Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisorydenial of servicefedoraFedora 43 gh 2.87.0 Advisory FEDORA-2026-21a2f3709a Critical DoS
Update to 2.87.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-21a2f3709a 2026-02-27 00:52:14.662437+00:00 -------------------------------------------------------------------------------- Name : gh Product : Fedora 43 Version : 2.87.0 Release : 2.fc43 URL : https://github.com/cli/cli Summary : GitHub's official command line tool Description : A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform various actions right from the command line, eliminating the need to switch between your terminal and the GitHub website. -------------------------------------------------------------------------------- Update Information: Update to 2.87.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 18 2026 Mikel Olasagasti Uranga - 2.87.0-2 - Drop patch included in 2.87.0 * Wed Feb 18 2026 Packit - 2.87.0-1 - Update to 2.87.0 upstream release - Resolves: rhbz#2440729 * Mon Feb 2 2026 Maxwell G - 2.86.0-3 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2432198 - CVE-2026-23831 gh: Rekor denial of service [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2432198 [ 2 ] Bug #2433105 - CVE-2026-23991 gh: go-tuf client DoS via malformed server response [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433105 [ 3 ] Bug #2433107 - CVE-2026-23992 gh: go-tuf improperly validates the configured threshold for delegations [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433107 [ 4 ] Bug #2433108 - CVE-2026-23991 gh: go-tuf client DoS via malformed server response [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433108 [ 5 ] Bug #2433551 - CVE-2026-24117 gh: Rekor Server-Side Request Forgery (SSRF) [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433551 [ 6 ] Bug #2433598 - CVE-2026-24137 gh: sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433598 [ 7 ] Bug #2434249 - CVE-2026-24686 gh: go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2434249 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-21a2f3709a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 27, 2026
•Important
Fedora
89
security advisoryfedoracommand line toolFedora 43: gh Update Advisory Critical CVE-2025-58189 and CVE-2025-61725
Update to 2.83.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-6981d97f47 2025-11-14 01:25:41.063322+00:00 -------------------------------------------------------------------------------- Name : gh Product : Fedora 43 Version : 2.83.0 Release : 1.fc43 URL : https://github.com/cli/cli Summary : GitHub's official command line tool Description : A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform various actions right from the command line, eliminating the need to switch between your terminal and the GitHub website. -------------------------------------------------------------------------------- Update Information: Update to 2.83.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 4 2025 Packit - 2.83.0-1 - Update to 2.83.0 upstream release - Resolves: rhbz#2397664 * Fri Oct 10 2025 Alejandro Sez - 2.79.0-2 - rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2408169 - CVE-2025-58189 gh: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408169 [ 2 ] Bug #2408706 - CVE-2025-61725 gh: Excessive CPU consumption in ParseAddress in net/mail [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408706 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6981d97f47' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key.More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update for Fedora 43 includes critical updates to gh for enhanced GitHub command line operations.. Fedora 43, gh, command line, security fix, update. . Severity: Critical. LinuxSecurity.com Team
Nov 14, 2025
•Critical
Fedora
89
security advisoryfedoracriticalFedora 41: 2025-164ac0d01f critical: gh 2.74.0 arbitrary command execution
Update to 2.74.0 - Fixes CVE-2025-48938. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-164ac0d01f 2025-06-13 01:33:33.927695+00:00 -------------------------------------------------------------------------------- Name : gh Product : Fedora 41 Version : 2.74.0 Release : 1.fc41 URL : https://github.com/cli/cli Summary : GitHub's official command line tool Description : A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform various actions right from the command line, eliminating the need to switch between your terminal and the GitHub website. -------------------------------------------------------------------------------- Update Information: Update to 2.74.0 - Fixes CVE-2025-48938 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2025 Mikel Olasagasti Uranga - 2.74.0-1 - Update to 2.74.0 - Fixes CVE-2025-48938 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2369482 - CVE-2025-48938 gh: GitHub CLI may execute arbitrary commands from compromised GitHub Enterprise Server [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2369482 [ 2 ] Bug #2369484 - CVE-2025-48938 gh: GitHub CLI may execute arbitrary commands from compromised GitHub Enterprise Server [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2369484 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-164ac0d01f' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 13, 2025
•Critical
Fedora
202
security advisoryupdatepatchopenSUSE 15-SP6: 2025:0021-1 important: gh remote code execution
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for gh ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0021-1 Rating: important References: #1233387 Cross-References: CVE-2024-52308 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gh fixes the following issues: - Update to version 2.65.0: * Bump cli/go-gh for indirect security vulnerability * Panic mustParseTrackingRef if format is incorrect * Move trackingRef into pr create package * Make tryDetermineTrackingRef tests more respective of reality * Rework tryDetermineTrackingRef tests * Avoid pointer return from determineTrackingBranch * Doc determineTrackingBranch * Don't use pointer for determineTrackingBranch branchConfig * Panic if tracking ref can't be reconstructed * Document and rework pr create tracking branch lookup * Upgrade generated workflows * Fixed test for stdout in non-tty use case of repo fork * Fix test * Alternative: remove LocalBranch from BranchConfig * Set LocalBranch even if the git config fails * Add test for permissions check for security and analysis edits (#1) * print repo url to stdout * Update pkg/cmd/auth/login/login.go * Move mention of classic token to correct line * Separate type decrarations * Add mention of classic token in gh auth login docs * Update pkg/cmd/repo/create/create.go * docs(repo): make explicit which branch is used when creating a repo * fix(repo fork): add non-TTY output when fork is newly created * Move api call to editRun * Complete get -> list renaming * Better error testing for autolink TestListRun * Decode instead of unmarshal * Use 'list' instead of 'get' for autolink list type and method * Remove NewAutolinkClient * Break out autolink list json fields test * PR nits * Refactor autolink subcommands into their own packages * Whitespace * Refactor out early return in test code * Add testing for AutoLinkGetter * Refactor autolink list and test to use http interface for simpler testing * Apply PR comment changes * Introduce repo autolinks list commands * Remove release discussion posts and clean up related block in deployment yml * Extract logic into helper function * add pending status for workflow runs * Feat: Allow setting security_and_analysis settings in gh repo edit * Upgrade golang.org/x/net to v0.33.0 * Document SmartBaseRepoFunc * Document BaseRepoFunc * Update releasing.md * Document how to set gh-merge-base - Update to version 2.64.0: * add test for different SAN and SourceRepositoryURI values * add test for signerRepo and tenant * add some more fields to test that san, sanregex are set properly * Bump github.com/cpuguy83/go-md2man/v2 from 2.0.5 to 2.0.6 * update san and sanregex configuration for readability * reduce duplication when creating policy content * tweak output of build policy info * Name conditionals in PR finder * Support pr view for intra-org forks * Return err instead of silentError in merge queue check * linting pointed out this var is no longer used * Removed fun, but inaccessible ASCII header * further tweaks to the long description * Exit on pr merge with `-d` and merge queue * Addressed PR review feedback; expanded Long command help string, used ghrepo, clarified some abbreviations * Update pkg/cmd/attestation/inspect/inspect.go * Update gh auth commands to point to GitHub Docs * Reformat ext install long * Mention Windows quirk in ext install help text * Fix error mishandling in localext install * Assert on err msg directly in ext install tests * Clarify hosts in ext install help text * Bump golang.org/x/crypto from 0.29.0 to 0.31.0 * Removed now redundant file * minor tweak to language * go mod tidy * Deleted no-longer-used code. * deleted now-invalid tests, added a tiny patina of new testing. * Tightened up docs, deleted dead code, improved printing * fix file name creation on windows * wording * hard code expected digest * fix download test * use bash shell with integration tests * simplify var creation * update integration test scripts * fix: list branches in square brackets in gh codespace * try nesting scripts * run all tests in a single script * windows for loop syntax * use replaceAll * update expected file path on windows * run integration tests with windows specific syntax * run all attestation cmd integration tests automatically * Bump actions/attest-build-provenance from 1.4.4 to 2.1.0 * Improve error handling in apt setup script * use different file name for attestation files on windows * test(gh run): assert branch names are enclosed in square brackets * docs: enhance help text and prompt for rename command * Revert "Confirm auto-detected base branch" * Confirm auto-detected base branch * Merge changes from #10004 * Set gh-merge-base from `issue develop` * Open PR against gh-merge-base * Refactor extension executable error handling * fix: list branches in square brackets in gh run view (#10038) * docs: update description of command * style: reformat files * docs: update sentence case * use github owned oci image * docs: add mention of scopes help topic in `auth refresh` command help * docs: add mention of scopes help topic in `auth login` command help * docs: add help topic for auth scopes * docs: improve help for browse command * docs: improve docs forbrowse command as of #5352 * fix package reference * add gh attestation verify integration test for oci bundles * add integration test for bundle-from-oci option * update tests * update tests * move content of veriy policy options function into enforcement criteria * comment * try switch statement * remove duplicate err checking * get bundle issuer in another func * more logic updating to remove nesting * inverse logic for less nesting * remove unneeded nesting * wip, linting, getting tests to pass * wording * var naming * drop table view * order policy info so relevant info is printed next to each other * Update pkg/cmd/attestation/verification/policy.go * Update pkg/cmd/attestation/verification/policy.go * Update pkg/cmd/attestation/verification/policy.go * wip: added new printSummaryInspection * Improve error handling for missing executable * experiment with table output * Assert stderr is empty in manager_test.go * Update error message wording * Change: exit zero, still print warning to stderr * wording * Improve docs on installing extensions * Update language for missing extension executable * Update test comments about Windows behavior * wording * wording * wording * add newlines for additional policy info * Document requirements for local extensions * Warn when installing local ext with no executable * wording * formatting * print policy information before verifying * add initial policy info method * more wip poking around, now with table printing * wip, gh at inspect will check the signature on the bundle * wip: inspect now prints various bundle fields in a nice json - Update to version 2.63.2: * include alg with digest when fetching bundles from OCI * Error for mutually exclusive json and watch flags * Use safepaths for run download * Use consistent sliceordering in run download tests * Consolidate logic for isolating artifacts * Fix PR checkout panic when base repo is not in remotes * When renaming an existing remote in `gh repo fork`, log the change * Improve DNF version clarity in install steps * Fix formatting in client_test.go comments for linter * Expand logic and tests to handle edge cases * Refactor download testing, simpler file descends * Bump github.com/gabriel-vasile/mimetype from 1.4.6 to 1.4.7 * Improve test names so there is no repetition * Second attempt to address exploit - Update to version 2.63.0: * Add checkout test that uses ssh git remote url * Rename backwards compatible credentials pattern * Fix CredentialPattern doc typos * Remove TODOs * Fix typos and add tests for CredentialPatternFrom* functions * Add SSH remote todo * General cleanup and docs * Allow repo sync fetch to use insecure credentials pattern * Allow client fetch to use insecure credentials pattern * Allow client push to use insecure credential pattern * Allow client pull to use insecure credential pattern * Allow opt-in to insecure pattern * Support secure credential pattern * Refactor error handling for missing "workflow" scope in createRelease * ScopesResponder wraps StatusScopesResponder * Refactor `workflow` scope checking * pr feedback * pr feedback * Update pkg/cmd/attestation/verify/attestation_integration_test.go * Apply suggestions from code review * Refactor command documentation to use heredoc * pr feedback * remove unused test file * undo change * add more testing testing fixtures * update test with new test bundle * naming * update test * update test * Fix README.md code block formatting * clean up * wrap sigstore and cert ext verification into a single function * Adding option to return `baseRefOid` in `pr view` * verify cert extensionsfunction should return filtered result list * pr feedback * Update pkg/cmd/attestation/download/download.go * fix function param calls * Update pkg/cmd/attestation/verification/extensions.go * Formatting fix * Updated formatting to be more clear * Updated markdown syntax for a `note`. * Added a section on manual verification of the relases. * Handle missing "workflow" scope in createRelease * Modify push prompt on repo create when bare * Doc push behaviour for bare repo create * Push --mirror on bare repo create * Add acceptance test for bare repo create * Doc isLocalRepo and git.Client IsLocalRepo differences * Use errWithExitCode interface in repo create isLocalRepo * Backfill repo creation failure tests * Support bare repo creation * use logger println method * simplify verifyCertExtensions * rename type * refactor fetch attestations funcs - Update to version 2.62.0 * CVE-2024-52308: remote code execution (RCE) when users connect to a malicious Codespace SSH server and use the gh codespace ssh or gh codespace logs commands (boo#1233387, GHSA-p2h2-3vg9-4p87) * Check extension for latest version when executed * Shorten extension release checking from 3s to 1s - includes changes from 2.61.0: * Enhance gh repo edit command to inform users about consequences of changing visibility and ensure users are intentional before making irreversible changes - Update to version 2.60.1: * Note token redaction in Acceptance test README * Refactor gpg-key delete to align with ssh-key delete * Add acceptance tests for org command * Adjust environment help for host and tokens (#9809) * Add SSH Key Acceptance test * Add Acceptance test for label command * Add acceptance test for gpg-key * Update go-internal to redact more token types in Acceptance tests * Address PR feedback * Clarify `gh` is available for GitHubEnterprise Cloud * Remove comment from gh auth logout * Add acceptance tests for auth-setup-git and formattedStringToEnv helper func * Use forked testscript for token redaction * Use new GitHub preview terms in working-with-us.md * Use new GitHub previews terminology in attestation * Test json flags for repo view and list * Clean up auth-login-logout acceptance test with native functionality * Add --token flag to `gh auth login` to accept a PAT as a flag * Setup acceptance testing for auth and tests for auth-token and auth-status * Update variable testscripts based on secret * Check extOwner for no value instead * Fix tests for invalid extension name * Refactor to remove code duplication * Linting: now that mockDataGenerator has an embedded mock, we ought to have pointer receivers in its funcs. * Minor tweaks, added backoff to getTrustDomain * added test for verifying we do 3 retries when fetching attestations. * Fix single quote not expanding vars * Added constant backoff retry to getAttestations. * Address @williammartin PR feedback * wip: added test that fails in the absence of a backoff. * add validation for local ext install * feat: add ArchivedAt field to Repository struct * Refactor `gh secret` testscript * Wrap true in ' in repo-fork-sync * Rename acceptance test directory from repos to repo * Remove unnecessary flags from repo-delete testscript * Replace LICENSE Makefile README.md acceptance api bin build cmd context docs git go.mod go.sum internal pkg script share test utils commands with * Wrap boolean strings in ' so it is clear they are strings * Remove unnecessary gh auth setup-git steps * Cleanup some inconsistencies and improve collapse some functionality * Add acceptance tests for repo deploy-key add/list/delete * Add acceptance tests for repo-fork and repo-sync * Add acceptance test forrepo-set-default * Add acceptance test for repo-edit * Add acceptance tests for repo-list and repo-rename * Acceptance testing for repo-archive and repo-unarchive * Add acceptance test for repo-clone * Added acceptance test for repo-delete * Added test function for repos and repo-create test * Implement acceptance tests for search commands * Remove . from test case for TestTitleSurvey * Clean up Title Survey empty title message code * Add missing test to trigger acceptance tests * Add acceptance tests for `gh variable` * Minor polish / consistency * Fix typo in custom command doc * Refactor env2upper, env2lower; add docs * Update secret note about potential failure * Add testscripts for `gh secret`, helper cmds * Remove stdout assertion from release * Rename test files * Add acceptance tests for `release` commands * Implement basic API acceptance test * Remove unnecesary mkdir from download Acceptance test * Remove empty stdout checks * Adjust sleeps to echos in Acceptance workflows * Use regex assert for enable disable workflow Acceptance test * Watch for run to end for cancel Acceptance test * Include startedAt, completedAt in run steps data * Rewrite a sentence in CONTRIBUTING.md * Add filtered content output to docs * sleep 10s before checking for workflow run * Update run-rerun.txtar * Create cache-list-delete.txtar * Create run-view.txtar * Create run-rerun.txtar * Create run-download.txtar * Create run-delete.txtar * Remove IsTenancy and relevant tests from gists as they are unsupported * Remove unnecessary code branches * Add ghe.com to tests describing ghec data residency * Remove comment * auth: Removed redundant ghauth.IsTenancy(host) check * Use go-gh/auth package for IsEnterprise, IsTenancy, and NormalizeHostname * Upgrade go-gh version to 2.11.0 * Add test coverage to places whereIsEnterprise incorrectly covers Tenancy * Fix issue creation with metadata regex * Create run-cancel.txtar * Create workflow-run.txtar * Create workflow-view.txtar * implement workflow enable/disable acceptance test * implement base workflow list acceptance test * Add comment to acceptance make target * Resolve PR feedback * Acceptance test issue command * Support GH_ACCEPTANCE_SCRIPT * Ensure Acceptance defer failures are debuggable * Add acceptance task to makefile * build(deps): bump github.com/gabriel-vasile/mimetype from 1.4.5 to 1.4.6 * Ensure pr create with metadata has assignment * Document sharedCmds func in acceptance tests * Correct testscript description in Acceptance readme * Add link to testscript pkg documentation * Add VSCode extension links to Acceptance README * Fix GH_HOST / GH_ACCEPTANCE_HOST misuse * Acceptance test PR list * Support skipping Acceptance test cleanup * Acceptance test PR creation with metadata * Suggest using legacy PAT for acceptance tests * Add host recommendation to Acceptance test docs * Don't append remaining text if more matches * Highlight matches in table and content * Split all newlines, and output no-color to non-TTY * Print filtered gists similar to code search * Show progress when filtering * Simplify description * Disallow use of --include-content without --filter * Improve help docs * Refactor filtering into existing `gist list` * Improve performance * Add `gist search` command * Fix api tests after function signature changes * Return nil instead of empty objects when err * Fix license list and view tests * Validate required env vars not-empty for Acceptance tests * Add go to test instructions in Acceptance README * Apply suggestions from code review * Error if acceptance tests are targeting github or cli orgs * Add codecoverage toAcceptance README * Isolate acceptance env vars * Add Writing Tests section to Acceptance README * Add Debug and Authoring sections to Acceptance README * Acceptance test PR comment * Acceptance test PR merge and rebase * Note syntax highlighting support for txtar files * Refactor acceptance test environment handling * Add initial acceptance test README * Use txtar extension for testscripts * Support targeting other hosts in acceptance tests * Use stdout2env in PR acceptance tests * Acceptance test PR checkout * Add pr view test script * Initial testscript introduction * While we're at it, let's ensure VerifyCertExtensions can't be tricked the same way. * Add examples for creating `.gitignore` files * Update help for license view * Refactor http error handling * implement `--web` flag for license view * Fix license view help doc, add LICENSE.md example * Update help and fix heredoc indentation * Add SPDX ID to license list output * Fix ExactArgs invocation * Add `Long` for license list indicating limitations * Update function names * Reverse repo/shared package name change * If provided with zero attestations to verify, the LiveSigstoreVerifier.Verify func should return an error. * Bump cli/oauth to 1.1.1 * Add test coverage for TitleSurvey change * Fix failing test for pr and issue create * Make the X in the error message red and print with io writer * Handle errors from parsing hostname in auth flow * Apply suggestions from code review * Refactor tests and add new tests * Move API calls to queries_repo.go * Allow user to override markdown wrap width via $GH_MDWIDTH from environment * Add handling of empty titles for Issues and PRs * Print the login URL even when opening a browser * Apply suggestions from code review * Update SECURITY.md * Fix typo and wordsmithing * fix typo *Remove trailing space from heading * Revise wording * Update docs to allow community submitted designs * Implement license view * Implement gitignore view * implement gitignore list * Update license table headings and tests * Fix ListLicenseTemplates doc * fix output capitalization * Cleanup rendering and tests * Remove json output option * Divide shared repo package and add queries tests * First pass at implementing `gh repo license list` * Emit a log message when extension installation falls back to a darwin-amd64 binary on an Apple Silicon macOS machine - Update to version 2.58.0: * build(deps): bump github.com/theupdateframework/go-tuf/v2 * Include `dnf5` commands * Add GPG key instructions to appropriate sections * Update docs language to remove possible confusion around 'where you log in' * Change conditional in promptForHostname to better reflect prompter changes * Shorten language on Authenticate with a GitHub host. * Update language on docstring for `gh auth login` * Change prompts for `gh auth login` to reflect change from GHE to Other * Sentence case 'Other' option in hostname prompt * build(deps): bump github.com/henvic/httpretty from 0.1.3 to 0.1.4 * Add documentation explaining how to use `hostname` for `gh auth login` * Replace "GitHub Enterprise Server" with "other" in `gh auth login` prompt * fix tenant-awareness for trusted-root command * Fix test * Update pkg/cmd/extension/manager.go * Update comment formatting * Use new HasActiveToken method in trustedroot.go * Add HasActiveToken method to AuthConfig interface * Add HasActiveToken to AuthConfig. * Improve error presentation * Improve the suggested command for creating an issue when an extension doesn't have a binary for your platform * Update pkg/cmd/attestation/trustedroot/trustedroot_test.go * build(deps): bumpgithub.com/cpuguy83/go-md2man/v2 from 2.0.4 to 2.0.5 * enforce auth for tenancy * disable auth check for att trusted-root cmd * better error for att verify custom issuer mismatch * Enhance gh repo create docs, fix random cmd link Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2025-21=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): gh-2.65.0-bp156.2.17.1 gh-debuginfo-2.65.0-bp156.2.17.1 - openSUSE Backports SLE-15-SP6 (noarch): gh-bash-completion-2.65.0-bp156.2.17.1 gh-fish-completion-2.65.0-bp156.2.17.1 gh-zsh-completion-2.65.0-bp156.2.17.1 References: https://www.suse.com/security/cve/CVE-2024-52308.html https://bugzilla.suse.com/1233387 . openSUSE Security Patch addresses significant remote code execution vulnerability in gh, providing urgent installation guidance.. openSUSE Security Update, remote code execution, gh application, security patch. . Severity: Important. LinuxSecurity.com Team
Jan 22, 2025
•Important
OpenSUSE
202
security advisorymoderateinformation leakopenSUSE: 2024:0226-1 Moderate: gh Issue Information Leak
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for gh ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0226-1 Rating: moderate References: #1227035 Cross-References: CVE-2024-6104 CVSS scores: CVE-2024-6104 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-6104 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gh fixes the following issues: Update to version 2.53.0: * CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive information to log file (boo#1227035) * Disable `TestGetTrustedRoot/successfully_verifies_TUF_root` test due to https://github.com/cli/cli/issues/8928 * Rename package directory and files * Rename package name to `update_branch` * Rename `gh pr update` to `gh pr update-branch` * Add test case for merge conflict error * Handle merge conflict error * Return error if PR is not mergeable * Replace literals with consts for `Mergeable` field values * Add separate type for `PullRequest.Mergeable` field * Remove unused flag * Print message on stdout instead of stderr * Raise error if editor is used in non-tty mode * Add tests for JSON field support on issue and pr view commands * docs: Update documentation for `gh repo create` to clarify owner * Ensure PR does not panic when stateReason is requested * Enable to use --web even though editor is enabled by config * Add editor hint message * Use prefer_editor_prompt config by `issue create` * Add prefer_editor_prompt config * Add `issue create --editor` * Updatecreate.go * gh attestation trusted-root subcommand (#9206) * Fetch variable selected repo relationship when required * Add `createdAt` field to tests * Add `createdAt` field to `Variable` type * Add test for exporting as JSON * Add test for JSON output * Only populate selected repo information for JSON output * Add test to verify JSON exporter gets set * Add `--json` option support * Use `Variable` type defined in `shared` package * Add tests for JSON output * Move `Variable` type and `PopulateSelectedRepositoryInformation` func to shared * Fix query parameter name * Update tests to account for ref comparison step * Improve query variable names * Check if PR branch is already up-to-date * Add `ComparePullRequestBaseBranchWith` function * Run `go mod tidy` * Add test to verify `--repo` requires non-empty selector * Require non-empty selector when `--repo` override is used * Run `go mod tidy` * Register `update` command * Add tests for `pr update` command * Add `pr update` command * Add `UpdatePullRequestBranch` method * Upgrade `shurcooL/githubv4` Update to version 2.52.0: * Attestation Verification - Buffer Fix * Remove beta note from attestation top level command * Removed beta note from `gh at download`. * Removed beta note from `gh at verify`, clarified reusable workflows use case. * add `-a` flag to `gh run list` Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-226=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): gh-2.53.0-bp156.2.6.1 - openSUSE Backports SLE-15-SP6 (noarch): gh-bash-completion-2.53.0-bp156.2.6.1 gh-fish-completion-2.53.0-bp156.2.6.1 gh-zsh-completion-2.53.0-bp156.2.6.1 References: https://www.suse.com/security/cve/CVE-2024-6104.html https://bugzilla.suse.com/1227035 . Fresh openSUSE security update released addressing a moderate risk vulnerability in gh. Apply through suggested methods without delay.. openSUSE Security Update, gh Update, Patch Installation, Security Management. . LinuxSecurity.com Team
Aug 23, 2024
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!