[SECURITY] Fedora 36 Update: nex-20210330-4.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : nex
Product : Fedora 36
Version : 20210330
Release : 4.fc36
URL : http://www-cs-students.stanford.edu/~blynn/nex/
Summary : A lexer generator for Go that is similar to Lex/Flex
Description :
Nex is a lexer similar to Lex/Flex that: (1) generates Go code instead
of C code, (2) integrates with Go's Yacc instead of YACC/Bison, (3)
supports UTF-8, and (4) supports nested structural regular expressions.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 20210330-3
- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
CVE-2022-29526, CVE-2022-30629
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 8 months
[SECURITY] Fedora 36 Update: nats-server-2.1.9-7.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : nats-server
Product : Fedora 36
Version : 2.1.9
Release : 7.fc36
URL : https://github.com/nats-io/nats-server
Summary : High-Performance server for NATS, the cloud native messaging system
Description :
A High Performance NATS Server written in Go and hosted by the Cloud Native
Computing Foundation (CNCF).
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 2.1.9-7
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 8 months
[SECURITY] Fedora 36 Update: nebula-1.6.0-2.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : nebula
Product : Fedora 36
Version : 1.6.0
Release : 2.fc36
URL : https://github.com/slackhq/nebula
Summary : A scalable overlay networking tool with a focus on performance, simplicity and security
Description :
A scalable overlay networking tool with a focus on performance, simplicity and
security.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> 1.6.0-2
- Rebuild for
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang
* Sun Jul 17 2022 Fabio Alessandro Locati <me(a)fale.io> 1.6.0-1
- update to 1.6.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 8 months
[SECURITY] Fedora 36 Update: moby-engine-20.10.17-5.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : moby-engine
Product : Fedora 36
Version : 20.10.17
Release : 5.fc36
URL : https://www.docker.com
Summary : The open-source application container engine
Description :
Docker is an open source project to build, ship and run any application as a
lightweight container.
Docker containers are both hardware-agnostic and platform-agnostic. This means
they can run anywhere, from your laptop to the largest EC2 compute instance and
everything in between - and they don't require you to use a particular
language, framework or packaging system. That makes them great building blocks
for deploying and scaling web apps, databases, and backend services without
depending on a particular stack or provider.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 20.10.17-5
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
* Mon Jul 4 2022 Maxwell G <gotmax(a)e.email> - 20.10.17-4
- Only build on %golang_arches (i.e. where golang is available).
* Sun Jun 19 2022 Maxwell G <gotmax(a)e.email> - 20.10.17-3
- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
CVE-2022-29526, CVE-2022-30629.
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 8 months
[SECURITY] Fedora 36 Update: micro-2.0.8-6.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : micro
Product : Fedora 36
Version : 2.0.8
Release : 6.fc36
URL : https://github.com/zyedidia/micro
Summary : A modern and intuitive terminal-based text editor
Description :
Micro is a terminal-based text editor that aims to be easy to use and
intuitive, while also taking advantage of the full capabilities of modern
terminals. It comes as one single, batteries-included, static binary with no
dependencies, and you can download and use it right now.
As the name indicates, micro aims to be somewhat of a successor to the nano
editor by being easy to install and use in a pinch, but micro also aims to be
enjoyable to use full time, whether you work in the terminal because you prefer
it (like me), or because you need to (over ssh).
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 2.0.8-6
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 8 months
[SECURITY] Fedora 36 Update: meshbird-2.3-7.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : meshbird
Product : Fedora 36
Version : 2.3
Release : 7.fc36
URL : https://github.com/meshbird/meshbird
Summary : Distributed private networking
Description :
Distributed private networking.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 2.3-7
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 8 months
[SECURITY] Fedora 36 Update: mass3-0-0.7.20200627gite1d5f1a.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : mass3
Product : Fedora 36
Version : 0
Release : 0.7.20200627gite1d5f1a.fc36
URL : https://github.com/smiegles/mass3
Summary : Buckets enumerator
Description :
Quickly enumerate through a pre-compiled list of AWS S3 buckets using DNS
instead of HTTP with a list of DNS resolvers and multi-threading.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0-0.7
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 8 months
[SECURITY] Fedora 36 Update: manifest-tool-2.0.3-3.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : manifest-tool
Product : Fedora 36
Version : 2.0.3
Release : 3.fc36
URL : https://github.com/estesp/manifest-tool
Summary : A command line tool used for creating manifest list objects
Description :
This tool was mainly created for the purpose of viewing, creating, and
pushing the new manifests list object type in the Docker registry. Manifest
lists are defined in the v2.2 image specification and exist mainly for the
purpose of supporting multi-architecture and/or multi-platform images within
a Docker registry.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 2.0.3-3
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 8 months
[SECURITY] Fedora 36 Update: meg-0.2.4-7.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : meg
Product : Fedora 36
Version : 0.2.4
Release : 7.fc36
URL : https://github.com/tomnomnom/meg
Summary : Fetch many paths for many hosts
Description :
Fetch many paths for many hosts without killing the hosts.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0.2.4-7
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 8 months
[SECURITY] Fedora 36 Update: kubernetes-1.24.1-3.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : kubernetes
Product : Fedora 36
Version : 1.24.1
Release : 3.fc36
URL : https://k8s.io/kubernetes
Summary : Container cluster management
Description :
Container cluster management
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 1.24.1-3
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 8 months