FEDORA-2023-5f984129b2 — security update for golang-github-nats-io, golang-github-nats-io-jwt-2, & 3 more

stable

golang-github-nats-io-1.31.0-1.fc40, golang-github-nats-io-jwt-2-2.5.3-1.fc40, & 3 more

FEDORA-2023-5f984129b2 created by fuller 2 weeks ago for Fedora 40

Updated NATS stack for CVE-2023-39325 and CVE-2023-46129

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-5f984129b2

This update's test gating status has been changed to 'waiting'.

2 weeks ago

This update's test gating status has been changed to 'ignored'.

2 weeks ago

This update has been submitted for stable by bodhi

2 weeks ago

Please login to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

ignored

Builds

golang-github-nats-io-1.31.0-1.fc40

golang-github-nats-io-jwt-2-2.5.3-1.fc40

golang-github-nats-io-nkeys-0.4.6-1.fc40

golang-github-nats-io-streaming-server-0.25.6-1.fc40

nats-server-2.10.5-1.fc40

Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

0 days

Dates

submitted

2 weeks ago

in testing

2 weeks ago

in stable

2 weeks ago

approved

2 weeks ago

BZ#2247715 CVE-2023-46129 golang-github-nats-io-nkeys: nkeys: xkeys Seal encryption used fixed key for all encryption [fedora-all]

BZ#2247716 CVE-2023-46129 nats-server: nkeys: xkeys Seal encryption used fixed key for all encryption [fedora-all]

BZ#2248318 golang-github-nats-io-streaming-server: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all]

BZ#2248394 nats-server: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all]

golang-github-nats-io-1.31.0-1.fc40

golang-github-nats-io-jwt-2-2.5.3-1.fc40

golang-github-nats-io-nkeys-0.4.6-1.fc40

golang-github-nats-io-streaming-server-0.25.6-1.fc40

nats-server-2.10.5-1.fc40

Automated Test Results

ignored