Описание
Security update for caddy
This update for caddy fixes the following issues:
Update to version 2.5.1:
- Fixed regression in Unix socket admin endpoints.
- Fixed regression in caddy trust commands.
- Hash-based load balancing policies (ip_hash, uri_hash, header, and cookie) use an improved highest-random-weight (HRW) algorithm for increased consistency.
- Dynamic upstreams, which is the ability to get the list of upstreams at every request (more specifically, every iteration in the proxy loop of every request) rather than just once at config-load time.
- Caddy will automatically try to get relevant certificates from the local Tailscale instance.
- New OpenTelemetry integration.
- Added new endpoints /pki/ca/ and /pki/ca//certificates for getting information about Caddy's managed CAs.
- Rename _caddy to zsh-completion
- Fix MatchPath sanitizing [bsc#1200279, CVE-2022-29718]
Список пакетов
SUSE Package Hub 15 SP4
caddy-2.5.1-bp154.2.5.1
openSUSE Leap 15.4
caddy-2.5.1-bp154.2.5.1
Ссылки
- E-Mail link for openSUSE-SU-2022:10007-1
- SUSE Security Ratings
- SUSE Bug 1200279
- SUSE CVE CVE-2022-29718 page
Описание
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.
Затронутые продукты
SUSE Package Hub 15 SP4:caddy-2.5.1-bp154.2.5.1
openSUSE Leap 15.4:caddy-2.5.1-bp154.2.5.1
Ссылки
- CVE-2022-29718
- SUSE Bug 1200279