Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 527
Alerts This Week
Warning Icon 1 527

Fedora 40: 2024-4e95f130fc Moderate: Cockpit Command Injection Threat

fedora
Calendar Grey March 31, 2024
Scroller Fedora
Debian 12 patches rolled out for OpenSSH, mitigating remote access vulnerabilities and improving overall security for Unix-based systems.
Automatic update for cockpit-314-1.fc40

Summary

The Cockpit Web Console enables users to administer GNU/Linux servers using a

web browser.

It offers network configuration, log inspection, diagnostic reports, SELinux

troubleshooting, interactive command-line sessions, and more.

Update Information:

Automatic update for cockpit-314-1.fc40. Changelog for cockpit * Thu Mar 28 2024 Packit - 314-1 - Diagnostic reports: Fix command injection vulnerability with crafted report names - Storage: Improvements to read-only encrypted filesystems

Change Log

* Thu Mar 28 2024 Packit - 314-1 - Diagnostic reports: Fix command injection vulnerability with crafted report names - Storage: Improvements to read-only encrypted filesystems

References


[ 1 ] Bug #2271614 - CVE-2024-2947 cockpit: command injection when deleting a sosreport with a crafted name https://bugzilla.redhat.com/show_bug.cgi?id=2271614

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-4e95f130fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
important
Lowest
Low
Medium
High
Critical

Name: cockpit
Product: Fedora 40
Version: 314
Release: 1.fc40
Summary: Web Console for Linux servers

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.