Stay Secure with the Latest Linux Advisories

security advisoryfedoracritical

Fedora 37 FEDORA-2023-1d0d71b6aa Critical: OpenPGP Parsing Crash

- Update the sequoia-openpgp crate to version 1.16.0. - Update the nettle crate to version 7.3.0. - Update the nettle-sys crate to version 2.2.0. - Update the buffered-reader crate to version 1.2.0. Version 1.16.0 of the sequoia-openpgp crate fixes some issues in parsing code, which could lead to attempted out-of- bounds accesses that result in crashes due to bounds checks which are included. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-1d0d71b6aa 2023-05-27 01:25:15.781100 --------------------------------------------------------------------------------Name : rust-sequoia-wot Product : Fedora 37 Version : 0.5.0 Release : 2.fc37 URL : Summary : Implementation of OpenPGP's web of trust Description : An implementation of OpenPGP's web of trust. --------------------------------------------------------------------------------Update Information: - Update the sequoia-openpgp crate to version 1.16.0. - Update the nettle crate to version 7.3.0. - Update the nettle-sys crate to version 2.2.0. - Update the buffered-reader crate to version 1.2.0. Version 1.16.0 of the sequoia-openpgp crate fixes some issues in parsing code, which could lead to attempted out-of-bounds accesses that result in crashes due to bounds checks which are included by default in Rust code. This update contains rebuilds of all applications that are based on sequoia-openpgp to address this issue. ---- Update to version 1.5.0. This release improves compatibility with the version of librnp that's bundled in recent versions of thunderbird. --------------------------------------------------------------------------------ChangeLog: * Thu May 18 2023 Fabio Valentini - 0.5.0-2 - Rebuild for sequoia-openpgp v1.16 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-1d0d71b6aa' at thecommand line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Debian Advisory for rust-sequoia-wot enhances functionality addressing decoding discrepancies, thus boosting reliability in cryptography tools.. sequoia-openpgp update,Fedora security update,parsing issue fix,software package maintenance. . Severity: Critical. LinuxSecurity.com Team

May 27, 2023 •Critical Fedora