Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Fedora 37, FEDORA-2023-2a9214af5f Critical: Proxygen DDoS Risk

fedora
Calendar Grey October 24, 2023
Dist Fedora Esm H88
Enhance Folly stack and proxygen to patch security vulnerability in Fedora 37: Mitigate CVE-2023-44487 and guarantee stable QUIC communication.
Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487

Summary

mvfst (Pronounced move fast) is a client and server implementation of IETF QUIC

protocol in C++ by Facebook. QUIC is a UDP based reliable, multiplexed transport

protocol that will become an internet standard. The goal of mvfst is to build a

performant implementation of the QUIC transport protocol that applications could

adapt for use cases on both the internet and the data-center. mvfst has been

tested at scale on android, iOS apps, as well as servers and has several

features to support large scale deployments.

Update Information:

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487

Topics%20covered

Topics Covered

security advisory fedora critical security fix ddos proxygen

Change Log

* Tue Oct 17 2023 Michel Lind - 2023.10.16.00-1 - Update to 2023.10.16.00 * Tue Oct 17 2023 Michel Lind - 2023.10.09.00-1 - Update to 2023.10.09.00 * Sat Oct 7 2023 Michel Lind - 2023.09.11.00-2 - Rebuild for new libsodium * Tue Sep 12 2023 Michel Lind - 2023.09.11.00-1 - Initial package

References


[ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2221799 [ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239431 [ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239594 [ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239613 [ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239614 [ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239623 [ 7 ] Bug #2239624 - folly-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239624 [ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-2a9214af5f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: mvfst
Product: Fedora 37
Version: 2023.10.16.00
Release: 1.fc37
URL: https://github.com/facebook/mvfst
Summary: An implementation of the QUIC transport protocol

Topics%20covered

Topics Covered

security advisory fedora critical security fix ddos proxygen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here