Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Ubuntu: 2023-4bcb1a3f8 Severe: Libcurl Vulnerability Exploit

fedora
Calendar Grey October 24, 2023
Dist Fedora Esm H88
Folly library has been refreshed to the newest release, incorporating a critical patch for CVE-2023-44487, which resolves a denial-of-service issue identified in proxygen.
Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487

Summary

Folly (acronymed loosely after Facebook Open Source Library) is a library of

C++14 components designed with practicality and efficiency in mind. Folly

contains a variety of core library components used extensively at Facebook. In

particular, it's often a dependency of Facebook's other open source C++ efforts

and place where those projects can share code.

It complements (as opposed to competing against) offerings such as Boost and of

course std. In fact, we embark on defining our own component only when something

we need is either not available, or does not meet the needed performance

profile. We endeavor to remove things from folly if or when std or Boost

obsoletes them.

Performance concerns permeate much of Folly, sometimes leading to designs that

are more idiosyncratic than they would otherwise be (see e.g. PackedSyncPtr.h,

SmallLocks.h). Good performance at large scale is a unifying theme in all of

Folly.

Update Information:

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487

Topics%20covered

Topics Covered

security advisory Fedora DoS security fix C++ library proxygen Folly

Change Log

* Tue Oct 17 2023 Michel Lind - 2023.10.16.00-1 - Update to 2023.10.16.00 * Mon Oct 16 2023 Michel Lind - 2023.10.09.00-1 - Update to 2023.10.09.00 * Fri Oct 6 2023 Michel Lind - 2023.09.11.00-3 - Reorganize disabled tests; ungate the flaky tests previously disabled only on x86_64 * Thu Oct 5 2023 Remi Collet - 2023.09.11.00-2 - rebuild for new libsodium * Mon Sep 11 2023 Michel Lind - 2023.09.11.00-1 - Update to 2023.09.11.00 * Wed Jul 19 2023 Fedora Release Engineering - 2023.07.03.00-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jul 6 2023 Michel Alexandre Salim - 2023.07.03.00-1 - Update to 2023.07.03.00 (fixes: rhbz#2219453) - Add patch to support fmt 10 - Use SPDX license identifier * Wed Jun 28 2023 Vitaly Zaitsev - 2023.04.24.00-5 - Rebuilt due to fmt 10 update. * Wed Apr 26 2023 Michel Alexandre Salim - 2023.04.24.00-4 - Disable more flaky tests on x86_64

References


[ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2221799 [ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239431 [ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239594 [ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239613 [ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239614 [ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239623 [ 7 ] Bug #2239624 - folly-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239624 [ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-2a9214af5f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
important
Lowest
Low
Medium
High
Critical

Name: folly
Product: Fedora 37
Version: 2023.10.16.00
Release: 1.fc37
URL: https://github.com/facebook/folly
Summary: An open-source C++ library developed and used at Facebook

Topics%20covered

Topics Covered

security advisory Fedora DoS security fix C++ library proxygen Folly

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here