Test ID:	1.3.6.1.4.1.25623.1.0.885752
Category:	Fedora Local Security Checks
Title:	Fedora: Security Advisory (FEDORA-2024-a2f6e5ddb8)
Summary:	The remote host is missing an update for the 'rear' package(s) announced via the FEDORA-2024-a2f6e5ddb8 advisory.
Description:	Summary: The remote host is missing an update for the 'rear' package(s) announced via the FEDORA-2024-a2f6e5ddb8 advisory. Vulnerability Insight: * Fri Feb 9 2024 Lukas Zaoral - 2.7-8 - Sync with patches in CentOS Stream 9 (kudos to @pcahyna!) chronologically from the latest: - Resolve libs for executable links in COPY_AS_IS, PR 3073 - Skip invalid disk drives when saving layout PR 3047 - Do not delete NetBackup logs in case of errors and save /usr/openv/netbackup/logs to the restored system after a successful recovery - Add /usr/openv/var to COPY_AS_IS_NBU, fixes an issue seen with NetBackup 10.2.0.1 - Support saving and restoring hybrid BIOS/UEFI bootloader, PRs 3145 3136 * Thu Feb 8 2024 Lukas Zaoral - 2.7-7 - do not generate /etc/rear/os.conf during build * Wed Feb 7 2024 Lukas Zaoral - 2.7-6 - copy the console= kernel arguments from the original system * Tue Feb 6 2024 Lukas Zaoral - 2.7-5 - replace dhcp-client with dhcpcd (rhbz#2247060) * Tue Feb 6 2024 Lukas Zaoral - 2.7-4 - make initrd accessible only by root (CVE-2024-23301) * Tue Feb 6 2024 Lukas Zaoral - 2.7-3 - fix unusable recovery with newer systemd (rbhz#2254871) * Mon Feb 5 2024 Lukas Zaoral - 2.7-2 - migrate to SPDX license format - properly use %license and %doc macros - use https in URLs * Fri Feb 2 2024 Lukas Zaoral - 2.7-1 - rebase to version 2.7 (rhbz#2215778) - drop obsolete patches - rebase remaining patches * Fri Feb 2 2024 Lukas Zaoral - 2.6-14 - Sync with patches in CentOS Stream 9 (kudos to @pcahyna!) chronologically from the latest: - Backport PR 3061 to save LVM pool metadata volume size in disk layout and restore it - Backport PR 3058 to skip useless xfs mount options when mounting during recovery, prevents mount errors like 'logbuf size must be greater than or equal to log stripe size' - Add patch to force removal of lvmdevices, prevents LVM problems after restoring to different disks/cloning. Upstream PR 3043 - Add patch to start rsyslog and include NBU systemd units - Apply PR 3027 to ensure correct creation of the rescue environment when a file is shrinking while being read - Backport PR 2774 to increase USB_UEFI_PART_SIZE to 1024 MiB - Apply upstream patch for temp dir usage with LUKS to ensure that during recovery an encrypted disk can be unlocked using a keyfile - Backport upstream PR 3031: Secure Boot support for OUTPUT=USB - Correct a mistake done when backporting PR 2691 - Backport PR2943 to fix s390x dasd formatting - Require s390utils-{core,base} on s390x - Apply PR2903 to protect against colons in pvdisplay output - Apply PR2873 to fix initrd regeneration on s390x - Apply PR2431 to migrate XFS configuration files - Exclude /etc/lvm/devices from the rescue system to work around a segfault in lvm pvcreate - Avoid stderr message about irrelevant broken links - Changes for NetBackup (NBU) 9.x support - ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'rear' package(s) on Fedora 39. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-23301 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHKMPXJNXEJJE6EVYE5HM7EKEJFQMBN7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7JIN57LUPBI2GDJOK3PYXNHJTZT3AQTZ/ https://github.com/rear/rear/issues/3122 https://github.com/rear/rear/pull/3123 https://lists.debian.org/debian-lts-announce/2024/02/msg00003.html
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.