| Summary: | rear new security issue CVE-2024-23301 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, herman.viaene, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | rear-2.6-2.mga9.src.rpm | CVE: | CVE-2024-23301 |
| Status comment: | |||
|
Description
Nicolas Salguero
2024-04-10 15:23:14 CEST
Nicolas Salguero
2024-04-10 15:23:43 CEST
CVE:
(none) =>
CVE-2024-23301 Thanks for identifying the (simple) patch. Assigning directly to DavidG, you committed the last two versions. Assignee:
bugsquad =>
geiger.david68210 Suggested advisory: ======================== The updated package fixes a security vulnerability: Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. (CVE-2024-23301) References: https://lwn.net/Articles/969278/ ======================== Updated package in core/updates_testing: ======================== rear-2.6-2.1.mga9 from SRPM: rear-2.6-2.1.mga9.src.rpm Assignee:
geiger.david68210 =>
qa-bugs
katnatek
2024-04-12 01:03:09 CEST
Keywords:
(none) =>
advisory MGA9-64 Plasma Wayland on HP-Pavillion.
No installation issues.
Recover and restore seems a complex story, trying to keep it simple.
Picked a few commands from its help:
# rear -V
Relax-and-Recover 2.6 / Git
# rear -S dump
Press ENTER to include '/etc/rear/os.conf' ...
Press ENTER to include '/usr/share/rear/conf/Linux-i386.conf' ...
Press ENTER to include '/usr/share/rear/conf/GNU/Linux.conf' ...
Press ENTER to include '/etc/rear/local.conf' ...
Press ENTER to include '/usr/share/rear/init/default/005_verify_os_conf.sh' ...
Press ENTER to include '/usr/share/rear/init/default/010_EFISTUB_check.sh' ...
Press ENTER to include '/usr/share/rear/init/default/010_set_drlm_env.sh' ...
Press ENTER to include '/usr/share/rear/init/default/030_update_recovery_system.sh' ...
Press ENTER to include '/usr/share/rear/init/default/050_check_rear_recover_mode.sh' ...
Press ENTER to include '/usr/share/rear/init/default/950_check_missing_programs.sh' ...
# Begin dumping out configuration and system information:
# This is a 'Linux-x86_64' system, compatible with 'Linux-i386'.
# Configuration tree:
# Linux-i386.conf : OK
# GNU/Linux.conf : OK
# Fedora.conf : missing/empty
# Fedora/i386.conf : missing/empty
# Fedora/VERSION_ID=9.conf : missing/empty
# Fedora/VERSION_ID=9/i386.conf : missing/empty
# Fedora.conf : missing/empty
# Fedora/i386.conf : missing/empty
# Fedora/VERSION_ID=9.conf : missing/empty
# Fedora/VERSION_ID=9/i386.conf : missing/empty
# site.conf : missing/empty
# local.conf : OK
# System definition:
ARCH="Linux-i386"
OS="GNU/Linux"
OS_MASTER_VENDOR="Fedora"
OS_MASTER_VERSION="VERSION_ID=9"
OS_MASTER_VENDOR_ARCH="Fedora/i386"
OS_MASTER_VENDOR_VERSION="Fedora/VERSION_ID=9"
OS_MASTER_VENDOR_VERSION_ARCH="Fedora/VERSION_ID=9/i386"
OS_VENDOR="Fedora"
OS_VERSION="VERSION_ID=9"
OS_VENDOR_ARCH="Fedora/i386"
OS_VENDOR_VERSION="Fedora/VERSION_ID=9"
OS_VENDOR_VERSION_ARCH="Fedora/VERSION_ID=9/i386"
# Backup with REQUESTRESTORE:
REQUESTRESTORE_COMMAND=""
REQUESTRESTORE_TEXT=$'Please start the restore process on your backup host.\nMake sure that you restore the data into /mnt/local (by default \'/mnt/local\')\ninstead of \'/\' because the hard disks of the recovered system are mounted there.\n'
BACKUP_DUPLICITY_NAME="rear-backup"
BACKUP_INTEGRITY_CHECK=""
BACKUP_MOUNTCMD=""
BACKUP_ONLY_EXCLUDE="no"
BACKUP_ONLY_INCLUDE="no"
BACKUP_OPTIONS=""
BACKUP_RESTORE_MOVE_AWAY_DIRECTORY="/var/lib/rear/moved_away_after_backup_restore/"
BACKUP_RESTORE_MOVE_AWAY_FILES=("/boot/grub/grubenv" "/boot/grub2/grubenv")
BACKUP_RSYNC_OPTIONS=("--sparse" "--archive" "--hard-links" "--numeric-ids" "--stats")
BACKUP_SELINUX_DISABLE="1"
BACKUP_TYPE=""
BACKUP_UMOUNTCMD=""
BACKUP_URL=""
# Output to ISO:
ISO_DEFAULT="boothd"
ISO_DIR="/var/lib/rear/output"
ISO_ISOLINUX_BIN=""
ISO_MAX_SIZE=""
ISO_MKISOFS_BIN="/bin/mkisofs"
ISO_MKISOFS_OPTS=""
ISO_PREFIX="rear-mach4"
ISO_RECOVER_MODE=""
ISO_VOLID="RELAXRECOVER"
OUTPUT_EFISTUB_SYSTEMD_BOOTLOADER="/usr/lib/systemd/boot/efi/systemd-bootx64.efi"
OUTPUT_LFTP_OPTIONS=""
OUTPUT_MOUNTCMD=""
OUTPUT_OPTIONS=""
OUTPUT_PREFIX="mach4"
OUTPUT_PREFIX_PXE=""
OUTPUT_UMOUNTCMD=""
OUTPUT_URL=""
# Validation status:
# /usr/share/rear/lib/validated/Fedora/VERSION_ID=9/i386.txt : missing/empty
# Your system is not yet validated. Please carefully check all functions
# and create a validation record with 'rear validate'. This will help others
# to know about the validation status of Relax-and-Recover on this system.
# End of dump configuration and system information.
Seems odd that it recognizes this system as Fedora version 9, but it seems to work. OK for me.Whiteboard:
(none) =>
MGA9-64-OK At least it got the "9" right. Since this is a security update, I'm sending it on. If it needs a bugfix for the identification error, another bug can be filed. Validating. CC:
(none) =>
andrewsfarm, sysadmin-bugs An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0131.html Status:
ASSIGNED =>
RESOLVED |