Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisoryFedorasecurity fixFedora: 2023-7934802344 Moderate: Watchman DDoS Risk Mitigation
Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-7934802344 2023-11-03 18:20:20.955871 -------------------------------------------------------------------------------- Name : watchman Product : Fedora 39 Version : 2021.05.10.00 Release : 24.fc39 URL : https://facebook.github.io/watchman/ Summary : File alteration monitoring service Description : Watchman exists to watch files and record when they actually change. It can also trigger actions (such as rebuilding assets) when matching files change. -------------------------------------------------------------------------------- Update Information: Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 18 2023 Michel Lind - 2021.05.10.00-24 - Rebuilt for folly 2023.10.16.00 * Wed Sep 13 2023 Michel Lind - 2021.05.10.00-23 - Rebuilt for folly 2023.09.11.00 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2221799 [ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239431 [ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239594 [ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239613 [ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239614 [ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239623 [ 7 ] Bug #2239624 - folly-2023.10.09.00 isavailable https://bugzilla.redhat.com/show_bug.cgi?id=2239624 [ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243253 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7934802344' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 03, 2023
Fedora
89
security advisoryfedoracriticalFedora 38 2023-17efd3f2cd Critical: Watchman DDoS Attack Risk
Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-17efd3f2cd 2023-10-24 01:21:22.156597 -------------------------------------------------------------------------------- Name : watchman Product : Fedora 38 Version : 2021.05.10.00 Release : 24.fc38 URL : https://facebook.github.io/watchman/ Summary : File alteration monitoring service Description : Watchman exists to watch files and record when they actually change. It can also trigger actions (such as rebuilding assets) when matching files change. -------------------------------------------------------------------------------- Update Information: Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 18 2023 Michel Lind - 2021.05.10.00-24 - Rebuilt for folly 2023.10.16.00 * Wed Sep 13 2023 Michel Lind - 2021.05.10.00-23 - Rebuilt for folly 2023.09.11.00 * Sat Jul 22 2023 Fedora Release Engineering - 2021.05.10.00-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2221799 [ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239431 [ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239594 [ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239613 [ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239614 [ 6 ] Bug #2239623 -fizz-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239623 [ 7 ] Bug #2239624 - folly-2023.10.09.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=2239624 [ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243253 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-17efd3f2cd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 24, 2023
•Critical
Fedora
202
security advisoryupdatelocal privilege escalationopenSUSE: 2022:0016-1 Important: Watchman Local Escalation Fix
An update that solves one vulnerability and has one errata is now available. . openSUSE Security Update: Security update for watchman ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0016-1 Rating: important References: #1181400 #1194470 Cross-References: CVE-2022-21944 Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for watchman fixes the following issues: - ship README.suse that explains how to use the template systemd units - add user writable bit for systemd service and socket files - properly handle state directory creation in /run/watchman/$USER-state. The former approach was susceptible to a local privilege escalation using symlinks (CVE-2022-21944, boo#1194470). - Added hardening to systemd service(s) (boo#1181400). Modified: * watchman@.service - removed python2 bindings - enabled python3 bindings as python3-watchman - Changes in 4.8.0: * New command `flush-subscriptions` to synchronize subscriptions associated with the current session. * Enforce socket Unix groups more strongly ??? Watchman will now refuse to start if it couldn't gain the right group memberships, as can happen for sites that are experiencing intermittent LDAP connectivity problems. * pywatchman now officially supports Python 3. pywatchman will return Unicode strings (possibly with surrogate escapes) by default, but can optionally return bytestrings. Note that on Python 3, pywatchman requires Watchman 4.8 and above. The Python 2 interface and requirements remain unchanged. * Prior to 4.8, methods on the Java WatchmanClient that returned ListenableFutures would swallow exceptions andhang in an unfinished state under situations like socket closure or thread death. This has been fixed, and now ListenableFutures propagate exception conditions immediately. (Note that this is typically unrecoverable, and users should create a new WatchmanClient to re-establish communication with Watchman.) See #412. * The minimum Java version for the Watchman Java client has always been 1.7, but it was incorrectly described to be 1.6. The Java client's build file has been fixed accordingly. * Watchman was converted from C to C++. The conversion exposed several concurrency bugs, all of which have now been fixed. * Subscription queries are now executed in the context of the client thread, which means that subscriptions are dispatched in parallel. Previously, subscriptions would be serially dispatched and block the disk IO thread. * Triggers are now dispatched in parallel and waits are managed in their own threads (one thread per trigger). This improves concurrency and resolves a couple of waitpid related issues where watchman may not reap spawned children in a timely fashion, or may spin on CPU until another child is spawned. * Fixed an object lifecycle management issue that could cause a crash when aging out old/transient files. * Implement an upgraded wire protocol, BSERv2, on the server and in pywatchman. BSERv2 can carry information about string encoding over the wire. This lets pywatchman convert to Unicode strings on Python 3. Clients and servers know how to transparently fall back to BSERv1. - Changes in 4.9.0: * New field: `content.sha1hex`. This field expands to the SHA1 hash of the file contents, expressed in hex digits (40 character hex string). Watchman maintains a cache of the content hashes and can compute the hash on demand and alsoheuristically as files are changed. This is useful for tooling that wants to perform more intelligent cache invalidation or build artifact fetching from content addressed storage. * Fixed an issue that resulted in the perf logging thread deadlocking when `perf_logger_command` is enabled in the global configuration * Fixed an issue where queries larger than 1MB would likely result in a PDU error response. * Reduced lock contention for subscriptions that do no use the advanced settling (`drop`, `defer`) options. * Fixed `since` generator behavior when using unix timestamps rather than the preferred clock string syntax * Improved the reporting of "new" files in watchman results * Improved performance of handling changes on case insensitive filesystems * pywatchman: the python wheel format is used for publishing watchman pypi package * pywatchman: now watchman path is configurable in python client * pywatchman: now python client can be used as a context manager Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-16=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): python3-watchman-1.4.0-bp153.2.3.1 watchman-4.9.0-bp153.2.3.1 References: https://www.suse.com/security/cve/CVE-2022-21944.html https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1194470 . A vital Fedora patch for auditd tackles significant vulnerabilities, notably remote code execution threats.. openSUSE Update, Watchman Security, Privilege Escalation Fix, Systemd Security. . Severity: Important. LinuxSecurity.com Team
Jan 17, 2022
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!