-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2022-f64d777807 2022-05-20 02:26:36.356782 --------------------------------------------------------------------------------
Name : golang Product : Fedora EPEL 7 Version : 1.17.7 Release : 1.el7 URL : http://golang.org/ Summary : The Go Programming Language Description : The Go Programming Language. -------------------------------------------------------------------------------- Update Information: Update to 1.17.7, including fixes for CVE-2021-29923, CVE-2021-43565, CVE-2022-23806, CVE-2022-23772, and CVE-2022-23773 -------------------------------------------------------------------------------- ChangeLog: * Tue May 10 2022 Dave Dykstra <[email protected]> - 1.17.7-1 - Update to 1.17.7, based on centos8-stream packaging except keeping go-srpm-macros and the "--with ignore_tests" rpmbuild option -------------------------------------------------------------------------------- References: [ 1 ] Bug #1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet https://bugzilla.redhat.com/show_bug.cgi?id=1992006 [ 2 ] Bug #2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic https://bugzilla.redhat.com/show_bug.cgi?id=2030787 [ 3 ] Bug #2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements https://bugzilla.redhat.com/show_bug.cgi?id=2053429 [ 4 ] Bug #2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString https://bugzilla.redhat.com/show_bug.cgi?id=2053532 [ 5 ] Bug #2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control https://bugzilla.redhat.com/show_bug.cgi?id=2053541 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update golang' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ epel-package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
