[SECURITY] Fedora 37 Update: firecracker-1.4.1-2.fc37
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-1db67725f2
2023-09-28 00:48:11.076739
--------------------------------------------------------------------------------
Name : firecracker
Product : Fedora 37
Version : 1.4.1
Release : 2.fc37
URL : https://firecracker-microvm.github.io/
Summary : Secure and fast microVMs for serverless computing
Description :
Firecracker is an open source virtualization technology that is purpose-built
for creating and managing secure, multi-tenant container and function-based
services that provide serverless operational models. Firecracker runs
workloads in lightweight virtual machines, called microVMs, which combine the
security and isolation properties provided by hardware virtualization
technology with the speed and flexibility of containers.
This package does not include all of the security features of an official
release. It is not production ready without additional sandboxing.
--------------------------------------------------------------------------------
Update Information:
Rebuild dependent packages for vm-memory v0.12.2 to address CVE-2023-41051 /
RUSTSEC-2023-0056. - https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2023-41051 -
https://rustsec.org/advisories/RUSTSEC-2023-0056.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 19 2023 Fabio Valentini [decathorpe@gmail.com] - 1.4.1-2
- Rebuild for vm-memory v0.12.2 / CVE-2023-41051.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2236894 - CVE-2023-41051 rust-vm-memory: vm-memory: out-of-bounds access in memory functions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2236894
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-1db67725f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
A firecracker security update has been released for Fedora 37.