Multiple vulnerabilities have been discovered in IBM AIX, the most severe of which could allow for arbitrary code execution. IBM AIX is a secure and reliable Unix operating system designed for IBM’s Power Systems. It supports modern applications and provides strong security features, making it ideal for mission-critical business environments. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the affected system. Depending on the privileges associated with the account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Accounts with fewer privileges on the system could be less impacted than those with administrative user rights.
* Wed Apr 2 2025 Bradley G Smith <bradley.g.smith@gmail.com> – 1.31.7-1
– Update to release v1.31.7
– Resolves FTBFS due to changes in license detector
– Upstream fix
* Fri Mar 21 2025 Bradley G Smith <bradley.g.smith@gmail.com> – 1.31.6-2
– Resolve CVE-2024-40635 and CVE-2025-22870 and CVE-2025-27144
– Resolves rhbz#2352147, rhbz#2353096, rhbz#2347476
– Update vendored go modules: golang.org/x/net v0.34.0 to
v0.36.0 github.com/containerd/containerd v1.7.24 to v1.7.27 github.com/go-jose/go-jose/v4 v4.0.2 to v4.0.5
It was discovered that Atop, a monitor tool for system resources and
process activity, always tried to connect to the port of atopgpud
(an additional daemon gathering GPU statistics not shipped in Debian)
while performing insufficient sanitising of the data read from this
port.
With this update, additional validation is added and by default atop
no longer tries to connect to the atopgpud daemon port unless explicitly
enabled via -k.
CVE-2024-36465, CVE-2024-36469, CVE-2024-42325, CVE-2024-45699, CVE-2024-45700
Re-install SELinux module in %%posttrans to address “upgrade” from zabbixA.B to zabbixX.Y in one transaction
