[SECURITY] Fedora 41 Update: vaultwarden-1.32.7-4.fc41

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4cb7637c98
2025-01-29 05:01:23.704796+00:00
--------------------------------------------------------------------------------

Name        : vaultwarden
Product     : Fedora 41
Version     : 1.32.7
Release     : 4.fc41
URL         : https://github.com/dani-garcia/vaultwarden
Summary     : Unofficial Bitwarden compatible server
Description :
Unofficial Bitwarden compatible server.

--------------------------------------------------------------------------------
Update Information:

fix VW_VERSION in compiled code, patch security issues
update to 1.32.7
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 21 2025 Jonathan Wright <jonathan@xxxxxxxxxxxxx> - 1.32.7-4
- Set VW_VERSION env var during build and install rhbz#2338534
* Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.32.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Jan 15 2025 Jonathan Wright <jonathan@xxxxxxxxxxxxx> - 1.32.7-2
- fix build on el9 with rust 1.79
* Fri Jan  3 2025 Jonathan Wright <jonathan@xxxxxxxxxxxxx> - 1.32.7-1
- update to 1.32.7 rhbz#2322181
- Fix CVE-2024-56335
* Tue Oct 22 2024 Jonathan Wright <jonathan@xxxxxxxxxxxxx> - 1.32.2-1
- update to 1.32.2 rhbz#2316657
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2307705 - vaultwarden: FTBFS in Fedora 40 and 39
        https://bugzilla.redhat.com/show_bug.cgi?id=2307705
  [ 2 ] Bug #2333595 - CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2333595
  [ 3 ] Bug #2333596 - CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2333596
  [ 4 ] Bug #2333597 - CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2333597
  [ 5 ] Bug #2336825 - CVE-2024-55226 vaultwarden: uthenticated reflected XSS vulnerability [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2336825
  [ 6 ] Bug #2336826 - CVE-2024-55226 vaultwarden: uthenticated reflected XSS vulnerability [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2336826
  [ 7 ] Bug #2336827 - CVE-2024-55226 vaultwarden: uthenticated reflected XSS vulnerability [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2336827
  [ 8 ] Bug #2336829 - CVE-2024-55225 vaultwarden: user spoofing via crafted authorization request [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2336829
  [ 9 ] Bug #2336830 - CVE-2024-55225 vaultwarden: user spoofing via crafted authorization request [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2336830
  [ 10 ] Bug #2336831 - CVE-2024-55225 vaultwarden: user spoofing via crafted authorization request [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2336831
  [ 11 ] Bug #2336833 - CVE-2024-55224 vaultwarden: arbitrary code execution via injecting a crafted payload into the username field of an e-mail message [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2336833
  [ 12 ] Bug #2336834 - CVE-2024-55224 vaultwarden: arbitrary code execution via injecting a crafted payload into the username field of an e-mail message [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2336834
  [ 13 ] Bug #2336835 - CVE-2024-55224 vaultwarden: arbitrary code execution via injecting a crafted payload into the username field of an e-mail message [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2336835
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4cb7637c98' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]

  Powered by Linux