Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 905334 (CVE-2023-0845) - <app-admin/consul-1.14.5: authenticated DoS
Summary: <app-admin/consul-1.14.5: authenticated DoS
Status: RESOLVED FIXED
Alias: CVE-2023-0845
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://discuss.hashicorp.com/t/hcsec...
Whiteboard: B3 [noglsa]
Keywords:
Depends on: 906497
Blocks:
  Show dependency tree
 
Reported: 2023-04-29 21:09 UTC by John Helmert III
Modified: 2023-05-26 04:44 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-29 21:09:14 UTC 
CVE-2023-0845:

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.

Please bump to 1.14.5.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-25 03:33:50 UTC 
Please cleanup.
Comment 2 Larry the Git Cow gentoo-dev 2023-05-26 04:16:41 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7ea63c243aac4fafdec6d51ccc6d28cc9f4eaf6

commit b7ea63c243aac4fafdec6d51ccc6d28cc9f4eaf6
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2023-05-26 04:15:36 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2023-05-26 04:16:37 +0000

    app-admin/consul: drop 1.14.3
    
    Bug: https://bugs.gentoo.org/905334
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-admin/consul/Manifest             |  1 -
 app-admin/consul/consul-1.14.3.ebuild | 57 -----------------------------------
 2 files changed, 58 deletions(-)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-26 04:44:51 UTC 
Thanks! Requires authentication and is only a DoS anyway. All done.