Overview

File _patchinfo of Package patchinfo.40879

<patchinfo incident="40879">
  <issue tracker="bnc" id="1246082">warewulf4-slurm suggest  slurm only</issue>
  <issue tracker="bnc" id="1248906">VUL-0: CVE-2025-58058: warewulf4: github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory</issue>
  <issue tracker="bnc" id="1227465">[warewulf, kernel] After updating the Kernel in the Container Image 'wwctl container list' still shows old</issue>
  <issue tracker="bnc" id="1227686">[warewulf, kernel] Feature: Allow to determine the Kernel to boot - with none set, take latest</issue>
  <issue tracker="bnc" id="1248768">[warewulf, REGRESSION] None of the disk/partition/filesystem Options to `wwctl profile set` appear to do anything</issue>
  <issue tracker="cve" id="2025-58058"/>
  <packager>mslacken</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for warewulf4</summary>
  <description>This update for warewulf4 fixes the following issues:

Update to version 4.6.4.

Security issues fixed:

- CVE-2025-58058: xz: excessive memory consuption when unpacking a large number of corrupted LZMA archives
  (bsc#1248906).

Other issues fixed:

- Convert disk booleans from `wwbool` to `*bool` which allows bools in disk to be set to false via command
  line (bsc#1248768).
- Fix `wwctl` upgrade nodes to handle kernel argument lists (bsc#1227686, bsc#1227465).
- Mark `slurm` as recommeneded in the `warewulf4-overlay-slurm` package (bsc#1246082).
- Switch to `dnsmasq` as default DHCP and TFTP provider.

- v4.6.4 release updates:
  * Update NetworkManager Overlay
    * Disable IPv4 in NetworkManager if no address or route is specified
  * Fix(`wwctl`): create overlay edit `tempfile` in `tmpdir`
  * Add default for systemd name for warewulf in `warewulf.conf`
  * Atomic overlay file application in `wwclient`
  * Simpler names for overlay methods
  * Fix `warewulfd` API behavior when deleting distribution overlay

- v4.6.3 release updates:
  * IPv6 iPXE support
  * Fix a race condition in `wwctl` overlay edit
  * Fixed handling of comma-separated mount options in `fstab` and `ignition` overlays
  * Move `reexec.Init()` to beginning of `wwctl`
  * Added `warewuld` configure option
  * Address copilot review from #1945
  * Bugfix: cloning a site overlay when parent dir does not exist
  * Clone to a site overlay when adding files in `wwapi`
  * Consolidated `createOverlayFile` and `updateOverlayFile` to `addOverlayFile`
  * Support for creating and updating overlay file in `wwapi`
  * Only return overlay files that refer to a path within the overlay
  * Add overlay file deletion support
  * `DELETE /api/overlays/{id}?force=true` can delete overlays in use
  * Restore idempotency of `PUT /api/nodes/{id}`
  * Simplify overlay mtime API and add tests
  * Add node overlay buildtime
  * Improved `netplan` support
  * Rebuild overlays for discovered nodes

- v4.6.2 release updates:
  * (preview) support for provisioning to local disk
  
- incoperated from v4.6.1:
  * REST API, which is disabled in the default configuration
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places