Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
89
security advisorysecurity issueupdateFedora 41: 2025-0620fdebb6 critical fix for golang-github-aws-smithy
Fix for CVE-2024-52522 & CVE-2024-45338. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-0620fdebb6 2025-01-14 01:06:31.901208+00:00 -------------------------------------------------------------------------------- Name : golang-github-aws-smithy Product : Fedora 41 Version : 1.22.1 Release : 1.fc41 URL : https://github.com/aws/smithy-go Summary : Smithy code generators for Go (in development) Description : Smithy code generators for Go (in development). -------------------------------------------------------------------------------- Update Information: Fix for CVE-2024-52522 & CVE-2024-45338 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 15 2024 Packit - 1.22.1-1 - Update to 1.22.1 upstream release - Resolves: rhbz#2326619 * Sat Oct 5 2024 Packit - 1.22.0-1 - Update to 1.22.0 upstream release - Resolves: rhbz#2316593 * Sun Sep 22 2024 Packit - 1.21.0-1 - Update to 1.21.0 upstream release - Resolves: rhbz#2314060 * Thu Aug 15 2024 Packit - 1.20.4-1 - Update to 1.20.4 upstream release - Resolves: rhbz#2305093 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2333262 - CVE-2024-45338 rclone: Non-linear parsing of case-insensitive content in golang.org/x/net/html [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2333262 [ 2 ] Bug #2337196 - rclone needs an update https://bugzilla.redhat.com/show_bug.cgi?id=2337196 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-0620fdebb6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora ProjectGPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 14, 2025
•Critical
Fedora
89
security advisorycritical threatgolangFedora 36: 2022-ea8f4e232d Critical: Golang Code Generator Mitigation
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-ea8f4e232d 2022-07-30 01:52:05.591840 --------------------------------------------------------------------------------Name : golang-github-dave-jennifer Product : Fedora 36 Version : 1.4.1 Release : 6.fc36 URL : https://github.com/dave/jennifer Summary : Code generator for Go Description : Jennifer is a code generator for Go. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 1.4.1-6 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-ea8f4e232d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 29, 2022
•Critical
Fedora
89
security advisorysecurity updatehigh severityFedora 36: FEDORA-2022-5ef0bd9a27 High Severity Act Package Security Fix
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5ef0bd9a27 2022-07-30 01:52:05.591823 --------------------------------------------------------------------------------Name : act Product : Fedora 36 Version : 1.6.0 Release : 7.fc36 URL : https://github.com/Autodesk/AutomaticComponentToolkit Summary : Automatic Component Toolkit Description : The Automatic Component Toolkit (ACT) is a code generator that takes an instance of an Interface Description Language file and generates a thin C89-API, implementation stubs and language bindings of your desired software component. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 1.6.0-7 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962 in golang} --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5ef0bd9a27' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 29, 2022
Fedora
89
security advisoryFedorastack overflowFedora 35: FEDORA-2022-3969b64d4b Critical: Go Stack Overflow Fix
Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-3969b64d4b 2022-07-17 00:57:11.020145 --------------------------------------------------------------------------------Name : golang-github-tinylib-msgp Product : Fedora 35 Version : 1.1.5 Release : 5.fc35 URL : https://github.com/tinylib/msgp Summary : Go code generator for MessagePack Description : This is a code generation tool and serialization library for MessagePack. --------------------------------------------------------------------------------Update Information: Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode -CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go CVEs that are a little bit older that will also be mitigated by the rebuild for packages that haven't been updated recently) CVEs in other golang libraries that affect a subset of Go packages: - CVE-2022-21698 golang-github-prometheus-client: prometheus/client_golang: Denial of service using InstrumentHandlerCounter - CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key ---- Initial import for golang-github-a8m-envsubst Resolves: rhbz#2074406 ---- Initial package Resolves: rhbz#2074438 ----Update to v3.14.0 (close rhbz#2105612) ---- Fix merge ---- Update to 1.22.1 - Close: rhbz#2077577 --------------------------------------------------------------------------------ChangeLog: * Sat Jul 9 2022 Maxwell G - 1.1.5-5 - Rebuild for CVE-2022-{24675,28327,29526 in golang} * Thu Jan 20 2022 Fedora Release Engineering - 1.1.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2074406 - Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go https://bugzilla.redhat.com/show_bug.cgi?id=2074406 [ 2 ] Bug #2074438 - Review Request: golang-github-goccy-yaml - YAML support for the Go language https://bugzilla.redhat.com/show_bug.cgi?id=2074438 [ 3 ] Bug #2077577 - powerline-go-1.22.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2077577 [ 4 ] Bug #2105612 - golang-github-task-3.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2105612 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3969b64d4b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 16, 2022
•Critical
Fedora
89
security advisoryfedoramoderate severityFedora 35: FEDORA-2022-3a63897745 Moderate: Golang Crash Risk
Rebuild for CVE-2022-27191. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-3a63897745 2022-04-28 05:50:06.248389 --------------------------------------------------------------------------------Name : golang-k8s-code-generator Product : Fedora 35 Version : 1.22.0 Release : 3.fc35 URL : https://github.com/kubernetes/code-generator Summary : Generators for kube-like API types Description : Golang code-generators used to implement Kubernetes-style API types. --------------------------------------------------------------------------------Update Information: Rebuild for CVE-2022-27191 --------------------------------------------------------------------------------ChangeLog: * Sat Apr 16 2022 Fabio Alessandro Locati 1.22.0-3 - Rebuilt for CVE-2022-27191 * Thu Jan 20 2022 Fedora Release Engineering 1.22.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2074262 - CVE-2022-27191 golang-x-crypto: golang: crash in a golang.org/x/crypto/ssh server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2074262 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3a63897745' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 28, 2022
•Important
Fedora
89
security advisoryfedorapackage updateFedora 34: rust-cranelift-codegen Moderate Security Fix 2021-1805eacb48
- Update cranelift crates to version 0.77.0. - Update the wast crate to version 38.0.0. - Update the wat crate to version 1.0.40. - Update the wasmparser crate to version 0.80.1. - Update wasmtime crates to version 0.30.0. - Update the backtrace crate to version 0.3.61. - Update the addr2line crate to version 0.16.0. - Update the object crate to version 0.26.2. - Update the gimli crate to. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-1805eacb48 2021-10-04 01:03:57.321113 --------------------------------------------------------------------------------Name : rust-cranelift-codegen-meta Product : Fedora 34 Version : 0.77.0 Release : 1.fc34 URL : Summary : Metaprogram for cranelift-codegen code generator library Description : Metaprogram for cranelift-codegen code generator library. --------------------------------------------------------------------------------Update Information: - Update cranelift crates to version 0.77.0. - Update the wast crate to version 38.0.0. - Update the wat crate to version 1.0.40. - Update the wasmparser crate to version 0.80.1. - Update wasmtime crates to version 0.30.0. - Update the backtrace crate to version 0.3.61. - Update the addr2line crate to version 0.16.0. - Update the object crate to version 0.26.2. - Update the gimli crate to version 0.25.0. The cranelift and wasmtime package updates also include security fixes for CVE-2021-39216, CVE-2021-39218, and CVE-2021-39219. --------------------------------------------------------------------------------ChangeLog: * Wed Sep 22 2021 Olivier Lemasle - 0.77.0-1 - Update to upstream 0.77.0 * Fri Jul 23 2021 Fedora Release Engineering - 0.75.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2021-1805eacb48' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 03, 2021
Fedora
89
security advisoryupdateFedoraFedora 35: 2021-68713440cb Severe: Rust Cranelift Codegen Update
- Update cranelift crates to version 0.77.0. - Update the wast crate to version 38.0.0. - Update the wat crate to version 1.0.40. - Update the wasmparser crate to version 0.80.1. - Update wasmtime crates to version 0.30.0. - Update the backtrace crate to version 0.3.61. - Update the addr2line crate to version 0.16.0. - Update the object crate to version 0.26.2. - Update the gimli crate to. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-68713440cb 2021-09-30 00:51:55.645575 --------------------------------------------------------------------------------Name : rust-cranelift-codegen-meta Product : Fedora 35 Version : 0.77.0 Release : 1.fc35 URL : Summary : Metaprogram for cranelift-codegen code generator library Description : Metaprogram for cranelift-codegen code generator library. --------------------------------------------------------------------------------Update Information: - Update cranelift crates to version 0.77.0. - Update the wast crate to version 38.0.0. - Update the wat crate to version 1.0.40. - Update the wasmparser crate to version 0.80.1. - Update wasmtime crates to version 0.30.0. - Update the backtrace crate to version 0.3.61. - Update the addr2line crate to version 0.16.0. - Update the object crate to version 0.26.2. - Update the gimli crate to version 0.25.0. The cranelift and wasmtime package updates also include security fixes for CVE-2021-39216, CVE-2021-39218, and CVE-2021-39219. --------------------------------------------------------------------------------ChangeLog: * Wed Sep 22 2021 Olivier Lemasle - 0.77.0-1 - Update to upstream 0.77.0 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-68713440cb' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 29, 2021
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!