Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 39: FEDORA-2023-7934802344 Critical: mvfst DDoS Fix

fedora
Calendar Grey November 3, 2023
Dist Fedora Esm H88
Revise mvfst on Fedora to mitigate proxygen vulnerabilities and enhance defenses against DDoS attacks with essential updates.
Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487

Summary

mvfst (Pronounced move fast) is a client and server implementation of IETF QUIC

protocol in C++ by Facebook. QUIC is a UDP based reliable, multiplexed transport

protocol that will become an internet standard. The goal of mvfst is to build a

performant implementation of the QUIC transport protocol that applications could

adapt for use cases on both the internet and the data-center. mvfst has been

tested at scale on android, iOS apps, as well as servers and has several

features to support large scale deployments.

Update Information:

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487

Topics%20covered

Topics Covered

security advisory update critical Fedora DDoS proxygen mvfst

Change Log

* Tue Oct 17 2023 Michel Lind - 2023.10.16.00-1 - Update to 2023.10.16.00 * Tue Oct 17 2023 Michel Lind - 2023.10.09.00-1 - Update to 2023.10.09.00 * Sat Oct 7 2023 Michel Lind - 2023.09.11.00-2 - Rebuild for new libsodium * Tue Sep 12 2023 Michel Lind - 2023.09.11.00-1 - Initial package

References


[ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2221799 [ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239431 [ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239594 [ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239613 [ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239614 [ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239623 [ 7 ] Bug #2239624 - folly-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239624 [ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7934802344' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: mvfst
Product: Fedora 39
Version: 2023.10.16.00
Release: 1.fc39
URL: https://github.com/facebook/mvfst
Summary: An implementation of the QUIC transport protocol

Topics%20covered

Topics Covered

security advisory update critical Fedora DDoS proxygen mvfst

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here