Stay Vigilant with Timely Linux Security Advisories

security advisorycriticalFedora

Fedora 39: 2023-7934802345 Urgent: Proxygen Security Patch Release

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-7934802344 2023-11-03 18:20:20.955871 -------------------------------------------------------------------------------- Name : proxygen Product : Fedora 39 Version : 2023.10.16.00 Release : 1.fc39 URL : https://github.com/facebook/proxygen Summary : A collection of C++ HTTP libraries including an easy to use HTTP server. Description : Proxygen comprises the core C++ HTTP abstractions used at Facebook. Internally, it is used as the basis for building many HTTP servers, proxies, and clients. This release focuses on the common HTTP abstractions and our simple HTTPServer framework. Future releases will provide simple client APIs as well. The framework supports HTTP/1.1, SPDY/3, SPDY/3.1, HTTP/2, and HTTP/3. The goal is to provide a simple, performant, and modern C++ HTTP library. -------------------------------------------------------------------------------- Update Information: Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 17 2023 Michel Lind - 2023.10.16.00-1 - Update to 2023.10.16.00 * Tue Sep 12 2023 Michel Lind - 2023.09.11.00-1 - Update to 2023.09.11.00 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2221799 [ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239431 [ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239594 [ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239613 [ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239614 [ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239623 [ 7 ] Bug #2239624 - folly-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239624 [ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243253 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7934802344' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Enhancement to proxygen, addressing the critical vulnerability CVE-2023-44487, boosts the security of Fedora 39 against potential DDoS threats.. Fedora Update, proxygen, HTTP/2, DDoS Attack, Security Fix. . Severity: Critical. LinuxSecurity.com Team

Nov 03, 2023 •Critical Fedora

security advisoryFedorasecurity fix

Fedora: 2023-7934802344 Moderate: Watchman DDoS Risk Mitigation

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-7934802344 2023-11-03 18:20:20.955871 -------------------------------------------------------------------------------- Name : watchman Product : Fedora 39 Version : 2021.05.10.00 Release : 24.fc39 URL : https://facebook.github.io/watchman/ Summary : File alteration monitoring service Description : Watchman exists to watch files and record when they actually change. It can also trigger actions (such as rebuilding assets) when matching files change. -------------------------------------------------------------------------------- Update Information: Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 18 2023 Michel Lind - 2021.05.10.00-24 - Rebuilt for folly 2023.10.16.00 * Wed Sep 13 2023 Michel Lind - 2021.05.10.00-23 - Rebuilt for folly 2023.09.11.00 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2221799 [ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239431 [ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239594 [ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239613 [ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239614 [ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239623 [ 7 ] Bug #2239624 - folly-2023.10.09.00 isavailable https://bugzilla.redhat.com/show_bug.cgi?id=2239624 [ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243253 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7934802344' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Linux kernel team shares an important patch for secure bootloader to reduce risks from potential external threats. Update immediately for enhanced protection.. watchman update,Fedora security,proxygen DDoS protection. . LinuxSecurity.com Team

Nov 03, 2023 Fedora

Banner 2 1028x280 1708121730 1 1771599631

security advisoryFedorasecurity fix

Fedora 39: 7934802344 Critical: Mcrouter DDoS Risk Update

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-7934802344 2023-11-03 18:20:20.955871 -------------------------------------------------------------------------------- Name : mcrouter Product : Fedora 39 Version : 0.41.0.20231016 Release : 1.fc39 URL : https://github.com/facebook/mcrouter Summary : Memcached protocol router for scaling memcached deployments Description : Mcrouter (pronounced mc router) is a memcached protocol router for scaling memcached deployments. Because the routing and feature logic are abstracted from the client in mcrouter deployments, the client may simply communicate with destination hosts through mcrouter over a TCP connection using standard memcached protocol. Typically, little or no client modification is needed to use mcrouter, which was designed to be a drop-in proxy between the client and memcached hosts. -------------------------------------------------------------------------------- Update Information: Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 18 2023 Michel Lind - 0.41.0.20231016-1 - Update to 2023.10.16.00 * Thu Oct 5 2023 Remi Collet - 0.41.0.20230703-3 - rebuild for new libsodium -------------------------------------------------------------------------------- References: [ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2221799 [ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239431 [ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239594 [ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239613 [ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239614 [ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239623 [ 7 ] Bug #2239624 - folly-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239624 [ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243253 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7934802344' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Fedora 39 users should take note of a critical DDoS vulnerability in mcrouter, CVE-2023-44487, affecting the proxygen module. Update urgently to prevent service disruptions. Fedora, Mcrouter, DDoS, Proxygen, Security Fix. . Severity: Critical. LinuxSecurity.com Team

Nov 03, 2023 •Critical Fedora

security advisoryupdatecritical

Fedora 39: FEDORA-2023-7934802344 Critical: mvfst DDoS Fix

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-7934802344 2023-11-03 18:20:20.955871 -------------------------------------------------------------------------------- Name : mvfst Product : Fedora 39 Version : 2023.10.16.00 Release : 1.fc39 URL : https://github.com/facebook/mvfst Summary : An implementation of the QUIC transport protocol Description : mvfst (Pronounced move fast) is a client and server implementation of IETF QUIC protocol in C++ by Facebook. QUIC is a UDP based reliable, multiplexed transport protocol that will become an internet standard. The goal of mvfst is to build a performant implementation of the QUIC transport protocol that applications could adapt for use cases on both the internet and the data-center. mvfst has been tested at scale on android, iOS apps, as well as servers and has several features to support large scale deployments. -------------------------------------------------------------------------------- Update Information: Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 17 2023 Michel Lind - 2023.10.16.00-1 - Update to 2023.10.16.00 * Tue Oct 17 2023 Michel Lind - 2023.10.09.00-1 - Update to 2023.10.09.00 * Sat Oct 7 2023 Michel Lind - 2023.09.11.00-2 - Rebuild for new libsodium * Tue Sep 12 2023 Michel Lind - 2023.09.11.00-1 - Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2221799 [ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239431 [ 3 ] Bug#2239594 - wangle-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239594 [ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239613 [ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239614 [ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239623 [ 7 ] Bug #2239624 - folly-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239624 [ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243253 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7934802344' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Revise mvfst on Fedora to mitigate proxygen vulnerabilities and enhance defenses against DDoS attacks with essential updates..Fedora Security Advisory,Mvfst Update,Proxygen Security Fix,DDoS Protection,Software Maintenance. . Severity: Critical. LinuxSecurity.com Team

Nov 03, 2023 •Critical Fedora

security advisoryfedorasecurity fix

Fedora 39: FEDORA-2023-7934802344 Critical: Proxygen DDoS Risk

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-7934802344 2023-11-03 18:20:20.955871 -------------------------------------------------------------------------------- Name : wdt Product : Fedora 39 Version : 1.32.1910230^20230711git3b52ef5 Release : 2.fc39 URL : https://www.facebook.com/WdtOpenSource Summary : Warp speed Data Transfer Description : Warp speed Data Transfer is aiming to transfer data between two systems as fast as possible. -------------------------------------------------------------------------------- Update Information: Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 18 2023 Michel Lind - 1.32.1910230^20230711git3b52ef5-2 - Rebuilt for folly 2023.10.16.00 * Wed Sep 13 2023 Michel Lind - 1.32.1910230^20230711git3b52ef5-1 - Update to snapshot from 20230711 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2221799 [ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239431 [ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239594 [ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239613 [ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239614 [ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239623 [ 7 ] Bug #2239624 - folly-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239624 [ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243253 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7934802344' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Fedora 39 has released a crucial update targeting a severe vulnerability in proxygen, aimed at bolstering the security of data transmissions.. Fedora 39 Update, Proxygen Security Fix, DDoS Vulnerability. . Severity: Critical. LinuxSecurity.com Team

Nov 03, 2023 •Critical Fedora

security advisoryupdateFedora

Fedora 39: 2023-7934802344 Critical: Fizz DDoS Threat Mitigation

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-7934802344 2023-11-03 18:20:20.955871 -------------------------------------------------------------------------------- Name : fizz Product : Fedora 39 Version : 2023.10.16.00 Release : 1.fc39 URL : https://github.com/facebookincubator/fizz Summary : A C++14 implementation of the TLS-1.3 standard Description : Fizz is a TLS 1.3 implementation. Fizz currently supports TLS 1.3 drafts 28, 26 (both wire-compatible with the final specification), and 23. All major handshake modes are supported, including PSK resumption, early data, client authentication, and HelloRetryRequest. -------------------------------------------------------------------------------- Update Information: Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 17 2023 Michel Lind - 2023.10.16.00-1 - Update to 2023.10.16.00 * Mon Oct 16 2023 Michel Lind - 2023.10.09.00-1 - Update to 2023.10.09.00 * Thu Oct 5 2023 Remi Collet - 2023.09.11.00-2 - rebuild for new libsodium * Mon Sep 11 2023 Michel Lind - 2023.09.11.00-1 - Update to 2023.09.11.00 - Fix duplicate description -------------------------------------------------------------------------------- References: [ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2221799 [ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239431 [ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239594 [ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239613 [ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239614 [ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239623 [ 7 ] Bug #2239624 - folly-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239624 [ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243253 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7934802344' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The latest Fizz update in Fedora resolves CVE-2023-44487, delivering crucial security enhancements and improved capabilities aimed at countering DDoS attacks.. Fedora Update, Fizz Security Fix, DDoS Prevention, TLS Implementation, Proxygen Update. . Severity: Critical. LinuxSecurity.com Team

Nov 03, 2023 •Critical Fedora

security advisorycriticalFedora

Fedora 39 2023-7934802344 Critical: fbthrift Proxygen DDoS Threat

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-7934802344 2023-11-03 18:20:20.955871 -------------------------------------------------------------------------------- Name : fbthrift Product : Fedora 39 Version : 2023.10.16.00 Release : 1.fc39 URL : https://github.com/facebook/fbthrift Summary : Facebook's branch of Apache Thrift, including a new C++ server Description : Thrift is a serialization and RPC framework for service communication. Thrift enables these features in all major languages, and there is strong support for C++, Python, Hack, and Java. Most services at Facebook are written using Thrift for RPC, and some storage systems use Thrift for serializing records on disk. Facebook Thrift is not a distribution of Apache Thrift. This is an evolved internal branch of Thrift that Facebook re-released to open source community in February 2014. Facebook Thrift was originally released closely tracking Apache Thrift but is now evolving in new directions. In particular, the compiler was rewritten from scratch and the new implementation features a fully asynchronous Thrift server. -------------------------------------------------------------------------------- Update Information: Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 18 2023 Michel Lind - 2023.10.16.00-1 - Update to 2023.10.16.00 * Tue Oct 17 2023 Michel Lind - 2023.10.09.00-1 - Update to 2023.10.09.00 * Thu Oct 5 2023 Remi Collet - 2023.09.11.00-3 - rebuild for new libsodium * Tue Sep 12 2023 Michel Lind - 2023.09.11.00-2 - Fix undefined reference to EventHandlerRuntime * Tue Sep 12 2023 Michel Lind - 2023.09.11.00-1 - Update to2023.09.11.00 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2221799 [ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239431 [ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239594 [ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239613 [ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239614 [ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239623 [ 7 ] Bug #2239624 - folly-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239624 [ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243253 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7934802344' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The Fedora 39 Release Update outlines an essential fbthrift vulnerability patch for proxygen, enhancing protection from potential DDoS threats.. fbthrift update, proxygen security, Fedora advisory, RPC framework. . Severity: Critical. LinuxSecurity.com Team

Nov 03, 2023 •Critical Fedora

security advisoryupdateFedora

Fedora 39: FEDORA-2023-7934802344 Critical: Proxygen DDoS Mitigation

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-7934802344 2023-11-03 18:20:20.955871 -------------------------------------------------------------------------------- Name : fb303 Product : Fedora 39 Version : 2023.10.16.00 Release : 1.fc39 URL : https://github.com/facebook/fb303/ Summary : Base Thrift service and a common set of functionality Description : fb303 is a base Thrift service and a common set of functionality for querying stats, options, and other information from a service. -------------------------------------------------------------------------------- Update Information: Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 18 2023 Michel Lind - 2023.10.16.00-1 - Update to 2023.10.16.00 * Tue Oct 17 2023 Michel Lind - 2023.10.09.00-1 - Update to 2023.10.09.00 * Tue Sep 12 2023 Michel Lind - 2023.09.11.00-1 - Update to 2023.09.11.00 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2221799 [ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239431 [ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239594 [ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239613 [ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239614 [ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239623 [ 7 ] Bug #2239624 - folly-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239624 [ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243253 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7934802344' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The latest patch for fb303 in Fedora 39 tackles a critical DDoS vulnerability in proxygen, significantly enhancing the system's security posture.. Fedora Update, fb303 Service, Proxygen Fix, DDoS Prevention, Security Patch. . Severity: Critical. LinuxSecurity.com Team

Nov 03, 2023 •Critical Fedora

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Fedora 39: 2023-7934802345 Urgent: Proxygen Security Patch Release

Fedora: 2023-7934802344 Moderate: Watchman DDoS Risk Mitigation

Fedora 39: 7934802344 Critical: Mcrouter DDoS Risk Update

Fedora 39: FEDORA-2023-7934802344 Critical: mvfst DDoS Fix

Fedora 39: FEDORA-2023-7934802344 Critical: Proxygen DDoS Risk

Fedora 39: 2023-7934802344 Critical: Fizz DDoS Threat Mitigation

Fedora 39 2023-7934802344 Critical: fbthrift Proxygen DDoS Threat

Fedora 39: FEDORA-2023-7934802344 Critical: Proxygen DDoS Mitigation

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!