Overview

File _patchinfo of Package patchinfo.40653

<patchinfo incident="40653">
  <issue tracker="bnc" id="1240044">package update request - aws-efs-utils</issue>
  <issue tracker="bnc" id="1248055">VUL-0: CVE-2025-55159: aws-efs-utils: slab: incorrect bounds check in get_disjoint_mut function can lead to undefined behavior or potential crash due to out-of-bounds access</issue>
  <issue tracker="bnc" id="1249851">VUL-0: CVE-2020-35881: aws-efs-utils: traitobject: potential memory corruption due to false expectations about fat pointers</issue>
  <issue tracker="cve" id="2025-55159"/>
  <issue tracker="cve" id="2020-35881"/>
  <packager>glaubitz</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for aws-efs-utils</summary>
  <description>This update for aws-efs-utils fixes the following issues:

Update to version 2.3.3 (bsc#1240044).

Security issues fixed:

- CVE-2025-55159: slab: incorrect bounds check in `get_disjoint_mut` function can lead to potential crash due to out-of-bounds access (bsc#1248055).
- CVE-2020-35881: traitobject: log4rs: out-of-bounds write due to fat pointer layout assumptions (bsc#1249851).

Other issues fixed:

- Build and install efs-proxy binary (bsc#1240044).

- Fixed in version 2.3.3:
  * Add environment variable support for AWS profiles and regions
  * Regenerate Cargo.lock with rust 1.70.0
  * Update circle-ci config
  * Fix AWS Env Variable Test and Code Style Issue
  * Remove CentOS 8 and Ubuntu 16.04 from verified Linux distribution list

- Fixed in version 2.3.2:
  * Update version in amazon-efs-utils.spec to 2.3.1
  * Fix incorrect package version

- Fixed in version 2.3.1:
  * Fix backtrace version to resolve ubuntu and rhel build issues
  * Pin Cargo.lock to avoid unexpected error across images

- Fixed in version 2.3.0:
  * Add support for pod-identity credentials in the credentials chain
  * Enable mounting with IPv6 when using with the 'stunnel' mount option

- Fixed in version 2.2.1:
  * Update log4rs

- Fixed in version 2.2.0
  * Use region-specific domain suffixes for dns endpoints where missing
  * Merge PR #211 - Amend Debian control to use binary architecture
  
- Fixed in version 2.1.0
  * Add mount option for specifying region
  * Add new ISO regions to config file
  
- Fixed in version 2.0.4
  * Add retry logic to and increase timeout for EC2 metadata token
    retrieval requests

- Fixed in version 2.0.3:
  * Upgrade py version
  * Replace deprecated usage of datetime
  
- Fixed in version 2.0.2
  * Check for efs-proxy PIDs when cleaning tunnel state files
  * Add PID to log entries
  
- Fxied in  version 2.0.1
  * Disable Nagle's algorithm for efs-proxy TLS mounts to improve latencies
  
- Fixed in version 2.0.0:
  * Replace stunnel, which provides TLS encryptions for mounts, with efs-proxy, a component built in-house at AWS.
    Efs-proxy lays the foundation for upcoming feature launches at EFS.

- Fixed in version 1.36.0:
  * Support new mount option: crossaccount, conduct cross account mounts via ip address. Use client AZ-ID to choose
    mount target.
  
- Fixed in version 1.35.2:
  * Revert "Add warning if using older Version"
  * Support MacOS Sonoma

- Fixed in version 1.35.1:
  * Revert openssl requirement change
  * Revert "Update EFS Documentation: Clarify Current FIPS Compliance Status"
  * Update EFS Documentation: Clarify Current FIPS Compliance Status
  * test: Change repo urls in eol debian9 build
  * Check private key file size to skip generation
  * test: Fix pytest that failed since commit 3dd89ca
  * Fix should_check_efs_utils_version scope
  * Add warning if using old version
  * Add 'fsap' option as EFS-only option

- Fixed in version 1.35.0:
  * Add parameters to allow mount fo pod impersonation feature in EFS CSI Driver
  * Updated the README with support of Oracle8 distribution
  * Readme troubleshooting section + table of contents
  * Add efs-utils Support for MacOS Ventura EC2 instances
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places