Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-37426: OpenNebula 6.4.2 EE LTS Maintenance Release is Available

Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection.

CVE
Open in Source
#vulnerability#linux#apache

Blog Article:

Lead Cloud Engineer & Engineering Manager at OpenNebula

The Enterprise Edition of OpenNebula is a tested, hardened, and production-ready version that incorporates additional bug fixes and software patches with minor enhancements developed by OpenNebula Systems.

While we make all our products open source under Apache License Version 2.0, the packages of our Enterprise Edition and the Enterprise Tools we’ve created for Corporate Users are distributed under commercial license terms only to those customers with an active OpenNebula Subscription.

This new LTS release comes with a number of backported new features:

  • For security reasons restrict paths in CONTEXT/FILES by CONTEXT_RESTRICTED_DIRS (with exceptions in CONTEXT_SAFE_DIRS) configured in oned.conf
  • New Sunstone’s Virtual Network Tab ⬇️

Check the release notes for the complete set of new features and bug fixes.

Relevant Links

  • OpenNebula 6.4 “Archeon”
  • Release Notes
  • Downloads
  • Documentation

Related Articles

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE