Bug 30964 - golang new security issues CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
Summary: golang new security issues CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-10-14 19:53 CEST by David Walser
Modified: 2022-10-19 01:16 CEST (History)
5 users (show)

See Also:
Source RPM: golang-1.19.1-1.mga9.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2022-10-14 19:53:04 CEST
Go 1.18.7 and 1.19.2 have been released on October 4, fixing security issues:
https://groups.google.com/g/golang-announce/c/xtuG5faxtaU

Fedora has issued an advisory for this today (October 14):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SWGSHGPO6S5363G5FSISXYXICE3YJRKU/

Mageia 8 is also affected.
David Walser 2022-10-14 19:53:19 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 1.18.7 and 1.19.2

Comment 1 Bruno Cornec 2022-10-15 17:19:15 CEST
1.19.2 on its way for cauldron

CC: (none) => bruno

Comment 2 Bruno Cornec 2022-10-15 17:36:05 CEST
1.18.7 on its way for mag8 in updates_testing.

SRPMS/golang-1.18.7-1.mga8.src.rpm
RPMS/noarch/golang-docs-1.18.7-1.mga8.noarch.rpm
RPMS/noarch/golang-misc-1.18.7-1.mga8.noarch.rpm
RPMS/x86_64/golang-1.18.7-1.mga8.x86_64.rpm
RPMS/noarch/golang-tests-1.18.7-1.mga8.noarch.rpm
RPMS/noarch/golang-src-1.18.7-1.mga8.noarch.rpm
RPMS/x86_64/golang-race-1.18.7-1.mga8.x86_64.rpm
RPMS/x86_64/golang-shared-1.18.7-1.mga8.x86_64.rpm
RPMS/x86_64/golang-bin-1.18.7-1.mga8.x86_64.rpm

Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)
Status: NEW => ASSIGNED
Status comment: Fixed upstream in 1.18.7 and 1.19.2 => (none)
Assignee: bruno => qa-bugs

Comment 3 Len Lawrence 2022-10-16 23:15:07 CEST
mga8, x86_64

Noted the new package golang-race.  Smooth update.
Successful local build of the current docker packages.

CC: (none) => tarazed25
Whiteboard: (none) => MGA8-64-OK

Comment 4 Thomas Andrews 2022-10-17 02:31:24 CEST
Validating

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2022-10-18 23:40:37 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 6 Mageia Robot 2022-10-19 01:16:33 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0377.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.