CVE-2021-20077: Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. Please bump to 8.2.3.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d311b29437f0162a0e6e51b0571fcc7e0fb5ef5 commit 8d311b29437f0162a0e6e51b0571fcc7e0fb5ef5 Author: Marek Szuba <marecki@gentoo.org> AuthorDate: 2021-03-23 09:10:39 +0000 Commit: Marek Szuba <marecki@gentoo.org> CommitDate: 2021-03-23 09:10:39 +0000 net-analyzer/nessus-agent-bin: bump to 8.2.3 Addresses CVE-2021-20077. Bug: https://bugs.gentoo.org/777780 Signed-off-by: Marek Szuba <marecki@gentoo.org> net-analyzer/nessus-agent-bin/Manifest | 2 +- .../{nessus-agent-bin-8.2.1.ebuild => nessus-agent-bin-8.2.3.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-)
Thank you! Tree is clean, all done.