Inquiry on CVE-2024-9486

Hello,

First please disregard the first replier, their reply takes things out of context and is not related to your question at all, we take security implications and reporting very seriously, but do not rely on requesting CVE numbers ourself due to a multitude of fine-grained reasons. Our security reporting guide is here: https://pve.proxmox.com/wiki/Security_Reporting

Anyhow,
nathanlin1234 said:
can you please advise is CVE-2024-9686 (https://nvd.nist.gov/vuln/detail/CVE-2024-9486) any concern for the Proxmox VE stack itself?
Click to expand...
No, there are no concerns for the Proxmox VE stack itself w.r.t. this issue, it is for a third-party project that can build images of some OS targeting Proxmox VE as platform to run those images.
We do not use this project ourselves nor does anything in Proxmox VE relies on it.

nathanlin1234 said:
Or it's an isolated configuration issue on the Kubernetes Image Builder project?
Click to expand...
Exactly.
 
  • Like
Reactions: Johannes S
BobhWasatch said:
I think it is pretty clear that the CVE is about the Image Builder and not PVE itself.
Click to expand...

That is correct.

t.lamprecht said:
First please disregard the first replier, their reply takes things out of context and is not related to your question at all
Click to expand...

It is related insofar even if it was related to PVE stack, you would need to get it reported via your own channels.

t.lamprecht said:
No, there are no concerns for the Proxmox VE stack itself w.r.t. this issue, it is for a third-party project that can build images of some OS targeting Proxmox VE as platform to run those images.
Click to expand...

I kind of suspect the OP knows this from the way the CVE was filed. But he might be running those VMs built like that, so I would at least advise him to care about the VMs, not the host/nodes.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back