Description:
This update for velociraptor fixes the following issues:
- Update to version 0.7.0.4.git152.fb24dfd:
* audit: fix watch rules in artifacts
* audit: update go-libaudit dependency for pcc64le arch filter fix
* Use execsnoop plugin in artifacts when possible
* Add execsnoop plugin to capture execve system calls
* github-actions: update ubuntu runners to 22.04
* Fix failing tls unit test on new go versions
- Update to version 0.7.0.4.git142.862ef23:
* github: fix deprecated upload artifact again
* Update npm packages
Includes fixes for the following vulnerabilities:
CVE-2023-45133
CVE-2023-46234
CVE-2024-55565
CVE-2024-45296
CVE-2023-44270
CVE-2024-47068
CVE-2024-23331
CVE-2024-31207
CVE-2024-45812
CVE-2024-45811
* Update go dependencies
Includes fixes for the following vulnerabilities:
CVE-2024-45338
CVE-2024-37298
CVE-2024-24786
CVE-2023-45683 (boo#1216310)
CVE-2023-1732
* Update jwt to 4.5.1
Fixes CVE-2024-51744 (boo#1232944)
* Update go-retryablehttp to 0.7.7
Fixes CVE-2024-6104 (boo#1227061)
* Update go-oidc and go-jose
Fixes CVE-2024-28180 (boo#1235168)
* Update dompurify to 3.1.3
Fixes CVE-2024-47875 (boo#1231574)
* Update package-lock.json
* Update micromatch to 4.0.8
Partial fix for CVE-2024-4067 (boo#1224367)
Partial fix for CVE-2024-4068 (boo#1224296)
* Update axios to 1.7.9
Fixes CVE-2024-39338 (boo#1229424)
* Update cross-spawn to 7.0.6
Fixes CVE-2024-21538 (boo#1233845)
* Update elliptic to 6.6.1
Update contains fixes for:
CVE-2024-48949 (boo#1231558)
CVE-2024-48948 (boo#1231685)
CVE-2024-42459 (boo#1232543)
CVE-2024-42460 (boo#1232543)
CVE-2024-42461 (boo#1232543)
* Update follow-redirects to 1.15.6
Fixes CVE-2024-28849 (boo#1221456)
* fix: gui/velociraptor/package.json to reduce vulnerabilities
Fixes CVE-2022-25883 (boo#1212572)
- Update to version 0.7.0.4.git126.27cfbe1:
* bpf: fix plugins not stopping when context cancelled
* tcpsnoop: move parsing to its own function
* bpf plugins: remove depreciated libbpfgo calls
* bpf plugins: add context to error logs
* chattrsnoop: fix files not getting closed
* chattrsnoop: move hashing from plugin to artifact
* RPM artifact: start checks immediately on artifact load
* rpm plugin: fix ndb magic error
* audit s390x: fix arch filter rules errors
* github: fix deprecated upload artifact
* tcpsnoop: fix ipv6 local and remote addresses order
* tcpsnoop: fix missing ipv6 outbound connections
* Linux.Events.ProcessExecutions: remove parent cmdline
* audit: reduce FileBufferLeaseSize to ease GC overhead
* audit: fix auditBuf allocation and go vet warnings
* audit: fix plugin shutdown race condition
* audit: fix audit client data races
* audit: fix race in subscriber
* audit: prevent Windows loading audit package
* sdjournal: fix package causing test failures
* github: run linux unit tests
- Update node modules with security fixes.
* Fixes CVE-2024-39338 (boo#1229424)
- Update to version 0.7.0.4.git97.675e45f9:
* kafka-humio-gateway: update go version and dependency list
* kafka-humio-gateway: specific mTLS cert paths in config.yml
* docker-compose: set kafka replication factor and min ISRs
* kafka-humio-gateway: add http post retry mechanism
* kafka-humio-gateway: add pprof debugging option
* kafka-humio-gateway: format with gofmt
* kafka-humio-gateway: fix go-staticcheck issues
* kafka-humio-gateway: fix sendEvents() never exiting
* Kafka.Events.Client: Update to use new artifactset type
* docker-compose: add optional Kafka cluser
* kafka-humio-gateway: add mTLS support
* contrib/kafka-humio-gateway: add new debug option for noisy events
* contrib/kafka-humio-gateway: backoff and retry for metadata
* kafka-humio-gateway: add sample config file
* kafka-humio-gateway: update sarama and dependencies
* Add Kafka-Humio Gateway [Depends on PR#10] (#8)
* vql/server/kafka: connect sarama logging to velociraptor logging
* vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
* vql/server/kafka: set appropriate ClientID
* Add a Kafka export plugin
- Update to version 0.7.0.4.git74.3426c0a:
* Fix services artifact symbol pid not found error
* chattrsnoop: correct read size for flags
* chattrsnoop: fix wrong FS_IOC_SETFLAGS value for ppc
* chattrsnoop: fix do_vfs_ioctl kprobe failure
- Update to version 0.7.0.4.git68.ad1f4e5:
* Fix undefined binary.NativeEndian build errors
- Add llvm16-libclang13 dependency for SLE 15 SP5 and above
- Update to version 0.7.0.4.git66.eea7659:
* dnssnoop: fix loading protocol from ip header on s390
* dnssnoop: fix htons() so it works on s390 too
* Fix systemd Services artifact missing events
* chattrsnoop: replace global variables with locals
* tcpsnoop: fix garbled results on s390
* chattrsnoop: fix immutable attribute set on s390
* chattrsnoop: fix bpf_probe_read for s390
* tcpsnoop: remove unused filtering code
* Add artifact to collect new files without owner
* bpf plugins: set a logger callback
- Update to version 0.7.0.4.git47.0f8a4de1:
* Rename SUSE specific artifacts to have SUSE prefix
* Add SUSE.Linux.Events.NewZeroSizeLogFile artifact
* Move NewFiles artifact to SUSE
* Move ImmutableFile artifact to SUSE
* Make ImmutableFile artifact consistent with others
* Fix absolute path case in ExecutableFiles artifact
* Add client monitoring artifact for RPMs
* Add artifact to collect new hidden files
* Add artifact to monitor ssh authorized_keys files
* Fix split_records error on older clients
* Add hash fields to Linux.Events.ProcessExecutions
* Add artifact to collect systemd service events
* Fix SystemLogins artifacts file extensions
* Add SUSE.Linux.Events.Timers artifact
* Fix audit filter key typo in Linux.Events.NewFiles
* Add server artifact to delete old client data on server
* Add SUSE.Linux.Sys.At artifact
* chattrsnoop: include full error details in logs
* chattrsnoop: handle os.Stat() error properly
* chattrsnoop: don't log.Fatal() on hash error
* Fix Linux.Events.ImmutableFile not showing hash in GUI
* SUSE.Linux.Events.Crontab: Add task execution artifacts
* Raise client connection log level to ERROR
* sdjournal: Correctly seek to current tail
- Update to version 0.7.0.4.git6.7b40b8b:
* go.mod: increase go version to 1.19