Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 620
Alerts This Week
Warning Icon 1 620

Fedora 39: 2024-22b915e51a Critical: Caddy DoS Issue Resolved

fedora
Calendar Grey February 19, 2024
Dist Fedora Esm H88
Patch released for DoS threat in Caddy on Fedora 39. Upgrade to version 2.7.6 immediately.
Update to the latest upstream version, which includes a fix for CVE-2023-45142

Summary

Caddy is an extensible server platform that uses TLS by default.

Update Information:

Update to the latest upstream version, which includes a fix for CVE-2023-45142. https://github.com/caddyserver/caddy/releases/tag/v2.7.6

Change Log

* Fri Feb 9 2024 Carl George - 2.7.6-1 - Update to version 2.7.6 rhbz#2253698 - Includes fix for CVE-2023-45142 rhbz#2246587 * Tue Jan 23 2024 Fedora Release Engineering - 2.7.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering - 2.7.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

References


[ 1 ] Bug #2246587 - CVE-2023-45142 caddy: opentelemetry-go-contrib: DoS vulnerability in otelhttp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2246587 [ 2 ] Bug #2253698 - caddy-2.7.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=2253698

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-22b915e51a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: caddy
Product: Fedora 39
Version: 2.7.6
Release: 1.fc39
Summary: Web server with automatic HTTPS

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.