Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 9 articles for you...
89
security advisorycriticalFedoraFedora 39 Podman Security Fix: 2024-dd32f390b3 Critical Container Escape
Security fix for CVE-2024-1753 Automatic update for podman-4.9.4-1.fc39. Changelog for podman * Mon Mar 25 2024 Packit - 5:4.9.4-1 - [packit] 4.9.4 upstream release . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-dd32f390b3 2024-04-03 01:15:32.275211 -------------------------------------------------------------------------------- Name : podman Product : Fedora 39 Version : 4.9.4 Release : 1.fc39 URL : https://podman.io/ Summary : Manage Pods, Containers and Container Images Description : podman (Pod Manager) is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=podman. Most podman commands can be run as a regular user, without requiring additional privileges. podman uses Buildah(1) internally to create container images. Both tools share image (not container) storage, hence each can use or manipulate images (but not containers) created by the other. Manage Pods, Containers and Container Images %{repo} Simple management tool for pods, containers and images -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2024-1753 Automatic update for podman-4.9.4-1.fc39. Changelog for podman * Mon Mar 25 2024 Packit - 5:4.9.4-1 - [packit] 4.9.4 upstream release * Fri Mar 01 2024 Debarshi Ray - 5:4.9.3-5 - Show the toolbox RPMs used to run the tests * Fri Mar 01 2024 Debarshi Ray - 5:4.9.3-4 - Avoid running out of storage space when running the Toolbx tests * Fri Mar 01 2024 Debarshi Ray - 5:4.9.3-3 - Silence warnings about deprecated grep(1) use in test logs * Fri Mar 01 2024 Debarshi Ray - 5:4.9.3-2 - Update how Toolbx isspelt -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 25 2024 Packit - 5:4.9.4-1 - [packit] 4.9.4 upstream release * Fri Mar 1 2024 Debarshi Ray - 5:4.9.3-5 - Show the toolbox RPMs used to run the tests * Fri Mar 1 2024 Debarshi Ray - 5:4.9.3-4 - Avoid running out of storage space when running the Toolbx tests * Fri Mar 1 2024 Debarshi Ray - 5:4.9.3-3 - Silence warnings about deprecated grep(1) use in test logs * Fri Mar 1 2024 Debarshi Ray - 5:4.9.3-2 - Update how Toolbx is spelt -------------------------------------------------------------------------------- References: [ 1 ] Bug #2265513 - CVE-2024-1753 buildah: full container escape at build time https://bugzilla.redhat.com/show_bug.cgi?id=2265513 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-dd32f390b3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 03, 2024
•Critical
Fedora
89
security advisoryfedorasoftware updateFedora 39: 2023-00c78aad58 Moderate: Podman 4.7.2 Software Update
Automatic update for podman-4.7.2-1.fc39. ##### **Changelog for podman** ``` * Tue Oct 31 2023 Packit - 5:4.7.2-1 - [packit] 4.7.2 upstream release * Thu Oct 05 2023 Packit - 5:4.7.1-1 - [packit] 4.7.1 upstream release ``` ---- Automatic update for podman-4.7.1-1.fc39. ##### **Changelog for podman** ``` * Thu Oct 05 2023 Packit . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-00c78aad58 2023-11-09 01:21:33.207147 -------------------------------------------------------------------------------- Name : podman Product : Fedora 39 Version : 4.7.2 Release : 1.fc39 URL : https://podman.io/ Summary : Manage Pods, Containers and Container Images Description : podman (Pod Manager) is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=podman. Most podman commands can be run as a regular user, without requiring additional privileges. podman uses Buildah(1) internally to create container images. Both tools share image (not container) storage, hence each can use or manipulate images (but not containers) created by the other. Manage Pods, Containers and Container Images %{repo} Simple management tool for pods, containers and images -------------------------------------------------------------------------------- Update Information: Automatic update for podman-4.7.2-1.fc39. ##### **Changelog for podman** ``` * Tue Oct 31 2023 Packit - 5:4.7.2-1 - [packit] 4.7.2 upstream release * Thu Oct 05 2023 Packit - 5:4.7.1-1 - [packit] 4.7.1 upstream release ``` ---- Automatic update for podman-4.7.1-1.fc39. ##### **Changelog for podman** ``` * Thu Oct 05 2023 Packit - 5:4.7.1-1 - [packit] 4.7.1 upstream release ``` -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 31 2023 Packit - 5:4.7.2-1 - [packit] 4.7.2 upstream release * Thu Oct 5 2023 Packit - 5:4.7.1-1 - [packit] 4.7.1 upstream release -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-00c78aad58' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 09, 2023
•Medium
Fedora
89
security advisoryFedorasoftware improvementFedora 38 Podman 4.7.2 Update: Automatic Release Notification
Automatic update for podman-4.7.2-1.fc38. ##### **Changelog for podman** ``` * Tue Oct 31 2023 Packit - 5:4.7.2-1 - [packit] 4.7.2 upstream release * Thu Oct 05 2023 Packit - 5:4.7.1-1 - [packit] 4.7.1 upstream release ``` ---- Automatic update for podman-4.7.1-1.fc38. ##### **Changelog for podman** ``` * Thu Oct 05 2023 Packit . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-c72015807c 2023-11-06 01:35:53.319941 -------------------------------------------------------------------------------- Name : podman Product : Fedora 38 Version : 4.7.2 Release : 1.fc38 URL : https://podman.io/ Summary : Manage Pods, Containers and Container Images Description : podman (Pod Manager) is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=podman. Most podman commands can be run as a regular user, without requiring additional privileges. podman uses Buildah(1) internally to create container images. Both tools share image (not container) storage, hence each can use or manipulate images (but not containers) created by the other. Manage Pods, Containers and Container Images %{repo} Simple management tool for pods, containers and images -------------------------------------------------------------------------------- Update Information: Automatic update for podman-4.7.2-1.fc38. ##### **Changelog for podman** ``` * Tue Oct 31 2023 Packit - 5:4.7.2-1 - [packit] 4.7.2 upstream release * Thu Oct 05 2023 Packit - 5:4.7.1-1 - [packit] 4.7.1 upstream release ``` ---- Automatic update for podman-4.7.1-1.fc38. ##### **Changelog for podman** ``` * Thu Oct 05 2023 Packit - 5:4.7.1-1 - [packit] 4.7.1 upstream release ``` -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 31 2023 Packit - 5:4.7.2-1 - [packit] 4.7.2 upstream release * Thu Oct 5 2023 Packit - 5:4.7.1-1 - [packit] 4.7.1 upstream release -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-c72015807c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 06, 2023
Fedora
89
security advisorycriticalFedoraFedora 39: 2023-b9c1d0e4c5 Critical: Moby-Engine Container Issues Fixed
- Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix for CVE-2023-28840 - Security fix for CVE-2023-0845 - Security fix for CVE-2023-26054 - Security fix for CVE-2022-3064 - Security fix for CVE-2022-40716 - Security fix for CVE-2023-25173. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-b9c1d0e4c5 2023-09-15 18:36:13.238927 -------------------------------------------------------------------------------- Name : moby-engine Product : Fedora 39 Version : 24.0.5 Release : 1.fc39 URL : https://www.docker.com Summary : The open-source application container engine Description : Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between - and they don't require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. -------------------------------------------------------------------------------- Update Information: - Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix for CVE-2023-28840 - Security fix for CVE-2023-0845 - Security fix for CVE-2023-26054 - Security fix for CVE-2022-3064 - Security fix for CVE-2022-40716 - Security fix for CVE-2023-25173 -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 23 2023 LuK1337 - 24.0.5-1 - Update moby-engine to 24.0.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2156860 - CVE-2022-40716 consul: Consul Service Mesh Intention Bypass with Malicious Certificate Signing Request https://bugzilla.redhat.com/show_bug.cgi?id=2156860 [ 2 ] Bug #2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents https://bugzilla.redhat.com/show_bug.cgi?id=2163037 [ 3 ] Bug #2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly https://bugzilla.redhat.com/show_bug.cgi?id=2174485 [ 4 ] Bug #2176447 - CVE-2023-26054 buildkit: Data disclosure in provenance attestation describing a build https://bugzilla.redhat.com/show_bug.cgi?id=2176447 [ 5 ] Bug #2177595 - CVE-2023-0845 hashicorp/consul: Consul Server Panic when Ingress and API Gateways Configured with Peering Connections https://bugzilla.redhat.com/show_bug.cgi?id=2177595 [ 6 ] Bug #2184683 - CVE-2023-28840 moby: Encrypted overlay network may be unauthenticated https://bugzilla.redhat.com/show_bug.cgi?id=2184683 [ 7 ] Bug #2184685 - CVE-2023-28841 moby: Encrypted overlay network traffic may be unencrypted https://bugzilla.redhat.com/show_bug.cgi?id=2184685 [ 8 ] Bug #2184688 - CVE-2023-28842 moby: Encrypted overlay network with a single endpoint is unauthenticated https://bugzilla.redhat.com/show_bug.cgi?id=2184688 [ 9 ] Bug #2189788 - CVE-2021-41803 consul: Consul Auto-Config JWT Authorization Missing Input Validation https://bugzilla.redhat.com/show_bug.cgi?id=2189788 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-b9c1d0e4c5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can befound at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 15, 2023
•Critical
Fedora
89
security advisoryFedoracritical fixFedora 37: FEDORA-2023-cf3551046d Critical: Moby-Engine Security Fixes
- Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix for CVE-2023-28840 - Security fix for CVE-2023-0845 - Security fix for CVE-2023-26054 - Security fix for CVE-2022-3064 - Security fix for CVE-2022-40716 - Security fix for CVE-2023-25173 ---- Update moby-engine to. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-cf3551046d 2023-09-05 00:46:10.109475 -------------------------------------------------------------------------------- Name : moby-engine Product : Fedora 37 Version : 24.0.5 Release : 1.fc37 URL : https://www.docker.com Summary : The open-source application container engine Description : Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between - and they don't require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. -------------------------------------------------------------------------------- Update Information: - Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix for CVE-2023-28840 - Security fix for CVE-2023-0845 - Security fix for CVE-2023-26054 - Security fix for CVE-2022-3064 - Security fix for CVE-2022-40716 - Security fix for CVE-2023-25173 ---- Update moby-engine to 23.0.4 -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 23 2023 LuK1337 - 24.0.5-1 - Update moby-engine to 24.0.5 * Thu Jul 20 2023 Fedora ReleaseEngineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2156860 - CVE-2022-40716 consul: Consul Service Mesh Intention Bypass with Malicious Certificate Signing Request https://bugzilla.redhat.com/show_bug.cgi?id=2156860 [ 2 ] Bug #2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents https://bugzilla.redhat.com/show_bug.cgi?id=2163037 [ 3 ] Bug #2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly https://bugzilla.redhat.com/show_bug.cgi?id=2174485 [ 4 ] Bug #2176447 - CVE-2023-26054 buildkit: Data disclosure in provenance attestation describing a build https://bugzilla.redhat.com/show_bug.cgi?id=2176447 [ 5 ] Bug #2177595 - CVE-2023-0845 hashicorp/consul: Consul Server Panic when Ingress and API Gateways Configured with Peering Connections https://bugzilla.redhat.com/show_bug.cgi?id=2177595 [ 6 ] Bug #2184683 - CVE-2023-28840 moby: Encrypted overlay network may be unauthenticated https://bugzilla.redhat.com/show_bug.cgi?id=2184683 [ 7 ] Bug #2184685 - CVE-2023-28841 moby: Encrypted overlay network traffic may be unencrypted https://bugzilla.redhat.com/show_bug.cgi?id=2184685 [ 8 ] Bug #2184688 - CVE-2023-28842 moby: Encrypted overlay network with a single endpoint is unauthenticated https://bugzilla.redhat.com/show_bug.cgi?id=2184688 [ 9 ] Bug #2189788 - CVE-2021-41803 consul: Consul Auto-Config JWT Authorization Missing Input Validation https://bugzilla.redhat.com/show_bug.cgi?id=2189788 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-cf3551046d' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 05, 2023
•Critical
Fedora
89
security advisoryfedoramanagement toolFedora 37: FEDORA-2023-c40519168b Critical: Podman Container Update
Resolves: 2183639,2183641 - use min conmon v2.1.7 ---- Adjust tests for new Ansible ---- auto bump to v4.4.3. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-c40519168b 2023-04-06 01:53:39.783162 --------------------------------------------------------------------------------Name : podman Product : Fedora 37 Version : 4.4.4 Release : 3.fc37 URL : https://podman.io/ Summary : Manage Pods, Containers and Container Images Description : podman (Pod Manager) is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=podman. Most podman commands can be run as a regular user, without requiring additional privileges. podman uses Buildah(1) internally to create container images. Both tools share image (not container) storage, hence each can use or manipulate images (but not containers) created by the other. Manage Pods, Containers and Container Images podman Simple management tool for pods, containers and images --------------------------------------------------------------------------------Update Information: Resolves: 2183639,2183641 - use min conmon v2.1.7 ---- Adjust tests for new Ansible ---- auto bump to v4.4.3 --------------------------------------------------------------------------------ChangeLog: * Mon Apr 3 2023 Lokesh Mandvekar - 5:4.4.4-3 - Resolves: #2183641 - use min conmon v2.1.7 * Fri Mar 31 2023 Miroslav Vadkerti - 5:4.4.4-2 - Adjust tests for new Ansible * Mon Mar 27 2023 RH Container Bot - 5:4.4.4-1 - auto bump to v4.4.4 * Fri Mar 24 2023 Lokesh Mandvekar - 5:4.4.3-2 - ensure no buildroot macro left in /usr/bin/docker * Thu Mar 23 2023 RH Container Bot - 5:4.4.3-1 - auto bump to v4.4.3 * Mon Mar 6 2023 Lokesh Mandvekar - 5:4.4.2-3 -migrated to SPDX license --------------------------------------------------------------------------------References: [ 1 ] Bug #2183639 - podman/conmon: null bytes in logging messages is can result in buffer overread which results in segfault https://bugzilla.redhat.com/show_bug.cgi?id=2183639 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-c40519168b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 06, 2023
•Critical
Fedora
89
security advisorymoderatefedoraFedora 36: 2022-5038c3236c Moderate: Moby-Engine Golang Fixes
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 --------------------------------------------------------------------------------Name : moby-engine Product : Fedora 36 Version : 20.10.17 Release : 5.fc36 URL : https://www.docker.com Summary : The open-source application container engine Description : Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between - and they don't require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouseconfig options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz-snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 20.10.17-5 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang * Mon Jul 4 2022 Maxwell G - 20.10.17-4 - Only build on %golang_arches (i.e. where golang is available). * Sun Jun 19 2022 Maxwell G - 20.10.17-3 - Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629. --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details onthe GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 30, 2022
Fedora
89
security advisorycritical issuefedoraUbuntu 22.04: 2023-3a2fe6f7c Vital: Docker-Platform CVE Resolution
Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-3969b64d4b 2022-07-17 00:57:11.020145 --------------------------------------------------------------------------------Name : moby-engine Product : Fedora 35 Version : 20.10.17 Release : 4.fc35 URL : https://www.docker.com Summary : The open-source application container engine Description : Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between - and they don't require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. --------------------------------------------------------------------------------Update Information: Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode -CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go CVEs that are a little bit older that will also be mitigated by the rebuildfor packages that haven't been updated recently) CVEs in other golang libraries that affect a subset of Go packages: - CVE-2022-21698 golang-github-prometheus-client: prometheus/client_golang: Denial of service using InstrumentHandlerCounter - CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key ---- Initial import for golang-github-a8m-envsubst Resolves: rhbz#2074406 ---- Initial package Resolves: rhbz#2074438 ----Update to v3.14.0 (close rhbz#2105612) ---- Fix merge ---- Update to 1.22.1 - Close: rhbz#2077577 --------------------------------------------------------------------------------ChangeLog: * Mon Jul 4 2022 Maxwell G - 20.10.17-4 - Only build on %golang_arches (i.e. where golang is available). * Sun Jun 19 2022 Maxwell G - 20.10.17-3 - Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629. --------------------------------------------------------------------------------References: [ 1 ] Bug #2074406 - Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go https://bugzilla.redhat.com/show_bug.cgi?id=2074406 [ 2 ] Bug #2074438 - Review Request: golang-github-goccy-yaml - YAML support for the Go language https://bugzilla.redhat.com/show_bug.cgi?id=2074438 [ 3 ] Bug #2077577 - powerline-go-1.22.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2077577 [ 4 ] Bug #2105612 - golang-github-task-3.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2105612 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3969b64d4b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the FedoraProject can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 16, 2022
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!