Fedora 40: 2024-632b468c59 Critical: zlib-rs stack overflow
fedora
November 29, 2024
Update the rustls crate to version 0.23.17
Summary
Rustls is a modern TLS library written in Rust.
Update Information:
Update the rustls crate to version 0.23.17. Update the zlib-rs crate to version 0.4.0. The update to zlib-rs v0.4.0 also addresses CVE-2024-11249 (stack overflow during decompression with malicious input). This issue had no actual impact in Fedora, because no applications yet use the the zlib-rs feature of rustls and rustls is the only dependent package of zlib-rs.
Topics Covered
Change Log
* Wed Nov 20 2024 Benjamin A. Beasley
References
[ 1 ] Bug #2326413 - CVE-2024-11249 rust-zlib-rs: zlib-rs stack overflow during decompression with malicious input [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2326413
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-632b468c59' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: rust-rustls
Product: Fedora 40
Version: 0.23.17
Release: 1.fc40
Summary: Modern TLS library written in Rust
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!