Search results

Subject: PSA-2024-00003-1: QEMU denial of service via VNC client clipboard access Advisory date: 2024-03-28 Package(s): pve-qemu-kvm Details: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached...

Subject: PSA-2024-00004-1: LDAP: missing schema validation for synced attributes Advisory date: 2024-03-28 Package(s): libpve-access-control Details: On Proxmox Virtual Environment systems with user/group sync from LDAP or ActiveDirectory, the attribute values were not properly validated...

Subject: PSA-2024-00006-1: perl PVE API client certificate validation failure if fingerprint is not passed Advisory date: 2024-03-28 Package(s): libpve-api-client-perl Details: Usage of the perl PVE API client module without a pinned TLS certificate fingerprint (see below for exact...

Subject: PSA-2024-00002-1: Tape backup drive encryption failure Publication Date: 2024-02-26 Packages: proxmox-backup-server Details: With LTO tape backups for Proxmox Backup Server prior to the versions listed below, the separate hardware encryption key was unloaded from the tape drive too...

Subject: PSA-2024-00001-1: PixieFAIL EDK2 PXE vulnerabilities Advisory date: 2024-01-24 Package(s): Proxmox VE 7.x: pve-edk2-firmware Proxmox VE 8.x: pve-edk2-firmware-ovmf pve-edk2-firmware-legacy Details: Nine vulnerabilities in EDK II's reference EFI implementation that can be...

Q: Which components and vulnerabilities are covered by Proxmox Security Announcements? A: First and foremost, vulnerabilities in first party software such as the Proxmox VE management stack or the Proxmox Backup Server/Client. Major vulnerabilities in third party components like QEMU and the...

This is the list of security advisories since 2024-01-01 for the Proxmox Virtual Environment. For details about scope, coverage and timeline see the General FAQ about Proxmox Security Announcements.

This is the list of security advisories since 2024-01-01 for the Proxmox Backup Server. For details about scope, coverage and timeline see the General FAQ about Proxmox Security Announcements.

This is the list of security advisories since 2024-01-01 for the Proxmox Mail Gateway. For details about scope, coverage and timeline see the General FAQ about Proxmox Security Announcements.

This is the list of security advisories since 2024-01-01 for the Proxmox Offline Mirror. For details about scope, coverage and timeline see the General FAQ about Proxmox Security Announcements.