SUSE-SU-2024:1838-1

Опубликовано: 29 мая 2024

Источник: suse-cvrf

Описание

Security update for warewulf4

This update for warewulf4 fixes the following issues:

fixed wwctl configure --all doesn't configure ssh (bsc#1225402)
update to 4.5.2 with following changes:
- Reorder dnsmasq config to put iPXE last
- Update go-digest dependency to fix CVE-2024-3727: digest values not always validated (bsc#1224124)
updated to version 4.5.1 with following changes
- wwctl [profile|node] list -a handles now slices correclty
- Fix a locking issue with concurrent read/writes for node status
Remove API package as use of this wasn't documented
use tftp.socket for activation (bsc#1216994)

Список пакетов

SUSE Linux Enterprise Module for HPC 15 SP5

warewulf4-4.5.2-150500.6.13.1

warewulf4-man-4.5.2-150500.6.13.1

warewulf4-overlay-4.5.2-150500.6.13.1

warewulf4-overlay-slurm-4.5.2-150500.6.13.1

SUSE Linux Enterprise Module for HPC 15 SP6

warewulf4-4.5.2-150500.6.13.1

warewulf4-man-4.5.2-150500.6.13.1

warewulf4-overlay-4.5.2-150500.6.13.1

warewulf4-overlay-slurm-4.5.2-150500.6.13.1

openSUSE Leap 15.5

warewulf4-4.5.2-150500.6.13.1

warewulf4-man-4.5.2-150500.6.13.1

warewulf4-overlay-4.5.2-150500.6.13.1

warewulf4-overlay-slurm-4.5.2-150500.6.13.1

openSUSE Leap 15.6

warewulf4-4.5.2-150500.6.13.1

warewulf4-man-4.5.2-150500.6.13.1

warewulf4-overlay-4.5.2-150500.6.13.1

warewulf4-overlay-slurm-4.5.2-150500.6.13.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20241838-1/
Link for SUSE-SU-2024:1838-1
https://lists.suse.com/pipermail/sle-updates/2024-May/035406.html
E-Mail link for SUSE-SU-2024:1838-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1216994
SUSE Bug 1216994
https://bugzilla.suse.com/1224124
SUSE Bug 1224124
https://bugzilla.suse.com/1225402
SUSE Bug 1225402
https://www.suse.com/security/cve/CVE-2024-3727/
SUSE CVE CVE-2024-3727 page

Описание

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Затронутые продукты

SUSE Linux Enterprise Module for HPC 15 SP5:warewulf4-4.5.2-150500.6.13.1

SUSE Linux Enterprise Module for HPC 15 SP5:warewulf4-man-4.5.2-150500.6.13.1

SUSE Linux Enterprise Module for HPC 15 SP5:warewulf4-overlay-4.5.2-150500.6.13.1

SUSE Linux Enterprise Module for HPC 15 SP5:warewulf4-overlay-slurm-4.5.2-150500.6.13.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-3727.html
CVE-2024-3727
https://bugzilla.suse.com/1224112
SUSE Bug 1224112

SUSE-SU-2024:1838-1

Описание

Список пакетов

SUSE Linux Enterprise Module for HPC 15 SP5

SUSE Linux Enterprise Module for HPC 15 SP6

openSUSE Leap 15.5

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-3727

Описание

Затронутые продукты

Ссылки