Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-7426 http://linux.oracle.com/errata/ELSA-2025-7426.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-20.19.1-1.module+el9.6.0+90590+fd42b52a.x86_64.rpm nodejs-devel-20.19.1-1.module+el9.6.0+90590+fd42b52a.x86_64.rpm nodejs-docs-20.19.1-1.module+el9.6.0+90590+fd42b52a.noarch.rpm nodejs-full-i18n-20.19.1-1.module+el9.6.0+90590+fd42b52a.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.noarch.rpm nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm npm-10.8.2-1.20.19.1.1.module+el9.6.0+90590+fd42b52a.x86_64.rpm aarch64: nodejs-20.19.1-1.module+el9.6.0+90590+fd42b52a.aarch64.rpm nodejs-devel-20.19.1-1.module+el9.6.0+90590+fd42b52a.aarch64.rpm nodejs-docs-20.19.1-1.module+el9.6.0+90590+fd42b52a.noarch.rpm nodejs-full-i18n-20.19.1-1.module+el9.6.0+90590+fd42b52a.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.noarch.rpm nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm npm-10.8.2-1.20.19.1.1.module+el9.6.0+90590+fd42b52a.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//nodejs-20.19.1-1.module+el9.6.0+90590+fd42b52a.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.src.rpm Related CVEs: CVE-2025-31498 Description of changes: nodejs [1:20.19.1-1] - Update to version 20.19.1 Resolves: RHEL-78764 [1:20.18.2-3] - Update c-ares to 1.34.5 to address CVE-2025-31498 nodejs-nodemon nodejs-packaging _______________________________________________ El-errata mailinglist
Update rust-vmm components and their consumers to address CVE-2023-50711. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-f2305d485f 2024-02-14 01:11:43.154092 -------------------------------------------------------------------------------- Name : rust-vm-memory Product : Fedora 38 Version : 0.14.0 Release : 1.fc38 URL : Summary : Safe abstractions for accessing the VM physical memory Description : Safe abstractions for accessing the VM physical memory. -------------------------------------------------------------------------------- Update Information: Update rust-vmm components and their consumers to address CVE-2023-50711 -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 8 2024 Sergio Lopez - 0.14.0-1 - Update to version 0.14.0; Fixes RHBZ#2240198 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-f2305d485f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 --------------------------------------------------------------------------------Name : hakrevdns Product : Fedora 36 Version : 0 Release : 0.6.20201116git9fa2d59.fc36 URL : https://github.com/hakluke/hakrevdns Summary : Tool for performing reverse DNS lookups Description : Small, fast tool for performing reverse DNS lookups en masse. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panicsthat were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz-snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 0-0.6 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 --------------------------------------------------------------------------------Name : grpcurl Product : Fedora 36 Version : 1.8.6 Release : 4.fc36 URL : https://github.com/fullstorydev/grpcurl Summary : Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers Description : Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crashon Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz-snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G 1.8.6-4 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-ea8f4e232d 2022-07-30 01:52:05.591840 --------------------------------------------------------------------------------Name : golang-github-markbates-pkger Product : Fedora 36 Version : 0.17.1 Release : 6.fc36 URL : https://github.com/markbates/pkger Summary : Embed static files in Go binaries Description : Pkger is a tool for embedding static files into Go binaries. It will, hopefully, be a replacement for github.com/gobuffalo/packr/v2. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 0.17.1-6 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-ea8f4e232d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-ea8f4e232d 2022-07-30 01:52:05.591840 --------------------------------------------------------------------------------Name : golang-github-insomniacslk-termhook Product : Fedora 36 Version : 0 Release : 7.20210406gita267c97.fc36 URL : https://github.com/insomniacslk/termhook Summary : Simple terminal that allows attaching hooks Description : termhook is a small library that attaches to a terminal, serial console or other similar device, and lets you attach your own hook on terminal output. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G 0-7 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-ea8f4e232d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5ef0bd9a27 2022-07-30 01:52:05.591823 --------------------------------------------------------------------------------Name : golang-github-a8m-tree Product : Fedora 36 Version : 0 Release : 0.17.20210725gitce3525c.fc36 URL : https://github.com/a8m/tree Summary : Implementation of the Unix tree command written in Go Description : An implementation of the Unix tree command written in Go, that can be used programmatically. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G 0-0.17 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5ef0bd9a27' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list
Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-3969b64d4b 2022-07-17 00:57:11.020145 --------------------------------------------------------------------------------Name : vgrep Product : Fedora 35 Version : 2.5.6 Release : 2.fc35 URL : https://github.com/vrothberg/vgrep Summary : User-friendly pager for grep Description : vgrep is a pager for grep, git-grep, ripgrep and similar grep implementations, and allows for opening the indexed file locations in a user-specified editor such as vim or emacs. vgrep is inspired by the ancient cgvg scripts but extended to perform further operations such as listing statistics of files and directory trees or showing the context lines before and after the matches. --------------------------------------------------------------------------------Update Information: Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode -CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go CVEs that are a little bit older that will also be mitigated by the rebuild for packages that haven't been updated recently) CVEs in other golang libraries that affect a subset of Go packages: - CVE-2022-21698golang-github-prometheus-client: prometheus/client_golang: Denial of service using InstrumentHandlerCounter - CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key ---- Initial import for golang-github-a8m-envsubst Resolves: rhbz#2074406 ---- Initial package Resolves: rhbz#2074438 ----Update to v3.14.0 (close rhbz#2105612) ---- Fix merge ---- Update to 1.22.1 - Close: rhbz#2077577 --------------------------------------------------------------------------------ChangeLog: * Sat Jul 9 2022 Maxwell G - 2.5.6-2 - Rebuild for CVE-2022-{24675,28327,29526} in golang --------------------------------------------------------------------------------References: [ 1 ] Bug #2074406 - Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go https://bugzilla.redhat.com/show_bug.cgi?id=2074406 [ 2 ] Bug #2074438 - Review Request: golang-github-goccy-yaml - YAML support for the Go language https://bugzilla.redhat.com/show_bug.cgi?id=2074438 [ 3 ] Bug #2077577 - powerline-go-1.22.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2077577 [ 4 ] Bug #2105612 - golang-github-task-3.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2105612 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3969b64d4b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.