[R] Regarding the Security Vulnerability CVE 2024 - 27322

Priya, Aishwarya A|@hw@ry@@Pr|y@ @end|ng |rom de||@com
Wed Jun 26 19:03:37 CEST 2024


Dear R Foundation Team,

I hope this message finds you well.
I am reaching out to seek your guidance on addressing the security vulnerability CVE-2024-27322. As I understand, a security fix for this vulnerability has been available starting from v4.4.0. This issue affects all versions from 1.4.0 to 4.3.3.

During our testing phase, we encountered a challenge while attempting to upgrade to the secure version. Our devices were running version 4.3.3 and below, and we tried to install version 4.4.0, hoping the installer would detect the older version and perform an in-place upgrade. However, we observed that the new version was installed alongside the older version rather than replacing it. Consequently, this approach did not mitigate the security vulnerability.

To address this issue effectively, it appears that we need to first uninstall the existing older version before installing the latest version. This process should ensure that the security vulnerability is adequately resolved.

Could you please confirm if this is the recommended approach for handling this specific security issue? Additionally, if there are any alternative methods or best practices you could suggest for performing this upgrade seamlessly, we would greatly appreciate your insights.

Thank you for your support and assistance in this matter.


Thanks & Regards,
Aishwarya Priyadarshini
TMX Software Delivery, Virtualization & Telemetry
Dell Digital | Team Member eXperience
Aishwarya_Priya using Dell.com<mailto:Aishwarya_Priya using Dell.com>



Internal Use - Confidential

	[[alternative HTML version deleted]]



More information about the R-help mailing list