Fedora Linux 8783 Published by

A mcrouter security update has been released for Fedora 38.



[SECURITY] Fedora 38 Update: mcrouter-0.41.0.20231016-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-17efd3f2cd
2023-10-24 01:21:22.156597
--------------------------------------------------------------------------------

Name : mcrouter
Product : Fedora 38
Version : 0.41.0.20231016
Release : 1.fc38
URL : https://github.com/facebook/mcrouter
Summary : Memcached protocol router for scaling memcached deployments
Description :
Mcrouter (pronounced mc router) is a memcached protocol router for scaling
memcached deployments.

Because the routing and feature logic are abstracted from the client in
mcrouter deployments, the client may simply communicate with destination
hosts through mcrouter over a TCP connection using standard memcached
protocol. Typically, little or no client modification is needed to use
mcrouter, which was designed to be a drop-in proxy between the client and
memcached hosts.

--------------------------------------------------------------------------------
Update Information:

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for
CVE-2023-44487
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 18 2023 Michel Lind [salimma@fedoraproject.org] - 0.41.0.20231016-1
- Update to 2023.10.16.00
* Thu Oct 5 2023 Remi Collet [remi@fedoraproject.org] - 0.41.0.20230703-3
- rebuild for new libsodium
* Thu Jul 20 2023 Fedora Release Engineering [releng@fedoraproject.org] - 0.41.0.20230703-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2221799
[ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239431
[ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239594
[ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239613
[ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239614
[ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239623
[ 7 ] Bug #2239624 - folly-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239624
[ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2243253
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-17efd3f2cd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------