Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 40: FEDORA-2024-f2a4ffc1ff critical vulnerability in podman exporter

fedora
Calendar Grey December 23, 2024
Dist Fedora Esm H88
Ubuntu Security Alert: urgent update for prometheus-podman-exporter due to an essential vulnerability fix concerning authorization bypass in version 1.14.0.
release v1.14.0

Summary

Prometheus exporter for podman environments exposing containers, pods, images,

volumes and networks information.

Update Information:

release v1.14.0

Topics%20covered

Topics Covered

security advisory Fedora update notification authorization bypass prometheus exporter

Change Log

* Sat Dec 14 2024 Navid Yaghoobi - 1.14.0-1 - release v1.14.0

References


[ 1 ] Bug #2331960 - CVE-2024-45337 prometheus-podman-exporter: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2331960

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-f2a4ffc1ff' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: prometheus-podman-exporter
Product: Fedora 40
Version: 1.14.0
Release: 1.fc40
URL: https://github.com/containers/prometheus-podman-exporter
Summary: Prometheus exporter for podman environment

Topics%20covered

Topics Covered

security advisory Fedora update notification authorization bypass prometheus exporter

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here