ignition-2.14.0-1.el9

エラータID: AXSA:2023-4920:01

Release date: 
Wednesday, February 1, 2023 - 02:24
Subject: 
ignition-2.14.0-1.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files (regular files, systemd units, etc.), and configuring users. On first boot, Ignition reads its configuration from a source of truth (remote URL, network metadata service, hypervisor bridge, etc.) and applies the configuration.

The following packages have been upgraded to a later upstream version: ignition (2.14.0).

Security Fix(es):

* ignition: configs are accessible from unprivileged containers in VMs running on VMware products (CVE-2022-1706)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-1706
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. ignition-2.14.0-1.el9.src.rpm
    MD5: 5db245fabfbefd31b7267e821e951206
    SHA-256: 9b0c2e46eb76d905394e05cb9ab86ad3f5d59c266653dbf0e0cbcb687694c23f
    Size: 4.07 MB

Asianux Server 9 for x86_64
  1. ignition-2.14.0-1.el9.x86_64.rpm
    MD5: 8515d4e5507a9102c1382b568027eb08
    SHA-256: 5847645014a4067514a2f029cb071e65c52ca979b8c19993d0190af72e90bf66
    Size: 5.08 MB