ALT-BU-2024-11838-1
Branch sisyphus update bulletin.
Closed bugs
Файловый конфликт при установке librply-devel
Closed bugs
message file /var/lib/firebird/system/firebird.msg not found
Package k8s-trivy-node-collector updated to version 0.3.1-alt1 for branch sisyphus in task 356321.
Closed vulnerabilities
BDU:2024-04486
Уязвимость компонента net-netip языка программирования Golang, связанная с неправильным контролем доступа, позволяющая нарушителю обойти существующую политику ограничения доступа
Modified: 2024-11-21
CVE-2024-24790
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
- http://www.openwall.com/lists/oss-security/2024/06/04/1
- http://www.openwall.com/lists/oss-security/2024/06/04/1
- https://go.dev/cl/590316
- https://go.dev/cl/590316
- https://go.dev/issue/67680
- https://go.dev/issue/67680
- https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ
- https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ
- https://pkg.go.dev/vuln/GO-2024-2887
- https://pkg.go.dev/vuln/GO-2024-2887
- https://security.netapp.com/advisory/ntap-20240905-0002/
Closed vulnerabilities
BDU:2024-02063
Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти процесс аутентификации
Modified: 2024-11-21
CVE-2024-2048
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.
- https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382
- https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382
- https://security.netapp.com/advisory/ntap-20240524-0009/
- https://security.netapp.com/advisory/ntap-20240524-0009/
Closed bugs
Для закрытия CVE-2024-2048 необходимо обновить пакет