Fedora 38: FEDORA-2024-b93312a597 Critical: Syncthing Memory Exhaustion
fedora
February 21, 2024
Update to version 1.27.3
Summary
Syncthing replaces other file synchronization services with something
open, trustworthy and decentralized. Your data is your data alone and
you deserve to choose where it is stored, if it is shared with some
third party and how it's transmitted over the Internet. Using syncthing,
that control is returned to you.
This package contains the syncthing client binary and systemd services.
Update Information:
Update to version 1.27.3. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.27.3 This update also addresses CVE-2023-49295 in quic-go: go/quic-go/security/advisories/GHSA-ppxx-5m9h-6vxf
Topics Covered
Change Log
* Mon Feb 12 2024 Fabio Valentini
References
[ 1 ] Bug #2257833 - CVE-2023-49295 syncthing: quic-go: memory exhaustion attack against QUIC's path validation mechanism [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2257833
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-b93312a597' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: syncthing
Product: Fedora 38
Version: 1.27.3
Release: 1.fc38
Summary: Continuous File Synchronization
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!