Overview

File _patchinfo of Package patchinfo.33830

<patchinfo incident="33830">
  <issue tracker="cve" id="2024-3727"/>
  <issue tracker="bnc" id="1216994">[ww4, tftp] TFTP treated as a Service not a Socket (old inetd managed service)</issue>
  <issue tracker="bnc" id="1224124">VUL-0: CVE-2024-3727: warewulf4: containers/image: digest type does not guarantee valid type</issue>
  <issue tracker="bnc" id="1225402">[warewulf4[ wwctl configure --all doesn't configure ssh</issue>
  <packager>eeich</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for warewulf4</summary>
  <description>This update for warewulf4 fixes the following issues:

- fixed wwctl configure --all doesn't configure ssh (bsc#1225402)

- update to 4.5.2 with following changes:
  * Reorder dnsmasq config to put iPXE last
  * Update go-digest dependency to fix 
      CVE-2024-3727: digest values not always validated (bsc#1224124)

- updated to version 4.5.1 with following changes
  * wwctl [profile|node] list -a handles now slices correclty
  * Fix a locking issue with concurrent read/writes for node status

- Remove API package as use of this wasn't documented

- use tftp.socket for activation (bsc#1216994)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places