Bug 2292248 - Upgrade to Fix Critical cve-2024-4323 to upgrade to 2.2.3 or 3.0.4+
Summary: Upgrade to Fix Critical cve-2024-4323 to upgrade to 2.2.3 or 3.0.4+
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: fluent-bit
Version: 40
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: leoswaldo
QA Contact:
URL: https://fluentbit.io/blog/2024/05/21/...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-06-13 17:07 UTC by leoswaldo
Modified: 2024-07-20 02:25 UTC (History)
2 users (show)

Fixed In Version: fluent-bit-3.0.4-1.fc40
Clone Of:
Environment:
Last Closed: 2024-07-20 02:25:56 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description leoswaldo 2024-06-13 17:07:48 UTC
security vulnerability (known as CVE-2024-4323) that impacts Fluent Bit versions 2.0.7 through 3.0.3. The latest version of Fluent Bit, version 3.0.4, fixes this issue. We’ve also backported  fix to Fluent Bit version 2.2.3, the last release of Fluent Bit v2.


https://fluentbit.io/blog/2024/05/21/statement-on-cve-2024-4323-and-its-fix/


Reproducible: Always

Comment 1 Fedora Update System 2024-07-11 23:13:15 UTC
FEDORA-2024-07db6333b0 (fluent-bit-3.0.4-1.fc40) has been submitted as an update to Fedora 40.
https://bodhi.fedoraproject.org/updates/FEDORA-2024-07db6333b0

Comment 2 Fedora Update System 2024-07-12 05:29:38 UTC
FEDORA-2024-07db6333b0 has been pushed to the Fedora 40 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-07db6333b0`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-07db6333b0

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 3 Fedora Update System 2024-07-20 02:25:56 UTC
FEDORA-2024-07db6333b0 (fluent-bit-3.0.4-1.fc40) has been pushed to the Fedora 40 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.