Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

openSUSE Releases 2024:0211-1 Addressing Moderate Caddy Security Risks

opensuse
Calendar Grey July 22, 2024
Dist Opensuse Esm H88
New Caddy patch released for openSUSE, tackling recognized vulnerabilities with moderate severity. Find out more.
An update that fixes two vulnerabilities is now available

Description

This update for caddy fixes the following issues:

Update to version 2.8.4:

* cmd: fix regression in auto-detect of Caddyfile (#6362)

* Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped

Update to version 2.8.2:

* cmd: fix auto-detetction of .caddyfile extension (#6356)

* caddyhttp: properly sanitize requests for root path (#6360)

* caddytls: Implement certmagic.RenewalInfoGetter

Update to version 2.8.1:

* caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers

(#6350)

* core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)

Update to version 2.8.0:

* acmeserver: Add `sign_with_root` for Caddyfile (#6345)

* caddyfile: Reject global request matchers earlier (#6339)

* core: Fix bug in AppIfConfigured (fix #6336)

* fix a typo (#6333)

* autohttps: Move log WARN to INFO, reduce confusion (#6185)

* reverseproxy: Support HTTP/3 transport to backend (#6312)

*...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2024-211=1

Package List

- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):

caddy-2.8.4-bp155.2.3.1

- openSUSE Backports SLE-15-SP5 (noarch):

caddy-bash-completion-2.8.4-bp155.2.3.1

caddy-fish-completion-2.8.4-bp155.2.3.1

caddy-zsh-completion-2.8.4-bp155.2.3.1

References

https://www.suse.com/security/cve/CVE-2023-45142.html

https://www.suse.com/security/cve/CVE-2024-22189.html

https://bugzilla.suse.com/1222468

Announcement ID: openSUSE-SU-2024:0211-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP5 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here