Someone who watches for security advisories from Adacore may have
seen their announcement about CVE-2024-55581:
https://docs.adacore.com/corp/security-advisories/SEC.AWS-0056-v1.pdf
It is again about missing certificate validation in the client-side
HTTPS functionality of the Ada Web Server library. Don't panic this
time. If you followed my advice back in December, you're already
protected.
As I wrote in December, anyone who uses AWS.Client needs to use
version 25 because of another security fix. The AWS 25 package in
Rawhide – and now in the branched Fedora 42-to-be – has also been
patched against CVE-2024-55581 ever since aws-25.0.0-1. To Fedora
users, the news today is only that the advisory has been published
and I'm finally allowed to tell you this.
Björn Persson
No comments:
Post a Comment