Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs


This contains the result from the mass rebuild in F35 for all packages that require golang and provide binaries to mitigate the following CVEs:

golang itself:

  • CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
  • CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
  • CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go CVEs that are a little bit older that will also be mitigated by the rebuild for packages that haven't been updated recently)

CVEs in other golang libraries that affect a subset of Go packages:

  • CVE-2022-21698 golang-github-prometheus-client: prometheus/client_golang: Denial of service using InstrumentHandlerCounter
  • CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key

Initial import for golang-github-a8m-envsubst Resolves: #2074406


Initial package

Resolves: #2074438


Update to v3.14.0 (close #2105612)


Fix merge


Update to 1.22.1 - Close: #2077577

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2022-3969b64d4b

This update's test gating status has been changed to 'waiting'.

2 months ago

This update has obsoleted golang-github-a8m-envsubst-1.3.0-1.fc35, and has inherited its bugs and notes.

2 months ago

This update has obsoleted golang-github-goccy-yaml-1.9.5-1.fc35, and has inherited its bugs and notes.

2 months ago

This update has obsoleted golang-github-task-3.14.0-1.fc35, and has inherited its bugs and notes.

2 months ago

This update has obsoleted kiln-0.3.1-2.fc35, and has inherited its bugs and notes.

2 months ago

This update has obsoleted powerline-go-1.22.1-1.fc35, and has inherited its bugs and notes.

2 months ago

gotmax23 edited this update.

2 months ago

This update has been submitted for testing by bodhi.

2 months ago

This update's test gating status has been changed to 'failed'.

2 months ago
User Icon robatino commented & provided feedback 2 months ago

@gotmax23 : Please see my comments in FEDORA-2022-9986fbb3d7 concerning the possible failure to fix this CVE in the F36 version (since snapd-2.56.2-1.fc36 was pushed to stable before being replaced by snapd-2.55.3-2.fc36, and most people on stable releases don't check for downgrades).

This update has been pushed to testing.

2 months ago

gotmax23 edited this update.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'failed'.

2 months ago
User Icon mikelo2 provided feedback 2 months ago
karma

gotmax23 edited this update.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'failed'.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'passed'.

2 months ago

This update can be pushed to stable now if the maintainer wishes

2 months ago

This update has been submitted for stable by gotmax23.

2 months ago

This update has been pushed to stable.

2 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Builds
315
Settings
Unstable by Karma
-3
Stable by Karma
1
Stable by Time
7 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
2 months ago
modified
2 months ago
BZ#2074406 Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go
0
0
BZ#2074438 Review Request: golang-github-goccy-yaml - YAML support for the Go language
0
0
BZ#2077577 powerline-go-1.22.1 is available
0
0
BZ#2105612 golang-github-task-3.14.0 is available
0
0
3mux-1.1.0-5.fc35
act-1.6.0-6.fc35
aerc-0.10.0-4.fc35
age-1.0.0-5.fc35
apache-cloudstack-cloudmonkey-6.2.0-3.fc35
aquatone-1.7.0-7.fc35
aron-0-0.6.20200626git7eade58.fc35
asciigraph-0.5.5-2.fc35
asnip-0-0.6.20200618git44ba98b.fc35
assetfinder-0.1.0-6.fc35
bettercap-2.32.0-4.fc35
butane-0.15.0-2.fc35
caddy-2.3.0-3.fc35
cadvisor-0.44.1-3.fc35
chisel-1.7.7-3.fc35
clash-1.6.5-3.fc35
commit-stream-0.1.2-7.fc35
containerd-1.6.6-4.fc35
direnv-2.32.1-2.fc35
dnscrypt-proxy-2.1.1-4.fc35
dnsx-1.1.0-3.fc35
douceur-0.2.0-14.fc35
duf-0.8.1-3.fc35
exercism-3.0.13-8.fc35
ffuf-1.0.2-6.fc35
geoipupdate-4.8.0-3.fc35
gh-2.13.0-3.fc35
gitjacker-0.0.2-6.fc35
glide-0.13.2-10.fc35
goaltdns-0-0.7.20200627git2b3e8a3.fc35
gobuster-3.1.0-3.fc35
godoctor-0.6-12.fc35
godotenv-1.4.0-4.fc35
gojq-0.12.8-3.fc35
golang-ariga-atlas-0.3.6-3.fc35
golang-bug-serial-1-1.3.3-2.fc35
golang-contrib-opencensus-resource-0.1.2-7.fc35
golang-etcd-bbolt-1.3.6-4.fc35
golang-gioui-0-8.20201225git18d4dbf.fc35
golang-github-a8m-envsubst-1.3.0-2.fc35
golang-github-a8m-tree-0-0.16.20210725gitce3525c.fc35
golang-github-ajstarks-deck-0-0.12.20210114git30c9fc6.fc35
golang-github-akavel-rsrc-0.10.2-4.fc35
golang-github-alecthomas-chroma-0.10.0-3.fc35
golang-github-aliyun-cli-3.0.104-4.s20220118git031f9f2.fc35
golang-github-aliyun-ossutil-1.7.9-3.fc35
golang-github-andybalholm-cascadia-1.2.0-6.fc35
golang-github-apache-beam-2-2.33.0~RC1-7.fc35
golang-github-appc-docker2aci-0.17.2-9.fc35
golang-github-appc-goaci-0.1.1-12.fc35
golang-github-appc-spec-0.8.11-14.fc35
golang-github-aryann-difflib-0-0.5.20200822gite206f87.fc35
golang-github-aws-lambda-1.24.0-3.fc35
golang-github-axgle-mahonia-0-0.13.20181112git3358181.fc35
golang-github-bifurcation-mint-0-0.9.20200724git93c820e.fc35
golang-github-bobesa-domain-util-0-0.6.20200504git4033b5f.fc35
golang-github-burntsushi-toml-1.0.0-5.fc35
golang-github-burntsushi-toml-test-0.2.0-11.20210108git9767d20.fc35
golang-github-burntsushi-xgb-0-0.15.20210108git5f9e7b3.fc35
golang-github-cactus-statsd-client-5.0.0-5.fc35
golang-github-c-bata-prompt-0.2.6-4.fc35
golang-github-cespare-xxhash-2.1.1-5.fc35
golang-github-chai2010-gettext-1.0.2-6.fc35
golang-github-cheekybits-genny-1.0.0-9.20200724git3e22f1a.fc35
golang-github-chris-ramon-douceur-0.2.0-5.20200910gitf346305.fc35
golang-github-christrenkamp-goxpath-0-0.6.20200627gitc5096ec.fc35
golang-github-chromedp-0.6.12-5.fc35
golang-github-cilium-ebpf-0.8.0-2.fc35
golang-github-client9-plaintext-0-0.8.20190703git5bf47e7.fc35
golang-github-cloudflare-0.17.0-3.fc35
golang-github-cloudflare-redoctober-0-0.9.20210114git99c99a8.fc35
golang-github-cockroachdb-pebble-0-0.6.20210108git48f5530.fc35
golang-github-colinmarc-hdfs-2-2.2.0-4.fc35
golang-github-containerd-continuity-0.2.2-3.fc35
golang-github-containerd-fuse-overlayfs-snapshotter-1.0.2-7.fc35
golang-github-containerd-stargz-snapshotter-0.10.1-3.fc35
golang-github-containernetworking-cni-1.1.1-4.fc35
golang-github-coredns-corefile-migration-1.0.11-6.fc35
golang-github-cpu-goacmedns-0.1.1-5.fc35
golang-github-cpuguy83-md2man-2.0.2-2.fc35
golang-github-crossdock-0-0.8.20190628git049aabb.fc35
golang-github-cucumber-godog-0.11.0-4.fc35
golang-github-dave-jennifer-1.4.1-5.fc35
golang-github-deepmap-oapi-codegen-1.8.2-3.fc35
golang-github-dgrijalva-jwt-3.2.0-11.fc35
golang-github-docker-distribution-2.7.1-9.20200815git35b26de.fc35
golang-github-dreamacro-shadowsocks2-0.1.7-3.fc35
golang-github-dustinkirkland-petname-0-0.5.20200605git8e5a1ed.fc35
golang-github-eknkc-amber-0-0.17.20190601gitcdade1c.fc35
golang-github-elazarl-bindata-assetfs-1.0.1-9.fc35
golang-github-emersion-smtp-0.15.0-4.fc35
golang-github-envoyproxy-protoc-gen-validate-0.4.1-6.fc35
golang-github-etcd-io-gofail-0-0.3.20210808gitad7f989.fc35
golang-github-evanphx-json-patch-5.5.0-3.fc35
golang-github-evanw-esbuild-0.14.38-2.fc35
golang-github-facebookincubator-contest-0-0.4.20210706gitceebc35.fc35
golang-github-facebookincubator-dhcplb-0-0.4.20210706git2e66b27.fc35
golang-github-facebookincubator-go2chef-1.0-2.fc35
golang-github-facebookincubator-ntp-0-0.5.20210617git69c3282.fc35
golang-github-facebookincubator-nvdtools-0.1.4-5.fc35
golang-github-fernet-0-0.9.20200726giteff2850.fc35
golang-github-francoispqt-gojay-1.2.13-7.fc35
golang-github-fvbommel-util-0.0.3-5.fc35
golang-github-gdamore-tcell-1.4.0-5.fc35
golang-github-gdamore-tcell-2-2.5.0-2.fc35
golang-github-geertjohan-rice-1.0.2-5.fc35
golang-github-gobuffalo-here-0.6.2-5.fc35
golang-github-gobwas-ws-1.1.0-3.fc35
golang-github-goccy-yaml-1.9.5-3.fc35
golang-github-gocolly-colly-2-2.1.0-4.20210920git2f09941.fc35
golang-github-gogo-googleapis-1.4.1-4.fc35
golang-github-gogo-protobuf-1.3.2-5.fc35
golang-github-gohugoio-localescompressed-1.0.1-2.fc35
golang-github-gohugoio-testmodbuilder-0-0.10.20201030git72e1e0c.fc35
golang-github-gojuno-minimock-3.0.10-3.fc35
golang-github-golangci-lint-1-0-0.5.20200828gitd2cdd8c.fc35
golang-github-googleapis-gnostic-0.5.3-6.fc35
golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-6.fc35
golang-github-google-jsonnet-0.17.0-5.fc35
golang-github-google-martian-3.1.0-9.fc35
golang-github-google-pprof-0-16.20210802gitc50bf4f.fc35
golang-github-google-slothfs-0-0.11.20200727git59c1163.fc35
golang-github-google-wire-0.4.0-6.fc35
golang-github-gorhill-cronexpr-1.0.0-4.fc35
golang-github-grpc-ecosystem-gateway-2-2.7.3-4.fc35
golang-github-gucumber-0-0.23.20190703git7d5c79e.fc35
golang-github-haproxytech-client-native-2.5.3-3.fc35
golang-github-haproxytech-dataplaneapi-2.4.4-4.fc35
golang-github-hashicorp-consul-migrate-0.1.0-9.20190602git678fb10.fc35
golang-github-hashicorp-hclog-0.15.0-5.fc35
golang-github-hashicorp-memdb-1.3.0-5.fc35
golang-github-hashicorp-serf-0.9.5-5.fc35
golang-github-hashicorp-sockaddr-1.0.2-11.fc35
golang-github-hexdigest-gowrap-1.1.12-4.fc35
golang-github-hpcloud-tail-1.0.0-10.20190325gita1dbeea.fc35
golang-github-insomniacslk-termhook-0-6.20210406gita267c97.fc35
golang-github-instrumenta-kubeval-0.15.0-8.fc35
golang-github-intel-goresctrl-0.2.0-6.fc35
golang-github-jamesclonk-vultr-2.0.2-4.fc35
golang-github-j-keck-arping-1.0.1-4.fc35
golang-github-jmespath-0.4.0-5.fc35
golang-github-jsonnet-bundler-0.4.0-8.fc35
golang-github-jwt-3.2.2-3.fc35
golang-github-krishicks-yaml-patch-0.0.10-8.20200307git05b3177.fc35
golang-github-kr-text-0.2.0-5.fc35
golang-github-kyokomi-emoji-2.2.8-5.fc35
golang-github-ledisdb-0.6-5.20210112gitd35789e.fc35
golang-github-leonelquinteros-gotext-1.5.0-2.fc35
golang-github-leveldb-0-0.9.20190701git259d925.fc35
golang-github-liamg-scout-0.12.0-5.fc35
golang-github-liamg-tml-0.3.0-4.fc35
golang-github-magefile-mage-1.11.0-5.fc35
golang-github-mailru-easyjson-0.7.6-5.fc35
golang-github-markbates-pkger-0.17.1-5.fc35
golang-github-martinhoefling-goxkcdpwgen-0.1.0-2.fc35
golang-github-maruel-panicparse-1.6.0-5.fc35
golang-github-mattermost-xml-roundtrip-validator-0-0.5.20210103git8fd2afa.fc35
golang-github-mattn-colorable-0.1.8-7.fc35
golang-github-mdlayher-dhcp6-0-0.8.20200429git2a67805.fc35
golang-github-mdlayher-ethernet-0-0.5.20201109git0394541.fc35
golang-github-mgutz-ansi-0-0.13.20200729gitd51e80e.fc35
golang-github-mholt-archiver-3.5.1-3.fc35
golang-github-microcosm-cc-bluemonday-1.0.17-3.fc35
golang-github-mmarkdown-mmark-2.2.10-5.fc35
golang-github-moby-buildkit-0.9.0-4.fc35~bootstrap
golang-github-mock-1.4.4-4.fc35
golang-github-morikuni-aec-1.0.0-5.fc35
golang-github-mrunalp-fileutils-0.5.0-5.fc35
golang-github-multiformats-multibase-0.0.3-2.20220213gitf067816.fc35
golang-github-multiformats-multihash-0.1.0-2.fc35
golang-github-mvo5-uboot-0.4-10.fc35
golang-github-nats-io-nkeys-0.2.0-5.fc35
golang-github-nats-io-streaming-server-0.20.0-5.fc35
golang-github-nbutton23-zxcvbn-0.1-8.20210110gite56b841.fc35
golang-github-nicksnyder-i18n-2-2.1.2-5.fc35
golang-github-niklasfasching-org-1.6.2-2.fc35
golang-github-nxadm-tail-1.4.6-4.fc35
golang-github-oklog-0.3.2-11.20190701gitca7cdf5.fc35
golang-github-oklog-ulid-2.0.2-10.fc35
golang-github-olekukonko-tablewriter-0.0.5-3.fc35
golang-github-oneofone-xxhash-1.2.8-5.fc35
golang-github-onsi-ginkgo-2-2.1.4-2.fc35
golang-github-pact-foundation-1.5.1-6.fc35
golang-github-path-network-mmproxy-2.1-3.fc35
golang-github-pdfcpu-0.3.13-2.fc35
golang-github-pelletier-toml-1.9.4-2.fc35
golang-github-pelletier-toml-2-2.0.0~beta.8-4.fc35
golang-github-phayes-freeport-1.0.2-6.fc35
golang-github-pierrec-lz4-4.1.3-5.fc35
golang-github-pierrre-geohash-1.0.0-4.fc35
golang-github-pkg-diff-0-0.4.20210406git20ebb0f.fc35
golang-github-posener-complete-1.2.3-8.fc35
golang-github-posener-complete-2-2.0.1~alpha.13-5.fc35
golang-github-pquerna-ffjson-0-0.9.20200730gitaa0246c.fc35
golang-github-pressly-goose-2.7.0-4.fc35
golang-github-projectdiscovery-chaos-client-0.2.0-2.fc35
golang-github-projectdiscovery-mapcidr-0.0.8-3.fc35
golang-github-prometheus-2.32.1-6.fc35
golang-github-prometheus-alertmanager-0.23.0-10.fc35
golang-github-prometheus-node-exporter-1.3.1-9.fc35
golang-github-prometheus-prom2json-1.3.0-8.20210811git90766c0.fc35
golang-github-prometheus-tsdb-0.10.0-8.fc35
golang-github-quay-claircore-0.5.4-5.fc35
golang-github-quay-goval-parser-0.8.6-4.fc35
golang-github-rakyll-statik-0.1.7-4.fc35
golang-github-rcrowley-metrics-0-0.28.20210110gitcf1acfc.fc35
golang-github-redteampentesting-monsoon-0.6.0-6.fc35
golang-github-rogpeppe-internal-1.8.1-2.fc35
golang-github-rubenv-sql-migrate-0-0.4.20210529gita32ed26.fc35
golang-github-rwcarlsen-goexif-0-0.9.20191017git9e8deec.fc35
golang-github-segmentio-ksuid-1.0.4-3.fc35
golang-github-shellcode33-vm-detection-0-0.6.20200715git4fd05cb.fc35
golang-github-shopify-toxiproxy-2.1.4-10.fc35
golang-github-shulhan-bindata-3.6.1-4.fc35
golang-github-shurcool-vfsgen-0-0.11.20210113git0d455de.fc35
golang-github-skip2-qrcode-0-2.20220316gitda1b656.fc35
golang-github-skynetservices-skydns-2.5.3-22.20200802git94b2ea0.fc35
golang-github-snappy-0.0.2-6.fc35
golang-github-sophaskins-efs2tar-0-0.4.20210317git4db1b0f.fc35
golang-github-sourcegraph-syntaxhighlight-0-0.11.20180418gitbd320f5.fc35
golang-github-spf13-cobra-1.4.0-3.fc35
golang-github-spyzhov-ajson-0.4.2-10.fc35
golang-github-task-3.14.0-2.fc35
golang-github-tdewolff-minify-2.11.10-3.fc35
golang-github-temoto-robotstxt-1.1.1-5.fc35
golang-github-theoapp-theo-agent-0.14.0-4.fc35
golang-github-theupdateframework-notary-0.7.0-6.fc35
golang-github-tinylib-msgp-1.1.5-5.fc35
golang-github-tklauser-numcpus-0.2.3-7.fc35
golang-github-twitchtv-twirp-8.1.0-4.fc35
golang-github-twpayne-waypoint-0-0.4.20210130git4f8e6bf.fc35
golang-github-uber-athenadriver-1.1.12-5.fc35
golang-github-ulikunitz-xz-0.5.10-4.fc35
golang-github-u-root-iscsinl-0.1.0-4.fc35
golang-github-valyala-fasthttp-1.19.0-4.fc35
golang-github-vbatts-tar-split-0.11.1-10.fc35
golang-github-vincent-petithory-dataurl-0-0.7.20200110gitd1553a7.fc35
golang-github-vmware-govmomi-0.24.0-5.fc35
golang-github-xordataexchange-crypt-0.0.2-12.20190412gitb2862e3.fc35
golang-github-xo-terminfo-0-0.6.20210113gitc22d04b.fc35
golang-gitlab-commonmark-linkify-0-0.9.20200805git64bca66.fc35
golang-google-appengine-1.6.7-5.fc35
golang-google-protobuf-1.27.1-3.fc35
golang-gopkg-neurosnap-sentences-1-1.0.6-14.fc35
golang-gopkg-square-jose-2-2.6.0-3.fc35
golang-gopkg-src-d-git-4-4.13.1-8.fc35
golang-honnef-tools-2021.1-2.fc35
golang-jaytaylor-html2text-0-0.2.20220509gitbc68cce.fc35
golang-k8s-apiextensions-apiserver-1.22.0-6.fc35
golang-k8s-code-generator-1.22.0-4.fc35
golang-k8s-kube-aggregator-1.22.0-4.fc35
golang-k8s-kube-openapi-0-0.19.20210813git3c81807.fc35
golang-k8s-pod-security-admission-1.22.0-3.fc35
golang-k8s-sample-apiserver-1.22.0-5.fc35
golang-k8s-sample-cli-plugin-1.22.0-2.fc35
golang-k8s-sample-controller-1.22.0-4.fc35
golang-modernc-golex-1.0.1-5.fc35
golang-mongodb-mongo-driver-1.4.5-6.fc35
golang-mvdan-sh-3-3.4.3-4.fc35
golang-mvdan-xurls-2.2.0-6.fc35
golang-sourcegraph-appdash-0-0.9.20210113gitebfcffb.fc35
golang-storj-drpc-0.0.31-2.fc35
golang-vbom-util-0-0.11.20190520gitefcd4e0.fc35
golang-x-build-0-0.21.20201229git0a4bf69.fc35
golang-x-mod-0.6.0~dev-3.20220330git9b9b3d8.fc35
golang-x-perf-0-0.15.20210123gitbdcc622.fc35
golang-x-text-0.3.7-3.fc35~bootstrap
golang-x-tools-0.1.10-2.fc35
goloris-0-0.6.20200326gita59fafb.fc35
google-guest-agent-20201217.02-4.fc35
gopass-1.13.1-3.fc35
gotags-1.4.1-8.fc35
grpcurl-1.8.6-3.fc35
hakrevdns-0-0.5.20201116git9fa2d59.fc35
hcloud-1.29.5-2.fc35
htmltest-0.15.0-3.fc35
httpdump-0-0.6.20200714gite6fa868.fc35
httprobe-0.1.2-6.fc35
hulk-0-0.6.20200620git9670699.fc35
ignition-2.14.0-3.fc35
jid-0.7.6-9.fc35
kiln-0.3.1-3.fc35
manifest-tool-1.0.3-5.fc35
mass3-0-0.6.20200627gite1d5f1a.fc35
meg-0.2.4-6.fc35
meshbird-2.3-6.fc35
micro-2.0.8-5.fc35
moby-engine-20.10.17-4.fc35
mqttcli-0.2.3-2.fc35
nats-server-2.1.9-6.fc35
netscanner-0-0.5.20201116git8baab36.fc35
nex-20210330-2.fc35
ohmybackup-0-0.6.20200526git50f2fce.fc35
podman-tui-0.2.1-2.fc35
powerline-go-1.22.1-2.fc35
reg-0.16.1-8.fc35
runc-1.1.2-2.fc35
shellz-1.5.0-7.fc35
shhgit-0.2-7.fc35
snapd-2.56.2-2.fc35
snowcrash-0-0.7.20201119git49b99ad.fc35
source-to-image-1.3.1-4.fc35
sysutil-0-0.7.20200615git15668db.fc35
terrier-0.0.2-6.fc35
tiedot-3.4-8.fc35
tinygo-0.23.0-5.fc35
vgrep-2.5.6-2.fc35
vultr-1.15.0-9.fc35
vultr-cli-2.14.2-2.fc35
webanalyze-0.3.1-6.fc35
weldr-client-35.5-2.fc35
wgctrl-0-0.11.20210811git4253848.fc35
xq-0.0.7-4.fc35
yggdrasil-0.2.98^1.ffb580f-0.2.20220127gitffb580f.fc35
yubihsm-connector-3.0.2-2.fc35

Automated Test Results

Test Cases

0 0 Test Case age decrypt file
0 0 Test Case age encrypt file