Source: openipmi Version: 2.0.33-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for openipmi. CVE-2024-42934[0]: | missing check on the authorization type on incoming LAN messages in | IPMI simulator Note that this only affects the IPMI simulator, but still it is worth updating to at least 2.0.36 for trixie at least and if time permits a bookworm-pu update with the isolated fixes. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-42934 https://www.cve.org/CVERecord?id=CVE-2024-42934 [1] https://sourceforge.net/p/openipmi/code/ci/b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1/ [2] https://sourceforge.net/p/openipmi/code/ci/4c129d0540f3578ecc078d8612bbf84b6cd24c87/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
