--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-fae3ecee19
2022-07-04 01:26:49.799780
--------------------------------------------------------------------------------
Name : golang-github-hashicorp-serf
Product : Fedora 36
Version : 0.9.5
Release : 5.fc36
URL :
https://github.com/hashicorp/serf
Summary : Service orchestration and management tool
Description :
Serf is a decentralized solution for service discovery and orchestration that is
lightweight, highly available, and fault tolerant.
Serf runs on Linux, Mac OS X, and Windows. An efficient and lightweight gossip
protocol is used to communicate with other nodes. Serf can detect node failures
and notify the rest of the cluster. An event system is built on top of Serf,
letting you use Serf's gossip protocol to propagate events such as deploys,
configuration changes, etc. Serf is completely masterless with no single point
of failure.
Here are some example use cases of Serf, though there are many others:
- Discovering web servers and automatically adding them to a load balancer
- Organizing many memcached or redis nodes into a cluster, perhaps with
something like twemproxy or maybe just configuring an application with the
address of all the nodes
- Triggering web deploys using the event system built on top of Serf
- Propagating changes to configuration to relevant nodes.
- Updating DNS records to reflect cluster changes as they occur.
- Much, much more.
--------------------------------------------------------------------------------
Update Information:
Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
CVE-2022-29526, CVE-2022-30629 Rebuild to mitigate CVE-2022-21698
(rhbz#2067400). ---- Update to 1.1.0 ---- Disable package_note on arm too
---- update to 0.44.1 rhbz#2007854 ---- Add missing archive ---- Update to
0.0.31 - Close: rhbz#1963535 ---- Rebuilt for CVE-2022-1996,
CVE-2022-24675, CVE-2022-28327,
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 19 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 0.9.5-5
- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
CVE-2022-29526, CVE-2022-30629
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1963535 - golang-storj-drpc-0.0.31 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1963535
[ 2 ] Bug #2067400 - CVE-2022-21698 golang-github-prometheus-client:
prometheus/client_golang: Denial of service using InstrumentHandlerCounter [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2067400
[ 3 ] Bug #2074268 - CVE-2022-27191 vultr: golang: crash in a
golang.org/x/crypto/ssh
server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2074268
[ 4 ] Bug #2084865 - CVE-2022-28327 golang-github-prometheus-node-exporter: golang:
crypto/elliptic: panic caused by oversized scalar [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2084865
[ 5 ] Bug #2088110 - CVE-2022-24675 golang-github-theupdateframework-notary: golang:
encoding/pem: fix stack overflow in Decode [fedora-35]
https://bugzilla.redhat.com/show_bug.cgi?id=2088110
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-fae3ecee19' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------