Bug 2242402
| Summary: | tacacs: CVE-2023-45239 | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Davide Cavalca <davide> |
| Component: | tacacs | Assignee: | Davide Cavalca <davide> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | urgent | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | awilliam, davide |
| Target Milestone: | --- | Keywords: | Reopened, Security |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | AcceptedFreezeException | ||
| Fixed In Version: | tacacs-F4.0.4.28.7fb~20231005g4fdf178-1.fc40 tacacs-F4.0.4.28.7fb~20231005g4fdf178-2.el9 tacacs-F4.0.4.28.7fb~20231005g4fdf178-1.fc37 tacacs-F4.0.4.28.7fb~20231005g4fdf178-2.el8 tacacs-F4.0.4.28.7fb~20231005g4fdf178-1.fc38 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-10-09 22:25:49 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2143447 | ||
|
Description
Davide Cavalca
2023-10-05 21:37:35 UTC
Proposed as a Freeze Exception for 39-final by Fedora user dcavalca using the blocker tracking app because: This is a self contained change that fixes a major security vulnerability in the tacacs package. FEDORA-2023-a219299297 has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2023-a219299297 FEDORA-2023-a219299297 has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2023-96c21ed09c has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-96c21ed09c FEDORA-2023-6f9e904861 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-6f9e904861 FEDORA-2023-ef2653f707 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-ef2653f707 FEDORA-EPEL-2023-4aac16fe21 has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-4aac16fe21 FEDORA-EPEL-2023-a6d0c485c1 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-a6d0c485c1 FEDORA-EPEL-2023-4aac16fe21 has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2023-ef2653f707 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-EPEL-2023-a6d0c485c1 has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2023-6f9e904861 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2023-96c21ed09c has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-96c21ed09c` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-96c21ed09c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. CVE: https://www.cve.org/CVERecord?id=CVE-2023-45239 GHSA advisory: https://github.com/facebook/tac_plus/security/advisories/GHSA-p334-5r3g-4vx3 Leaving this in POST as the f39 update hasn't hit stable yet +6 in https://pagure.io/fedora-qa/blocker-review/issue/1391 , marking accepted FE. ON_QA is the right state for the update being in updates-testing. FEDORA-2023-96c21ed09c has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report. |