Vulnerabilities found in Gateway appliance 11.0
search cancel

Vulnerabilities found in Gateway appliance 11.0

book

Article ID: 389283

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Below vulnerabilities labeled as critical in all of our L6 servers scan with CrowdStrike Falcon

CRWD-CVE-2024-47606-gstreamer1.0

CRWD-CVE-2024-5535

CRWD-CVE-2024-52533
CRWD-CVE-2024-52531
CRWD-CVE-2023-27534

Environment

Gateway 11.0 appliance

Cause

 

 

Resolution

ALL the CVE are addressed in the latest Platform patch for Gateway 11.0 Debian 11 appliance    Layer7_API_PlatformUpdate_64bit_v11.0-Debian-2025-01-26

Additional Information

Addtional Details: 

https://security-tracker.debian.org/tracker/CVE-2024-47606 

gstreamer1.0 (PTS)

bullseye

1.18.4-2.1

vulnerable

 

bullseye (security)

1.18.4-2.1+deb11u1

fixed

Addressed with patch 

Patch ID Layer7_API_PlatformUpdate_64bit_v11.0-Debian-2025-01-26

# dpkg -l | grep gstream

ii  libgstreamer1.0-0:amd64           1.18.4-2.1+deb11u1                 amd64        Core GStreamer libraries and elements

https://security-tracker.debian.org/tracker/CVE-2024-52531  

libsoup2.4 (PTS)

bullseye

2.72.0-2

vulnerable

 

bullseye (security)

2.72.0-2+deb11u1

fixed

Addressed with patch 

Patch ID Layer7_API_PlatformUpdate_64bit_v11.0-Debian-2025-01-26

# dpkg -l | grep libsoup

ii  libsoup-gnome2.4-1:amd64          2.72.0-2+deb11u1                   amd64        HTTP library implementation in C -- GNOME support library

ii  libsoup2.4-1:amd64                2.72.0-2+deb11u1                   amd64        HTTP library implementation in C -- Shared library

CURL

https://security-tracker.debian.org/tracker/CVE-2023-27534  

curl (PTS)

bullseye

7.74.0-1.3+deb11u13

fixed

 

bullseye (security)

7.74.0-1.3+deb11u14

fixed

Addressed with patch 

Patch ID Layer7_API_PlatformUpdate_64bit_v11.0-Debian-2024-11-24

# dpkg-query -f '${Version}' -W curl

7.74.0-1.3+deb11u14

https://security-tracker.debian.org/tracker/CVE-2024-5535  

openssl (PTS)

bullseye

1.1.1w-0+deb11u1

vulnerable

 

bullseye (security)

1.1.1w-0+deb11u2

fixed

Addressed with patch

Patch ID Layer7_API_PlatformUpdate_64bit_v11.0-Debian-2024-11-24

# dpkg-query -f '${Version}' -W openssl

1.1.1w-0+deb11u2

 

https://security-tracker.debian.org/tracker/CVE-2024-52533  

glib2.0 (PTS)

bullseye

2.66.8-1+deb11u4

vulnerable

 

bullseye (security)

2.66.8-1+deb11u5

fixed

Addressed with patch

Patch ID Layer7_API_PlatformUpdate_64bit_v11.0-Debian-2024-11-24

# dpkg -l | grep glib2

ii  libglib2.0-0:amd64                2.66.8-1+deb11u5 amd64        GLib library of C routines

ii  libglib2.0-bin                    2.66.8-1+deb11u5 amd64        Programs for the GLib library

ii  libglib2.0-data                   2.66.8-1+deb11u5 all          Common files for GLib library

Powered by Wolken Software