Upcoming security release for Wasmtime
224 views
Skip to first unread message
Alex Crichton
Mar 2, 2023, 6:36:38 PM3/2/23
to sec-an...@bytecodealliance.org
The Bytecode Alliance would like to announce a forthcoming security
release of Wasmtime.
The release will be made available on 2023-03-08 at approximately
19:00 UTC. Additionally, an advisory will be made available on the
same date and time at https://github.com/advisories.
The highest severity issue fixed in this release is CRITICAL based on
the classification scheme defined in the OpenSSL Security Policy.
release of Wasmtime.
The release will be made available on 2023-03-08 at approximately
19:00 UTC. Additionally, an advisory will be made available on the
same date and time at https://github.com/advisories.
The highest severity issue fixed in this release is CRITICAL based on
the classification scheme defined in the OpenSSL Security Policy.
Alex Crichton
Mar 8, 2023, 2:38:42 PM3/8/23
to sec-an...@bytecodealliance.org
[Update 2023-03-08] Security releases available
Wasmtime 6.0.1, 5.0.1, and 4.0.1 are now available on crates.io.
Additionally, binary releases are available on Github for the Wasmtime
C-API shared library and CLI at
https://github.com/bytecodealliance/wasmtime/releases.
This release fixes the following security issues rated CRITICAL:
* Guest-controlled out-of-bounds read/write on x86_64.
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ff4p-7xrq-q5r8
This release fixes the following security issues rated LOW:
* Miscompilation of `i8x16.select` with the same inputs on x86_64
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xm67-587q-r2vw
Wasmtime 6.0.1, 5.0.1, and 4.0.1 are now available on crates.io.
Additionally, binary releases are available on Github for the Wasmtime
C-API shared library and CLI at
https://github.com/bytecodealliance/wasmtime/releases.
This release fixes the following security issues rated CRITICAL:
* Guest-controlled out-of-bounds read/write on x86_64.
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ff4p-7xrq-q5r8
This release fixes the following security issues rated LOW:
* Miscompilation of `i8x16.select` with the same inputs on x86_64
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xm67-587q-r2vw
Reply all
Reply to author
Forward
0 new messages