Fedora 41: FEDORA-2024-41e6e2fc74 critical: rustls stack overflow
fedora
November 29, 2024
Update the rustls crate to version 0.23.17
Summary
Rustls is a modern TLS library written in Rust.
Update Information:
Update the rustls crate to version 0.23.17. Update the zlib-rs crate to version 0.4.0. The update to zlib-rs v0.4.0 also addresses CVE-2024-11249 (stack overflow during decompression with malicious input). This issue had no actual impact in Fedora, because no applications yet use the the zlib-rs feature of rustls and rustls is the only dependent package of zlib-rs.
Topics Covered
Change Log
* Wed Nov 20 2024 Benjamin A. Beasley
References
[ 1 ] Bug #2326414 - CVE-2024-11249 rust-zlib-rs: zlib-rs stack overflow during decompression with malicious input [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2326414
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-41e6e2fc74' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Name: rust-rustls
Product: Fedora 41
Version: 0.23.17
Release: 1.fc41
Summary: Modern TLS library written in Rust
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!