[SECURITY] Fedora 37 Update: firecracker-1.4.1-3.fc37
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-bc40c7995e
2023-10-03 00:43:11.265617
--------------------------------------------------------------------------------
Name : firecracker
Product : Fedora 37
Version : 1.4.1
Release : 3.fc37
URL : https://firecracker-microvm.github.io/
Summary : Secure and fast microVMs for serverless computing
Description :
Firecracker is an open source virtualization technology that is purpose-built
for creating and managing secure, multi-tenant container and function-based
services that provide serverless operational models. Firecracker runs
workloads in lightweight virtual machines, called microVMs, which combine the
security and isolation properties provided by hardware virtualization
technology with the speed and flexibility of containers.
This package does not include all of the security features of an official
release. It is not production ready without additional sandboxing.
--------------------------------------------------------------------------------
Update Information:
- Update the aes-gcm crate to version 0.10.3. Addresses CVE-2023-42811. -
Rebuild dependent packages (firecracker) for aes-gcm v0.10.3.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42811
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 1 2023 Fabio Valentini [decathorpe@gmail.com] - 1.4.1-3
- Rebuild for aes-gcm v0.10.3 / CVE-2023-42811.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2240269 - CVE-2023-42811 rust-aes-gcm: aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2240269
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-bc40c7995e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
A firecracker security update has been released for Fedora 37.