 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.856314 |
| Categoría: | openSUSE Local Security Checks |
| Título: | openSUSE Security Advisory (openSUSE-SU-2024:0211-1) |
| Resumen: | The remote host is missing an update for the 'caddy' package(s) announced via the openSUSE-SU-2024:0211-1 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'caddy' package(s) announced via the openSUSE-SU-2024:0211-1 advisory. Vulnerability Insight: This update for caddy fixes the following issues: Update to version 2.8.4: * cmd: fix regression in auto-detect of Caddyfile (#6362) * Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped Update to version 2.8.2: * cmd: fix auto-detetction of .caddyfile extension (#6356) * caddyhttp: properly sanitize requests for root path (#6360) * caddytls: Implement certmagic.RenewalInfoGetter Update to version 2.8.1: * caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers (#6350) * core: MkdirAll appDataDir in InstanceID with 0o700 (#6340) Update to version 2.8.0: * acmeserver: Add `sign_with_root` for Caddyfile (#6345) * caddyfile: Reject global request matchers earlier (#6339) * core: Fix bug in AppIfConfigured (fix #6336) * fix a typo (#6333) * autohttps: Move log WARN to INFO, reduce confusion (#6185) * reverseproxy: Support HTTP/3 transport to backend (#6312) * context: AppIfConfigured returns error, consider not-yet-provisioned modules (#6292) * Fix lint error about deprecated method in smallstep/certificates/authority * go.mod: Upgrade dependencies * caddytls: fix permission requirement with AutomationPolicy (#6328) * caddytls: remove ClientHelloSNICtxKey (#6326) * caddyhttp: Trace individual middleware handlers (#6313) * templates: Add `pathEscape` template function and use it in file browser (#6278) * caddytls: set server name in context (#6324) * chore: downgrade minimum Go version in go.mod (#6318) * caddytest: normalize the JSON config (#6316) * caddyhttp: New experimental handler for intercepting responses (#6232) * httpcaddyfile: Set challenge ports when http_port or https_port are used * logging: Add support for additional logger filters other than hostname (#6082) * caddyhttp: Log 4xx as INFO, 5xx as ERROR (close #6106) * caddyhttp: Alter log message when request is unhandled (close #5182) * reverseproxy: Pointer to struct when loading modules, remove LazyCertPool (#6307) * tracing: add trace_id var (`http.vars.trace_id` placeholder) (#6308) * go.mod: CertMagic v0.21.0 * reverseproxy: Implement health_follow_redirects (#6302) * caddypki: Allow use of root CA without a key. Fixes #6290 (#6298) * go.mod: Upgrade to quic-go v0.43.1 * reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301) * caddytls: Ability to drop connections (close #6294) * httpcaddyfile: Fix expression matcher shortcut in snippets (#6288) * caddytls: Evict internal certs from cache based on issuer (#6266) * chore: add warn logs when using deprecated fields (#6276) * caddyhttp: Fix linter warning about deprecation * go.mod: Upgrade to quic-go v0.43.0 * fileserver: Set 'Vary: Accept-Encoding' header (see #5849) * events: Add debug log * reverseproxy: handle buffered data during hijack (#6274) * ci: remove `android` and `plan9` from cross-build workflow (#6268) * run `golangci-lint run --fix --fast` ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'caddy' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-45142 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTRJ54INZG3OC2FTAN6AFB2RYNY2GAD/ https://github.com/advisories/GHSA-cg3q-j54f-5p7p https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65 https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277 https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0 https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223 https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159 Common Vulnerability Exposure (CVE) ID: CVE-2024-22189 https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c85ed47a https://github.com/quic-go/quic-go/security/advisories/GHSA-c33x-xqrf-c478 https://seemann.io/posts/2024-03-19-exploiting-quics-connection-id-management https://www.youtube.com/watch?v=JqXtYcZAtIA&t=3683s |
| Copyright | Copyright (C) 2024 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |