CVE-2024-1597 - Users - Ovirt List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

CVE-2024-1597

The oVirt Counter

NMState verification error when...

Fabrice Bacchella

Wednesday, 21 February 2024 Wed, 21 Feb '24

11 a.m.

Does oVirt is exposed to CVE-2024-1597 ? To be exposed, the jdbc driver needs to be used with PreferQueryMode=SIMPLE. Is that the situation ?

Attachments:

attachment.html (text/html — 409 bytes)

Reply

Show replies by date

Sandro Bonazzola

Wednesday, 21 February Wed, 21 Feb

11:24 a.m.

I'm not an expert on this topic, but according engine's pom we are using 42.2.27 which doesn't seem to be in the list of the affected version on https://github.com/advisories/GHSA-xfg6-62px-cxc2 Il giorno mer 21 feb 2024 alle ore 09:09 Fabrice Bacchella via Users < users(a)ovirt.org> ha scritto:

Does oVirt is exposed to CVE-2024-1597 ? To be exposed, the jdbc driver needs to be used with PreferQueryMode=SIMPLE. Is that the situation ? _______________________________________________ Users mailing list -- users(a)ovirt.org To unsubscribe send an email to users-leave(a)ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/MORV4QFHRUU...

-- Sandro Bonazzola MANAGER, SOFTWARE ENGINEERING Red Hat In-Vehicle Operating System Red Hat EMEA <https://www.redhat.com/> <https://www.redhat.com/> *Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours.*

Reply

Fabrice Bacchella

11:30 a.m.

I think there is a typo in the announcement. 42.2.8 is 4 year old, 42.2.28 was issued this night. That’s suspicious.

Le 21 févr. 2024 à 09:24, Sandro Bonazzola <sbonazzo(a)redhat.com> a écrit : I'm not an expert on this topic, but according engine's pom we are using 42.2.27 which doesn't seem to be in the list of the affected version on https://github.com/advisories/GHSA-xfg6-62px-cxc2 Il giorno mer 21 feb 2024 alle ore 09:09 Fabrice Bacchella via Users <users(a)ovirt.org <mailto:users@ovirt.org>> ha scritto: > Does oVirt is exposed to CVE-2024-1597 ? > > To be exposed, the jdbc driver needs to be used with PreferQueryMode=SIMPLE. Is that the situation ? > _______________________________________________ > Users mailing list -- users(a)ovirt.org <mailto:users@ovirt.org> > To unsubscribe send an email to users-leave(a)ovirt.org <mailto:users-leave@ovirt.org> > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ > List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/MORV4QFHRUU... -- Sandro Bonazzola MANAGER, SOFTWARE ENGINEERING Red Hat In-Vehicle Operating System Red Hat EMEA <https://www.redhat.com/> <https://www.redhat.com/> Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours.

Reply

Jean-Louis Dupond

11:32 a.m.

The fix got merged into the 42.2.x branch: https://github.com/pgjdbc/pgjdbc/commits/release/42.2/ So guess we just need to bump the dep in the pom. But as far as I see the code doesn't use the PreferQueryMode flag, so we're save. Jean-Louis On 21/02/2024 09:30, Fabrice Bacchella via Users wrote:

I think there is a typo in the announcement. 42.2.8 is 4 year old, 42.2.28 was issued this night. That’s suspicious. > Le 21 févr. 2024 à 09:24, Sandro Bonazzola <sbonazzo(a)redhat.com> a > écrit : > > I'm not an expert on this topic, but according engine's pom we are > using 42.2.27 which doesn't seem to be in the list of the affected > version on https://github.com/advisories/GHSA-xfg6-62px-cxc2 > > Il giorno mer 21 feb 2024 alle ore 09:09 Fabrice Bacchella via Users > <users(a)ovirt.org> ha scritto: > > Does oVirt is exposed to CVE-2024-1597 ? > > To be exposed, the jdbc driver needs to be used with > PreferQueryMode=SIMPLE. Is that the situation ? > _______________________________________________ > Users mailing list -- users(a)ovirt.org > To unsubscribe send an email to users-leave(a)ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/MORV4QFHRUU... > > > > -- > Sandro Bonazzola > MANAGER, SOFTWARE ENGINEERING > Red Hat In-Vehicle Operating System > > Red Hat EMEA <https://www.redhat.com/> > > <https://www.redhat.com/> > > *Red Hat respects your work life balance. Therefore there is no need > to answer this email out of your office hours. > * > * > > * _______________________________________________ Users mailing list --users(a)ovirt.org To unsubscribe send an email tousers-leave(a)ovirt.org Privacy Statement:https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct:https://www.ovirt.org/community/about/community-guidelines/ List Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/U6...

Reply

274

days inactive

274

days old

users@ovirt.org

Manage subscription

3 comments

3 participants

tags (0)

participants (3)

Fabrice Bacchella
Jean-Louis Dupond
Sandro Bonazzola