Stay Secure with the Latest Linux Advisories

security advisoryfedoracritical

Critical Update for Fedora 28 NekoVM: Addressing CVE-2018-0497 Threat

- Update to 2.13.0 - CVE-2018-0497 Release notes: https://www.trustedfirmware.org/projects/mbed-tls/ Security Advisory: . --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-5d6e80ab82 2018-10-12 20:17:15.389360 --------------------------------------------------------------------------------Name : nekovm Product : Fedora 28 Version : 2.2.0 Release : 8.fc28 URL : https://nekovm.org/ Summary : Neko embedded scripting language and virtual machine Description : Neko is a high-level dynamically typed programming language which can also be used as an embedded scripting language. It has been designed to provide a common run-time for several different languages. Neko is not only very easy to learn and use, but also has the flexibility of being able to extend the language with C libraries. You can even write generators from your own language to Neko and then use the Neko run-time to compile, run, and access existing libraries. If you need to add a scripting language to your application, Neko provides one of the best trade-offs available between simplicity, extensibility and speed. Neko allows the language designer to focus on design whilst reusing a fast and well constructed run-time, as well as existing libraries for accessing file system, network, databases, XML... Neko has a compiler and virtual machine. The Virtual Machine is both very lightweight and extremely well optimized so that it can run very quickly. The VM can be easily embedded into any application and your libraries are directly accessible using the C foreign function interface. The compiler converts a source .neko file into a byte-code .n file that can be executed with the Virtual Machine. Although the compiler is written in Neko itself, it is still very fast. You can use the compiler as standalone command-line executable separated from the VM, or as a Neko library to perform compile-and-run forinteractive languages. --------------------------------------------------------------------------------Update Information: - Update to 2.13.0 - CVE-2018-0497 Release notes: https://www.trustedfirmware.org/projects/mbed-tls/ Security Advisory: --------------------------------------------------------------------------------ChangeLog: * Thu Sep 27 2018 Morten Stevens - 2.2.0-8 - Rebuilt for mbed TLS 2.13.0 * Thu Sep 27 2018 Morten Stevens - 2.2.0-7 - Rebuilt for mbed TLS 2.13.0 * Fri Jul 13 2018 Andy Li - 2.2.0-6 - Add BuildRequires on gcc. - Rebuilt for mbed TLS 2.11.0. * Thu Jul 5 2018 Richard W.M. Jones - 2.2.0-5 - Remove ldconfig https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/SU3LJVDZ7LUSJGZR5MS72BMRAFP3PQQL/ * Mon May 21 2018 Robert Scheck - 2.2.0-4 - Rebuilt for mbed TLS 2.9.0 (libmbedcrypto.so.2) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-5d6e80ab82' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . NekoVM has been upgraded to version 2.13.0 in the Fedora repository, mitigating the securityvulnerabilities associated with CVE-2018-0497. It's essential to maintain your system's safety.. Fedora, NekoVM, Security Update, Embedded Language, Critical Threat. . Severity: Critical. LinuxSecurity.com Team

Oct 12, 2018 •Critical Fedora