Summary: | <dev-ruby/facter-2.4.1: potential sensitive information leakage in Facter's Amazon EC2 metadata facts handling (CVE-2015-1426) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ruby, sysadmin |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1191538 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-02-16 08:05:28 UTC
2.4.1 was already added to the tree. We do have a problem where the ebuild has ruby 2.1 support but it's not stable. Should we revbump it and remove ruby21 so we can stablize it? Here are the arches we will need stable for. amd64 hppa ppc ppc64 sparc x86 This version of facter can now be marked stable: =facter-2.4.1 That should obviously be: =dev-ruby/facter-2.4.1 Stable for HPPA. ppc64 stable ppc stable amd64 stable sparc stable x86 stable. Maintainer(s), please cleanup. Security, please vote. Vulnerable versions have been removed. removing self as badness is gone GLSA Vote: No GLSA vote: no. Closing as [noglsa] CVE-2015-1426 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1426): Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node. |