The following Fedora EPEL 7 Security updates need testing:
Age URL
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c5ad3565aa
libmodsecurity-3.0.9-2.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
golang-1.19.10-1.el7
netdata-1.40.1-1.el7
Details about builds:
================================================================================
golang-1.19.10-1.el7 (FEDORA-EPEL-2023-560bc00f33)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2023-29402, CVE-2023-29403,CVE-2023-29404, CVE-2023-29405,
and CVE-2022-32149
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 29 2023 Dave Dykstra <dwd(a)fedoraproject.org> - 1.19.10-1
- Update to 1.19.10 by doing the equivalent changes done in RedHat ubi8.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2134010 - CVE-2022-32149 golang:
golang.org/x/text/language:
ParseAcceptLanguage takes a long time to parse complex tags
https://bugzilla.redhat.com/show_bug.cgi?id=2134010
[ 2 ] Bug #2216965 - CVE-2023-29403 golang: runtime: unexpected behavior of
setuid/setgid binaries
https://bugzilla.redhat.com/show_bug.cgi?id=2216965
[ 3 ] Bug #2217562 - CVE-2023-29402 golang: cmd/go: go command may generate unexpected
code at build time when using cgo
https://bugzilla.redhat.com/show_bug.cgi?id=2217562
[ 4 ] Bug #2217565 - CVE-2023-29404 golang: cmd/go: go command may execute arbitrary
code at build time when using cgo
https://bugzilla.redhat.com/show_bug.cgi?id=2217565
[ 5 ] Bug #2217569 - CVE-2023-29405 golang: cmd/cgo: Arbitratry code execution triggered
by linker flags
https://bugzilla.redhat.com/show_bug.cgi?id=2217569
--------------------------------------------------------------------------------
================================================================================
netdata-1.40.1-1.el7 (FEDORA-EPEL-2023-a55d62b450)
Real-time performance monitoring
--------------------------------------------------------------------------------
Update Information:
Update from upstream
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 29 2023 Didier Fabert <didier.fabert(a)gmail.com> 1.40.1-1
- Update from upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2215364 - netdata-1.40.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2215364
--------------------------------------------------------------------------------