ignition-2.14.0-1.el9
エラータID: AXSA:2023-4920:01
Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files (regular files, systemd units, etc.), and configuring users. On first boot, Ignition reads its configuration from a source of truth (remote URL, network metadata service, hypervisor bridge, etc.) and applies the configuration.
The following packages have been upgraded to a later upstream version: ignition (2.14.0).
Security Fix(es):
* ignition: configs are accessible from unprivileged containers in VMs running on VMware products (CVE-2022-1706)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-1706
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.
Update packages.
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.
N/A
SRPMS
- ignition-2.14.0-1.el9.src.rpm
MD5: 5db245fabfbefd31b7267e821e951206
SHA-256: 9b0c2e46eb76d905394e05cb9ab86ad3f5d59c266653dbf0e0cbcb687694c23f
Size: 4.07 MB
Asianux Server 9 for x86_64
- ignition-2.14.0-1.el9.x86_64.rpm
MD5: 8515d4e5507a9102c1382b568027eb08
SHA-256: 5847645014a4067514a2f029cb071e65c52ca979b8c19993d0190af72e90bf66
Size: 5.08 MB