Stay Secure with the Latest Linux Advisories

security advisorycritical issuefedora

Fedora 34: Cobra DoS Issue - Critical Fix for CVE-2022-27191

Rebuild for CVE-2022-27191. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5cbd6de569 2022-04-28 05:53:41.577333 --------------------------------------------------------------------------------Name : golang-github-spf13-cobra Product : Fedora 34 Version : 1.4.0 Release : 2.fc34 URL : https://github.com/spf13/cobra Summary : Commander for modern Go CLI interactions Description : Cobra is a library providing a simple interface to create powerful modern CLI interfaces similar to git & go tools. Cobra is also an application that will generate your application scaffolding to rapidly develop a Cobra-based application. Cobra provides: - Easy subcommand-based CLIs: app server, app fetch, etc. - Fully POSIX-compliant flags (including short & long versions) - Nested subcommands - Global, local and cascading flags - Easy generation of applications & commands with cobra init appname & cobra add cmdname - Intelligent suggestions (app srver... did you mean app server?) - Automatic help generation for commands and flags - Automatic help flag recognition of -h, --help, etc. - Automatically generated bash autocomplete for your application - Automatically generated man pages for your application - Command aliases so you can change things without breaking them - The flexibility to define your own help, usage, etc. - Optional tight integration with viper for 12-factor apps --------------------------------------------------------------------------------Update Information: Rebuild for CVE-2022-27191 --------------------------------------------------------------------------------ChangeLog: * Sat Apr 16 2022 Fabio Alessandro Locati 1.4.0-2 - Rebuilt for CVE-2022-27191 * Wed Mar 16 2022 Mikel Olasagasti Uranga 1.4.0-1 - Update to 1.4.0 - Closes rhbz#2062987 --------------------------------------------------------------------------------References: [ 1 ] Bug#2074262 - CVE-2022-27191 golang-x-crypto: golang: crash in a golang.org/x/crypto/ssh server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2074262 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5cbd6de569' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . A critical security fix for the Golang-Github-Spf13-Cobra library addresses CVE-2022-27191. Update to the latest version to enhance your application's security. Golang Update, CLISecurity, Fedora Patch. . Severity: Critical. LinuxSecurity.com Team

Apr 28, 2022 •Critical Fedora