Description
A critical vulnerability, CVE-2024-24790, has been reported in Go version 1.19.12, which is currently used to build HAProxy Ingress v0.14. This vulnerability could allow remote code execution (RCE) and may expose systems to serious security risks. The vulnerability is fixed in Go v1.21.11, so we need to rebuild HAProxy Ingress using this version or later.
Steps to Mitigate
Rebuild HAProxy Ingress
Use Go v1.21.11 or later to rebuild HAProxy Ingress, as this version includes the security patch for CVE-2024-24790.
Test Compatibility
After rebuilding, verify that all HAProxy Ingress v0.14 functionalities work as expected, ensuring no compatibility issues are introduced by the Go upgrade.
Run Security and Functional Tests
Confirm the updated build’s security and functionality by:
Verifying CVE-2024-24790 is mitigated.
Ensuring stability and compatibility of existing ingress functionalities.
Checking that no new vulnerabilities are introduced in the rebuilt version.
Expected Outcome
The updated HAProxy Ingress build should:
No longer be vulnerable to CVE-2024-24790.
Operate stably with all functionalities intact.
Maintenance RecommendationsRegular Dependency Updates: Periodically check for Go and other dependency updates to ensure HAProxy Ingress remains secure.
Security Assessments: Conduct regular security assessments on dependencies to detect and address vulnerabilities promptly.
Description A critical vulnerability, CVE-2024-24790, has been reported in Go version 1.19.12, which is currently used to build HAProxy Ingress v0.14. This vulnerability could allow remote code execution (RCE) and may expose systems to serious security risks. The vulnerability is fixed in Go v1.21.11, so we need to rebuild HAProxy Ingress using this version or later.
Steps to Mitigate Rebuild HAProxy Ingress Use Go v1.21.11 or later to rebuild HAProxy Ingress, as this version includes the security patch for CVE-2024-24790.
Test Compatibility After rebuilding, verify that all HAProxy Ingress v0.14 functionalities work as expected, ensuring no compatibility issues are introduced by the Go upgrade.
Run Security and Functional Tests Confirm the updated build’s security and functionality by:
Verifying CVE-2024-24790 is mitigated. Ensuring stability and compatibility of existing ingress functionalities. Checking that no new vulnerabilities are introduced in the rebuilt version.
Expected Outcome The updated HAProxy Ingress build should: No longer be vulnerable to CVE-2024-24790. Operate stably with all functionalities intact.
Maintenance Recommendations Regular Dependency Updates: Periodically check for Go and other dependency updates to ensure HAProxy Ingress remains secure. Security Assessments: Conduct regular security assessments on dependencies to detect and address vulnerabilities promptly.