Fedora 41: 2024-0912cd3ad9 critical: incus authorization bypass
fedora
December 27, 2024
Update to 6.8 to get various features and fixes
Summary
Container hypervisor based on LXC
Incus offers a REST API to remotely manage containers over the network,
using an image based work-flow and with support for live migration.
This package contains the Incus daemon.
Update Information:
Update to 6.8 to get various features and fixes
Topics Covered
Change Log
* Wed Dec 18 2024 Neal Gompa
References
[ 1 ] Bug #2279094 - incus-6.8.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2279094
[ 2 ] Bug #2292096 - incus.service missing an environment variable INCUS_SOCKET
https://bugzilla.redhat.com/show_bug.cgi?id=2292096
[ 3 ] Bug #2328736 - [abrt] incus-client: runtime.raise(): incus killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=2328736
[ 4 ] Bug #2331983 - CVE-2024-45337 incus: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331983
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-0912cd3ad9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: incus
Product: Fedora 41
Version: 6.8
Release: 1.fc41
Summary: Powerful system container and virtual machine manager
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!