Summary: | <app-admin/vault-{1.5.7,1.6.3}: multiple vulnerabilities (CVE-2020-25594, CVE-2021-{3024,3282,27668}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | zmedico |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 797244 | ||
Bug Blocks: |
Description
John Helmert III
2021-02-02 04:26:33 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62f5d7318ff141bbff793f734b157d9ec325560b commit 62f5d7318ff141bbff793f734b157d9ec325560b Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-02-26 01:12:46 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-02-26 01:16:12 +0000 app-admin/vault: Bump to version 1.6.3 Bug: https://bugs.gentoo.org/768312 Package-Manager: Portage-3.0.15, Repoman-3.0.2 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/Manifest | 2 + app-admin/vault/vault-1.6.3.ebuild | 78 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=80562755d126ae8b3b59be7e12aea5f9a213e548 commit 80562755d126ae8b3b59be7e12aea5f9a213e548 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-02-26 01:07:31 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-02-26 01:16:12 +0000 app-admin/vault: Bump to version 1.5.7 Bug: https://bugs.gentoo.org/768312 Package-Manager: Portage-3.0.15, Repoman-3.0.2 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/Manifest | 2 + app-admin/vault/vault-1.5.7.ebuild | 78 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) 1.6.3 has this: https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427 Limited Unauthenticated License Read: We addressed a security vulnerability that allowed for the unauthenticated reading of Vault licenses from DR Secondaries. This vulnerability affects Vault and Vault Enterprise and is fixed in 1.6.3 (CVE-2021-27668). Well, not sure how I missed this, but now we've got another Vault security bug we can handle this with. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=254c716d0dd35a6846f281fd4a3eaf970dc0bede commit 254c716d0dd35a6846f281fd4a3eaf970dc0bede Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-07-29 21:22:59 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-01 18:05:08 +0000 [ GLSA-202207-01 ] HashiCorp Vault: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/768312 Bug: https://bugs.gentoo.org/797244 Bug: https://bugs.gentoo.org/808093 Bug: https://bugs.gentoo.org/817269 Bug: https://bugs.gentoo.org/827945 Bug: https://bugs.gentoo.org/829493 Bug: https://bugs.gentoo.org/835070 Bug: https://bugs.gentoo.org/845405 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202207-01.xml | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) GLSA released, all done! |