-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-bc40c7995e 2023-10-03 00:43:11.265617 -------------------------------------------------------------------------------- Name : firecracker Product : Fedora 37 Version : 1.4.1 Release : 3.fc37 URL : https://firecracker-microvm.github.io/ Summary : Secure and fast microVMs for serverless computing Description : Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services that provide serverless operational models. Firecracker runs workloads in lightweight virtual machines, called microVMs, which combine the security and isolation properties provided by hardware virtualization technology with the speed and flexibility of containers. This package does not include all of the security features of an official release. It is not production ready without additional sandboxing. -------------------------------------------------------------------------------- Update Information: - Update the aes-gcm crate to version 0.10.3. Addresses CVE-2023-42811. - Rebuild dependent packages (firecracker) for aes-gcm v0.10.3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42811 -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 1 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.4.1-3 - Rebuild for aes-gcm v0.10.3 / CVE-2023-42811. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2240269 - CVE-2023-42811 rust-aes-gcm: aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2240269 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-bc40c7995e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
