Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32019
The vulnerability affects the ndsudo binary, part of netdata. This binary was introduced in version 1.45.0[1], and the recipe contains v1.34.1 - which is not vulnerable yet. Ignore the CVE due to this. [1]: https://github.com/netdata/netdata/commit/0c8b46cbfd05109a45ee4de27f034567569fa3fa Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-webserver/recipes-webadmin/netdata/netdata_1.34.1.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-webserver/recipes-webadmin/netdata/netdata_1.34.1.bb b/meta-webserver/recipes-webadmin/netdata/netdata_1.34.1.bb index 71fb0783b6..516fde6281 100644 --- a/meta-webserver/recipes-webadmin/netdata/netdata_1.34.1.bb +++ b/meta-webserver/recipes-webadmin/netdata/netdata_1.34.1.bb @@ -79,3 +79,6 @@ do_install:append() { FILES:${PN} += "${localstatedir}/cache/netdata/ ${localstatedir}/lib/netdata/" RDEPENDS:${PN} = "bash zlib" + +# versions <1.45.0 are not vulnerable yet +CVE_CHECK_IGNORE = "CVE-2024-32019"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123103): https://lists.openembedded.org/g/openembedded-devel/message/123103 Mute This Topic: https://lists.openembedded.org/mt/117053589/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
