-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-4d95d44e7b 2023-10-16 00:42:25.611230 --------------------------------------------------------------------------------
Name : golang-x-image Product : Fedora 38 Version : 0.13.0 Release : 1.fc38 URL : https://github.com/golang/image Summary : Go supplementary image libraries Description : This package holds supplementary Go image libraries.
-------------------------------------------------------------------------------- Update Information:
Update to 0.13.0 Security fix for CVE-2023-29408 Security fix for CVE-2023-29407 Security fix for CVE-2022-41727 -------------------------------------------------------------------------------- ChangeLog:
* Sat Oct 7 2023 Robert-Andr�� Mauchin zebob.m@gmail.com - 0.13.0-1 - Update to 0.13.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2174311 - CVE-2022-41727 golang.org/x/image: Uncontrolled Resource Consumption https://bugzilla.redhat.com/show_bug.cgi?id=2174311 [ 2 ] Bug #2228735 - CVE-2023-29407 golang.org/x/image/tiff: excessive CPU consumption in decoding https://bugzilla.redhat.com/show_bug.cgi?id=2228735 [ 3 ] Bug #2228742 - CVE-2023-29408 golang.org/x/image/tiff: TIFF decoder does not place a limit on the size of compressed tile data https://bugzilla.redhat.com/show_bug.cgi?id=2228742 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-4d95d44e7b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------