#52418 – Необходимо закрыть CVE-2024-8185, CVE-2024-9180, CVE-2024-6468

Bug 52418 - Необходимо закрыть CVE-2024-8185, CVE-2024-9180, CVE-2024-6468

Summary: Необходимо закрыть CVE-2024-8185, CVE-2024-9180, CVE-2024-6468

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	vault (show other bugs)
Version:	unstable
Hardware:	x86_64 Linux

Importance:	P5 normal
Assignee:	bne@altlinux.org
QA Contact:	qa-sisyphus

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-12-13 10:38 MSK by FelixZ
Modified:	2024-12-15 21:08 MSK (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description FelixZ 2024-12-13 10:38:47 MSK

Прошу закрыть следующие уязвимости в пакете vault:
CVE-2024-8185 - https://discuss.hashicorp.com/t/hcsec-2024-26-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-processing-raft-cluster-join-requests/71047
CVE-2024-9180 - https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565
CVE-2024-6468 - https://discuss.hashicorp.com/t/hcsec-2024-14-vault-vulnerable-to-denial-of-service-when-setting-a-proxy-protocol-behavior/68518

Comment 1 Repository Robot 2024-12-15 21:08:24 MSK

vault-1.13.12-alt6 -> sisyphus:

 Sun Dec 15 2024 Nikolay Burykin <bne@altlinux> 1.13.12-alt6
 - Fixes: CVE-2024-8185, CVE-2024-9180, CVE-2024-6468 (Closes: #52418)