Fedora 36: libsignal-protocol-c 2023-8b0938312e | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-8b0938312e
2023-04-29 05:12:00.194966
--------------------------------------------------------------------------------

Name        : libsignal-protocol-c
Product     : Fedora 36
Version     : 2.3.3
Release     : 7.fc36
URL         : https://github.com/signalapp/libsignal-protocol-c
Summary     : Signal Protocol C library
Description :
This is a ratcheting forward secrecy protocol that works in synchronous
and asynchronous messaging environments.

--------------------------------------------------------------------------------
Update Information:

Backport a fix for [CVE-2022-48468](https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2022-48468) for
[protobuf-c](https://github.com/protobuf-c/protobuf-c), which is bundled in
`libsignal-protocol-c`.  https://github.com/protobuf-c/protobuf-
c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217
https://github.com/protobuf-c/protobuf-c/issues/499
https://github.com/protobuf-c/protobuf-c/pull/513
https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 19 2023 Randy Barlow  - 2.3.3-7
- Fix CVE-2022-48468: unsigned integer overflow (#2186673).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2186674 - CVE-2022-48468 libsignal-protocol-c: protobuf-c: an unsigned integer overflow in parse_required_member [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2186674
  [ 2 ] Bug #2186675 - CVE-2022-48468 libsignal-protocol-c: protobuf-c: an unsigned integer overflow in parse_required_member [fedora-36]
        https://bugzilla.redhat.com/show_bug.cgi?id=2186675
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-8b0938312e' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 36: libsignal-protocol-c 2023-8b0938312e

April 29, 2023
Backport a fix for [CVE-2022-48468](https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2022-48468) for [protobuf-c](https://github.com/protobuf-c/protobuf-c), which is bundled in ...

Summary

This is a ratcheting forward secrecy protocol that works in synchronous

and asynchronous messaging environments.

Update Information:

Backport a fix for [CVE-2022-48468](https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2022-48468) for [protobuf-c](https://github.com/protobuf-c/protobuf-c), which is bundled in `libsignal-protocol-c`. https://github.com/protobuf-c/protobuf- c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217 https://github.com/protobuf-c/protobuf-c/issues/499 https://github.com/protobuf-c/protobuf-c/pull/513 https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1

Change Log

* Wed Apr 19 2023 Randy Barlow - 2.3.3-7 - Fix CVE-2022-48468: unsigned integer overflow (#2186673).

References

[ 1 ] Bug #2186674 - CVE-2022-48468 libsignal-protocol-c: protobuf-c: an unsigned integer overflow in parse_required_member [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2186674 [ 2 ] Bug #2186675 - CVE-2022-48468 libsignal-protocol-c: protobuf-c: an unsigned integer overflow in parse_required_member [fedora-36] https://bugzilla.redhat.com/show_bug.cgi?id=2186675

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-8b0938312e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : libsignal-protocol-c
Product : Fedora 36
Version : 2.3.3
Release : 7.fc36
URL : https://github.com/signalapp/libsignal-protocol-c
Summary : Signal Protocol C library

News

Advisories

HOWTOs

Features

Linux Container Security Primer
Email Phishing Using Kali Linux
Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy