Category Archives: Advisories

golang-github-morikuni-aec-1.0.0-6.fc36 golang-github-mozillazg-pinyin-0.19.0-5.fc36 golang-github-mroach-rom64-0.5.3-2.fc36 golang-github-mrunalp-fileutils-0.5.0-6.fc36 golang-github-msprev-fzf-bibtex-1.1-6.20220205gitd5df2c6.fc36 golang-github-multiformats-multibase-0.0.3-3.20220213gitf067816.fc36 golang-github-multiformats-multihash-0.1.0-3.fc36 golang-github-mvo5-uboot-0.4-11.fc36 golang-github-nats-io-nkeys-0.2.0-6.fc36 golang-github-nats-io-streaming-server-0.20.0-6.fc36 golang-github-nbutton23-zxcvbn-0.1-9.20210110gite56b841.fc36 golang-github-nicksnyder-i18n-2-2.1.2-6.fc36 golang-github-niklasfasching-org-1.6.2-3.fc36 golang-github-oklog-0.3.2-12.20190701gitca7cdf5.fc36 golang-github-oklog-ulid-2.0.2-11.fc36 golang-github-olekukonko-tablewriter-0.0.5-4.fc36 golang-github-oneofone-xxhash-1.2.8-6.fc36 golang-github-onsi-ginkgo-2-2.1.4-3.fc36 golang-github-openprinting-ipp-usb-0.9.22-2.fc36 golang-github-pact-foundation-1.5.1-7.fc36 golang-github-path-network-mmproxy-2.1-4.fc36 golang-github-pdfcpu-0.3.13-3.fc36 golang-github-pelletier-toml-1.9.4-3.fc36 golang-github-pelletier-toml-2-2.0.0~beta.8-5.fc36 golang-github-phayes-freeport-1.0.2-7.fc36 golang-github-pierrec-lz4-4.1.3-6.fc36 golang-github-pierrre-geohash-1.0.0-5.fc36 golang-github-posener-complete-1.2.3-9.fc36 golang-github-posener-complete-2-2.0.1~alpha.13-6.fc36 golang-github-pquerna-ffjson-0-0.10.20200730gitaa0246c.fc36 golang-github-pressly-goose-2.7.0-5.fc36 golang-github-projectdiscovery-chaos-client-0.2.0-3.fc36 golang-github-projectdiscovery-mapcidr-0.0.8-4.fc36 golang-github-prometheus-2.32.1-7.fc36 golang-github-prometheus-node-exporter-1.3.1-10.fc36 golang-github-prometheus-prom2json-1.3.0-9.20210811git90766c0.fc36 golang-github-prometheus-tsdb-0.10.0-9.fc36 golang-github-quay-goval-parser-0.8.6-5.fc36 golang-github-rakyll-statik-0.1.7-9.fc36 golang-github-rcrowley-metrics-0-0.29.20210110gitcf1acfc.fc36 golang-github-redteampentesting-monsoon-0.6.0-7.fc36 golang-github-rickb777-date-1.19.1-3.fc36 golang-github-rogpeppe-internal-1.8.1-3.fc36 golang-github-rubenv-sql-migrate-0-0.6.20210529gita32ed26.fc36 golang-github-rwcarlsen-goexif-0-0.10.20191017git9e8deec.fc36 golang-github-schollz-croc-9.5.2-2.fc36 golang-github-schollz-mnemonicode-1.0.1-3.fc36 golang-github-segmentio-ksuid-1.0.4-4.fc36 golang-github-shellcode33-vm-detection-0-0.7.20200715git4fd05cb.fc36 golang-github-shopify-sarama-1.27.2-6.fc36 golang-github-shopify-toxiproxy-2.1.4-11.fc36 golang-github-shulhan-bindata-3.6.1-7.fc36 golang-github-shurcool-vfsgen-0-0.12.20210113git0d455de.fc36 golang-github-skip2-qrcode-0-3.20220316gitda1b656.fc36 golang-github-skynetservices-skydns-2.5.3-23.20200802git94b2ea0.fc36 golang-github-snappy-0.0.2-7.fc36 golang-github-sophaskins-efs2tar-0-0.5.20210317git4db1b0f.fc36 golang-github-sourcegraph-syntaxhighlight-0-0.12.20180418gitbd320f5.fc36 golang-github-spyzhov-ajson-0.4.2-11.fc36 golang-github-sqshq-sampler-1.1.0-10.fc36 golang-github-task-3.14.0-3.fc36 golang-github-tdewolff-minify-2.11.10-4.fc36 golang-github-temoto-robotstxt-1.1.2-4.fc36 golang-github-theoapp-theo-agent-0.14.0-5.fc36 golang-github-theupdateframework-notary-0.7.0-7.fc36 golang-github-tinylib-msgp-1.1.5-6.fc36 golang-github-tklauser-numcpus-0.2.3-8.fc36 golang-github-tomnomnom-xtermcolor-0.1.2-9.fc36 golang-github-tscholl2-siec-0-4.20211128git9bdfc48.fc36 golang-github-twitchtv-twirp-8.1.0-5.fc36 golang-github-twpayne-waypoint-0-0.5.20210130git4f8e6bf.fc36 golang-github-u-root-iscsinl-0.1.0-5.fc36 golang-github-uber-athenadriver-1.1.12-6.fc36 golang-github-uber-jaeger-client-2.30.0-3.fc36 golang-github-ulikunitz-xz-0.5.10-5.fc36 golang-github-valyala-fasthttp-1.29.0-4.fc36 golang-github-vbatts-tar-split-0.11.1-11.fc36 golang-github-vincent-petithory-dataurl-0-0.8.20200110gitd1553a7.fc36 golang-github-xo-terminfo-0-0.7.20210113gitc22d04b.fc36 golang-github-xordataexchange-crypt-0.0.2-13.20190412gitb2862e3.fc36 golang-github-yuin-gopher-lua-0-24.20220305gitf4c35e4.fc36 golang-github-zyedidia-highlight-0-0.7.20200218git291680f.fc36 golang-gitlab-commonmark-linkify-0-0.10.20200805git64bca66.fc36 golang-google-appengine-1.6.7-6.fc36 golang-google-protobuf-1.27.1-6.fc36 golang-gopkg-neurosnap-sentences-1-1.0.6-15.fc36 golang-gopkg-square-jose-2-2.6.0-4.fc36 golang-gopkg-src-d-git-4-4.13.1-9.fc36 golang-honnef-tools-2021.1.2-3.20220304git852a31a.fc36 golang-jaytaylor-html2text-0-0.3.20220509gitbc68cce.fc36 golang-k8s-apiextensions-apiserver-1.22.0-7.fc36 golang-k8s-code-generator-1.22.0-5.fc36 golang-k8s-kube-aggregator-1.22.0-5.fc36 golang-k8s-kube-openapi-0-0.22.20210813git3c81807.fc36 golang-k8s-pod-security-admission-1.22.0-4.fc36 golang-k8s-sample-apiserver-1.22.0-6.fc36 golang-k8s-sample-cli-plugin-1.22.0-5.fc36

Read Time:4 Minute, 44 Second

FEDORA-2022-37aef44d1e

Packages in this update:

golang-github-morikuni-aec-1.0.0-6.fc36
golang-github-mozillazg-pinyin-0.19.0-5.fc36
golang-github-mroach-rom64-0.5.3-2.fc36
golang-github-mrunalp-fileutils-0.5.0-6.fc36
golang-github-msprev-fzf-bibtex-1.1-6.20220205gitd5df2c6.fc36
golang-github-multiformats-multibase-0.0.3-3.20220213gitf067816.fc36
golang-github-multiformats-multihash-0.1.0-3.fc36
golang-github-mvo5-uboot-0.4-11.fc36
golang-github-nats-io-nkeys-0.2.0-6.fc36
golang-github-nats-io-streaming-server-0.20.0-6.fc36
golang-github-nbutton23-zxcvbn-0.1-9.20210110gite56b841.fc36
golang-github-nicksnyder-i18n-2-2.1.2-6.fc36
golang-github-niklasfasching-org-1.6.2-3.fc36
golang-github-oklog-0.3.2-12.20190701gitca7cdf5.fc36
golang-github-oklog-ulid-2.0.2-11.fc36
golang-github-olekukonko-tablewriter-0.0.5-4.fc36
golang-github-oneofone-xxhash-1.2.8-6.fc36
golang-github-onsi-ginkgo-2-2.1.4-3.fc36
golang-github-openprinting-ipp-usb-0.9.22-2.fc36
golang-github-pact-foundation-1.5.1-7.fc36
golang-github-path-network-mmproxy-2.1-4.fc36
golang-github-pdfcpu-0.3.13-3.fc36
golang-github-pelletier-toml-1.9.4-3.fc36
golang-github-pelletier-toml-2-2.0.0~beta.8-5.fc36
golang-github-phayes-freeport-1.0.2-7.fc36
golang-github-pierrec-lz4-4.1.3-6.fc36
golang-github-pierrre-geohash-1.0.0-5.fc36
golang-github-posener-complete-1.2.3-9.fc36
golang-github-posener-complete-2-2.0.1~alpha.13-6.fc36
golang-github-pquerna-ffjson-0-0.10.20200730gitaa0246c.fc36
golang-github-pressly-goose-2.7.0-5.fc36
golang-github-projectdiscovery-chaos-client-0.2.0-3.fc36
golang-github-projectdiscovery-mapcidr-0.0.8-4.fc36
golang-github-prometheus-2.32.1-7.fc36
golang-github-prometheus-node-exporter-1.3.1-10.fc36
golang-github-prometheus-prom2json-1.3.0-9.20210811git90766c0.fc36
golang-github-prometheus-tsdb-0.10.0-9.fc36
golang-github-quay-goval-parser-0.8.6-5.fc36
golang-github-rakyll-statik-0.1.7-9.fc36
golang-github-rcrowley-metrics-0-0.29.20210110gitcf1acfc.fc36
golang-github-redteampentesting-monsoon-0.6.0-7.fc36
golang-github-rickb777-date-1.19.1-3.fc36
golang-github-rogpeppe-internal-1.8.1-3.fc36
golang-github-rubenv-sql-migrate-0-0.6.20210529gita32ed26.fc36
golang-github-rwcarlsen-goexif-0-0.10.20191017git9e8deec.fc36
golang-github-schollz-croc-9.5.2-2.fc36
golang-github-schollz-mnemonicode-1.0.1-3.fc36
golang-github-segmentio-ksuid-1.0.4-4.fc36
golang-github-shellcode33-vm-detection-0-0.7.20200715git4fd05cb.fc36
golang-github-shopify-sarama-1.27.2-6.fc36
golang-github-shopify-toxiproxy-2.1.4-11.fc36
golang-github-shulhan-bindata-3.6.1-7.fc36
golang-github-shurcool-vfsgen-0-0.12.20210113git0d455de.fc36
golang-github-skip2-qrcode-0-3.20220316gitda1b656.fc36
golang-github-skynetservices-skydns-2.5.3-23.20200802git94b2ea0.fc36
golang-github-snappy-0.0.2-7.fc36
golang-github-sophaskins-efs2tar-0-0.5.20210317git4db1b0f.fc36
golang-github-sourcegraph-syntaxhighlight-0-0.12.20180418gitbd320f5.fc36
golang-github-spyzhov-ajson-0.4.2-11.fc36
golang-github-sqshq-sampler-1.1.0-10.fc36
golang-github-task-3.14.0-3.fc36
golang-github-tdewolff-minify-2.11.10-4.fc36
golang-github-temoto-robotstxt-1.1.2-4.fc36
golang-github-theoapp-theo-agent-0.14.0-5.fc36
golang-github-theupdateframework-notary-0.7.0-7.fc36
golang-github-tinylib-msgp-1.1.5-6.fc36
golang-github-tklauser-numcpus-0.2.3-8.fc36
golang-github-tomnomnom-xtermcolor-0.1.2-9.fc36
golang-github-tscholl2-siec-0-4.20211128git9bdfc48.fc36
golang-github-twitchtv-twirp-8.1.0-5.fc36
golang-github-twpayne-waypoint-0-0.5.20210130git4f8e6bf.fc36
golang-github-uber-athenadriver-1.1.12-6.fc36
golang-github-uber-jaeger-client-2.30.0-3.fc36
golang-github-ulikunitz-xz-0.5.10-5.fc36
golang-github-u-root-iscsinl-0.1.0-5.fc36
golang-github-valyala-fasthttp-1.29.0-4.fc36
golang-github-vbatts-tar-split-0.11.1-11.fc36
golang-github-vincent-petithory-dataurl-0-0.8.20200110gitd1553a7.fc36
golang-github-xordataexchange-crypt-0.0.2-13.20190412gitb2862e3.fc36
golang-github-xo-terminfo-0-0.7.20210113gitc22d04b.fc36
golang-github-yuin-gopher-lua-0-24.20220305gitf4c35e4.fc36
golang-github-zyedidia-highlight-0-0.7.20200218git291680f.fc36
golang-gitlab-commonmark-linkify-0-0.10.20200805git64bca66.fc36
golang-google-appengine-1.6.7-6.fc36
golang-google-protobuf-1.27.1-6.fc36
golang-gopkg-neurosnap-sentences-1-1.0.6-15.fc36
golang-gopkg-square-jose-2-2.6.0-4.fc36
golang-gopkg-src-d-git-4-4.13.1-9.fc36
golang-honnef-tools-2021.1.2-3.20220304git852a31a.fc36
golang-jaytaylor-html2text-0-0.3.20220509gitbc68cce.fc36
golang-k8s-apiextensions-apiserver-1.22.0-7.fc36
golang-k8s-code-generator-1.22.0-5.fc36
golang-k8s-kube-aggregator-1.22.0-5.fc36
golang-k8s-kube-openapi-0-0.22.20210813git3c81807.fc36
golang-k8s-pod-security-admission-1.22.0-4.fc36
golang-k8s-sample-apiserver-1.22.0-6.fc36
golang-k8s-sample-cli-plugin-1.22.0-5.fc36

Update description:

Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang

See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.

enable s390x build (rhbz#1971028)

Read More

golang-github-cpu-goacmedns-0.1.1-6.fc36 golang-github-cpuguy83-md2man-2.0.2-3.fc36 golang-github-crossdock-0-0.9.20190628git049aabb.fc36 golang-github-cucumber-godog-0.12.1-5.fc36 golang-github-cyberdotgent-route3270-0.2-4.fc36 golang-github-dave-jennifer-1.4.1-6.fc36 golang-github-deepmap-oapi-codegen-1.8.2-4.fc36 golang-github-denisbrodbeck-machineid-1.0.1-3.fc36 golang-github-dgrijalva-jwt-3.2.0-12.fc36 golang-github-dreamacro-shadowsocks2-0.1.7-7.fc36 golang-github-dustinkirkland-petname-0-0.7.20200605git8e5a1ed.fc36 golang-github-eknkc-amber-0-0.18.20190601gitcdade1c.fc36 golang-github-elazarl-bindata-assetfs-1.0.1-10.fc36 golang-github-emersion-smtp-0.15.0-5.fc36 golang-github-envoyproxy-protoc-gen-validate-0.4.1-7.fc36 golang-github-etcd-io-gofail-0-0.4.20210808gitad7f989.fc36 golang-github-euank-kmsg-parser-2.0.1-9.fc36 golang-github-evanphx-json-patch-5.5.0-4.fc36 golang-github-evanw-esbuild-0.14.38-3.fc36 golang-github-facebookincubator-contest-0-0.5.20210706gitceebc35.fc36 golang-github-facebookincubator-dhcplb-0-0.5.20210706git2e66b27.fc36 golang-github-facebookincubator-go2chef-1.0-3.fc36 golang-github-facebookincubator-nvdtools-0.1.4-6.fc36 golang-github-fernet-0-0.10.20200726giteff2850.fc36 golang-github-francoispqt-gojay-1.2.13-8.fc36 golang-github-fvbommel-util-0.0.3-6.fc36 golang-github-gdamore-tcell-1.4.0-6.fc36 golang-github-gdamore-tcell-2-2.5.0-3.fc36 golang-github-geertjohan-rice-1.0.2-6.fc36 golang-github-gobuffalo-here-0.6.2-6.fc36 golang-github-gobwas-ws-1.1.0-4.fc36 golang-github-goccy-yaml-1.9.5-3.fc36 golang-github-gocolly-colly-2-2.1.0-5.20210920git2f09941.fc36 golang-github-gogo-googleapis-1.4.1-5.fc36 golang-github-gohugoio-testmodbuilder-0-0.11.20201030git72e1e0c.fc36 golang-github-gojuno-minimock-3.0.10-4.fc36 golang-github-google-containerregistry-0.5.1-6.fc36 golang-github-google-dap-0.6.0-6.fc36 golang-github-google-jsonnet-0.17.0-6.fc36 golang-github-google-martian-3.1.0-10.fc36 golang-github-google-pprof-0-17.20210802gitc50bf4f.fc36 golang-github-google-slothfs-0-0.12.20200727git59c1163.fc36 golang-github-google-wire-0.5.0-4.fc36 golang-github-googleapis-gnostic-0.5.3-7.fc36 golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-7.fc36 golang-github-gorhill-cronexpr-1.0.0-5.fc36 golang-github-gosexy-gettext-0.9-8.fc36 golang-github-grpc-ecosystem-gateway-2-2.7.3-5.fc36 golang-github-gucumber-0-0.24.20190703git7d5c79e.fc36 golang-github-haproxytech-dataplaneapi-2.4.4-5.fc36 golang-github-hashicorp-consul-migrate-0.1.0-10.20190602git678fb10.fc36 golang-github-hashicorp-hclog-0.15.0-6.fc36 golang-github-hashicorp-memdb-1.3.0-6.fc36 golang-github-hashicorp-serf-0.9.5-6.fc36 golang-github-hashicorp-sockaddr-1.0.2-12.fc36 golang-github-heistp-irtt-0.9.1-3.fc36 golang-github-hexdigest-gowrap-1.1.12-5.fc36 golang-github-hub-2.14.2-9.fc36 golang-github-insomniacslk-termhook-0-7.20210406gita267c97.fc36 golang-github-instrumenta-kubeval-0.15.0-9.fc36 golang-github-j-keck-arping-1.0.2-4.fc36 golang-github-jmespath-0.4.0-6.fc36 golang-github-jsonnet-bundler-0.4.0-9.fc36 golang-github-jwt-3.2.2-4.fc36 golang-github-kalafut-imohash-1.0.2-4.fc36 golang-github-kr-text-0.2.0-6.fc36 golang-github-krishicks-yaml-patch-0.0.10-9.20200307git05b3177.fc36 golang-github-kyokomi-emoji-2.2.8-6.fc36 golang-github-ledisdb-0.6-6.20210112gitd35789e.fc36 golang-github-leonelquinteros-gotext-1.5.0-3.fc36 golang-github-letsencrypt-pebble-2.3.1-6.fc36 golang-github-leveldb-0-0.10.20190701git259d925.fc36 golang-github-liamg-scout-0.15.1-5.fc36 golang-github-liamg-tml-0.6.0-3.fc36 golang-github-lofanmi-pinyin-1.0-5.fc36 golang-github-lunixbochs-vtclean-1.0.0-9.fc36 golang-github-magefile-mage-1.11.0-6.fc36 golang-github-mailru-easyjson-0.7.6-6.fc36 golang-github-markbates-pkger-0.17.1-6.fc36 golang-github-martinhoefling-goxkcdpwgen-0.1.0-3.fc36 golang-github-mattn-colorable-0.1.8-8.fc36 golang-github-mbndr-figlet4go-0-0.9.20191009gitd6cef5b.fc36 golang-github-mdlayher-dhcp6-0-0.9.20200429git2a67805.fc36 golang-github-mdlayher-ethernet-0-0.6.20201109git0394541.fc36 golang-github-mgutz-ansi-0-0.14.20200729gitd51e80e.fc36 golang-github-mholt-archiver-3.5.1-4.fc36 golang-github-microcosm-cc-bluemonday-1.0.17-4.fc36 golang-github-mmarkdown-mmark-2.2.10-6.fc36 golang-github-mock-1.6.0-4.fc36

Read Time:4 Minute, 15 Second

FEDORA-2022-ea8f4e232d

Packages in this update:

golang-github-cpu-goacmedns-0.1.1-6.fc36
golang-github-cpuguy83-md2man-2.0.2-3.fc36
golang-github-crossdock-0-0.9.20190628git049aabb.fc36
golang-github-cucumber-godog-0.12.1-5.fc36
golang-github-cyberdotgent-route3270-0.2-4.fc36
golang-github-dave-jennifer-1.4.1-6.fc36
golang-github-deepmap-oapi-codegen-1.8.2-4.fc36
golang-github-denisbrodbeck-machineid-1.0.1-3.fc36
golang-github-dgrijalva-jwt-3.2.0-12.fc36
golang-github-dreamacro-shadowsocks2-0.1.7-7.fc36
golang-github-dustinkirkland-petname-0-0.7.20200605git8e5a1ed.fc36
golang-github-eknkc-amber-0-0.18.20190601gitcdade1c.fc36
golang-github-elazarl-bindata-assetfs-1.0.1-10.fc36
golang-github-emersion-smtp-0.15.0-5.fc36
golang-github-envoyproxy-protoc-gen-validate-0.4.1-7.fc36
golang-github-etcd-io-gofail-0-0.4.20210808gitad7f989.fc36
golang-github-euank-kmsg-parser-2.0.1-9.fc36
golang-github-evanphx-json-patch-5.5.0-4.fc36
golang-github-evanw-esbuild-0.14.38-3.fc36
golang-github-facebookincubator-contest-0-0.5.20210706gitceebc35.fc36
golang-github-facebookincubator-dhcplb-0-0.5.20210706git2e66b27.fc36
golang-github-facebookincubator-go2chef-1.0-3.fc36
golang-github-facebookincubator-nvdtools-0.1.4-6.fc36
golang-github-fernet-0-0.10.20200726giteff2850.fc36
golang-github-francoispqt-gojay-1.2.13-8.fc36
golang-github-fvbommel-util-0.0.3-6.fc36
golang-github-gdamore-tcell-1.4.0-6.fc36
golang-github-gdamore-tcell-2-2.5.0-3.fc36
golang-github-geertjohan-rice-1.0.2-6.fc36
golang-github-gobuffalo-here-0.6.2-6.fc36
golang-github-gobwas-ws-1.1.0-4.fc36
golang-github-goccy-yaml-1.9.5-3.fc36
golang-github-gocolly-colly-2-2.1.0-5.20210920git2f09941.fc36
golang-github-gogo-googleapis-1.4.1-5.fc36
golang-github-gohugoio-testmodbuilder-0-0.11.20201030git72e1e0c.fc36
golang-github-gojuno-minimock-3.0.10-4.fc36
golang-github-googleapis-gnostic-0.5.3-7.fc36
golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-7.fc36
golang-github-google-containerregistry-0.5.1-6.fc36
golang-github-google-dap-0.6.0-6.fc36
golang-github-google-jsonnet-0.17.0-6.fc36
golang-github-google-martian-3.1.0-10.fc36
golang-github-google-pprof-0-17.20210802gitc50bf4f.fc36
golang-github-google-slothfs-0-0.12.20200727git59c1163.fc36
golang-github-google-wire-0.5.0-4.fc36
golang-github-gorhill-cronexpr-1.0.0-5.fc36
golang-github-gosexy-gettext-0.9-8.fc36
golang-github-grpc-ecosystem-gateway-2-2.7.3-5.fc36
golang-github-gucumber-0-0.24.20190703git7d5c79e.fc36
golang-github-haproxytech-dataplaneapi-2.4.4-5.fc36
golang-github-hashicorp-consul-migrate-0.1.0-10.20190602git678fb10.fc36
golang-github-hashicorp-hclog-0.15.0-6.fc36
golang-github-hashicorp-memdb-1.3.0-6.fc36
golang-github-hashicorp-serf-0.9.5-6.fc36
golang-github-hashicorp-sockaddr-1.0.2-12.fc36
golang-github-heistp-irtt-0.9.1-3.fc36
golang-github-hexdigest-gowrap-1.1.12-5.fc36
golang-github-hub-2.14.2-9.fc36
golang-github-insomniacslk-termhook-0-7.20210406gita267c97.fc36
golang-github-instrumenta-kubeval-0.15.0-9.fc36
golang-github-j-keck-arping-1.0.2-4.fc36
golang-github-jmespath-0.4.0-6.fc36
golang-github-jsonnet-bundler-0.4.0-9.fc36
golang-github-jwt-3.2.2-4.fc36
golang-github-kalafut-imohash-1.0.2-4.fc36
golang-github-krishicks-yaml-patch-0.0.10-9.20200307git05b3177.fc36
golang-github-kr-text-0.2.0-6.fc36
golang-github-kyokomi-emoji-2.2.8-6.fc36
golang-github-ledisdb-0.6-6.20210112gitd35789e.fc36
golang-github-leonelquinteros-gotext-1.5.0-3.fc36
golang-github-letsencrypt-pebble-2.3.1-6.fc36
golang-github-leveldb-0-0.10.20190701git259d925.fc36
golang-github-liamg-scout-0.15.1-5.fc36
golang-github-liamg-tml-0.6.0-3.fc36
golang-github-lofanmi-pinyin-1.0-5.fc36
golang-github-lunixbochs-vtclean-1.0.0-9.fc36
golang-github-magefile-mage-1.11.0-6.fc36
golang-github-mailru-easyjson-0.7.6-6.fc36
golang-github-markbates-pkger-0.17.1-6.fc36
golang-github-martinhoefling-goxkcdpwgen-0.1.0-3.fc36
golang-github-mattn-colorable-0.1.8-8.fc36
golang-github-mbndr-figlet4go-0-0.9.20191009gitd6cef5b.fc36
golang-github-mdlayher-dhcp6-0-0.9.20200429git2a67805.fc36
golang-github-mdlayher-ethernet-0-0.6.20201109git0394541.fc36
golang-github-mgutz-ansi-0-0.14.20200729gitd51e80e.fc36
golang-github-mholt-archiver-3.5.1-4.fc36
golang-github-microcosm-cc-bluemonday-1.0.17-4.fc36
golang-github-mmarkdown-mmark-2.2.10-6.fc36
golang-github-mock-1.6.0-4.fc36

Update description:

Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang

See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.

Read More

3mux-1.1.0-6.fc36 act-1.6.0-7.fc36 aerc-0.10.0-5.fc36 age-1.0.0-6.fc36 antlr4-project-4.9.3-6.fc36 apache-cloudstack-cloudmonkey-6.2.0-4.fc36 apptainer-1.0.3-2.fc36 aquatone-1.7.0-8.fc36 aron-0-0.7.20200626git7eade58.fc36 asciigraph-0.5.5-3.fc36 asnip-0-0.7.20200618git44ba98b.fc36 assetfinder-0.1.0-7.fc36 astral-0.1.2-2.fc36 bettercap-2.32.0-5.fc36 buildah-1.26.2-2.fc36 butane-0.15.0-2.fc36 caddy-2.4.6-4.fc36 cadvisor-0.44.1-4.fc36 cheat-4.2.2-5.fc36 chisel-1.7.7-4.fc36 clash-1.8.0-5.fc36 clipman-1.6.1-4.fc36 commit-stream-0.1.2-8.fc36 containerd-1.6.6-5.fc36 cri-o-1.24.1-3.fc36 darkman-1.3.1-0.4.20220624gitc265698.fc36 deepin-gir-generator-2.1.0-4.fc36 direnv-2.32.1-3.fc36 dnscrypt-proxy-2.1.1-5.fc36 dnsx-1.1.0-4.fc36 docker-distribution-2.6.2-18.git48294d9.fc36 doctl-1.78.0-2.fc36 douceur-0.2.0-15.fc36 duf-0.8.1-4.fc36 ffuf-1.0.2-7.fc36 fzf-0.30.0-4.fc36 geoipupdate-4.9.0-3.fc36 git-lfs-3.1.2-5.fc36 git-octopus-2.0-0.4.beta.3.fc36.13 git-time-metric-1.3.5-16.fc36 gitjacker-0.0.2-9.fc36 glide-0.13.2-11.fc36 gmailctl-0.10.4-4.fc36 go-bindata-3.0.7-23.gita0ff256.fc36 goaltdns-0-0.8.20200627git2b3e8a3.fc36 gobuster-3.1.0-4.fc36 godep-62-18.fc36 godoctor-0.6-13.fc36 godotenv-1.4.0-5.fc36 gojq-0.12.8-4.fc36 golang-ariga-atlas-0.3.6-4.fc36 golang-bug-serial-1-1.3.5-4.fc36 golang-contrib-opencensus-resource-0.1.2-8.fc36 golang-entgo-ent-0.10.0-5.fc36 golang-etcd-bbolt-1.3.6-5.fc36 golang-gioui-0-9.20201225git18d4dbf.fc36 golang-github-a8m-envsubst-1.3.0-3.fc36 golang-github-a8m-tree-0-0.17.20210725gitce3525c.fc36 golang-github-acme-lego-4.4.0-7.fc36 golang-github-ajstarks-deck-0-0.13.20210114git30c9fc6.fc36 golang-github-akavel-rsrc-0.10.2-5.fc36 golang-github-alecthomas-chroma-0.10.0-4.fc36 golang-github-aliyun-ossutil-1.7.9-4.fc36 golang-github-apache-beam-2-2.33.0~RC1-8.fc36 golang-github-appc-docker2aci-0.17.2-10.fc36 golang-github-appc-goaci-0.1.1-13.fc36 golang-github-appc-spec-0.8.11-15.fc36 golang-github-aryann-difflib-0-0.6.20200822gite206f87.fc36 golang-github-aws-lambda-1.26.0-5.fc36 golang-github-axgle-mahonia-0-0.14.20181112git3358181.fc36 golang-github-bifurcation-mint-0-0.10.20200724git93c820e.fc36 golang-github-bobesa-domain-util-0-0.7.20200504git4033b5f.fc36 golang-github-boltdb-bolt-1.3.1-16.fc36 golang-github-burntsushi-toml-1.0.0-6.fc36 golang-github-burntsushi-toml-test-0.2.0-12.20210108git9767d20.fc36 golang-github-burntsushi-xgb-0-0.16.20210108git5f9e7b3.fc36 golang-github-c-bata-prompt-0.2.6-5.fc36 golang-github-cactus-statsd-client-5.0.0-6.fc36 golang-github-cespare-xxhash-2.1.2-4.fc36 golang-github-chai2010-gettext-1.0.2-7.fc36 golang-github-chris-ramon-douceur-0.2.0-6.20200910gitf346305.fc36 golang-github-christrenkamp-goxpath-0-0.7.20200627gitc5096ec.fc36 golang-github-cilium-ebpf-0.8.0-3.fc36 golang-github-client9-gospell-0-0.12.20190524git90dfc71.fc36 golang-github-client9-plaintext-0-0.9.20190703git5bf47e7.fc36 golang-github-cloudflare-0.21.0-4.fc36 golang-github-cloudflare-redoctober-0-0.13.20210114git99c99a8.fc36 golang-github-cockroachdb-pebble-0-0.9.20210108git48f5530.fc36 golang-github-colinmarc-hdfs-2-2.2.0-5.fc36 golang-github-containerd-continuity-0.2.2-4.fc36 golang-github-containerd-fuse-overlayfs-snapshotter-1.0.2-8.fc36 golang-github-containernetworking-cni-1.1.1-5.fc36 golang-github-coredns-corefile-migration-1.0.11-7.fc36

Read Time:3 Minute, 47 Second

FEDORA-2022-5ef0bd9a27

Packages in this update:

3mux-1.1.0-6.fc36
act-1.6.0-7.fc36
aerc-0.10.0-5.fc36
age-1.0.0-6.fc36
antlr4-project-4.9.3-6.fc36
apache-cloudstack-cloudmonkey-6.2.0-4.fc36
apptainer-1.0.3-2.fc36
aquatone-1.7.0-8.fc36
aron-0-0.7.20200626git7eade58.fc36
asciigraph-0.5.5-3.fc36
asnip-0-0.7.20200618git44ba98b.fc36
assetfinder-0.1.0-7.fc36
astral-0.1.2-2.fc36
bettercap-2.32.0-5.fc36
buildah-1.26.2-2.fc36
butane-0.15.0-2.fc36
caddy-2.4.6-4.fc36
cadvisor-0.44.1-4.fc36
cheat-4.2.2-5.fc36
chisel-1.7.7-4.fc36
clash-1.8.0-5.fc36
clipman-1.6.1-4.fc36
commit-stream-0.1.2-8.fc36
containerd-1.6.6-5.fc36
cri-o-1.24.1-3.fc36
darkman-1.3.1-0.4.20220624gitc265698.fc36
deepin-gir-generator-2.1.0-4.fc36
direnv-2.32.1-3.fc36
dnscrypt-proxy-2.1.1-5.fc36
dnsx-1.1.0-4.fc36
docker-distribution-2.6.2-18.git48294d9.fc36
doctl-1.78.0-2.fc36
douceur-0.2.0-15.fc36
duf-0.8.1-4.fc36
ffuf-1.0.2-7.fc36
fzf-0.30.0-4.fc36
geoipupdate-4.9.0-3.fc36
gitjacker-0.0.2-9.fc36
git-lfs-3.1.2-5.fc36
git-octopus-2.0-0.4.beta.3.fc36.13
git-time-metric-1.3.5-16.fc36
glide-0.13.2-11.fc36
gmailctl-0.10.4-4.fc36
goaltdns-0-0.8.20200627git2b3e8a3.fc36
go-bindata-3.0.7-23.gita0ff256.fc36
gobuster-3.1.0-4.fc36
godep-62-18.fc36
godoctor-0.6-13.fc36
godotenv-1.4.0-5.fc36
gojq-0.12.8-4.fc36
golang-ariga-atlas-0.3.6-4.fc36
golang-bug-serial-1-1.3.5-4.fc36
golang-contrib-opencensus-resource-0.1.2-8.fc36
golang-entgo-ent-0.10.0-5.fc36
golang-etcd-bbolt-1.3.6-5.fc36
golang-gioui-0-9.20201225git18d4dbf.fc36
golang-github-a8m-envsubst-1.3.0-3.fc36
golang-github-a8m-tree-0-0.17.20210725gitce3525c.fc36
golang-github-acme-lego-4.4.0-7.fc36
golang-github-ajstarks-deck-0-0.13.20210114git30c9fc6.fc36
golang-github-akavel-rsrc-0.10.2-5.fc36
golang-github-alecthomas-chroma-0.10.0-4.fc36
golang-github-aliyun-ossutil-1.7.9-4.fc36
golang-github-apache-beam-2-2.33.0~RC1-8.fc36
golang-github-appc-docker2aci-0.17.2-10.fc36
golang-github-appc-goaci-0.1.1-13.fc36
golang-github-appc-spec-0.8.11-15.fc36
golang-github-aryann-difflib-0-0.6.20200822gite206f87.fc36
golang-github-aws-lambda-1.26.0-5.fc36
golang-github-axgle-mahonia-0-0.14.20181112git3358181.fc36
golang-github-bifurcation-mint-0-0.10.20200724git93c820e.fc36
golang-github-bobesa-domain-util-0-0.7.20200504git4033b5f.fc36
golang-github-boltdb-bolt-1.3.1-16.fc36
golang-github-burntsushi-toml-1.0.0-6.fc36
golang-github-burntsushi-toml-test-0.2.0-12.20210108git9767d20.fc36
golang-github-burntsushi-xgb-0-0.16.20210108git5f9e7b3.fc36
golang-github-cactus-statsd-client-5.0.0-6.fc36
golang-github-c-bata-prompt-0.2.6-5.fc36
golang-github-cespare-xxhash-2.1.2-4.fc36
golang-github-chai2010-gettext-1.0.2-7.fc36
golang-github-chris-ramon-douceur-0.2.0-6.20200910gitf346305.fc36
golang-github-christrenkamp-goxpath-0-0.7.20200627gitc5096ec.fc36
golang-github-cilium-ebpf-0.8.0-3.fc36
golang-github-client9-gospell-0-0.12.20190524git90dfc71.fc36
golang-github-client9-plaintext-0-0.9.20190703git5bf47e7.fc36
golang-github-cloudflare-0.21.0-4.fc36
golang-github-cloudflare-redoctober-0-0.13.20210114git99c99a8.fc36
golang-github-cockroachdb-pebble-0-0.9.20210108git48f5530.fc36
golang-github-colinmarc-hdfs-2-2.2.0-5.fc36
golang-github-containerd-continuity-0.2.2-4.fc36
golang-github-containerd-fuse-overlayfs-snapshotter-1.0.2-8.fc36
golang-github-containernetworking-cni-1.1.1-5.fc36
golang-github-coredns-corefile-migration-1.0.11-7.fc36

Update description:

Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang

See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.

Read More

Drupal core – Moderately critical – Multiple vulnerabilities – SA-CORE-2022-015

Read Time:1 Minute, 15 Second
Project: 
Date: 
2022-July-20
Vulnerability: 
Multiple vulnerabilities
Description: 

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.

This advisory is not covered by Drupal Steward.

Solution: 

Install the latest version:

If you are using Drupal 9.4, update to Drupal 9.4.3.
If you are using Drupal 9.3, update to Drupal 9.3.19.

All versions of Drupal 9 prior to 9.3.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.

Drupal 7 core does not include the Media module and therefore is not affected.

Reported By: 
Heine of the Drupal Security Team
Fixed By: 
Lee Rowlands of the Drupal Security Team
Alex Pott of the Drupal Security Team
Samuel Mortenson
xjm of the Drupal Security Team
Heine of the Drupal Security Team
Joseph Zhao, provisional member of the Drupal Security Team
Vijay Mani, provisional member of the Drupal Security Team
Alex Bronstein of the Drupal Security Team
Neil Drumm of the Drupal Security Team
Benji Fisher, provisional member of the Drupal Security Team
Jen Lampton, provisional member of the Drupal Security Team
Dave Long, provisional member of the Drupal Security Team

Read More

Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2022-014

Read Time:2 Minute, 31 Second
Project: 
Date: 
2022-July-20
Vulnerability: 
Arbitrary PHP code execution
Description: 

Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010).

However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files’ filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core’s default .htaccess files and possible remote code execution.

This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.

Solution: 

Install the latest version:

If you are using Drupal 9.4, update to Drupal 9.4.3.
If you are using Drupal 9.3, update to Drupal 9.3.19.

All versions of Drupal 9 prior to 9.3.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.

Drupal 7 core is not affected.

Auditing your files directory’s .htaccess to ensure it has not been overwritten or overridden in a subdirectory

If your web server uses Apache httpd with AllowOverride, you should check within your files directories and subdirectories to ensure that any .htaccess files present are intentional. You can search for files named .htaccess by running the following command in the roots of both your public and private files directory:

find ./ -name “.htaccess” -print

Drupal automatically creates .htaccess files like the following in the root of the public files directory:

# Turn off all options we don’t need.
Options -Indexes -ExecCGI -Includes -MultiViews

# Set the catch-all handler to prevent scripts from being executed.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
<Files *>
# Override the handler again if we’re run later in the evaluation list.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
</Files>

# If we know how to do it safely, disable the PHP engine entirely.
<IfModule mod_php7.c>
php_flag engine off
</IfModule>
<IfModule mod_php.c>
php_flag engine off
</IfModule>

Check with your system administrator for the correct .htaccess configuration for the given files directory.

This advisory is not covered by Drupal Steward.

Reported By: 
Fixed By: 
Peter Wolanin of the Drupal Security Team
xjm of the Drupal Security Team
Drew Webber of the Drupal Security Team
Alex Bronstein of the Drupal Security Team
Greg Knaddison of the Drupal Security Team
Jen Lampton, provisional member of the Drupal Security Team
Lee Rowlands of the Drupal Security Team
Dave Long, provisional member of the Drupal Security Team

Read More

Drupal core – Moderately critical – Access Bypass – SA-CORE-2022-013

Read Time:1 Minute, 4 Second
Project: 
Date: 
2022-July-20
Vulnerability: 
Access Bypass
Description: 

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to.

No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.

This advisory is not covered by Drupal Steward.

Solution: 

Install the latest version:

If you are using Drupal 9.4, update to Drupal 9.4.3.
If you are using Drupal 9.3, update to Drupal 9.3.19.

All versions of Drupal 9 prior to 9.3.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.

Drupal 7 core is not affected.

Reported By: 
Fixed By: 
Pierre Rudloff
Tim Plunkett
Heine of the Drupal Security Team
Alex Bronstein of the Drupal Security Team
xjm of the Drupal Security Team
Lauri Eskola, provisional member of the Drupal Security Team
Dave Long, provisional member of the Drupal Security Team
Lee Rowlands of the Drupal Security Team

Read More

Drupal core – Moderately critical – Information Disclosure – SA-CORE-2022-012

Read Time:1 Minute, 43 Second
Project: 
Date: 
2022-July-20
Vulnerability: 
Information Disclosure
Description: 

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system.

Access to a non-public file is checked only if it is stored in the “private” file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability.

This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config[‘image.settings’][‘allow_insecure_derivatives’] or (Drupal 7) $conf[‘image_allow_insecure_derivatives’] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI.

Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.

Solution: 

Install the latest version:

If you are using Drupal 9.4, update to Drupal 9.4.3.

If you are using Drupal 9.3, update to Drupal 9.3.19.

If you are using Drupal 7, update to Drupal 7.91.

All versions of Drupal 9 prior to 9.3.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.

Fixed By: 
Lee Rowlands of the Drupal Security Team
Conrad Lara
mondrake
Alex Bronstein of the Drupal Security Team
Dave Reid of the Drupal Security Team
xjm of the Drupal Security Team
Guy Elsmore-Paddock
Dave Long Provisional Member of the Drupal Security Team
Lauri Eskola Provisional Member of the Drupal Security Team
David Strauss of the Drupal Security Team
Benji Fisher Provisional Member of the Drupal Security Team
Alex Pott of the Drupal Security Team
Drew Webber of the Drupal Security Team
Fabian Franz

Read More

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:32 Second

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More