The following Fedora EPEL 7 Security updates need testing: Age URL 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c5ad3565aa libmodsecurity-3.0.9-2.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing golang-1.19.10-1.el7 netdata-1.40.1-1.el7 Details about builds: ================================================================================ golang-1.19.10-1.el7 (FEDORA-EPEL-2023-560bc00f33) The Go Programming Language -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-29402, CVE-2023-29403,CVE-2023-29404, CVE-2023-29405, and CVE-2022-32149 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 29 2023 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 1.19.10-1 - Update to 1.19.10 by doing the equivalent changes done in RedHat ubi8. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags https://bugzilla.redhat.com/show_bug.cgi?id=2134010 [ 2 ] Bug #2216965 - CVE-2023-29403 golang: runtime: unexpected behavior of setuid/setgid binaries https://bugzilla.redhat.com/show_bug.cgi?id=2216965 [ 3 ] Bug #2217562 - CVE-2023-29402 golang: cmd/go: go command may generate unexpected code at build time when using cgo https://bugzilla.redhat.com/show_bug.cgi?id=2217562 [ 4 ] Bug #2217565 - CVE-2023-29404 golang: cmd/go: go command may execute arbitrary code at build time when using cgo https://bugzilla.redhat.com/show_bug.cgi?id=2217565 [ 5 ] Bug #2217569 - CVE-2023-29405 golang: cmd/cgo: Arbitratry code execution triggered by linker flags https://bugzilla.redhat.com/show_bug.cgi?id=2217569 -------------------------------------------------------------------------------- ================================================================================ netdata-1.40.1-1.el7 (FEDORA-EPEL-2023-a55d62b450) Real-time performance monitoring -------------------------------------------------------------------------------- Update Information: Update from upstream -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 29 2023 Didier Fabert <didier.fabert@xxxxxxxxx> 1.40.1-1 - Update from upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #2215364 - netdata-1.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2215364 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
