Fedora 39 FEDORA-2024-35147eb6ad Critical Opentofu Command Execution
fedora
August 8, 2024
Update to 1.8.0 Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789
Summary
OpenTofu lets you declaratively manage your cloud infrastructure.
Update Information:
Update to 1.8.0 Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789
Topics Covered
Change Log
* Mon Jul 29 2024 Mikel Olasagasti Uranga
References
[ 1 ] Bug #2292714 - CVE-2024-24789 opentofu: golang: archive/zip: Incorrect handling of certain ZIP files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2292714
[ 2 ] Bug #2294007 - CVE-2024-6104 opentofu: go-retryablehttp: url might write sensitive information to log file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2294007
[ 3 ] Bug #2294255 - CVE-2024-6257 opentofu: hashicorp/go-getter: Arbitrary command execution through local git config file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2294255
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-35147eb6ad' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: opentofu
Product: Fedora 39
Version: 1.8.0
Release: 1.fc39
Summary: OpenTofu lets you declaratively manage your cloud infrastructure
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!