Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 39: FEDORA-2023-7934802344 Critical: Proxygen DDoS Mitigation

fedora
Calendar Grey November 3, 2023
Dist Fedora Esm H88
The latest patch for fb303 in Fedora 39 tackles a critical DDoS vulnerability in proxygen, significantly enhancing the system's security posture.
Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487

Summary

fb303 is a base Thrift service and a common set of functionality for querying

stats, options, and other information from a service.

Update Information:

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487

Topics%20covered

Topics Covered

security advisory update Fedora security fix DDoS proxygen fb303

Change Log

* Wed Oct 18 2023 Michel Lind - 2023.10.16.00-1 - Update to 2023.10.16.00 * Tue Oct 17 2023 Michel Lind - 2023.10.09.00-1 - Update to 2023.10.09.00 * Tue Sep 12 2023 Michel Lind - 2023.09.11.00-1 - Update to 2023.09.11.00

References


[ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2221799 [ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239431 [ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239594 [ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239613 [ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239614 [ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239623 [ 7 ] Bug #2239624 - folly-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239624 [ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7934802344' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: fb303
Product: Fedora 39
Version: 2023.10.16.00
Release: 1.fc39
URL: https://github.com/facebook/fb303/
Summary: Base Thrift service and a common set of functionality

Topics%20covered

Topics Covered

security advisory update Fedora security fix DDoS proxygen fb303

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here