Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 668420 - <dev-db/cockroach-2.1.5: authentication bypass
Summary: <dev-db/cockroach-2.1.5: authentication bypass
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~1 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-10-12 08:15 UTC by Manuel Rüger (RETIRED)
Modified: 2019-08-02 00:04 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Manuel Rüger (RETIRED) gentoo-dev 2018-10-12 08:15:12 UTC
Security bug fix

    Fixed a vulnerability in which TLS certificates were not validated correctly for internal RPC interfaces. This vulnerability could allow an unauthenticated user with network access to read and write to the cluster. #30821

https://www.cockroachlabs.com/docs/releases/v2.0.6.html
Comment 1 Manuel Rüger (RETIRED) gentoo-dev 2019-02-14 13:17:03 UTC
any update on this?
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2019-03-24 03:23:10 UTC
@maintainer, please bump to >=dev-db/cockroach-2.0.6
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2019-03-27 22:54:30 UTC
Ping!
Comment 4 Larry the Git Cow gentoo-dev 2019-06-01 21:28:22 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1a2abeb2f2a15c6a24b9be00ae8a44b32d9c33c

commit b1a2abeb2f2a15c6a24b9be00ae8a44b32d9c33c
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2019-06-01 20:54:33 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2019-06-01 21:27:51 +0000

    dev-db/cockroach: 2.1.5 bump
    
    Bug: https://bugs.gentoo.org/668420
    Closes: https://github.com/gentoo/gentoo/pull/11765
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 dev-db/cockroach/Manifest               |  1 +
 dev-db/cockroach/cockroach-2.1.5.ebuild | 65 +++++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+)
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2019-06-04 17:58:18 UTC
@ maintainer(s): Please cleanup and drop vulnerable ebuilds (<dev-db/cockroach-2.1.5)!
Comment 6 Larry the Git Cow gentoo-dev 2019-06-05 21:27:35 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f9196e466ce976aadf43e2fe90905cdccad43c1

commit 0f9196e466ce976aadf43e2fe90905cdccad43c1
Author:     William Hubbs <william.hubbs@sony.com>
AuthorDate: 2019-06-05 21:25:30 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2019-06-05 21:26:57 +0000

    dev-db/cockroach: remove vulnerable versions
    
    Bug: https://bugs.gentoo.org/668420
    Copyright: Sony Interactive Entertainment Inc.
    Package-Manager: Portage-2.3.66, Repoman-2.3.12
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 dev-db/cockroach/Manifest                 |  7 ----
 dev-db/cockroach/cockroach-1.0-r1.ebuild  | 61 -----------------------------
 dev-db/cockroach/cockroach-1.0.1.ebuild   | 61 -----------------------------
 dev-db/cockroach/cockroach-1.0.3.ebuild   | 61 -----------------------------
 dev-db/cockroach/cockroach-1.0.ebuild     | 61 -----------------------------
 dev-db/cockroach/cockroach-1.0_rc1.ebuild | 59 ----------------------------
 dev-db/cockroach/cockroach-1.1.2.ebuild   | 61 -----------------------------
 dev-db/cockroach/cockroach-1.1.3.ebuild   | 63 ------------------------------
 dev-db/cockroach/cockroach-2.0.1.ebuild   | 65 -------------------------------
 9 files changed, 499 deletions(-)