXNcRRFy2D/vJ 1HVow3WMTHZZOpGzwzUQ+T2KZbZKU5HPrGEnan+QKLUFbNX4ERz7qEIRyfyEY6s7 PYsEx2GvSFMJ0NFIql8/vydIRfZBBbgoQqQZX8l1ZTH3IKECSk3KyE10iHJpZoGN ZDeSiGGqADGpVbLNPuSbb81Fgyd/ITg2HaVEPFbgfeuCuSuTeZEbbXunXRsA9gmb j+5STbfDGpz640BpeV2eJh8zH2dk0T7TbKoqVhbPs5v3epeHhHSjRLa8HggawZa6 dxcMtKw8FylJFjRNcPcsyjaOpg0hc4juJ5aZLiBdTcUtM0p4ghO0XaauASTBe8Sp A+4e6hizAIg=OC/P -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 03, 2022
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!