Fedora Linux 8801 Published by

A wabt security update has been released for Fedora 38.



[SECURITY] Fedora 38 Update: wabt-1.0.33-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-ab291ca614
2023-06-26 00:40:45.470173
--------------------------------------------------------------------------------

Name : wabt
Product : Fedora 38
Version : 1.0.33
Release : 1.fc38
URL : https://github.com/WebAssembly/wabt
Summary : The WebAssembly Binary Toolkit
Description :
WABT (we pronounce it "wabbit") is a suite of tools for WebAssembly. These tools
are intended for use in (or for development of) toolchains or other systems that
want to manipulate WebAssembly files. Unlike the WebAssembly spec interpreter
(which is written to be as simple, declarative and "speccy" as possible), they
are written in C/C++ and designed for easier integration into other systems.
Unlike Binaryen these tools do not aim to provide an optimization platform or a
higher-level compiler target; instead they aim for full fidelity and compliance
with the spec (e.g. 1:1 round-trips with no changes to instructions).

--------------------------------------------------------------------------------
Update Information:

Latest stable release. Full upstream changelog:
https://github.com/WebAssembly/wabt/compare/1.0.32...1.0.33 . Fixes
CVE-2023-27116, CVE-2023-30300 and CVE-2023-31669.
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 25 2023 Dominik Mierzejewski [dominik@greysector.net] 1.0.33-1
- update to 1.0.33 (#2203483)
- drop obsolete patch
- disable failing tests on aarch64 and ppc64le (reported upstream)
- fix running tests on i686
- disable failing wasm2c tests on s390x (big endian not supported upstream)
- fix deprecated patchN macro usage
* Sat Jan 21 2023 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.32-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2171755 - wabt: FTBFS in Fedora rawhide/f38
https://bugzilla.redhat.com/show_bug.cgi?id=2171755
[ 2 ] Bug #2179300 - CVE-2023-27116 wabt: webassembly: an abort in CWriter::MangleType. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2179300
[ 3 ] Bug #2193028 - CVE-2023-30300 wabt: wasm2c hangs on certain inputs and cannot finish execution for a while [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2193028
[ 4 ] Bug #2203483 - wabt-1.0.33 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2203483
[ 5 ] Bug #2209423 - CVE-2023-31669 wabt: Crash in libc++abi.dylib [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2209423
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-ab291ca614' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------