An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed.
More Stories
trafficserver-9.2.5-1.el8
FEDORA-EPEL-2024-d40458db4b Packages in this update: trafficserver-9.2.5-1.el8 Update description: Update to upstream 9.2.5 Resolves CVE-2023-38522, CVE-2024-35161, CVE-2024-35296 Read More
trafficserver-9.2.5-1.fc40
FEDORA-2024-77fe791124 Packages in this update: trafficserver-9.2.5-1.fc40 Update description: Update to upstream 9.2.5 Resolves CVE-2023-38522, CVE-2024-35161, CVE-2024-35296 Read More
trafficserver-9.2.5-1.el9
FEDORA-EPEL-2024-504d1abdb5 Packages in this update: trafficserver-9.2.5-1.el9 Update description: Update to upstream 9.2.5 Resolves CVE-2023-38522, CVE-2024-35161, CVE-2024-35296 Read More
trafficserver-9.2.5-1.fc39
FEDORA-2024-2243c5abee Packages in this update: trafficserver-9.2.5-1.fc39 Update description: Update to upstream 9.2.5 Resolves CVE-2023-38522, CVE-2024-35161, CVE-2024-35296 Read More
python-setuptools-69.0.3-4.fc40
FEDORA-2024-247e9ba33a Packages in this update: python-setuptools-69.0.3-4.fc40 Update description: Security fix for CVE-2024-6345. Read More
python-setuptools-67.7.2-8.fc39
FEDORA-2024-9ed182a5d3 Packages in this update: python-setuptools-67.7.2-8.fc39 Update description: Security fix for CVE-2024-6345. Read More