Category Archives: Advisories

Advisories

python-cryptography-37.0.2-5.fc37

Read Time:30 Second

FEDORA-2023-fa5d0b461d

Packages in this update:

python-cryptography-37.0.2-5.fc37

Update description:

Security fix for CVE-2023-23931

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into was originally introduced in cryptography 1.8.

Read More

Advisories

python-cryptography-36.0.0-4.fc36

Read Time:30 Second

FEDORA-2023-672f668f51

Packages in this update:

python-cryptography-36.0.0-4.fc36

Update description:

Security fix for CVE-2023-23931

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into was originally introduced in cryptography 1.8.

Read More

Advisories

python-cryptography-37.0.2-8.fc39

Read Time:38 Second

FEDORA-2023-51706f88e3

Packages in this update:

python-cryptography-37.0.2-8.fc39

Update description:

Automatic update for python-cryptography-37.0.2-8.fc39.

Changelog

* Wed Feb 22 2023 Christian Heimes <cheimes@redhat.com> – 37.0.2-8
– Fix CVE-2023-23931: Don’t allow update_into to mutate immutable objects, resolves rhbz#2171820
– Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt, resolves rhbz#2171661
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> – 37.0.2-7
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Dec 9 2022 Christian Heimes <cheimes@redhat.com> – 37.0.2-6
– Enable SHA1 signatures in test suite (ELN-only)

Read More

Advisories

golang-github-need-being-tree-0.1.0-1.fc36 golang-helm-3-3.11.1-2.fc36 golang-oras-0.15.1-1.20221105git690716b.fc36 golang-oras-1-1.2.1-1.fc36 golang-oras-2-2.0.0~rc.4-1.fc36

Read Time:19 Second

FEDORA-2023-6550d9323b

Packages in this update:

golang-github-need-being-tree-0.1.0-1.fc36
golang-helm-3-3.11.1-2.fc36
golang-oras-0.15.1-1.20221105git690716b.fc36
golang-oras-1-1.2.1-1.fc36
golang-oras-2-2.0.0~rc.4-1.fc36

Update description:

Update helm to 3.11.1, resolving multiple security issues

Read More

Advisories

golang-github-need-being-tree-0.1.0-1.fc37 golang-helm-3-3.11.1-1.fc37 golang-oras-0.15.1-1.20221105git690716b.fc37 golang-oras-1-1.2.1-1.fc37 golang-oras-2-2.0.0~rc.4-1.fc37

Read Time:19 Second

FEDORA-2023-c9b2182a4e

Packages in this update:

golang-github-need-being-tree-0.1.0-1.fc37
golang-helm-3-3.11.1-1.fc37
golang-oras-0.15.1-1.20221105git690716b.fc37
golang-oras-1-1.2.1-1.fc37
golang-oras-2-2.0.0~rc.4-1.fc37

Update description:

Update helm to 3.11.1, resolving multiple security issues

Read More

Advisories

golang-github-need-being-tree-0.1.0-1.fc38 golang-helm-3-3.11.1-1.fc38 golang-oras-0.15.1-1.20221105git690716b.fc38 golang-oras-1-1.2.1-1.fc38 golang-oras-2-2.0.0~rc.4-1.fc38

Read Time:19 Second

FEDORA-2023-4e2068ba5d

Packages in this update:

golang-github-need-being-tree-0.1.0-1.fc38
golang-helm-3-3.11.1-1.fc38
golang-oras-0.15.1-1.20221105git690716b.fc38
golang-oras-1-1.2.1-1.fc38
golang-oras-2-2.0.0~rc.4-1.fc38

Update description:

Update helm to 3.11.1, resolving multiple security issues

Read More

Advisories

golang-helm-3-3.11.1-1.fc39

Read Time:1 Minute, 7 Second

FEDORA-2023-46c95e2c57

Packages in this update:

golang-helm-3-3.11.1-1.fc39

Update description:

Automatic update for golang-helm-3-3.11.1-1.fc39.

Changelog

* Tue Feb 21 2023 Davide Cavalca <dcavalca@fedoraproject.org> – 3.11.1-1
– Update to 3.11.1; Fixes: RHBZ#1977738, RHBZ#2045644, RHBZ#2138841,
RHBZ#2142198, RHBZ#2142210, RHBZ#2097975, RHBZ#2155938, RHBZ#2155939,
RHBZ#2163231, RHBZ#1971091, RHBZ#1971029
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> – 3.5.4-8
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Aug 10 2022 Maxwell G <gotmax@e.email> – 3.5.4-7
– Rebuild to fix FTBFS
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> – 3.5.4-6
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Maxwell G <gotmax@e.email> – 3.5.4-5
– Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
* Sat Jul 9 2022 Maxwell G <gotmax@e.email> – 3.5.4-4
– Rebuild for CVE-2022-{24675,28327,29526 in golang}
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> – 3.5.4-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

Read More

Advisories

CVE-2015-10085

Read Time:23 Second

A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability.

Read More