Security fix for CVE-2023-6246, CVE-2023-6779, and CVE-2023-6780.
CVE-2023-6246: __vsyslog_internal did not handle a case where printing a SYSLOG_HEADER containing a long program name failed to update the required buffer size, leading to the allocation and overflow of a too-small buffer on the heap.
CVE-2023-6779: __vsyslog_internal used the return value of snprintf/vsnprintf to calculate buffer sizes for memory allocation. If these functions (for any reason) failed and returned -1, the resulting buffer would be too small to hold output.
CVE-2023-6780: __vsyslog_internal calculated a buffer size by adding two integers, but did not first check if the addition would overflow.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2024-07597a0fb3Please log in to add feedback.
This update has been submitted for testing by pfrankli.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
This update has been pushed to testing.
This update's test gating status has been changed to 'failed'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
works for me ( tested on Server-Cluster 10+ systems)
works
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by bodhi.
This update has been pushed to stable.