What Are You Looking For?

Popular Tags

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-34411d8f77
2023-09-15 01:34:53.819945
--------------------------------------------------------------------------------

Name        : borgbackup
Product     : Fedora 37
Version     : 1.2.6
Release     : 1.fc37
URL         : https://borgbackup.readthedocs.org
Summary     : A deduplicating backup program with compression and authenticated encryption
Description :
BorgBackup (short: Borg) is a deduplicating backup program. Optionally, it
supports compression and authenticated encryption.

--------------------------------------------------------------------------------
Update Information:

fix for CVE-2023-36811: spoofed archive leads to data loss  Please note that
starting with borgbackup 1.2.5 all borg repos must use TAM authentication:
https://github.com/borgbackup/borg/blob/1.2.6/docs/changes.rst#pre-125-archives-
spoofing-vulnerability-cve-2023-36811
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep  5 2023 Felix Schwarz  - 1.2.6-1
- update to 1.2.6 to fix CVE-2023-36811
- rely on auto-generated version requirement for msgpack
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2236305 - CVE-2023-36811 borgbackup: spoofed archive leads to data loss [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2236305
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-34411d8f77' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 37: borgbackup 2023-34411d8f77

September 15, 2023
fix for CVE-2023-36811: spoofed archive leads to data loss Please note that starting with borgbackup 1.2.5 all borg repos must use TAM authentication: https://github.com/borgbackup...

Summary

BorgBackup (short: Borg) is a deduplicating backup program. Optionally, it

supports compression and authenticated encryption.

Update Information:

fix for CVE-2023-36811: spoofed archive leads to data loss Please note that starting with borgbackup 1.2.5 all borg repos must use TAM authentication: https://github.com/borgbackup/borg/blob/1.2.6/docs/changes.rst#pre-125-archives- spoofing-vulnerability-cve-2023-36811

Change Log

* Tue Sep 5 2023 Felix Schwarz - 1.2.6-1 - update to 1.2.6 to fix CVE-2023-36811 - rely on auto-generated version requirement for msgpack

References

[ 1 ] Bug #2236305 - CVE-2023-36811 borgbackup: spoofed archive leads to data loss [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2236305

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-34411d8f77' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : borgbackup
Product : Fedora 37
Version : 1.2.6
Release : 1.fc37
URL : https://borgbackup.readthedocs.org
Summary : A deduplicating backup program with compression and authenticated encryption

Related News

P2PInfect Botnet Activity Surges 600x with Stealthier Malware Variants

Sep 22, 2023

Ubuntu 23.10 Improving PPA Management For Enhanced Security & Reliability

May 23, 2023

Judge Rules Online Archive's Book Service Violated Copyright

Mar 27, 2023

Stealthy Malware Distribution Involves Polyglot Files

Jan 19, 2023

News

Advisories

HOWTOs

Features

The Unseen Potential of Wake-on-LAN
Linux Vulnerabilities: The Antidote to This Linux Security Poison
Preventing Linux DDoS Attacks with Minimal Cybersecurity Knowledge
Navigating Software Scalability: A Practical Guide to Building Scalable Systems with Linux
Unlocking the Secrets of Linux Security: An Expert Analysis

About Us

Powered By

Footer Logo

Feedback