Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisoryFedorastack overflowFedora 35: FEDORA-2022-3969b64d4b Critical: Go Stack Overflow Fix
Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-3969b64d4b 2022-07-17 00:57:11.020145 --------------------------------------------------------------------------------Name : golang-github-tinylib-msgp Product : Fedora 35 Version : 1.1.5 Release : 5.fc35 URL : https://github.com/tinylib/msgp Summary : Go code generator for MessagePack Description : This is a code generation tool and serialization library for MessagePack. --------------------------------------------------------------------------------Update Information: Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode -CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go CVEs that are a little bit older that will also be mitigated by the rebuild for packages that haven't been updated recently) CVEs in other golang libraries that affect a subset of Go packages: - CVE-2022-21698 golang-github-prometheus-client: prometheus/client_golang: Denial of service using InstrumentHandlerCounter - CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key ---- Initial import for golang-github-a8m-envsubst Resolves: rhbz#2074406 ---- Initial package Resolves: rhbz#2074438 ----Update to v3.14.0 (close rhbz#2105612) ---- Fix merge ---- Update to 1.22.1 - Close: rhbz#2077577 --------------------------------------------------------------------------------ChangeLog: * Sat Jul 9 2022 Maxwell G - 1.1.5-5 - Rebuild for CVE-2022-{24675,28327,29526 in golang} * Thu Jan 20 2022 Fedora Release Engineering - 1.1.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2074406 - Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go https://bugzilla.redhat.com/show_bug.cgi?id=2074406 [ 2 ] Bug #2074438 - Review Request: golang-github-goccy-yaml - YAML support for the Go language https://bugzilla.redhat.com/show_bug.cgi?id=2074438 [ 3 ] Bug #2077577 - powerline-go-1.22.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2077577 [ 4 ] Bug #2105612 - golang-github-task-3.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2105612 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3969b64d4b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 16, 2022
•Critical
Fedora
89
security advisorydenial of serviceFedoraFedora 35: FEDORA-2022-3969b64d4b Moderate: Multiple CVE Fixes
Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-3969b64d4b 2022-07-17 00:57:11.020145 --------------------------------------------------------------------------------Name : golang-github-cloudflare-redoctober Product : Fedora 35 Version : 0 Release : 0.9.20210114git99c99a8.fc35 URL : https://github.com/cloudflare/redoctober Summary : Go server for two-man rule style file encryption and decryption Description : Red October is a software-based two-man rule style encryption and decryption server. --------------------------------------------------------------------------------Update Information: Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode -CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go CVEs that are a little bit older that will also be mitigated by the rebuild for packages that haven't been updated recently) CVEs in other golang libraries that affect a subset of Go packages: - CVE-2022-21698 golang-github-prometheus-client: prometheus/client_golang: Denial of service using InstrumentHandlerCounter - CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key ---- Initial import forgolang-github-a8m-envsubst Resolves: rhbz#2074406 ---- Initial package Resolves: rhbz#2074438 ----Update to v3.14.0 (close rhbz#2105612) ---- Fix merge ---- Update to 1.22.1 - Close: rhbz#2077577 --------------------------------------------------------------------------------ChangeLog: * Sat Jul 9 2022 Maxwell G - 0-0.9 - Rebuild for CVE-2022-{24675,28327,29526} in golang --------------------------------------------------------------------------------References: [ 1 ] Bug #2074406 - Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go https://bugzilla.redhat.com/show_bug.cgi?id=2074406 [ 2 ] Bug #2074438 - Review Request: golang-github-goccy-yaml - YAML support for the Go language https://bugzilla.redhat.com/show_bug.cgi?id=2074438 [ 3 ] Bug #2077577 - powerline-go-1.22.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2077577 [ 4 ] Bug #2105612 - golang-github-task-3.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2105612 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3969b64d4b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 16, 2022
Fedora
89
security advisorysoftware updateFedoraFedora 35: golang-github-apache-beam-2 Moderate Stack Overflow Fix 2022-3969b64d4b
Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-3969b64d4b 2022-07-17 00:57:11.020145 --------------------------------------------------------------------------------Name : golang-github-apache-beam-2 Product : Fedora 35 Version : 2.33.0~RC1 Release : 7.fc35 URL : https://github.com/apache/beam Summary : Unified programming model for Batch and Streaming Description : Apache Beam is a unified model for defining both batch and streaming data-parallel processing pipelines, as well as a set of language-specific SDKs for constructing pipelines and Runners for executing them on distributed processing backends, including Apache Flink, Apache Spark, Google Cloud Dataflow, and Hazelcast Jet. --------------------------------------------------------------------------------Update Information: Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode -CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go CVEs that are a little bit older that will also be mitigated by the rebuild for packages that haven't been updated recently) CVEs in other golang libraries that affect a subset of Go packages: - CVE-2022-21698 golang-github-prometheus-client:prometheus/client_golang: Denial of service using InstrumentHandlerCounter - CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key ---- Initial import for golang-github-a8m-envsubst Resolves: rhbz#2074406 ---- Initial package Resolves: rhbz#2074438 ----Update to v3.14.0 (close rhbz#2105612) ---- Fix merge ---- Update to 1.22.1 - Close: rhbz#2077577 --------------------------------------------------------------------------------ChangeLog: --------------------------------------------------------------------------------References: [ 1 ] Bug #2074406 - Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go https://bugzilla.redhat.com/show_bug.cgi?id=2074406 [ 2 ] Bug #2074438 - Review Request: golang-github-goccy-yaml - YAML support for the Go language https://bugzilla.redhat.com/show_bug.cgi?id=2074438 [ 3 ] Bug #2077577 - powerline-go-1.22.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2077577 [ 4 ] Bug #2105612 - golang-github-task-3.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2105612 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3969b64d4b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 16, 2022
Fedora
89
security advisorycriticalFedoraFedora 34: FEDORA-2022-53f0c619c5 Critical Gron Panic Issue
Security fix for CVE-2022-28327. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-53f0c619c5 2022-05-28 01:32:08.177532 --------------------------------------------------------------------------------Name : gron Product : Fedora 34 Version : 0.6.1 Release : 2.fc34 URL : https://github.com/tomnomnom/gron Summary : Make JSON greppable Description : gron transforms JSON into discrete assignments to make it easier to grep for what you want and see the absolute 'path' to it. It eases the exploration of APIs that return large blobs of JSON. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2022-28327 --------------------------------------------------------------------------------ChangeLog: * Wed May 18 2022 Lars Kiesow - 0.6.1-2 - Rebuild to fix CVE-2022-28327 --------------------------------------------------------------------------------References: [ 1 ] Bug #2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar https://bugzilla.redhat.com/show_bug.cgi?id=2077689 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-53f0c619c5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 27, 2022
•Critical
Fedora
202
security advisorymoderatesecurity updateopenSUSE Leap 15.3: 2021:1540-0 Critical Update for Go1.17
An update that solves two vulnerabilities and has one errata is now available. . openSUSE Security Update: Security update for go1.16 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1539-1 Rating: moderate References: #1182345 #1192377 #1192378 Cross-References: CVE-2021-41771 CVE-2021-41772 CVSS scores: CVE-2021-41772 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for go1.16 fixes the following issues: Security update go1.16.10 (released 2021-11-04) (bsc#1182345). - CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic (bsc#1192377). - CVE-2021-41772: Fixed panic on (*Reader).Open (bsc#1192378). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1539=1 Package List: - openSUSE Leap 15.2 (x86_64): go1.16-1.16.10-lp152.17.1 go1.16-doc-1.16.10-lp152.17.1 go1.16-race-1.16.10-lp152.17.1 References: https://www.suse.com/security/cve/CVE-2021-41771.html https://www.suse.com/security/cve/CVE-2021-41772.html https://bugzilla.suse.com/1182345 https://bugzilla.suse.com/1192377 https://bugzilla.suse.com/1192378 . The recent update for openSUSE golang1.16 addresses several vulnerabilities, enhancing both the performance and safety of the operating platform.. openSUSE Security Update, go1.16, Patch, System Stability, Security Fixes. . Severity:Critical. LinuxSecurity.com Team
Dec 06, 2021
•Critical
OpenSUSE
202
security advisorymoderatesoftware updateopenSUSE Leap 15.3: 2021:3834-1 Moderate: Go1.16 Panic Fix
An update that solves two vulnerabilities and has one errata is now available. . openSUSE Security Update: Security update for go1.16 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3834-1 Rating: moderate References: #1182345 #1192377 #1192378 Cross-References: CVE-2021-41771 CVE-2021-41772 CVSS scores: CVE-2021-41772 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for go1.16 fixes the following issues: Security update go1.16.10 (released 2021-11-04) (bsc#1182345). - CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic (bsc#1192377). - CVE-2021-41772: Fixed panic on (*Reader).Open (bsc#1192378). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3834=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.16-1.16.10-1.32.1 go1.16-doc-1.16.10-1.32.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.16-race-1.16.10-1.32.1 References: https://www.suse.com/security/cve/CVE-2021-41771.html https://www.suse.com/security/cve/CVE-2021-41772.html https://bugzilla.suse.com/1182345 https://bugzilla.suse.com/1192377 https://bugzilla.suse.com/1192378 . A security patch for openSUSE Leap 15.3 has been released to address two severe vulnerabilities found in go1.16, along with detailed errata information.. openSUSE Update, Go1.16 Patch, Software Security, Moderate Risk Update. . LinuxSecurity.comTeam
Dec 01, 2021
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!