Security update for velociraptor

18967 Security update for velociraptor important openSUSE Backports SLE-15-SP7 Update This update for velociraptor fixes the following issues: - Update to version 0.7.0.4.git152.fb24dfd: * audit: fix watch rules in artifacts * audit: update go-libaudit dependency for pcc64le arch filter fix * Use execsnoop plugin in artifacts when possible * Add execsnoop plugin to capture execve system calls * github-actions: update ubuntu runners to 22.04 * Fix failing tls unit test on new go versions - Update to version 0.7.0.4.git142.862ef23: * github: fix deprecated upload artifact again * Update npm packages Includes fixes for the following vulnerabilities: CVE-2023-45133 CVE-2023-46234 CVE-2024-55565 CVE-2024-45296 CVE-2023-44270 CVE-2024-47068 CVE-2024-23331 CVE-2024-31207 CVE-2024-45812 CVE-2024-45811 * Update go dependencies Includes fixes for the following vulnerabilities: CVE-2024-45338 CVE-2024-37298 CVE-2024-24786 CVE-2023-45683 (boo#1216310) CVE-2023-1732 * Update jwt to 4.5.1 Fixes CVE-2024-51744 (boo#1232944) * Update go-retryablehttp to 0.7.7 Fixes CVE-2024-6104 (boo#1227061) * Update go-oidc and go-jose Fixes CVE-2024-28180 (boo#1235168) * Update dompurify to 3.1.3 Fixes CVE-2024-47875 (boo#1231574) * Update package-lock.json * Update micromatch to 4.0.8 Partial fix for CVE-2024-4067 (boo#1224367) Partial fix for CVE-2024-4068 (boo#1224296) * Update axios to 1.7.9 Fixes CVE-2024-39338 (boo#1229424) * Update cross-spawn to 7.0.6 Fixes CVE-2024-21538 (boo#1233845) * Update elliptic to 6.6.1 Update contains fixes for: CVE-2024-48949 (boo#1231558) CVE-2024-48948 (boo#1231685) CVE-2024-42459 (boo#1232543) CVE-2024-42460 (boo#1232543) CVE-2024-42461 (boo#1232543) * Update follow-redirects to 1.15.6 Fixes CVE-2024-28849 (boo#1221456) * fix: gui/velociraptor/package.json to reduce vulnerabilities Fixes CVE-2022-25883 (boo#1212572) - Update to version 0.7.0.4.git126.27cfbe1: * bpf: fix plugins not stopping when context cancelled * tcpsnoop: move parsing to its own function * bpf plugins: remove depreciated libbpfgo calls * bpf plugins: add context to error logs * chattrsnoop: fix files not getting closed * chattrsnoop: move hashing from plugin to artifact * RPM artifact: start checks immediately on artifact load * rpm plugin: fix ndb magic error * audit s390x: fix arch filter rules errors * github: fix deprecated upload artifact * tcpsnoop: fix ipv6 local and remote addresses order * tcpsnoop: fix missing ipv6 outbound connections * Linux.Events.ProcessExecutions: remove parent cmdline * audit: reduce FileBufferLeaseSize to ease GC overhead * audit: fix auditBuf allocation and go vet warnings * audit: fix plugin shutdown race condition * audit: fix audit client data races * audit: fix race in subscriber * audit: prevent Windows loading audit package * sdjournal: fix package causing test failures * github: run linux unit tests - Update node modules with security fixes. * Fixes CVE-2024-39338 (boo#1229424) - Update to version 0.7.0.4.git97.675e45f9: * kafka-humio-gateway: update go version and dependency list * kafka-humio-gateway: specific mTLS cert paths in config.yml * docker-compose: set kafka replication factor and min ISRs * kafka-humio-gateway: add http post retry mechanism * kafka-humio-gateway: add pprof debugging option * kafka-humio-gateway: format with gofmt * kafka-humio-gateway: fix go-staticcheck issues * kafka-humio-gateway: fix sendEvents() never exiting * Kafka.Events.Client: Update to use new artifactset type * docker-compose: add optional Kafka cluser * kafka-humio-gateway: add mTLS support * contrib/kafka-humio-gateway: add new debug option for noisy events * contrib/kafka-humio-gateway: backoff and retry for metadata * kafka-humio-gateway: add sample config file * kafka-humio-gateway: update sarama and dependencies * Add Kafka-Humio Gateway [Depends on PR#10] (#8) * vql/server/kafka: connect sarama logging to velociraptor logging * vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries * vql/server/kafka: set appropriate ClientID * Add a Kafka export plugin - Update to version 0.7.0.4.git74.3426c0a: * Fix services artifact symbol pid not found error * chattrsnoop: correct read size for flags * chattrsnoop: fix wrong FS_IOC_SETFLAGS value for ppc * chattrsnoop: fix do_vfs_ioctl kprobe failure - Update to version 0.7.0.4.git68.ad1f4e5: * Fix undefined binary.NativeEndian build errors - Add llvm16-libclang13 dependency for SLE 15 SP5 and above - Update to version 0.7.0.4.git66.eea7659: * dnssnoop: fix loading protocol from ip header on s390 * dnssnoop: fix htons() so it works on s390 too * Fix systemd Services artifact missing events * chattrsnoop: replace global variables with locals * tcpsnoop: fix garbled results on s390 * chattrsnoop: fix immutable attribute set on s390 * chattrsnoop: fix bpf_probe_read for s390 * tcpsnoop: remove unused filtering code * Add artifact to collect new files without owner * bpf plugins: set a logger callback - Update to version 0.7.0.4.git47.0f8a4de1: * Rename SUSE specific artifacts to have SUSE prefix * Add SUSE.Linux.Events.NewZeroSizeLogFile artifact * Move NewFiles artifact to SUSE * Move ImmutableFile artifact to SUSE * Make ImmutableFile artifact consistent with others * Fix absolute path case in ExecutableFiles artifact * Add client monitoring artifact for RPMs * Add artifact to collect new hidden files * Add artifact to monitor ssh authorized_keys files * Fix split_records error on older clients * Add hash fields to Linux.Events.ProcessExecutions * Add artifact to collect systemd service events * Fix SystemLogins artifacts file extensions * Add SUSE.Linux.Events.Timers artifact * Fix audit filter key typo in Linux.Events.NewFiles * Add server artifact to delete old client data on server * Add SUSE.Linux.Sys.At artifact * chattrsnoop: include full error details in logs * chattrsnoop: handle os.Stat() error properly * chattrsnoop: don't log.Fatal() on hash error * Fix Linux.Events.ImmutableFile not showing hash in GUI * SUSE.Linux.Events.Crontab: Add task execution artifacts * Raise client connection log level to ERROR * sdjournal: Correctly seek to current tail - Update to version 0.7.0.4.git6.7b40b8b: * go.mod: increase go version to 1.19 velociraptor-0.7.0.4.git152.fb24dfd-bp157.2.3.1.src.rpm velociraptor-0.7.0.4.git152.fb24dfd-bp157.2.3.1.x86_64.rpm system-user-velociraptor-1.0.0-bp157.2.3.1.noarch.rpm velociraptor-client-0.7.0.4.git152.fb24dfd-bp157.2.3.1.src.rpm velociraptor-client-0.7.0.4.git152.fb24dfd-bp157.2.3.1.x86_64.rpm velociraptor-client-0.7.0.4.git152.fb24dfd-bp157.2.3.1.aarch64.rpm velociraptor-client-0.7.0.4.git152.fb24dfd-bp157.2.3.1.ppc64le.rpm velociraptor-client-0.7.0.4.git152.fb24dfd-bp157.2.3.1.s390x.rpm