-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: golang-github-cpuguy83-md2man security, bug fix, and enhancement update Advisory ID: RHSA-2023:2592-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2592 Issue date: 2023-05-09 CVE Names: CVE-2022-41715 ==================================================================== 1. Summary: An update for golang-github-cpuguy83-md2man is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: go-md2man converts markdown into roff (man pages). Security Fix(es): * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2037812 - RFE: Include golang-github-cpuguy83-md2man in CRB 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2149240 - [RHEL9][FTBFS] golang-github-cpuguy83-md2man-2.0.2-3.el9 FTBFS on Red Hat Enterprise Linux 9 - 9.2 6. Package List: Red Hat Enterprise Linux CRB (v. 9): Source: golang-github-cpuguy83-md2man-2.0.2-4.el9.src.rpm aarch64: golang-github-cpuguy83-md2man-2.0.2-4.el9.aarch64.rpm golang-github-cpuguy83-md2man-debuginfo-2.0.2-4.el9.aarch64.rpm golang-github-cpuguy83-md2man-debugsource-2.0.2-4.el9.aarch64.rpm ppc64le: golang-github-cpuguy83-md2man-2.0.2-4.el9.ppc64le.rpm golang-github-cpuguy83-md2man-debuginfo-2.0.2-4.el9.ppc64le.rpm golang-github-cpuguy83-md2man-debugsource-2.0.2-4.el9.ppc64le.rpm s390x: golang-github-cpuguy83-md2man-2.0.2-4.el9.s390x.rpm golang-github-cpuguy83-md2man-debuginfo-2.0.2-4.el9.s390x.rpm golang-github-cpuguy83-md2man-debugsource-2.0.2-4.el9.s390x.rpm x86_64: golang-github-cpuguy83-md2man-2.0.2-4.el9.x86_64.rpm golang-github-cpuguy83-md2man-debuginfo-2.0.2-4.el9.x86_64.rpm golang-github-cpuguy83-md2man-debugsource-2.0.2-4.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFo1fdzjgjWX9erEAQjpqA/+IuQZfpUYSAy5sYFm12w87eEdyYTwSmYR /5cY5kIhyeoj1vR3tyi8/PtdODI99lFY4h56Zn3ZSHpmv20+82MK1XcwHK9HTrvb yJcEp7T5CEAMCbvrEkGCIOkMSTgPBLvMpdoV12c+g2oBo97fZdmHttx+RxLGzSjB jJEhbVJFYDFDFw2eqXBanzAT55j1+6l92YipOAp0XUK9PV1ppZxBZDeBVHje7LBb 39j6bq74PlBCFzkyTuOb9xJw8HIs2BkPmnvvatUMy7f8BtyNIEGTyPgc3/3tD7AM M1gQkdZT9s0nBoTFjJW34CE2WIcGjBWYr8coalDWa0wXgpm/OVkKMFafZ9yKom/Q 6mMYoUg+GixqlJsqpqw0s/xC1djF1wos+rRZCi2iLl85KVnGbNvCisbO/STKP+hF p7scA9rd6l4ZH4TloR709r5SsLcv+eJwAHqRNNi9yZFroL810SQzdQxo/0vtfHfV ATQJyJjQg6vfj3CVERvHeE+LL4cbEPgN8JgIlQsoG0CPyrrrZy5ygs2dl3cPdkct yNItlxmm5AU0t+txQv5F36hnfD1A3QzqUxau6H/WVrYKbg4tfnVjFdyWlxcjuMM/ 1v/qymWeJj6gj1Ty8YH2UYFrdNkB0gnAjqoVW1jCbhmpTEJVkxZ9Bqv90L7gQg7S 3KwnMIEoXhE=yeny -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce