ELSA-2023-2592

Опубликовано: 15 мая 2023

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2023-2592: golang-github-cpuguy83-md2man security, bug fix, and enhancement update (MODERATE)

[2.0.2-4]

fix RHEL9.2 build - thanks to Debarshi Ray
Related: #2124478

[2.0.2-3]

rebuild
Resolves: #2037812

[2.0.2-2]

limit to golang arches only
Related: #2061316

Thu Aug 04 2022 Jindrich Novy jnovy@redhat.com

update to 2.0.2
Related: #2061316

[2.0.0-18.gitaf8da76]

fix gating.yaml as we have no functional gating tests
Related: #2000051

[2.0.0-17.gitaf8da76]

update gating.yaml and rebuild
Related: #2000051

[2.0.0-16.gitaf8da76]

Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688

[2.0.0-15.gitaf8da76]

Resolves: #1975362 - enable additional hardening flags

[2.0.0-14.gitaf8da76]

Resolves: #1975362 - enable full cf-protection for x86_64

[2.0.0-13.gitaf8da76]

Resolves: #1975362 - use latest upstream commit

[2.0.0-12]

Resolves: #1975362 - add -fcf-protection to CGO_CFLAGS

[2.0.0-11]

Resolves: #1975362 - add gating.yaml

[2.0.0-10]

Resolves: #1975362 - build with CGO_CFLAGS defined

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

golang-github-cpuguy83-md2man

2.0.2-4.el9

Oracle Linux x86_64

golang-github-cpuguy83-md2man

2.0.2-4.el9

Связанные CVE

CVE-2022-41715

Ссылки на источники

Связанные уязвимости

CVE-2022-41715

CVSS3: 7.5

ubuntu

больше 2 лет назад

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.