File _patchinfo of Package patchinfo.18967
<patchinfo incident="18967">
<issue tracker="cve" id="2024-31207"/>
<issue tracker="cve" id="2022-25883"/>
<issue tracker="cve" id="2024-42460"/>
<issue tracker="cve" id="2024-23331"/>
<issue tracker="cve" id="2024-39338"/>
<issue tracker="cve" id="2024-48948"/>
<issue tracker="cve" id="2023-44270"/>
<issue tracker="cve" id="2024-48949"/>
<issue tracker="cve" id="2024-42461"/>
<issue tracker="cve" id="2024-47068"/>
<issue tracker="cve" id="2024-21538"/>
<issue tracker="cve" id="2023-45683"/>
<issue tracker="cve" id="2024-51744"/>
<issue tracker="cve" id="2024-47875"/>
<issue tracker="cve" id="2023-0290"/>
<issue tracker="cve" id="2024-4067"/>
<issue tracker="cve" id="2024-45812"/>
<issue tracker="cve" id="2024-37298"/>
<issue tracker="cve" id="2024-28849"/>
<issue tracker="cve" id="2024-45296"/>
<issue tracker="cve" id="2023-0242"/>
<issue tracker="cve" id="2024-42459"/>
<issue tracker="cve" id="2024-45811"/>
<issue tracker="cve" id="2023-46234"/>
<issue tracker="cve" id="2024-28180"/>
<issue tracker="cve" id="2024-55565"/>
<issue tracker="cve" id="2024-24786"/>
<issue tracker="cve" id="2023-1732"/>
<issue tracker="cve" id="2024-4068"/>
<issue tracker="cve" id="2024-6104"/>
<issue tracker="cve" id="2024-45338"/>
<issue tracker="cve" id="2023-5950"/>
<issue tracker="cve" id="2023-45133"/>
<issue tracker="bnc" id="1216310">VUL-0: CVE-2023-45683: velociraptor: github.com/crewjam/saml: XSS via missing Binding syntax validation</issue>
<issue tracker="bnc" id="1207936">VUL-0: CVE-2023-0242: velociraptor: Insufficient Permission Check In The VQL Copy() Function</issue>
<issue tracker="bnc" id="1235168">VUL-0: CVE-2024-28180: velociraptor: gopkg.in/square/go-jose.v2: improper handling of highly compressed data</issue>
<issue tracker="bnc" id="1227061">VUL-0: CVE-2024-6104: velociraptor: hashicorp/go-retryablehttp: url might write sensitive information to log file</issue>
<issue tracker="bnc" id="1231574">VUL-0: CVE-2024-47875: velociraptor: dompurify: nesting-based mXSS</issue>
<issue tracker="bnc" id="1229424">VUL-0: CVE-2024-39338: velociraptor: axios: server-side request forgery due to requests for path relative URLs being processed as protocol relative URLs</issue>
<issue tracker="bnc" id="1212572">VUL-0: CVE-2022-25883: velociraptor: semver: Versions of the package semver before 7.5.2 are vulnerable to ReDos</issue>
<issue tracker="bnc" id="1232944">VUL-0: CVE-2024-51744: velociraptor: github.com/golang-jwt/jwt/v4: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt</issue>
<issue tracker="bnc" id="1231685">VUL-0: CVE-2024-48948: velociraptor: elliptic: ECDSA signature verification error due to leading zero may reject legitimate transactions</issue>
<issue tracker="bnc" id="1231558">VUL-0: CVE-2024-48949: velociraptor: elliptic: Missing Validation in Elliptic's EDDSA Signature Verification</issue>
<issue tracker="bnc" id="1232543">VUL-0: CVE-2024-42460,CVE-2024-42461,CVE-2024-42459: velociraptor: elliptic: Multiple vulnerabilities fixed in elliptic version 6.5.7</issue>
<issue tracker="bnc" id="1221456">VUL-0: CVE-2024-28849: velociraptor: follow-redirects: possible credential leak</issue>
<issue tracker="bnc" id="1233845">VUL-0: CVE-2024-21538: velociraptor: cross-spawn: regular expression denial of service</issue>
<issue tracker="bnc" id="1224296">VUL-0: CVE-2024-4068: velociraptor: the npm package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion</issue>
<issue tracker="bnc" id="1207937">VUL-0: CVE-2023-0290: velociraptor: Directory Traversal In Client Id Parameter</issue>
<issue tracker="bnc" id="1224367">VUL-0: CVE-2024-4067: velociraptor: the npm package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS)</issue>
<packager>smithfarm</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for velociraptor</summary>
<description>This update for velociraptor fixes the following issues:
- Update to version 0.7.0.4.git152.fb24dfd:
* audit: fix watch rules in artifacts
* audit: update go-libaudit dependency for pcc64le arch filter fix
* Use execsnoop plugin in artifacts when possible
* Add execsnoop plugin to capture execve system calls
* github-actions: update ubuntu runners to 22.04
* Fix failing tls unit test on new go versions
- Update to version 0.7.0.4.git142.862ef23:
* github: fix deprecated upload artifact again
* Update npm packages
Includes fixes for the following vulnerabilities:
CVE-2023-45133
CVE-2023-46234
CVE-2024-55565
CVE-2024-45296
CVE-2023-44270
CVE-2024-47068
CVE-2024-23331
CVE-2024-31207
CVE-2024-45812
CVE-2024-45811
* Update go dependencies
Includes fixes for the following vulnerabilities:
CVE-2024-45338
CVE-2024-37298
CVE-2024-24786
CVE-2023-45683 (boo#1216310)
CVE-2023-1732
* Update jwt to 4.5.1
Fixes CVE-2024-51744 (boo#1232944)
* Update go-retryablehttp to 0.7.7
Fixes CVE-2024-6104 (boo#1227061)
* Update go-oidc and go-jose
Fixes CVE-2024-28180 (boo#1235168)
* Update dompurify to 3.1.3
Fixes CVE-2024-47875 (boo#1231574)
* Update package-lock.json
* Update micromatch to 4.0.8
Partial fix for CVE-2024-4067 (boo#1224367)
Partial fix for CVE-2024-4068 (boo#1224296)
* Update axios to 1.7.9
Fixes CVE-2024-39338 (boo#1229424)
* Update cross-spawn to 7.0.6
Fixes CVE-2024-21538 (boo#1233845)
* Update elliptic to 6.6.1
Update contains fixes for:
CVE-2024-48949 (boo#1231558)
CVE-2024-48948 (boo#1231685)
CVE-2024-42459 (boo#1232543)
CVE-2024-42460 (boo#1232543)
CVE-2024-42461 (boo#1232543)
* Update follow-redirects to 1.15.6
Fixes CVE-2024-28849 (boo#1221456)
* fix: gui/velociraptor/package.json to reduce vulnerabilities
Fixes CVE-2022-25883 (boo#1212572)
- Update to version 0.7.0.4.git126.27cfbe1:
* bpf: fix plugins not stopping when context cancelled
* tcpsnoop: move parsing to its own function
* bpf plugins: remove depreciated libbpfgo calls
* bpf plugins: add context to error logs
* chattrsnoop: fix files not getting closed
* chattrsnoop: move hashing from plugin to artifact
* RPM artifact: start checks immediately on artifact load
* rpm plugin: fix ndb magic error
* audit s390x: fix arch filter rules errors
* github: fix deprecated upload artifact
* tcpsnoop: fix ipv6 local and remote addresses order
* tcpsnoop: fix missing ipv6 outbound connections
* Linux.Events.ProcessExecutions: remove parent cmdline
* audit: reduce FileBufferLeaseSize to ease GC overhead
* audit: fix auditBuf allocation and go vet warnings
* audit: fix plugin shutdown race condition
* audit: fix audit client data races
* audit: fix race in subscriber
* audit: prevent Windows loading audit package
* sdjournal: fix package causing test failures
* github: run linux unit tests
- Update node modules with security fixes.
* Fixes CVE-2024-39338 (boo#1229424)
- Update to version 0.7.0.4.git97.675e45f9:
* kafka-humio-gateway: update go version and dependency list
* kafka-humio-gateway: specific mTLS cert paths in config.yml
* docker-compose: set kafka replication factor and min ISRs
* kafka-humio-gateway: add http post retry mechanism
* kafka-humio-gateway: add pprof debugging option
* kafka-humio-gateway: format with gofmt
* kafka-humio-gateway: fix go-staticcheck issues
* kafka-humio-gateway: fix sendEvents() never exiting
* Kafka.Events.Client: Update to use new artifactset type
* docker-compose: add optional Kafka cluser
* kafka-humio-gateway: add mTLS support
* contrib/kafka-humio-gateway: add new debug option for noisy events
* contrib/kafka-humio-gateway: backoff and retry for metadata
* kafka-humio-gateway: add sample config file
* kafka-humio-gateway: update sarama and dependencies
* Add Kafka-Humio Gateway [Depends on PR#10] (#8)
* vql/server/kafka: connect sarama logging to velociraptor logging
* vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
* vql/server/kafka: set appropriate ClientID
* Add a Kafka export plugin
- Update to version 0.7.0.4.git74.3426c0a:
* Fix services artifact symbol pid not found error
* chattrsnoop: correct read size for flags
* chattrsnoop: fix wrong FS_IOC_SETFLAGS value for ppc
* chattrsnoop: fix do_vfs_ioctl kprobe failure
- Update to version 0.7.0.4.git68.ad1f4e5:
* Fix undefined binary.NativeEndian build errors
- Add llvm16-libclang13 dependency for SLE 15 SP5 and above
- Update to version 0.7.0.4.git66.eea7659:
* dnssnoop: fix loading protocol from ip header on s390
* dnssnoop: fix htons() so it works on s390 too
* Fix systemd Services artifact missing events
* chattrsnoop: replace global variables with locals
* tcpsnoop: fix garbled results on s390
* chattrsnoop: fix immutable attribute set on s390
* chattrsnoop: fix bpf_probe_read for s390
* tcpsnoop: remove unused filtering code
* Add artifact to collect new files without owner
* bpf plugins: set a logger callback
- Update to version 0.7.0.4.git47.0f8a4de1:
* Rename SUSE specific artifacts to have SUSE prefix
* Add SUSE.Linux.Events.NewZeroSizeLogFile artifact
* Move NewFiles artifact to SUSE
* Move ImmutableFile artifact to SUSE
* Make ImmutableFile artifact consistent with others
* Fix absolute path case in ExecutableFiles artifact
* Add client monitoring artifact for RPMs
* Add artifact to collect new hidden files
* Add artifact to monitor ssh authorized_keys files
* Fix split_records error on older clients
* Add hash fields to Linux.Events.ProcessExecutions
* Add artifact to collect systemd service events
* Fix SystemLogins artifacts file extensions
* Add SUSE.Linux.Events.Timers artifact
* Fix audit filter key typo in Linux.Events.NewFiles
* Add server artifact to delete old client data on server
* Add SUSE.Linux.Sys.At artifact
* chattrsnoop: include full error details in logs
* chattrsnoop: handle os.Stat() error properly
* chattrsnoop: don't log.Fatal() on hash error
* Fix Linux.Events.ImmutableFile not showing hash in GUI
* SUSE.Linux.Events.Crontab: Add task execution artifacts
* Raise client connection log level to ERROR
* sdjournal: Correctly seek to current tail
- Update to version 0.7.0.4.git6.7b40b8b:
* go.mod: increase go version to 1.19
</description>
</patchinfo>
