Bug 2292247 - Upgrade to Fix Critical cve-2024-4323 to upgrade to 2.2.3 or 3.0.4+
Summary: Upgrade to Fix Critical cve-2024-4323 to upgrade to 2.2.3 or 3.0.4+
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: fluent-bit
Version: epel8
Hardware: All
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: leoswaldo
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-06-13 17:06 UTC by leoswaldo
Modified: 2024-07-20 00:42 UTC (History)
2 users (show)

Fixed In Version: fluent-bit-3.0.4-1.el9
Clone Of:
Environment:
Last Closed: 2024-07-20 00:42:25 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description leoswaldo 2024-06-13 17:06:14 UTC 
security vulnerability (known as CVE-2024-4323) that impacts Fluent Bit versions 2.0.7 through 3.0.3. The latest version of Fluent Bit, version 3.0.4, fixes this issue. We’ve also backported  fix to Fluent Bit version 2.2.3, the last release of Fluent Bit v2.


https://fluentbit.io/blog/2024/05/21/statement-on-cve-2024-4323-and-its-fix/
Comment 1 Fedora Update System 2024-07-11 22:18:15 UTC 
FEDORA-EPEL-2024-62eb1bcb21 (fluent-bit-3.0.4-1.el9) has been submitted as an update to Fedora EPEL 9.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-62eb1bcb21
Comment 2 Fedora Update System 2024-07-12 00:21:26 UTC 
FEDORA-EPEL-2024-62eb1bcb21 has been pushed to the Fedora EPEL 9 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-62eb1bcb21

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 3 Fedora Update System 2024-07-20 00:42:25 UTC 
FEDORA-EPEL-2024-62eb1bcb21 (fluent-bit-3.0.4-1.el9) has been pushed to the Fedora EPEL 9 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.