Description:
This update for velociraptor fixes the following issues:
- Use llvm17 for Leap
- Update to version 0.7.0.4.git142.862ef23:
* github: fix deprecated upload artifact again
* Update npm packages
Includes fixes for the following vulnerabilities:
CVE-2023-45133
CVE-2023-46234
CVE-2024-55565
CVE-2024-45296
CVE-2023-44270
CVE-2024-47068
CVE-2024-23331
CVE-2024-31207
CVE-2024-45812
CVE-2024-45811
* Update go dependencies
Includes fixes for the following vulnerabilities:
CVE-2024-45338
CVE-2024-37298
CVE-2024-24786
CVE-2023-45683 (boo#1216310)
CVE-2023-1732
* Update jwt to 4.5.1
Fixes CVE-2024-51744 (boo#1232944)
* Update go-retryablehttp to 0.7.7
Fixes CVE-2024-6104 (boo#1227061)
* Update go-oidc and go-jose
Fixes CVE-2024-28180 (boo#1235168)
* Update dompurify to 3.1.3
Fixes CVE-2024-47875 (boo#1231574)
* Update package-lock.json
* Update micromatch to 4.0.8
Partial fix for CVE-2024-4067 (boo#1224367)
Partial fix for CVE-2024-4068 (boo#1224296)
* Update axios to 1.7.9
Fixes CVE-2024-39338 (boo#1229424)
* Update cross-spawn to 7.0.6
Fixes CVE-2024-21538 (boo#1233845)
* Update elliptic to 6.6.1
Update contains fixes for:
CVE-2024-48949 (boo#1231558)
CVE-2024-48948 (boo#1231685)
CVE-2024-42459 (boo#1232543)
CVE-2024-42460 (boo#1232543)
CVE-2024-42461 (boo#1232543)
* Update follow-redirects to 1.15.6
Fixes CVE-2024-28849 (boo#1221456)
* fix: gui/velociraptor/package.json to reduce vulnerabilities
Fixes CVE-2022-25883 (boo#1212572)
* and many more changes
- Update node modules with security fixes.
* Fixes CVE-2024-39338 (boo#1229424)
* Remove CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
as the update is included.
- Obsolete old velociraptor-kafka-humio-gateway package
- Update to version 0.6.7.5~git81.01be570:
* libbpfgo: pull fix for double-free
* logscale: add documentation for plugin
* bpf: fix path to vmlinux.h
* file_store/test_utils/server_config.go: update test certificate
* Update bluemonday dependency.
* vql/functions/hash: cache results on Linux
* libbpfgo: update to velociraptor-branch-v0.4.8-libbpf-1.2.0
* logscale/backport: don't use networking.GetHttpTransport
* vql/tools/logscale: add plugin to post events to LogScale ingestion endpoint
* file_store/directory: add ability to report pending size
* libbpfgo: update submodule to require libzstd for newer libelf
* utils/time.js: fix handling of nanosecond-resolution timestamps
* libbpfgo: switch to using regular static builds
* Create a new 0.6.7-5 release (#2385)
- Verify FILESYSTEM_WRITE permission on copy() function (#2384) (boo#1207936, CVE-2023-0242)
- Also ensure client id is considered unsafe (boo#1207937, CVE-2023-0290)
* github/workflows/linux: do apt-get update to refresh package lists
- Tightening the security of the services a bit:
- tmp files are now moved to /var/lib/velociraptor{,-client}/tmp
from /tmp
- run velociraptor server as user velociraptor instead of root
we do not really need root permissions here
- introduce /var/lib/velociraptor/filestore to make it easier to
split out large file upload
- change permissions for the data directory and subdirectories to
/var/lib/velociraptor/ u=rwX,go= velociraptor:velociraptor
/var/lib/velociraptor-client/ u=rwX,go= root:root
- change permissions of config directory to:
/etc/velociraptor/ u=rwX,g=rX,o= root:velociraptor
/etc/velociraptor/server.config u=rw,g=r,o= root:velociraptor
/etc/velociraptor/client.config u=rw,go= root:root