Proxmox Backup Server - Security Advisories

Status
Not open for further replies.

Subject: PSA-2024-00002-1: Tape backup drive encryption failure​


Publication Date: 2024-02-26

Packages: proxmox-backup-server

Details:

With LTO tape backups for Proxmox Backup Server prior to the versions listed below, the separate hardware encryption key was unloaded from the tape drive too early, before the transfer of backup data to the tape device was started. This means that data meant to be encrypted on tape actually was not.

If a backup snapshot was already encrypted in the backup server datastore before backing up to tape, the backup data still is encrypted on the tape, but metadata such as the list of snapshots, which chunk belongs to which snapshot etc. is not.

Affected tapes can be restored normally, but there is currently no way to re-encrypt the data on the tape directly. The data has to be restored into a datastore and backed up again with the fixed versions of proxmox-backup-server.

Tape backups on a media pool with a configured encryption key are properly encrypted once a new media set is started with the fixed versions below.

Fixed:
- proxmox-backup-server 3.1.4-1 (Proxmox Backup Server 3.x)
- proxmox-backup-server 2.4.5-1 (Proxmox Backup Server 2.x)
 

Subject: PSA-2024-00007-1: Shim bootloader remote code execution via http response​


Advisory date: 2024-06-28

Packages: shim-unsigned, shim-signed

Details: A remote code execution vulnerability was found in the secure boot Shim bootloader. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.

Fixed: shim-unsigned >= 15.8, shim-signed >= 1.40+pmx1+15.8 (Proxmox VE 8.x, Proxmox Backup Server 3.x, Proxmox Mail Gateway 8.x)

Bullseye-based Proxmox products do not ship a custom version of shim, refer to Debian's security tracker if manual secure boot is in use.

References: CVE-2023-40547, shim 15.8 additionally fixes CVE-2023-40546 and CVE-2023-40548 to CVE-2023-40551
 

Subject: PSA-2024-00011-1: Proxmox Backup Server: unauthenticated DOS vulnerability​


Advisory date: 2024-12-03

Packages: proxmox-backup-server (== 3.2.8-1, pbstest and pbs-no-subscription only)

Details:
Proxmox Backup Server in version 3.2.8-1 was vulnerable to a remote unauthenticated DOS attack.
By opening a connection to the API server on port 8007 and closing the connection within the first ten seconds while sending less than 5 bytes, the thread handling this connection would consume 100% CPU time until a restart of the proxmox-backup-proxy service.

Fixed:
- proxmox-backup-server: 3.2.9-1

References:
https://bugzilla.proxmox.com/show_bug.cgi?id=5868
 
Status
Not open for further replies.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom