{"affected":[{"ecosystem_specific":{"binaries":[{"warewulf4":"4.5.2-150500.6.13.1","warewulf4-man":"4.5.2-150500.6.13.1","warewulf4-overlay":"4.5.2-150500.6.13.1","warewulf4-overlay-slurm":"4.5.2-150500.6.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for HPC 15 SP5","name":"warewulf4","purl":"pkg:rpm/suse/warewulf4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.5.2-150500.6.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"warewulf4":"4.5.2-150500.6.13.1","warewulf4-man":"4.5.2-150500.6.13.1","warewulf4-overlay":"4.5.2-150500.6.13.1","warewulf4-overlay-slurm":"4.5.2-150500.6.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for HPC 15 SP6","name":"warewulf4","purl":"pkg:rpm/suse/warewulf4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.5.2-150500.6.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"warewulf4":"4.5.2-150500.6.13.1","warewulf4-man":"4.5.2-150500.6.13.1","warewulf4-overlay":"4.5.2-150500.6.13.1","warewulf4-overlay-slurm":"4.5.2-150500.6.13.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"warewulf4","purl":"pkg:rpm/opensuse/warewulf4&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.5.2-150500.6.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"warewulf4":"4.5.2-150500.6.13.1","warewulf4-man":"4.5.2-150500.6.13.1","warewulf4-overlay":"4.5.2-150500.6.13.1","warewulf4-overlay-slurm":"4.5.2-150500.6.13.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"warewulf4","purl":"pkg:rpm/opensuse/warewulf4&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.5.2-150500.6.13.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for warewulf4 fixes the following issues:\n\n- fixed wwctl configure --all doesn't configure ssh (bsc#1225402)\n\n- update to 4.5.2 with following changes:\n  * Reorder dnsmasq config to put iPXE last\n  * Update go-digest dependency to fix \n      CVE-2024-3727: digest values not always validated (bsc#1224124)\n\n- updated to version 4.5.1 with following changes\n  * wwctl [profile|node] list -a handles now slices correclty\n  * Fix a locking issue with concurrent read/writes for node status\n\n- Remove API package as use of this wasn't documented\n\n- use tftp.socket for activation (bsc#1216994)\n","id":"SUSE-SU-2024:1838-1","modified":"2024-05-29T12:28:12Z","published":"2024-05-29T12:28:12Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20241838-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1216994"},{"type":"REPORT","url":"https://bugzilla.suse.com/1224124"},{"type":"REPORT","url":"https://bugzilla.suse.com/1225402"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-3727"}],"related":["CVE-2024-3727"],"summary":"Security update for warewulf4","upstream":["CVE-2024-3727"]}