Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2024-10-01 02:35:49 -04:00
Code Issues Packages Projects Releases Wiki Activity

feat: bump Pi-Hole version

Browse Source 
Many of the Pi-Hole releases of this year were made due to security
vulnerabilities. None of them are to concern to Qusal users.

- GHSA-jg6g-rrj6-xfg6: Requires authenticated user;
- GHSA-95g6-7q26-mp9x: Requires authenticated user; and
- GHSA-3597-244c-wrpj: Requires shell in the same qube running Pi-Hole.

The admin interface is only allowed through localhost, therefore only
sys-pihole and sys-pihole-browser qubes have access to it, blocked by
firewall (nftables) and HTTP server (lighttpd). Qubes with access to the
admin interface are not of a concern, we assume that every qube that has
access to the admin interface is trusted, therefore, only if a qube
doesn't have access to the admin interface and can gain access, it
becomes a concern, which hasn't happened.
This commit is contained in:
Ben Grande 2024-07-07 15:26:52 +02:00
parent bb722faba4
commit ab044c15b1
No known key found for this signature in database
GPG Key ID: 00C64E14F51F9E56
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
salt/sys-pihole/install.sls
View File

@ -7,7 +7,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
{% if grains['nodename'] != 'dom0' %}
{% set pihole_tag = 'v5.18.2' -%}
{% set pihole_tag = 'v5.18.3' -%}
include:
- utils.tools.common.update