Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisoryupdateFedoraFedora 39 FEDORA-2024-B85B97C0E9 Critical: DoS in Golang-X-Text
update to v0.14.0, address CVE-2023-39325. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-b85b97c0e9 2024-01-18 01:45:03.774811 -------------------------------------------------------------------------------- Name : golang-x-text Product : Fedora 39 Version : 0.14.0 Release : 1.fc39 URL : https://github.com/golang/text Summary : Go text processing support Description : Text is a repository of text-related packages related to internationalization (i18n) and localization (l10n), such as character encodings, text transformations, and locale-specific text handling. -------------------------------------------------------------------------------- Update Information: update to v0.14.0, address CVE-2023-39325 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 20 2023 Mark E. Fuller - 0.14.0-1 - update to v0.14.0, close rhbz#2248051 * Mon Sep 4 2023 Mark E. Fuller - 0.13.0-1 - update to v0.13.0, close rhbz#2237073 * Sat Aug 12 2023 Mark E. Fuller - 0.12.0-1 - v0.12.0, close rhbz#2214528 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests https://bugzilla.redhat.com/show_bug.cgi?id=2161274 [ 2 ] Bug #2248209 - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) https://bugzilla.redhat.com/show_bug.cgi?id=2248209 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-b85b97c0e9' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora ProjectGPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 18, 2024
•Critical
Fedora
89
security advisorysoftware updateFedoraFedora 38: FEDORA-2024-fd3545a844 critical: golang-x-text memory issue
update to v0.14.0, address CVE-2023-39325. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-fd3545a844 2024-01-18 01:24:42.646453 -------------------------------------------------------------------------------- Name : golang-x-text Product : Fedora 38 Version : 0.14.0 Release : 1.fc38 URL : https://github.com/golang/text Summary : Go text processing support Description : Text is a repository of text-related packages related to internationalization (i18n) and localization (l10n), such as character encodings, text transformations, and locale-specific text handling. -------------------------------------------------------------------------------- Update Information: update to v0.14.0, address CVE-2023-39325 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 20 2023 Mark E. Fuller - 0.14.0-1 - update to v0.14.0, close rhbz#2248051 * Mon Sep 4 2023 Mark E. Fuller - 0.13.0-1 - update to v0.13.0, close rhbz#2237073 * Sat Aug 12 2023 Mark E. Fuller - 0.12.0-1 - v0.12.0, close rhbz#2214528 * Thu Jul 20 2023 Fedora Release Engineering - 0.10.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jun 22 2023 Mark E. Fuller - 0.10.0-1 - update to v0.10.0, close rhbz#2214528 * Sun Jun 11 2023 Mark E. Fuller - 0.9.0-1 - bump to v0.9.0, close rhbz#2175494 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests [ 2 ] Bug #2248209 - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) https://bugzilla.redhat.com/show_bug.cgi?id=2248209 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program.Use su -c 'dnf upgrade --advisory FEDORA-2024-fd3545a844' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 18, 2024
•Critical
Fedora
89
security advisorysoftware updateFedoraFedora 36: 2022-5038c3236c Critical: Golang-X-Text CVE Mitigation
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 --------------------------------------------------------------------------------Name : golang-x-text Product : Fedora 36 Version : 0.3.7 Release : 4.fc36 URL : https://github.com/golang/text Summary : Go text processing support Description : Text is a repository of text-related packages related to internationalization (i18n) and localization (l10n), such as character encodings, text transformations, and locale-specific text handling. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of otheroperating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz-snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 0.3.7-4 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang * Thu Jun 30 2022 Stephen Smoogen - 0.3.7-3 - Add in a minimal bootstrap mode to try and break golang cycle with x packages --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 30, 2022
•Critical
Fedora
98
security advisorymoderatesecurity updateRedHat: RHSA-2020-3578-01 Moderate: OpenShift 4.5.8 Update
An update for cluster-network-operator-container, cluster-version-operator-container, elasticsearch-operator-container, logging-kibana6-container, and ose-cluster-svcat-controller-manager-operator-container is now available. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.5.8 security update Advisory ID: RHSA-2020:3578-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:3578 Issue date: 2020-09-08 CVE Names: CVE-2020-7015 CVE-2020-7598 CVE-2020-8174 CVE-2020-10531 CVE-2020-11080 CVE-2020-14040 ==================================================================== 1. Summary: An update for cluster-network-operator-container, cluster-version-operator-container, elasticsearch-operator-container, logging-kibana6-container, and ose-cluster-svcat-controller-manager-operator-container is now available for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: OpenShift Container Platform components are primarily written in Go (golang). The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling. Kibana is one of the major components of OpenShift Container Platform cluster logging. It is a browser-based console interface to query, discover, and visualize the log data. Security Fix(es): * kibana: XSS in TSVB visualization (ESA-2020-08) (CVE-2020-7015) * golang.org/x/text: Possibility to trigger an infinite loop in encoding/unicode could lead to crash(CVE-2020-14040) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.5 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.5/html/release_notes/ocp-4-5-release-notes Details on how to access this content are available at - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 1849037 - CVE-2020-7015 kibana: XSS in TSVB visualization (ESA-2020-08) 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 5. References: https://access.redhat.com/security/cve/CVE-2020-7015 https://access.redhat.com/security/cve/CVE-2020-7598 https://access.redhat.com/security/cve/CVE-2020-8174 https://access.redhat.com/security/cve/CVE-2020-10531 https://access.redhat.com/security/cve/CVE-2020-11080 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX1dYxdzjgjWX9erEAQiAnQ//aosmvd6NhSmrowLMuVYYOThUrYXFD96H UkGE+vvrx1/LHNCvatd5ODcDpk9TYbA2Hbzb3vw0Dk0G2YV8UEFV0tfd7FgMMF8N +qTmD98RKmT5JHMYrVPpsk6M1FKwFL7X1I/kMwPZpHBi0DUB/RLR4MkDI6Ydw8k1 HQewB3hBLGaw6uP8G5DzeVzg0JWJyUQ98TZeZk9hZN4qtY/qUPbtUlqtrCA7YP/h TyYWQHZaUah1cng/yr2clPx1/kVooPhFahBne7+WyPq4keSoYUf0Oq8JCngUp+Dt ZfkLKpe+jo/AuCJpvQKYIUS/wNqERcWO4mJByKA5OqXf2fcCsHQ1fC8MVNu7eC15 awavDc6pnz+p6/eSD/K7jT7sCXGuBAnvAbkZ4grTKHkQ1IeHOsTsRmJ65qzk7OpU uUkWrVWSWWOsATyHLg3Zb6G0eIORzHwB7RVG1sdDDk0BoiU8MGx1ciSJ5ailAkTK tJFsZuiSpCl2UVVbB7GDkOuW1B/POM8VbL519cSTsi17qHMEE4B+vTx16XpSv52Z SRwGRaESAh0v2+xXpFfLHt77WyGeJlNccIP5aOhDqZGXUUHAtb+EE1SqdyoBcYy4 Va/iiYY5EF9L3bCWnbQd0cl9uoQlNpFt5B6YDmhveEb7gqZIm+c255+ZfVo8nPY/ +jfikiNar7Y=k7vx -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 08, 2020
•Important
Red Hat
89
security advisorysoftware updateFedora CoreFedora Core 4 Gawk Update Resolves Regex Issue Severity: Moderate
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-128 2006-02-24 ---------------------------------------------------------------------Product : Fedora Core 4 Name : gawk Version : 3.1.4 Release : 5.4 Summary : The GNU version of the awk text processing utility. Description : The gawk packages contains the GNU version of awk, a text processing utility. Awk interprets a special-purpose programming language to do quick and easy text pattern matching and reformatting jobs. Install the gawk package if you need a text processing utility. Gawk is considered to be a standard Linux tool for processing text. ---------------------------------------------------------------------* Fri Feb 24 2006 Karel Zak 3.1.4-5.4 - fix #174551 - regular expressions fail if srand() is used (backport random.c from 3.1.5) ---------------------------------------------------------------------This update can be downloaded from: 71dfa7028e16feec4959781ff8e11a56b3d32afb SRPMS/gawk-3.1.4-5.4.src.rpm c152be64a24bb4df4e20350d6ea27505b9a2d98c ppc/gawk-3.1.4-5.4.ppc.rpm aa41eb7b308ee246e454a3209e14fd40f0eb7be9 ppc/debug/gawk-debuginfo-3.1.4-5.4.ppc.rpm 6250a9d6d6bd21d649b3bb6948552ff8297fdfde x86_64/gawk-3.1.4-5.4.x86_64.rpm 161253b27f80c78c1bddcb92a914a2f07ab7dfd5 x86_64/debug/gawk-debuginfo-3.1.4-5.4.x86_64.rpm c9ecf784e8bbe05d4abc6b881c368782117bd984 i386/gawk-3.1.4-5.4.i386.rpm e91f24af879b0257d0dc2eee4fb174c805eab6b8 i386/debug/gawk-debuginfo-3.1.4-5.4.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ----------------------------------------------------------------------- fedora-announce-list mailing list
Feb 24, 2006
Fedora
89
security advisoryupdateFedora CoreFedora Core 4: Gawk Update 5.2 Critical: Text Processing Issues Resolved
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-430 2005-06-17 ---------------------------------------------------------------------Product : Fedora Core 4 Name : gawk Version : 3.1.4 Release : 5.2 Summary : The GNU version of the awk text processing utility. Description : The gawk packages contains the GNU version of awk, a text processing utility. Awk interprets a special-purpose programming language to do quick and easy text pattern matching and reformatting jobs. Install the gawk package if you need a text processing utility. Gawk is considered to be a standard Linux tool for processing text. ---------------------------------------------------------------------* Thu Jun 16 2005 Karel Zak 3.1.4-5.2 - improved gawk-3.1.4-locale.patch * Wed Jun 15 2005 Karel Zak 3.1.4-5.1 - fix #160421 - crash when using non-decimal data in command line parameters ---------------------------------------------------------------------This update can be downloaded from: 46fd2e2fe3801a611da3d2dcda67e6cd SRPMS/gawk-3.1.4-5.2.src.rpm 1b22f58a4cbb620a05f5879691a20395 ppc/gawk-3.1.4-5.2.ppc.rpm 76dccd3ab9490235ea0bbf74a5bf0403 ppc/debug/gawk-debuginfo-3.1.4-5.2.ppc.rpm 6a1168efcdbcd14cdf4f05b336046105 x86_64/gawk-3.1.4-5.2.x86_64.rpm d6a54770a792f2dc175e7b6a6bfeeeec x86_64/debug/gawk-debuginfo-3.1.4-5.2.x86_64.rpm 706b102b38e2dc4d162ac8632db3a2ae i386/gawk-3.1.4-5.2.i386.rpm 7b21ea5411b26cd91e2d7dd8c9e1ac00 i386/debug/gawk-debuginfo-3.1.4-5.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Jun 17, 2005
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!