[SECURITY] Fedora 39 Update: proxygen-2023.10.16.00-1.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-7934802344
2023-11-03 18:20:20.955871
--------------------------------------------------------------------------------
Name : proxygen
Product : Fedora 39
Version : 2023.10.16.00
Release : 1.fc39
URL : https://github.com/facebook/proxygen
Summary : A collection of C++ HTTP libraries including an easy to use HTTP server.
Description :
Proxygen comprises the core C++ HTTP abstractions used at Facebook.
Internally, it is used as the basis for building many HTTP servers, proxies,
and clients. This release focuses on the common HTTP abstractions and our
simple HTTPServer framework. Future releases will provide simple client APIs
as well. The framework supports HTTP/1.1, SPDY/3, SPDY/3.1, HTTP/2, and
HTTP/3. The goal is to provide a simple, performant, and modern C++ HTTP
library.
--------------------------------------------------------------------------------
Update Information:
Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for
CVE-2023-44487
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 17 2023 Michel Lind [salimma@fedoraproject.org] - 2023.10.16.00-1
- Update to 2023.10.16.00
* Tue Sep 12 2023 Michel Lind [salimma@fedoraproject.org] - 2023.09.11.00-1
- Update to 2023.09.11.00
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2221799 - mcrouter-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2221799
[ 2 ] Bug #2239431 - proxygen-2023.10.16.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239431
[ 3 ] Bug #2239594 - wangle-2023.10.16.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239594
[ 4 ] Bug #2239613 - fb303-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239613
[ 5 ] Bug #2239614 - fbthrift-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239614
[ 6 ] Bug #2239623 - fizz-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239623
[ 7 ] Bug #2239624 - folly-2023.10.09.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239624
[ 8 ] Bug #2243253 - [Major Incident] CVE-2023-44487 proxygen: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2243253
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-7934802344' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
A proxygen security update has been released for Fedora Linux 39.