8 matches found
[SECURITY] Fedora 40 Update: rust-coreos-installer-0.23.0-2.fc40
coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines or, occasionally, to virtual machines...
[SECURITY] Fedora 39 Update: rust-coreos-installer-0.21.0-3.fc39
coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines or, occasionally, to virtual machines...
Fedora: Security Advisory for rust-coreos-installer (FEDORA-2024-ce2936b568)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHCOS 4 / 9 : OpenShift Container Platform 4.13.0 (RHSA-2023:1325)
The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1325 advisory. - buildah: possible information disclosure and modification CVE-2022-2990 - OpenShift: Missing HTTP Strict Transport Security...
GHSA-862G-9H5M-M3QV coreos-installer < 0.10.0 writes world-readable Ignition config to installed system
Impact On systems installed with coreos-installer before 0.10.0, the user-provided Ignition config was written to /boot/ignition/config.ign with world-readable permissions, granting unprivileged users access to any secrets included in the config. Default configurations of Fedora CoreOS and RHEL...
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system
Impact On systems installed with coreos-installer before 0.10.0, the user-provided Ignition config was written to /boot/ignition/config.ign with world-readable permissions, granting unprivileged users access to any secrets included in the config. Default configurations of Fedora CoreOS and RHEL...
GHSA-3R3G-G73X-G593 coreos-installer improperly verifies GPG signature when decompressing gzipped artifact
Impact coreos-installer fails to correctly verify GPG signatures when decompressing gzip-compressed artifacts. This allows bypass of signature verification in cases where coreos-installer decompresses a downloaded OS image, allowing an attacker who can modify the OS image to compromise a...
coreos-installer improperly verifies GPG signature when decompressing gzipped artifact
Impact coreos-installer fails to correctly verify GPG signatures when decompressing gzip-compressed artifacts. This allows bypass of signature verification in cases where coreos-installer decompresses a downloaded OS image, allowing an attacker who can modify the OS image to compromise a...