Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 37: FEDORA-2023-2a9214af5f Moderate: Mcrouter DDoS Threat Fix

fedora
Calendar Grey October 24, 2023
Dist Fedora Esm H88
Follow these instructions to update the Folly stack for mcrouter on Fedora 37 and address CVE-2023-44487 vulnerabilities effectively
Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487

Summary

Mcrouter (pronounced mc router) is a memcached protocol router for scaling

memcached deployments.

Because the routing and feature logic are abstracted from the client in

mcrouter deployments, the client may simply communicate with destination

hosts through mcrouter over a TCP connection using standard memcached

protocol. Typically, little or no client modification is needed to use

mcrouter, which was designed to be a drop-in proxy between the client and

memcached hosts.

Update Information:

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487

Topics%20covered

Topics Covered

security advisory Fedora security fix DDoS proxygen mcrouter

Change Log

* Wed Oct 18 2023 Michel Lind - 0.41.0.20231016-1 - Update to 2023.10.16.00 * Thu Oct 5 2023 Remi Collet - 0.41.0.20230703-3 - rebuild for new libsodium * Thu Jul 20 2023 Fedora Release Engineering - 0.41.0.20230703-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Fri Jul 7 2023 Michel Alexandre Salim - 0.41.0.20230703-1 - Update to 2023.07.03.00 * Wed Jun 28 2023 Vitaly Zaitsev - 0.41.0.20230424-2 - Rebuilt due to fmt 10 update.

References


[ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2221799 [ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239431 [ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239594 [ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239613 [ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239614 [ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239623 [ 7 ] Bug #2239624 - folly-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239624 [ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-2a9214af5f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: mcrouter
Product: Fedora 37
Version: 0.41.0.20231016
Release: 1.fc37
URL: https://github.com/facebook/mcrouter
Summary: Memcached protocol router for scaling memcached deployments

Topics%20covered

Topics Covered

security advisory Fedora security fix DDoS proxygen mcrouter

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here