Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

openSUSE: 2024:0220-1 Moderate: Caddy Security Update for Bugs and Threats

opensuse
Calendar Grey August 23, 2024
Dist Opensuse Esm H88
openSUSE Security Patch for Caddy addresses security flaws under advisory ID openSUSE-SU-2024:0219-2.
An update that fixes two vulnerabilities is now available

Description

This update for caddy fixes the following issues:

- Update to version 2.8.4:

* cmd: fix regression in auto-detect of Caddyfile (#6362)

* Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped

- Update to version 2.8.2:

* cmd: fix auto-detetction of .caddyfile extension (#6356)

* caddyhttp: properly sanitize requests for root path (#6360)

* caddytls: Implement certmagic.RenewalInfoGetter

* build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361)

- Update to version 2.8.1:

* caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers

(#6350)

* core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)

- Update to version 2.8.0:

* acmeserver: Add `sign_with_root` for Caddyfile (#6345)

* caddyfile: Reject global request matchers earlier (#6339)

* core: Fix bug in AppIfConfigured (fix #6336)

* fix a typo (#6333)

* autohttps: Move log WARN to INFO, reduce...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2024-220=1

Package List

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

caddy-2.8.4-bp156.3.3.1

- openSUSE Backports SLE-15-SP6 (noarch):

caddy-bash-completion-2.8.4-bp156.3.3.1

caddy-fish-completion-2.8.4-bp156.3.3.1

caddy-zsh-completion-2.8.4-bp156.3.3.1

References

https://www.suse.com/security/cve/CVE-2023-45142.html

https://www.suse.com/security/cve/CVE-2024-22189.html

https://bugzilla.suse.com/1222468

Announcement ID: openSUSE-SU-2024:0220-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP6 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here