Fedora Linux 8810 Published by

A binaryen security update has been released for Fedora 35.



SECURITY: Fedora 35 Update: binaryen-105-1.fc35


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-a662b2def6
2022-01-25 01:10:00.815558
--------------------------------------------------------------------------------

Name : binaryen
Product : Fedora 35
Version : 105
Release : 1.fc35
URL :   https://github.com/WebAssembly/binaryen
Summary : Compiler and toolchain infrastructure library for WebAssembly
Description :
Binaryen is a compiler and toolchain infrastructure library for WebAssembly,
written in C++. It aims to make compiling to WebAssembly easy, fast, and
effective:

* Easy: Binaryen has a simple C API in a single header, and can also be used
from JavaScript. It accepts input in WebAssembly-like form but also accepts
a general control flow graph for compilers that prefer that.

* Fast: Binaryen's internal IR uses compact data structures and is designed for
completely parallel codegen and optimization, using all available CPU cores.
Binaryen's IR also compiles down to WebAssembly extremely easily and quickly
because it is essentially a subset of WebAssembly.

* Effective: Binaryen's optimizer has many passes that can improve code very
significantly (e.g. local coloring to coalesce local variables; dead code
elimination; precomputing expressions when possible at compile time; etc.).
These optimizations aim to make Binaryen powerful enough to be used as a
compiler backend by itself. One specific area of focus is on
WebAssembly-specific optimizations (that general-purpose compilers might not
do), which you can think of as wasm minification , similar to minification for
JavaScript, CSS, etc., all of which are language-specific (an example of such
an optimization is block return value generation in SimplifyLocals).

--------------------------------------------------------------------------------
Update Information:

Bug fixes and incremental optimization improvements. ---- Bugfix release
including fix for CVE-2021-45290 and CVE-2021-45293.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jan 16 2022 Dominik Mierzejewski 105-1
- update to 105 (#2040105)
* Tue Jan 11 2022 Dominik Mierzejewski 104-1
- update to 104 (#2033827)
- fixes CVE-2021-45290 (#2037323, #2037325)
- fixes CVE-2021-45293 (#2037324, #2037326)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2033827 - binaryen-104 is available
  https://bugzilla.redhat.com/show_bug.cgi?id=2033827
[ 2 ] Bug #2037325 - CVE-2021-45290 binaryen: assertion abort in wasm::handle_unreachable [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2037325
[ 3 ] Bug #2037326 - CVE-2021-45293 binaryen: Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2037326
[ 4 ] Bug #2040105 - binaryen-105 is available
  https://bugzilla.redhat.com/show_bug.cgi?id=2040105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-a662b2def6' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________