Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 41: FEDORA-2025-4cb7637c98 moderate: vaultwarden execution risk

fedora
Calendar Grey January 29, 2025
Dist Fedora Esm H88
Patch for vaultwarden on Fedora 41 mitigates privilege elevation and cross-site scripting vulnerabilities in release 1.32.7.
fix VW_VERSION in compiled code, patch security issues update to 1.32.7

Summary

Unofficial Bitwarden compatible server.

Update Information:

fix VW_VERSION in compiled code, patch security issues update to 1.32.7

Topics%20covered

Topics Covered

security advisory Fedora privilege escalation patch execution risk vaultwarden authenticated XSS

Change Log

* Tue Jan 21 2025 Jonathan Wright - 1.32.7-4 - Set VW_VERSION env var during build and install rhbz#2338534 * Sun Jan 19 2025 Fedora Release Engineering - 1.32.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Wed Jan 15 2025 Jonathan Wright - 1.32.7-2 - fix build on el9 with rust 1.79 * Fri Jan 3 2025 Jonathan Wright - 1.32.7-1 - update to 1.32.7 rhbz#2322181 - Fix CVE-2024-56335 * Tue Oct 22 2024 Jonathan Wright - 1.32.2-1 - update to 1.32.2 rhbz#2316657

References


[ 1 ] Bug #2307705 - vaultwarden: FTBFS in Fedora 40 and 39 https://bugzilla.redhat.com/show_bug.cgi?id=2307705 [ 2 ] Bug #2333595 - CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2333595 [ 3 ] Bug #2333596 - CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2333596 [ 4 ] Bug #2333597 - CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2333597 [ 5 ] Bug #2336825 - CVE-2024-55226 vaultwarden: uthenticated reflected XSS vulnerability [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2336825 [ 6 ] Bug #2...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4cb7637c98' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Name: vaultwarden
Product: Fedora 41
Version: 1.32.7
Release: 4.fc41
URL: https://github.com/dani-garcia/vaultwarden
Summary: Unofficial Bitwarden compatible server

Topics%20covered

Topics Covered

security advisory Fedora privilege escalation patch execution risk vaultwarden authenticated XSS

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here