CVE-2021-22145: A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details. Please bump.
CVE-2021-22144: In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
Package list is empty or all packages have requested keywords.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a27be1e46bb6cb26d7ed3107ed0096945914b233 commit a27be1e46bb6cb26d7ed3107ed0096945914b233 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2021-07-27 11:05:52 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-07-31 10:03:39 +0000 app-misc/elasticsearch: bump to 7.13.4 Bug: https://bugs.gentoo.org/803251 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-misc/elasticsearch/Manifest | 1 + app-misc/elasticsearch/elasticsearch-7.13.4.ebuild | 82 ++++++++++++++++++++++ 2 files changed, 83 insertions(+)
(In reply to John Helmert III from comment #0) > CVE-2021-22145: > > A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to > 7.13.3 error reporting. A user with the ability to submit arbitrary queries > to Elasticsearch could submit a malformed query that would result in an > error message returned containing previously used portions of a data buffer. > This buffer could contain sensitive information such as Elasticsearch > documents or authentication details. Is the 6.x line affected by this?
Tree clean