Fedora Linux 8783 Published by

A mcrouter security update has been released for Fedora 37.



[SECURITY] Fedora 37 Update: mcrouter-0.41.0.20231016-1.fc37


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-2a9214af5f
2023-10-24 01:11:19.008712
--------------------------------------------------------------------------------

Name : mcrouter
Product : Fedora 37
Version : 0.41.0.20231016
Release : 1.fc37
URL : https://github.com/facebook/mcrouter
Summary : Memcached protocol router for scaling memcached deployments
Description :
Mcrouter (pronounced mc router) is a memcached protocol router for scaling
memcached deployments.

Because the routing and feature logic are abstracted from the client in
mcrouter deployments, the client may simply communicate with destination
hosts through mcrouter over a TCP connection using standard memcached
protocol. Typically, little or no client modification is needed to use
mcrouter, which was designed to be a drop-in proxy between the client and
memcached hosts.

--------------------------------------------------------------------------------
Update Information:

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for
CVE-2023-44487
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 18 2023 Michel Lind [salimma@fedoraproject.org] - 0.41.0.20231016-1
- Update to 2023.10.16.00
* Thu Oct 5 2023 Remi Collet [remi@fedoraproject.org] - 0.41.0.20230703-3
- rebuild for new libsodium
* Thu Jul 20 2023 Fedora Release Engineering [releng@fedoraproject.org] - 0.41.0.20230703-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jul 7 2023 Michel Alexandre Salim [salimma@fedoraproject.org] - 0.41.0.20230703-1
- Update to 2023.07.03.00
* Wed Jun 28 2023 Vitaly Zaitsev [vitaly@easycoding.org] - 0.41.0.20230424-2
- Rebuilt due to fmt 10 update.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2221799
[ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239431
[ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239594
[ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239613
[ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239614
[ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239623
[ 7 ] Bug #2239624 - folly-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239624
[ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2243253
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-2a9214af5f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------