Summary: | <www-apps/kibana-bin-7.12.1: multiple vulnerabilities (CVE-2021-{22136,22139}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | erkiferenc, hydrapolic, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://discuss.elastic.co/t/7-12-1-security-update/271433 | ||
See Also: | https://github.com/gentoo/gentoo/pull/21042 | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2021-05-15 01:13:38 UTC
* CVE-2021-22136 Description: "In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out." https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f6973c83de46d9d9281649fe72ad28d28c927be commit 5f6973c83de46d9d9281649fe72ad28d28c927be Author: Ferenc Erki <erkiferenc@gmail.com> AuthorDate: 2021-05-29 19:04:33 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-05-31 08:15:48 +0000 www-apps/kibana-bin: drop vulnerable Bug: https://bugs.gentoo.org/790290 Signed-off-by: Ferenc Erki <erkiferenc@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/21042 Signed-off-by: Sam James <sam@gentoo.org> www-apps/kibana-bin/Manifest | 2 - www-apps/kibana-bin/kibana-bin-7.10.2.ebuild | 90 ---------------------------- 2 files changed, 92 deletions(-) All done, thanks! |