INFCSA-2024:9325: Cockpit security update
Information about definition
Identificator: INFCSA-2024:9325
Type: security
Release date: 2025-09-24 19:19:57 UTC
Information about package
Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more.
Vulnerabilities description
- CVE-2024-6126
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-6126
|
no information | 3.2 | no information |
Updated packages
Preparing to download...