-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-a55f130272 2020-09-07 17:12:41.698708 --------------------------------------------------------------------------------
Name : golang Product : Fedora 32 Version : 1.14.7 Release : 1.fc32 URL : http://golang.org/ Summary : The Go Programming Language Description : The Go Programming Language.
-------------------------------------------------------------------------------- Update Information:
New package version -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 10 2020 Alejandro S��ez asm@redhat.com - 1.14.7-1 - Rebase to go1.14.7 - Security fix for CVE-2020-14040 and CVE-2020-15586 - Resolves: BZ#1853654, BZ#1867100, BZ#1866892 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1853653 - CVE-2020-14040 golang: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1853653 [ 2 ] Bug #1867101 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1867101 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-a55f130272' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------