OESA-2024-1509
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1509
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-1509.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2024-1509
- Upstream
- Published
- 2024-04-26T11:07:51Z
- Modified
- 2025-09-03T06:18:29.876634Z
- Summary
- ignition security update
- Details
-
Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files (regular files, systemd units, etc.), and configuring users. On first boot, Ignition reads its configuration from a source of truth (remote URL, network metadata service, hypervisor bridge, etc.) and applies the configuration.
Security Fix(es):
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.(CVE-2022-41723)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:22.03-LTS-SP1 / ignition
Package
- Name
- ignition
- Purl
- pkg:rpm/openEuler/ignition&distro=openEuler-22.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.14.0-5.oe2203sp1
Ecosystem specific
{
"src": [
"ignition-2.14.0-5.oe2203sp1.src.rpm"
],
"x86_64": [
"ignition-2.14.0-5.oe2203sp1.x86_64.rpm",
"ignition-debuginfo-2.14.0-5.oe2203sp1.x86_64.rpm",
"ignition-debugsource-2.14.0-5.oe2203sp1.x86_64.rpm",
"ignition-validate-2.14.0-5.oe2203sp1.x86_64.rpm"
],
"aarch64": [
"ignition-2.14.0-5.oe2203sp1.aarch64.rpm",
"ignition-validate-2.14.0-5.oe2203sp1.aarch64.rpm",
"ignition-debugsource-2.14.0-5.oe2203sp1.aarch64.rpm",
"ignition-debuginfo-2.14.0-5.oe2203sp1.aarch64.rpm"
]
}