The following Fedora EPEL 7 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1388277bf4
chromium-113.0.5672.126-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-2455ae47ae
godot-3.1.2-2.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
golang-1.19.9-1.el7
radsecproxy-1.10.0-1.el7
Details about builds:
================================================================================
golang-1.19.9-1.el7 (FEDORA-EPEL-2023-efd9bbf67e)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2023-24538, CVE-2023-24536 , CVE-2023-24537,
CVE-2023-24534, CVE-2023-24539, CVE-2023-29400, and CVE-2023-24540
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 26 2023 Dave Dykstra <[email protected]> - 1.19.9-1
- Update to 1.19.9 by doing the equivalent changes as centos8-stream.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2184481 - CVE-2023-24538 golang: html/template: backticks not
treated as string delimiters
https://bugzilla.redhat.com/show_bug.cgi?id=2184481
[ 2 ] Bug #2184482 - CVE-2023-24536 golang: net/http, net/textproto,
mime/multipart: denial of service from excessive resource consumption
https://bugzilla.redhat.com/show_bug.cgi?id=2184482
[ 3 ] Bug #2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial
of service from excessive memory allocation
https://bugzilla.redhat.com/show_bug.cgi?id=2184483
[ 4 ] Bug #2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in
parsing
https://bugzilla.redhat.com/show_bug.cgi?id=2184484
[ 5 ] Bug #2196026 - CVE-2023-24539 golang: html/template: improper
sanitization of CSS values
https://bugzilla.redhat.com/show_bug.cgi?id=2196026
[ 6 ] Bug #2196027 - CVE-2023-24540 golang: html/template: improper handling
of JavaScript whitespace
https://bugzilla.redhat.com/show_bug.cgi?id=2196027
[ 7 ] Bug #2196029 - CVE-2023-29400 golang: html/template: improper handling
of empty HTML attributes
https://bugzilla.redhat.com/show_bug.cgi?id=2196029
--------------------------------------------------------------------------------
================================================================================
radsecproxy-1.10.0-1.el7 (FEDORA-EPEL-2023-3c32763fc0)
Generic RADIUS proxy with RadSec support
--------------------------------------------------------------------------------
Update Information:
# radsecproxy 1.10.0 (2023-05-26) ## New features - Native dynamic discovery
for NAPTR and SRV records - Optionally log accounting requests when respoinding
directly - SNI support for outgoing connections - Optionally specify server name
for certificate name check - Manual MTU setting for DTLS on non-linux platforms
## Misc - Don't require server type to be set by dyndisc scripts - Improve
locating openssl lib using pkg-config ## Bug Fixes - Fix radius message length
handling
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 26 2023 Robert Scheck <[email protected]> 1.10.0-1
- Upgrade to 1.10.0 (#2207652)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2207652 - radsecproxy-1.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2207652
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
