CVE-2021-37219 (https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024): HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2. CVE-2021-38698 (https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026): HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2. Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=903c5ae19872c111fe9b9e0e7a952c1ca5f7c432 commit 903c5ae19872c111fe9b9e0e7a952c1ca5f7c432 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-09-11 02:48:06 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-09-11 02:49:33 +0000 app-admin/consul: Remove vuln versions wrt bug #812497 Bug: https://bugs.gentoo.org/812497 Package-Manager: Portage-3.0.22, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 16 - app-admin/consul/consul-1.10.1.ebuild | 783 ---------------------------------- app-admin/consul/consul-1.8.14.ebuild | 767 --------------------------------- app-admin/consul/consul-1.9.8.ebuild | 781 --------------------------------- 4 files changed, 2347 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4b393a12a0e663d2899bfe04462c7fd2abcf362 commit b4b393a12a0e663d2899bfe04462c7fd2abcf362 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-09-11 02:46:08 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-09-11 02:46:36 +0000 app-admin/consul: amd64 stable version 1.8.15 wrt bug #812497 Bug: https://bugs.gentoo.org/812497 Package-Manager: Portage-3.0.22, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/consul-1.8.15.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62e0ee81325dd86042dfcdeca7fa00e3b0c914e9 commit 62e0ee81325dd86042dfcdeca7fa00e3b0c914e9 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-09-11 02:39:48 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-09-11 02:40:33 +0000 app-admin/consul: Bump to version 1.10.2 Bug: https://bugs.gentoo.org/812497 Package-Manager: Portage-3.0.22, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 1 + app-admin/consul/consul-1.10.2.ebuild | 793 ++++++++++++++++++++++++++++++++++ 2 files changed, 794 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a71a9fe285adeb78c13b72ae30c3433366a89f6d commit a71a9fe285adeb78c13b72ae30c3433366a89f6d Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-09-11 02:27:09 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-09-11 02:27:41 +0000 app-admin/consul: Bump to version 1.9.9 Bug: https://bugs.gentoo.org/812497 Package-Manager: Portage-3.0.22, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 1 + app-admin/consul/consul-1.9.9.ebuild | 791 +++++++++++++++++++++++++++++++++++ 2 files changed, 792 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93d63c0ef95d9fe11c342445feb3f7658b0f7790 commit 93d63c0ef95d9fe11c342445feb3f7658b0f7790 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-09-11 02:14:04 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-09-11 02:25:48 +0000 app-admin/consul: Bump to version 1.8.15 Bug: https://bugs.gentoo.org/812497 Package-Manager: Portage-3.0.22, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 19 + app-admin/consul/consul-1.8.15.ebuild | 774 ++++++++++++++++++++++++++++++++++ 2 files changed, 793 insertions(+)
Unable to check for sanity: > no match for package: app-admin/consul-1.8.15
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f7375fcfd657cfc3887863e562d7feab296947e9 commit f7375fcfd657cfc3887863e562d7feab296947e9 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-10 04:07:00 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-10 04:17:29 +0000 [ GLSA 202208-09 ] HashiCorp Consul: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/760696 Bug: https://bugs.gentoo.org/783483 Bug: https://bugs.gentoo.org/802522 Bug: https://bugs.gentoo.org/812497 Bug: https://bugs.gentoo.org/834006 Bug: https://bugs.gentoo.org/838328 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-09.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+)
GLSA released, all done!
