Fedora Linux 8811 Published by

A firecracker security update has been released for Fedora 38.



[SECURITY] Fedora 38 Update: firecracker-1.4.1-3.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-98f44d1c4c
2023-10-03 02:21:55.690578
--------------------------------------------------------------------------------

Name : firecracker
Product : Fedora 38
Version : 1.4.1
Release : 3.fc38
URL : https://firecracker-microvm.github.io/
Summary : Secure and fast microVMs for serverless computing
Description :
Firecracker is an open source virtualization technology that is purpose-built
for creating and managing secure, multi-tenant container and function-based
services that provide serverless operational models. Firecracker runs
workloads in lightweight virtual machines, called microVMs, which combine the
security and isolation properties provided by hardware virtualization
technology with the speed and flexibility of containers.

This package does not include all of the security features of an official
release. It is not production ready without additional sandboxing.

--------------------------------------------------------------------------------
Update Information:

- Update the aes-gcm crate to version 0.10.3. Addresses CVE-2023-42811. -
Rebuild dependent packages (firecracker) for aes-gcm v0.10.3.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42811
--------------------------------------------------------------------------------
ChangeLog:

* Sun Oct 1 2023 Fabio Valentini [decathorpe@gmail.com] - 1.4.1-3
- Rebuild for aes-gcm v0.10.3 / CVE-2023-42811.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2240269 - CVE-2023-42811 rust-aes-gcm: aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2240269
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-98f44d1c4c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------