Fedora 40: FEDORA-2024-632b468c59 moderate: rust-zlib-rs stack overflow
fedora
November 29, 2024
Update the rustls crate to version 0.23.17
Summary
A memory-safe zlib implementation written in rust.
Update Information:
Update the rustls crate to version 0.23.17. Update the zlib-rs crate to version 0.4.0. The update to zlib-rs v0.4.0 also addresses CVE-2024-11249 (stack overflow during decompression with malicious input). This issue had no actual impact in Fedora, because no applications yet use the the zlib-rs feature of rustls and rustls is the only dependent package of zlib-rs.
Change Log
* Wed Nov 20 2024 Benjamin A. Beasley
References
[ 1 ] Bug #2326413 - CVE-2024-11249 rust-zlib-rs: zlib-rs stack overflow during decompression with malicious input [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2326413
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-632b468c59' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Name: rust-zlib-rs
Product: Fedora 40
Version: 0.4.0
Release: 1.fc40
Summary: Memory-safe zlib implementation written in rust
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!