The following Fedora EPEL 7 Security updates need testing:
Age URL
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c5ad3565aa
libmodsecurity-3.0.9-2.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
golang-1.19.10-1.el7
netdata-1.40.1-1.el7
Details about builds:
================================================================================
golang-1.19.10-1.el7 (FEDORA-EPEL-2023-560bc00f33)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2023-29402, CVE-2023-29403,CVE-2023-29404, CVE-2023-29405,
and CVE-2022-32149
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 29 2023 Dave Dykstra <[email protected]> - 1.19.10-1
- Update to 1.19.10 by doing the equivalent changes done in RedHat ubi8.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2134010 - CVE-2022-32149 golang: golang.org/x/text/language:
ParseAcceptLanguage takes a long time to parse complex tags
https://bugzilla.redhat.com/show_bug.cgi?id=2134010
[ 2 ] Bug #2216965 - CVE-2023-29403 golang: runtime: unexpected behavior of
setuid/setgid binaries
https://bugzilla.redhat.com/show_bug.cgi?id=2216965
[ 3 ] Bug #2217562 - CVE-2023-29402 golang: cmd/go: go command may generate
unexpected code at build time when using cgo
https://bugzilla.redhat.com/show_bug.cgi?id=2217562
[ 4 ] Bug #2217565 - CVE-2023-29404 golang: cmd/go: go command may execute
arbitrary code at build time when using cgo
https://bugzilla.redhat.com/show_bug.cgi?id=2217565
[ 5 ] Bug #2217569 - CVE-2023-29405 golang: cmd/cgo: Arbitratry code
execution triggered by linker flags
https://bugzilla.redhat.com/show_bug.cgi?id=2217569
--------------------------------------------------------------------------------
================================================================================
netdata-1.40.1-1.el7 (FEDORA-EPEL-2023-a55d62b450)
Real-time performance monitoring
--------------------------------------------------------------------------------
Update Information:
Update from upstream
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 29 2023 Didier Fabert <[email protected]> 1.40.1-1
- Update from upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2215364 - netdata-1.40.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2215364
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
