Fedora 40: FEDORA-2024-c83208238d moderate: opentofu Attack Risk Mitigated
fedora
August 8, 2024
Update to 1.8.0 Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789
Summary
OpenTofu lets you declaratively manage your cloud infrastructure.
Update Information:
Update to 1.8.0 Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789
Topics Covered
Change Log
* Mon Jul 29 2024 Mikel Olasagasti Uranga
References
[ 1 ] Bug #2292714 - CVE-2024-24789 opentofu: golang: archive/zip: Incorrect handling of certain ZIP files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2292714
[ 2 ] Bug #2294007 - CVE-2024-6104 opentofu: go-retryablehttp: url might write sensitive information to log file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2294007
[ 3 ] Bug #2294255 - CVE-2024-6257 opentofu: hashicorp/go-getter: Arbitrary command execution through local git config file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2294255
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c83208238d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Name: opentofu
Product: Fedora 40
Version: 1.8.0
Release: 1.fc40
Summary: OpenTofu lets you declaratively manage your cloud infrastructure
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!