Fedora Linux 8771 Published by

A proxygen security update has been released for Fedora 38.



[SECURITY] Fedora 38 Update: proxygen-2023.10.16.00-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-17efd3f2cd
2023-10-24 01:21:22.156597
--------------------------------------------------------------------------------

Name : proxygen
Product : Fedora 38
Version : 2023.10.16.00
Release : 1.fc38
URL : https://github.com/facebook/proxygen
Summary : A collection of C++ HTTP libraries including an easy to use HTTP server.
Description :
Proxygen comprises the core C++ HTTP abstractions used at Facebook.
Internally, it is used as the basis for building many HTTP servers, proxies,
and clients. This release focuses on the common HTTP abstractions and our
simple HTTPServer framework. Future releases will provide simple client APIs
as well. The framework supports HTTP/1.1, SPDY/3, SPDY/3.1, HTTP/2, and
HTTP/3. The goal is to provide a simple, performant, and modern C++ HTTP
library.

--------------------------------------------------------------------------------
Update Information:

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for
CVE-2023-44487
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 17 2023 Michel Lind [salimma@fedoraproject.org] - 2023.10.16.00-1
- Update to 2023.10.16.00
* Tue Sep 12 2023 Michel Lind [salimma@fedoraproject.org] - 2023.09.11.00-1
- Update to 2023.09.11.00
* Fri Jul 21 2023 Fedora Release Engineering [releng@fedoraproject.org] - 2023.07.03.00-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2221799
[ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239431
[ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239594
[ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239613
[ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239614
[ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239623
[ 7 ] Bug #2239624 - folly-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239624
[ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2243253
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-17efd3f2cd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------