Login
Newsletter
Werbung

Sicherheit: Denial of Service in syncthing
Aktuelle Meldungen Distributionen
Name: Denial of Service in syncthing
ID: FEDORA-2024-c46536abe6
Distribution: Fedora
Plattformen: Fedora 39
Datum: Mi, 21. Februar 2024, 06:31
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49295
Applikationen: syncthing

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2024-c46536abe6
2024-02-21 01:31:44.025637
-------------------------------------------------------------------------------
-

Name : syncthing
Product : Fedora 39
Version : 1.27.3
Release : 1.fc39
URL : https://syncthing.net
Summary : Continuous File Synchronization
Description :
Syncthing replaces other file synchronization services with something
open, trustworthy and decentralized. Your data is your data alone and
you deserve to choose where it is stored, if it is shared with some
third party and how it's transmitted over the Internet. Using syncthing,
that control is returned to you.

This package contains the syncthing client binary and systemd services.

-------------------------------------------------------------------------------
-
Update Information:

Update to version 1.27.3.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.27.3
This update also addresses CVE-2023-49295 in quic-go: https://github.com/quic-
go/quic-go/security/advisories/GHSA-ppxx-5m9h-6vxf
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Feb 12 2024 Fabio Valentini <decathorpe@gmail.com> - 1.27.3-1
- Update to version 1.27.3; Fixes RHBZ#2263121
* Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> - 1.27.2-3
- Rebuild for golang 1.22.0
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> -
1.27.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #2257833 - CVE-2023-49295 syncthing: quic-go: memory exhaustion
attack against QUIC's path validation mechanism [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2257833
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-c46536abe6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung