Stay Secure with the Latest Linux Advisories

security advisoryFedoracritical fix

Fedora 36: FEDORA-2023-0fff8bc164 Critical Memory Issue in Caddy

Rebuild for CVE-2022-41717 in golang.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-0fff8bc164 2023-02-02 02:01:53.366772 --------------------------------------------------------------------------------Name : caddy Product : Fedora 36 Version : 2.4.6 Release : 5.fc36 URL : https://caddyserver.com Summary : Web server with automatic HTTPS Description : Caddy is the web server with automatic HTTPS. --------------------------------------------------------------------------------Update Information: Rebuild for CVE-2022-41717 in golang. --------------------------------------------------------------------------------ChangeLog: * Tue Jan 24 2023 Carl George - 2.4.6-5 - Rebuild for CVE-2022-41717 in golang --------------------------------------------------------------------------------References: [ 1 ] Bug #2164227 - CVE-2022-41717 caddy: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [fedora-36] https://bugzilla.redhat.com/show_bug.cgi?id=2164227 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-0fff8bc164' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ ListGuidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The latest caddy update for Fedora 36 resolves CVE-2022-41717, bolstering protection against excessive memory usage in Go-based servers.. Caddy Update, Fedora 36 Security, Golang Exploits, Memory Management, HTTP/2 Vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Feb 02, 2023 •Critical Fedora