-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 08 Nov 2024 16:10:43 +0100 Source: ironic Architecture: source Version: 1:21.4.4-0+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian OpenStack Changed-By: Thomas Goirand Closes: 1135898 1136005 1136655 1138842 Changes: ironic (1:21.4.4-0+deb12u1) bookworm-security; urgency=medium . * New upstream point release. Fixed CVE-2024-44082. * CVE-2026-44917: Ironic does not validate the location of node.driver_info[pxe_template], allowing a user who can set it to expose arbitrary files on an internal Ironic network, such as the servicing, provisioning, or cleaning networks. Applied upstream patch: - CVE-2026-44917_disable-driver_info-level-pxe_template-override.patch * CVE-2026-46447: A user with access to add or modify node.driver_info or node.instance_info can create a crafted value to enable iPXE script execution during the boot process. Applied upstream patch: - CVE-2026-46447_Sanitize-kernel_append_parms.patch * CVE-2026-48681: A maliciously crafted ISO image can cause Ironic to perform path traversal and overwrite files on a conductor's disk. Applied upstream patch: - CVE-2026-48681-directory_transversal_ISO9660_support.patch (Closes: #1138842) * CVE-2026-44919: during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL. Add upstream patch: move_file_url_validation_up_into_deploy_utils_main_path.patch. (Closes: #1136655). * CVE-2026-44916: instance_info['ks_template'] is rendered without sandboxing. An attacker with sufficient access, an ironic deployment with the anaconda deploy interface, a node with the anaconda deployment interface set by an admin, and a malicious template could result in conductor internal data being rendered and if the infrastucture operator is allowing traffic egress for the provisioning network, could have sensitive internal data exfiled out of the environment. Applied upstream patch: - CVE-2026-44916_Use_sandbox_rendering_for_jinja2.patch (Closes: #1136005). * CVE-2026-42997 / OSSA-2026-010: Credential Forwarding to Arbitrary Endpoints via Ironic’s idrac Configuration molds Feature. Add upstream patch validate_molds_url_against_swift_in_keystone_catalog.patch. (Closes: #1135898). * (build-)depends on python3-oslo.messaging >= 14.0.3-0+deb12u1~. Checksums-Sha1: ef3b4ab2cf2baa6dd7a984e6a0d5e8ed1f3c6cd2 4097 ironic_21.4.4-0+deb12u1.dsc 11a01ab37bd81ba31e2ff1d511a5976ca3bf7651 1573012 ironic_21.4.4.orig.tar.xz 1a3c1f5397a9e2e7cfc55e07164fbae634d2d959 62084 ironic_21.4.4-0+deb12u1.debian.tar.xz ef8ac1f3c346ae4b4414519a0036cef784aed41a 23332 ironic_21.4.4-0+deb12u1_amd64.buildinfo Checksums-Sha256: 88b7d2c9191e7a7f39ab6827bc60444ea282d17f35bc54ed93ea46744cbb7513 4097 ironic_21.4.4-0+deb12u1.dsc f7e7a771594958ad0355a27854c69dc5c7404acfb301073da980a1c966b4a65f 1573012 ironic_21.4.4.orig.tar.xz f576c737e5b0e5bf4793e86db437a2e386980cf2ac3d21193f112f5398105548 62084 ironic_21.4.4-0+deb12u1.debian.tar.xz 65d0fc0dbd1b5a152ce91ee86bd5d061b8170fda7c2fc6fef581ed09f54b936b 23332 ironic_21.4.4-0+deb12u1_amd64.buildinfo Files: 2ada772091bc2fe503ad7d203651f838 4097 net optional ironic_21.4.4-0+deb12u1.dsc 3dce1b73c9fc5033a096fd30751439f3 1573012 net optional ironic_21.4.4.orig.tar.xz 7317e7acd75445ee1fca9205b16d5928 62084 net optional ironic_21.4.4-0+deb12u1.debian.tar.xz e603e9e800a4823736cb4f48c03e9bdd 23332 net optional ironic_21.4.4-0+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmophJgACgkQ1BatFaxr Q/53qQ/+JEl12/bV3JGAeUA1EAVSdwhk9KEReaAlZgnH5m+UIee65+QRqGAUtW7i +HmNU+HrPtxeYf7+rHcl/cCg2k576BW6dyRUnJE/tEkVtNH5Pe/tvL9B27hlQn23 k0tmKjkACqogKlPmnij7tXbhBBrXBO7YlFsKJJnR7CTQbPMEbp1bV/8yG97MWk7N DzE3uM3oNzHm3vGa43oovSVm7g9reJWhzfR4BI6MLWsRSgl/e475FUkK8m875M3e 26AKCko03F3grEQV44mdVYTERmdfxlTIzhPBgLzi2Gu6yqj6Yy0/nr3UVavWuwYd MZKio93fwr2V6ck01sFPDcoMHrTznT4rcsWO3gq5e5d6NFQsl1LYq0Qtrv1z1YR3 EvAJ+vZTJ3VdDM54xZDV+u6O/qEOa8F0hWF6/kvpnW6am5ObBO4U5fjoZE44+u/n sgqoqIzuv12PNBPuYMft2E8l90Uhqlrsx1u4ZtZ9KinQH4MQrREKd7liAn91IFPQ qXaJx3ef21ADajciJwF+8Qtgb5HkB7TXTJH1KK4ZesnpxDVGWJlMuCcujHw+dlVB J58BXhiu+INQGAMJySkovamxglhAMd+B+2bVdkLcceyuC7Uu0eRmK9EB7idQlRlv FpRFBu5ujJh3k2G0ronpEYDp8jSIToSfco2aiwllVyN5M4zbXQM= =4IY2 -----END PGP SIGNATURE-----