Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 40: 2025-3dff292265 moderate: vaultwarden security patch

fedora
Calendar Grey January 29, 2025
Dist Fedora Esm H88
Changes for Fedora 40's vaultwarden feature enhancements addressing vulnerabilities plus revisions to VW_VERSION in built binaries.
fix VW_VERSION in compiled code, patch security issues

Summary

Unofficial Bitwarden compatible server.

Update Information:

fix VW_VERSION in compiled code, patch security issues

Topics%20covered

Topics Covered

security advisory security issue update Fedora XSS patch vaultwarden

Change Log

* Tue Jan 21 2025 Jonathan Wright - 1.32.7-4 - Set VW_VERSION env var during build and install rhbz#2338534 * Sun Jan 19 2025 Fedora Release Engineering - 1.32.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Wed Jan 15 2025 Jonathan Wright - 1.32.7-2 - fix build on el9 with rust 1.79 * Fri Jan 3 2025 Jonathan Wright - 1.32.7-1 - update to 1.32.7 rhbz#2322181 - Fix CVE-2024-56335 * Tue Oct 22 2024 Jonathan Wright - 1.32.2-1 - update to 1.32.2 rhbz#2316657 * Sun Aug 11 2024 Jonathan Wright - 1.32.0-1 - update to 1.32.0 rhbz#2304045 Resolves CVE-2024-39924 Resolves CVE-2024-39925 Resolves CVE-2024-39926 * Fri Aug 2 2024 Jonathan Wright - 1.31.0-2 - Exclude s390x and ppc64le * Fri Jul 19 2024 Jonathan Wright - 1.31.0-1 - update to 1.31.0 rhbz#2297149

References


[ 1 ] Bug #2307705 - vaultwarden: FTBFS in Fedora 40 and 39 https://bugzilla.redhat.com/show_bug.cgi?id=2307705 [ 2 ] Bug #2333595 - CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2333595 [ 3 ] Bug #2333596 - CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2333596 [ 4 ] Bug #2333597 - CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2333597 [ 5 ] Bug #2336825 - CVE-2024-55226 vaultwarden: uthenticated reflected XSS vulnerability [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2336825 [ 6 ] Bug #2...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3dff292265' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: vaultwarden
Product: Fedora 40
Version: 1.32.7
Release: 4.fc40
URL: https://github.com/dani-garcia/vaultwarden
Summary: Unofficial Bitwarden compatible server

Topics%20covered

Topics Covered

security advisory security issue update Fedora XSS patch vaultwarden

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here