Read Time:4 Minute, 20 Second

FEDORA-2022-5038c3236c

Packages in this update:

golang-github-chromedp-cdproto-0-0.9.20220719git285dfb4.fc36
golang-k8s-sample-controller-1.22.0-5.fc36
golang-mongodb-mongo-driver-1.4.5-7.fc36
golang-mvdan-sh-3-3.4.3-5.fc36
golang-mvdan-xurls-2.2.0-7.fc36
golang-rsc-pdf-0.1.1-11.fc36
golang-sigs-k8s-aws-iam-authenticator-0.5.2-8.fc36
golang-sourcegraph-appdash-0-0.10.20210113gitebfcffb.fc36
golang-starlark-0-0.8.20210113gite81fc95.fc36
golang-storj-drpc-0.0.31-3.fc36
golang-vbom-util-0-0.12.20190520gitefcd4e0.fc36
golang-x-debug-0-0.15.20210123gitc934e1b.fc36
golang-x-exp-0-0.44.20220330git053ad81.fc36
golang-x-lint-0-17.20210123git83fdc39.fc36
golang-x-mobile-0-0.13.20220719git8578da9.fc36
golang-x-mod-0.6.0~dev-4.20220330git9b9b3d8.fc36
golang-x-perf-0-0.16.20210123gitbdcc622.fc36
golang-x-text-0.3.7-4.fc36
golang-x-tools-0.1.10-3.fc36
golist-0.10.1-10.fc36
goloris-0-0.7.20200326gita59fafb.fc36
gomtree-0.4.0-12.fc36
google-guest-agent-20201217.02-5.fc36
gotags-1.4.1-9.fc36
gotun-0-0.15.gita9dbe4d.fc36
grafana-7.5.15-4.fc36
gron-0.7.1-3.fc36
grpcurl-1.8.6-4.fc36
hakrevdns-0-0.6.20201116git9fa2d59.fc36
hcloud-1.30.0-2.fc36
htmltest-0.15.0-4.fc36
httprobe-0.1.2-7.fc36
hugo-0.93.3-6.fc36
hulk-0-0.7.20200620git9670699.fc36
ignition-2.14.0-3.fc36
jid-0.7.6-10.fc36
kata-containers-2.3.3-2.fc36.2
kiln-0.3.1-4.fc36
kompose-1.17.0-10.fc36
kubernetes-1.24.1-3.fc36
manifest-tool-2.0.3-3.fc36
mass3-0-0.7.20200627gite1d5f1a.fc36
meg-0.2.4-7.fc36
meshbird-2.3-7.fc36
micro-2.0.8-6.fc36
moby-engine-20.10.17-5.fc36
mqttcli-0.2.3-3.fc36
nats-server-2.1.9-7.fc36
nebula-1.6.0-2.fc36
netscanner-0-0.6.20201116git8baab36.fc36
nex-20210330-4.fc36
oci-seccomp-bpf-hook-1.2.6-2.fc36
ohmybackup-0-0.7.20200526git50f2fce.fc36
open-policy-agent-0.31.0-7.fc36
origin-3.11.2-7.fc36
osbuild-composer-57-2.fc36
pack-0.27.0-3.fc36
podman-tui-0.5.0-2.fc36
popub-0-0.14.20171007git6ffa11c.fc36
powerline-go-1.22.1-3.fc36
reg-0.16.1-9.fc36
reposurgeon-4.32-3.fc36
restic-0.12.1-4.fc36
runc-1.1.2-3.fc36
shellz-1.5.0-8.fc36
shhgit-0.2-8.fc36
skopeo-1.9.0-4.fc36
snapd-2.56.2-4.fc36
snowcrash-0-0.8.20201119git49b99ad.fc36
source-to-image-1.3.1-5.fc36
stargz-snapshotter-0.12.0-2.fc36
subfinder-2.5.2-3.fc36
swig-4.0.2-17.fc36
syncthing-1.20.3-2.fc36
sysutil-0-0.8.20200615git15668db.fc36
terrier-0.0.2-7.fc36
tiedot-3.4-9.fc36
tmux-top-0.1.1-3.fc36
toolbox-0.0.99.3-6.fc36
vgrep-2.6.0-3.fc36
vultr-2.0.3-6.fc36
vultr-cli-2.14.2-3.fc36
webanalyze-0.3.1-7.fc36
weldr-client-35.5-3.fc36
wgctrl-0-0.12.20210811git4253848.fc36
xe-guest-utilities-latest-7.30.0-6.fc36
xq-0.0.7-5.fc36
yggdrasil-0.2.98^1.ffb580f-0.3.20220127gitffb580f.fc36
yubihsm-connector-3.0.3-4.fc36

Update description:

Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang

See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.

Update to latest commit as of 20220719

Added

Experimental: nebula clients can be configured to act as relays for other nebula clients.
Primarily useful when stubborn NATs make a direct tunnel impossible. (#678)

Configuration option to report manually specified ip:ports to lighthouses. (#650)

Windows arm64 build. (#638)

punchy and most lighthouse config options now support hot reloading. (#649)

Changed

Build against go 1.18. (#656)

Promoted routines config from experimental to supported feature. (#702)

Dependencies updated. (#664)

Fixed

Packets destined for the same host that sent it will be returned on MacOS.
This matches the default behavior of other operating systems. (#501)

unsafe_route configuration will no longer crash on Windows. (#648)

A few panics that were introduced in 1.5.x. (#657, #658, #675)

Security

You can set listen.send_recv_error to control the conditions in which
recv_error messages are sent. Sending these messages can expose the fact
that Nebula is running on a host, but it speeds up re-handshaking. (#670)

Removed

x509 config stanza support has been removed. (#685)

bump to v4.2.0-rc1

fix package dir listing

resolve build issues and list new shell completion files

Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz-snapshotter/releases/tag/v0.12.0

Fix extracting network metric

Friday Squid Blogging: Squid Game Season Two Teaser

Clever Social Engineering Attack Using Captchas

US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities

Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable

Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions

This Windows PowerShell Phish Has Scary Potential

Infostealers Cause Surge in Ransomware Attacks, Just One in Three Recover Data

FBI Shuts Down Chinese Botnet

Western Agencies Warn Risk from Chinese-Controlled Botnet

FEDORA-2022-5038c3236c

Packages in this update:

Update description:

GLSA 202409-07: Rust: Multiple Vulnerabilities

GLSA 202409-06: file: Stack Buffer Overread

GLSA 202409-05: PJSIP: Heap Buffer Overflow

GLSA 202409-04: calibre: Multiple Vulnerabilities

GLSA 202409-03: GPL Ghostscript: Multiple Vulnerabilities

GLSA 202409-02: PostgreSQL: Privilege Escalation