CVE-2024-47211

NameCVE-2024-47211
DescriptionIn OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ironic (PTS)bullseye1:16.0.3-1vulnerable
bookworm1:21.1.0-3vulnerable
trixie, sid1:26.1.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ironicsource(unstable)1:26.1.0-1

Notes

[bookworm] - ironic <no-dsa> (Minor issue)
[bullseye] - ironic <postponed> (Minor issue; can be fixed in next update)
https://security.openstack.org/ossa/OSSA-2024-004.html

Search for package or bug name: Reporting problems