Fedora 34: 2022-9a1e4d4123b Low: WebAssembly Memory Handling Flaw

Binaryen is a compiler and toolchain infrastructure library for WebAssembly,

written in C++. It aims to make compiling to WebAssembly easy, fast, and

effective:

* Easy: Binaryen has a simple C API in a single header, and can also be used

from JavaScript. It accepts input in WebAssembly-like form but also accepts

a general control flow graph for compilers that prefer that.

* Fast: Binaryen's internal IR uses compact data structures and is designed for

completely parallel codegen and optimization, using all available CPU cores.

Binaryen's IR also compiles down to WebAssembly extremely easily and quickly

because it is essentially a subset of WebAssembly.

* Effective: Binaryen's optimizer has many passes that can improve code very

significantly (e.g. local coloring to coalesce local variables; dead code

elimination; precomputing expressions when possible at compile time; etc.).

These optimizations aim to make Binaryen powerful enough to be used as a

compiler backend by itself. One specific area of focus is on

WebAssembly-specific optimizations (that general-purpose compilers might not

do), which you can think of as wasm minification , similar to minification for

JavaScript, CSS, etc., all of which are language-specific (an example of such

an optimization is block return value generation in SimplifyLocals).

Bug fixes and incremental optimization improvements. ---- Bugfix release

including fix for CVE-2021-45290 and CVE-2021-45293.

* Sun Jan 16 2022 Dominik Mierzejewski 105-1

- update to 105 (#2040105)

* Tue Jan 11 2022 Dominik Mierzejewski 104-1

- update to 104 (#2033827)

- fixes CVE-2021-45290 (#2037323, #2037325)

- fixes CVE-2021-45293 (#2037324, #2037326)

[ 1 ] Bug #2033827 - binaryen-104 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2033827

[ 2 ] Bug #2037325 - CVE-2021-45290 binaryen: assertion abort in wasm::handle_unreachable [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2037325

[ 3 ] Bug #2037326 - CVE-2021-45293 binaryen: Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2037326

[ 4 ] Bug #2040105 - binaryen-105 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2040105

su -c 'dnf upgrade --advisory FEDORA-2022-9d18d4159e' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure