--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-28cff1a2de
2023-11-03 18:20:20.952858
--------------------------------------------------------------------------------
Name : golang-x-image
Product : Fedora 39
Version : 0.13.0
Release : 1.fc39
URL :
https://github.com/golang/image
Summary : Go supplementary image libraries
Description :
This package holds supplementary Go image libraries.
--------------------------------------------------------------------------------
Update Information:
Update to 0.13.0 Security fix for CVE-2023-29408 Security fix for CVE-2023-29407
Security fix for CVE-2022-41727
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 7 2023 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 0.13.0-1
- Update to 0.13.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2174311 - CVE-2022-41727
golang.org/x/image: Uncontrolled Resource
Consumption
https://bugzilla.redhat.com/show_bug.cgi?id=2174311
[ 2 ] Bug #2228735 - CVE-2023-29407
golang.org/x/image/tiff: excessive CPU consumption
in decoding
https://bugzilla.redhat.com/show_bug.cgi?id=2228735
[ 3 ] Bug #2228742 - CVE-2023-29408
golang.org/x/image/tiff: TIFF decoder does not place
a limit on the size of compressed tile data
https://bugzilla.redhat.com/show_bug.cgi?id=2228742
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-28cff1a2de' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------